Table of Contents
Industry signals from APAC, EMEA & North America – Plus what’s new at SymphonyAI
Financial crime compliance is evolving quickly.
From APAC and AGC to EMEA and North America, regulators are raising expectations, enforcement pressure is increasing, and institutions are being challenged to prove not just compliance but effectiveness.
We’ve brought together insights from SymphonyAI experts, along with highlights from recent and upcoming industry events that are shaping the conversation.
Here’s your guide to what is top of mind right now.
EMEA
UK
UK’s New Fraud Strategy 2026-2029
In early March, the Home Office launched the Fraud Strategy 2026-2029, detailing its approach to tackling fraud and replacing the earlier strategy ‘Fraud Strategy: Stopping Scams and Protecting the Public’, which covered the period 2023 to 2025. One standout development is the creation and launch of a £31 million Online Crime Centre (OCC) in April 2026.
Top 3 takeaways: (i) Shared accountability is now the operating model; (ii) technology-enabled fraud demands technology-led responses that are dynamic, AI-driven and continuously updated; (iii) the cost of inaction is quantified and politically visible.
Fraud costs the UK economy at least £14.4 billion in 2023-24 and accounts for 45% of all crime in England and Wales.
Read our full article on this topic: The UK’s New Fraud Strategy 2026-2029: What it means for financial crime and compliance
OFSI Strategy 2026 – 2029
Published in April 2026, OFSI’s new three-year strategy signals a more assertive, data-driven and enforcement-focused sanctions authority. Organized around four pillars – Promote, Enable, Respond and Change – the strategy commits to clearer guidance and sector-specific outreach, faster licensing decisions (50% closed within six months), and more proactive, intelligence-led enforcement with tighter timelines.
Critically for compliance teams, OFSI is embedding AI-enabled workflows across enforcement, licensing and intelligence functions, and co-chairing a new Financial Sanctions Circumvention Cell with the private sector to share typologies and red flags in near real time. The strategy is explicit that crypto assets, new technologies, and a more fragmented financial services industry are raising the circumvention risk bar, and that firms are the first line of defence. With a 2025 consultation on enforcement powers already concluded and a new settlement scheme introduced in 2026, OFSI is clearly becoming a more visible, faster-moving, and harder-edged regulator.
The FCA exposes where firms are still getting it wrong with CDD
The FCA published its latest findings on customer due diligence (CDD) processes and controls, identifying several gaps:
- Weak evidence of effective risk-based approaches – policies exist, but are not applied consistently
- Insufficient understanding of the source of funds/wealth, especially in complex structures
- Over-reliance on checklists vs. judgment in higher-risk cases
- Ongoing monitoring gaps – not adapting to changes in customer risk
- Poor linkage between CDD, transaction monitoring, and SAR decisions
- Inconsistent documentation of decision-making and rationale
Institutions’ effectiveness will be assessed on outcomes and evidence, not policies and processes.
FCAs Research Note report on synthetic data and AML
In April 2026 the FCA published a research note on the use of synthetic data for AML detection, exploring how artificially generated datasets can enable firms to test and develop detection approaches without accessing real customer data. The key takeaway is that synthetic data can accelerate innovation and support privacy-preserving model development, but it comes with limitations around data fidelity and must complement, not replace, live operational data. The FCA is backing this with action by creating a synthetic dataset from real UK retail banking data (enriched with realistic money laundering scenarios) for firms to use in an upcoming AML Solution Sprint.
UK Government promotes reforms to future-proof UK payments sector
The UK Government is pushing ahead with regulatory reforms to accommodate the emergence of new payment methods, including stablecoins, tokenization, and agentic payments. Highlights include a forthcoming consultation on reforming payment services regulation to cover stablecoins, tokenised deposits and notably for compliance teams, AI agents conducting payments on behalf of consumers. Chris Woolard CBE has been appointed as the new Wholesale Digital Markets Champion to drive tokenization across wholesale markets, the PSR is being folded into the FCA to streamline oversight, and an additional £1 million is being committed to CFIT. The UK is moving fast to build a unified regulatory framework for the next generation of payments technology and firms that aren’t already thinking about AI-driven transactions and digital asset compliance need to start now.
Europe
AMLA updates
Within the EU, there are a number of AMLA updates to be aware of:
- Recently closed consultations: The second consultation period closed on 8th May for providing feedback on two key Draft RTS’s impacting CDD in 2027 – Article 28(1) and the Draft RTS on identifying business relationships and linked transactions under Article 19(9). Firms must move beyond awareness to structured readiness. We await AMLA’s final review and finalization, followed by parliamentary approval by early July 2026.
- Open Consultations: On 16 April, AMLA released new consultation periods for 2x draft RTS, 1x AMLD, and a Guideline. Provide your written feedback or join the only public forum to have your say:
- Articles RTS 16(4) and 17(3) minimum standards for group-wide AML/CFT frameworks. Business-wide risk assessment: setting minimum expectations for conducting an adequate risk assessment for all obliged entities, while allowing for proportionality according to their size, business model, and risk profile. Interested parties should register for the live session, Draft RTS on group-wide requirements, which takes place on 20th May 2026. The deadline for written feedback is 15th June 2026.
- Guideline under Article 10(4) of the anti-money laundering regulation on requirements and minimum standards for group-wide AML/CFT frameworks, including in cross-border situations and where entities operate in third countries. Again, interested parties can register for the live session, Draft Guidelines on business-wide risk assessment, which takes place on 28th May 2026. The deadline for written feedback on this guideline is 15th July 2026.
