What’s new in AML and MAR compliance: Key financial crime and regulatory insights for October 2025

As financial institutions operating in the EU navigate one of the most significant periods of regulatory change in recent years, keeping pace with the latest developments in fincrime and compliance is essential.

To help firms stay up to date, we've put together a round-up of the latest financial crime and regulatory news and insights that firms need to know. 

In this article, we highlight four major updates shaping compliance across Europe and the UK and why they matter for banks, payment service providers (PSPs), crypto-asset service providers (CASPs), and more.

AMLR: A game-changer for compliance

The EU’s new Anti-Money Laundering Regulation (AMLR), which will apply directly from July 2027, will replace fragmented national AML legislation with a single, Europe-wide regulation. 

The AMLR is directly applicable, meaning it's in itself the legislation (other examples include MAR and the GDPR), rather than requiring implementation via national legislation, which is the case with a directive.

The goal of the AMLR is consistent supervision, fewer loopholes, and stronger defences against financial crime. 

However, it will also significantly raise the compliance bar for financial institutions, who will need to evaluate and update their compliance infrastructure and protocols now to ensure they’re ready for the 2027 changes.

Some of the most important things to know about the AMLR:

• The new Anti-Money Laundering Authority (AMLA), based in Frankfurt, will directly supervise around 40 high-risk financial institutions.
• The EU AML package will include a single AML rulebook to unify AML rules across all concerned institutions and avoid discrepancies in their application across member states. 
• All high-risk transactions will now require enhanced due diligence (EDD), including verifying beneficial ownership using reliable sources, conducting in-depth risk assessments of the purpose and nature of the business, and ongoing monitoring.
• The AML package aims to synchronise beneficial ownership verification and transparent disclosure across all member states.
• The new AML package will expand its scope to regulate crypto-asset service providers, crowdfunding platforms, mortgage lenders, and consumer credit intermediaries to mitigate the growing money laundering risks in non-traditional finance.
• Cash transactions will be limited to a maximum of EUR 10,000, both for a single transaction or a series of transactions. 

Why this matters:

The AMLR will significantly raise compliance expectations and scrutiny. Institutions will need to strengthen due diligence, review risk frameworks, and prepare for direct AMLA supervision in high-risk cases. 

For compliance teams, this means a shift from national to EU-level accountability and the need to ensure consistency in policies, monitoring, and reporting across jurisdictions. 

Trapets’ AML solutions are specifically designed to help you stay compliant with AMLR requirements. Learn more about how we can help you sharpen your AML processes here.

New standardised guidelines around sanctions screening

The European Banking Authority (EBA) has issued two new sets of guidelines - EBA/GL/2024/14 and EBA/GL/2024/15 - which will apply from 30 December 2025. Together, they aim to standardise how financial institutions implement EU and national restrictive measures (sanctions).

• EBA/GL/2024/14 is addressed broadly to institutions supervised by EBA (e.g., banks, investment firms). It sets out expectations for structural, governance, procedural, and control.
• EBA/GL/2024/15 is more specialised, targeting payment service providers (PSPs) and crypto-asset service providers (CASPs), with detailed requirements that include sanction screening of the customer base and transfers.

Key implications:

Institutions must establish and document strong governance structures that clearly assign responsibility for sanctions compliance, including senior management involvement. 

They must also conduct a “restrictive measures exposure assessment” to identify risks of facilitating prohibited transactions, which will determine the necessary controls, screening, monitoring, and mitigation measures.

Policies, procedures, controls, and technology (e.g., screening systems) must be adequate, kept up to date, and subject to review. For PSPs/CASPs, more detailed requirements are provided for the screening of transfers, the use of reliable systems, and transaction monitoring.

Instant payments, instant compliance

From 9 October 2025, under the EU’s Instant Payments Regulation (IPR), PSPs in the euro-area offering euro-denominated credit transfers must also support sending of instant euro credit transfers (i.e., funds made available immediately, 24/7).

Key requirements include:

• Verification of Payee (VoP): PSPs must match the beneficiary’s IBAN and name before executing a transfer.
• Daily sanctions screening: Institutions must screen the customer base against EU restrictive measures at least once daily and immediately upon changes.
• Equal charging: Instant euro transfers must not attract higher fees than corresponding standard euro credit transfers; any differential cost cannot be passed onto the payer.

Why this matters:

Firms will need to ensure sanctions and fraud controls operate at the same speed as instant payments. Failure to do so could expose institutions to regulatory penalties and operational bottlenecks. To learn more, see our latest blog on the IPR and what it means for compliance.

Regulators are coming down tougher than ever

Recent enforcement actions highlight regulators’ growing intolerance of weak AML frameworks and insufficient due diligence.

In Denmark, the Financial Supervisory Authority ordered a local bank to overhaul its AML processes after finding major weaknesses in risk assessments, monitoring, and suspicious transaction handling.

In the UK, the FCA fined a large bank £39.3 million for failures in managing money laundering risks linked to a corporate client. 

Specifically, the regulator cited poor risk assessment and monitoring, and inadequate response to known red flags during the period from 2015 to 2021, as the reason for the fine.

Preparing for the latest demands in financial crime compliance

In light of these changes, financial institutions across Europe and the UK are under increasing pressure to act decisively and proactively on financial crime.

The next 12-24 months will require a major rethinking of compliance operations to keep pace with the latest regulatory demands. 

Firms that invest now in Regtech solutions that help fill those gaps will be best positioned to stay compliant and competitive. Is your institution prepared?

At Trapets, we help financial institutions improve their compliance infrastructure to stay a step ahead of financial crime and regulatory requirements. 

Book a consultation with our compliance experts today to learn how Trapets’ automated RegTech solutions can help you stay compliant without sacrificing efficiency.