- AMLA urges the football (soccer) sector to start preparing early for the strict AML/CFT regulations, despite the compliance deadline being set for July 10th 2029. Why? Well, there has been a significant regulatory shift requiring a major overhaul of internal procedures and operational changes for CDD, transaction monitoring, and SAR/STR reporting of beneficial owners of investments and sponsorships. Alongside this, there are high-risk vulnerabilities for addressing illicit financial activities due to opaque ownership, cross-border capital flows, and high-value player transfers.
PSD3 & PSR final compromise texts published
On 23rd April, the Council of the EU published the final compromise texts for PSD3 and the PSR (read them here and here), completing the most significant overhaul of EU payments law since PSD2. The anti-fraud provisions are the centrepiece: PSPs must verify payee name against IBAN before executing credit transfers, with failure linked directly to refund liability; real-time transaction monitoring is mandated for instant transfers, with monitoring failures also tied to refund outcomes; and online platforms become liable to PSPs where they fail to remove fraudulent content after notification.
Core obligations apply 21 months after PSD3 enters into force. For FinCrime teams, the headline is the liability architecture with detection failures now carrying direct financial consequences, turning compliance obligation into operational accountability.
MiCA transitional period ends 1st July 2026
With the Markets in Crypto Asset regulation (MiCA) transitional period expiring EU-wide on 1st July 2026, ESMA issued a pointed statement of supervisory expectations that carries direct FinCrime relevance. Any crypto-asset service provider operating without authorisation after that date will be in breach of EU law and must cease activity.
For authorised CASPs, the compliance action is immediate and operational: wind-down plans must be credible and executable, client migration must be actively managed, and onboarding of migrating clients must meet full AML/CFT standards. ESMA also closes off a common structural workaround, explicitly prohibiting the delegation or outsourcing of custody to non-authorised third-country entities, regardless of group structure or brand. For FinCrime teams, the migration wave now heading toward authorised CASPs represents a meaningful onboarding risk moment, where the quality of CDD and transaction monitoring controls will face direct NCA scrutiny.
Middle East
CBUAE Issues Updated AML/CFT/CPF Guidance
In mid-April, the Central Bank of the United Arab Emirates (CBUAE) issued an updated package of AML/CFT/CPF guidance and effectiveness best practices. The package comprises four supervisory guidance documents and two best practice manuals, covering proliferation financing, TBML and transshipment risk, correspondent banking, CDD/KYC, risk-based approach, and AML/CFT/CPF training. The updates are aligned with FATF standards and the UAE National Strategy 2024–2027.
Applicable to all licensed FIs and registered Hawala providers operating in the UAE, firms with correspondent banking or trade finance exposure, and those with CDD/KYC obligations, should review the guidance documents against existing risk assessment and control frameworks and current programme maturity to identify coverage gaps.
North America
North America has seen some of the most consequential developments in recent months, both in regulatory timelines and in enforcement posture.
U.S.
FinCEN proposes fundamental reform of BSA/AML program requirements (April 7, 2026)
FinCEN and the banking agencies proposed revisions to financial institutions’ Bank Secrecy Act program requirements to “fundamentally reform” compliance with the law, setting new minimum standards for AML programs and requiring all programs to incorporate countering the financing of terrorism. This is among the most consequential AML regulatory proposals in years.
The proposal would adjust the AML framework by focusing compliance expectations on effectiveness/risk management rather than procedural box-checking, elevating risk assessments as a core program requirement, and granting institutions greater flexibility in program design and resource allocation, provided those decisions are reasonable and tied to risk.
Critically, the rules would establish that only “significant or systemic failures” by a financial institution to implement a properly established AML/CFT program would warrant an enforcement action or a significant supervisory action.
FinCEN and OFAC jointly propose AML and sanctions compliance rules for stablecoin issuers under the GENIUS Act (April 8, 2026)
On April 8, 2026, FinCEN and OFAC jointly issued a notice of proposed rulemaking to address anti-money laundering and sanctions compliance requirements for permitted payment stablecoin issuers under the Guiding and Establishing National Innovation for U.S. Stablecoins (GENIUS) Act. This is a landmark development for the U.S. digital asset sector.
The GENIUS Act represents the first time any U.S. person will be required by regulation to establish and maintain a sanctions compliance program, formally extending OFAC obligations into the stablecoin ecosystem. The proposal also signals that FinCEN would only pursue enforcement against stablecoin issuers for significant or systemic AML program failures, consistent with the broader program reform proposal issued the day prior.
Operation Economic Fury targets illicit oil smuggling network run by Iranian regime elite
OFAC intensified pressure on Iran’s illicit oil transportation infrastructure by sanctioning more than two dozen individuals, companies, and vessels operating within the evasion network of Iranian oil shipping magnate Mohammad Hossein Shamkhani. The network evades sanctions through a group of seemingly legitimate administrative, consulting, and shipping firms that manage all aspects of the network’s fleet. The U.S. Treasury Secretary stated, “Financial institutions should be on notice that Treasury will leverage all tools and authorities, including secondary sanctions, against those that continue to support Tehran’s terrorist activities.”
Canada
Private-to-private information sharing between reporting entities comes into force
Private-to-private information sharing between reporting entities is now in force, allowing them to share information to more effectively detect and deter money laundering, terrorist financing, and sanctions evasion. This is a structurally meaningful development for Canada’s AML ecosystem.
Information sharing between financial institutions has long been identified by FATF as an important tool for disrupting financial crime, and Canada has historically lagged peer jurisdictions – particularly the U.S. – in enabling it. Engaging in private-to-private information sharing is voluntary, and to engage, a code of practice must be submitted to FINTRAC for possible review and comment, as well as to the Office of the Privacy Commissioner of Canada for approval. The voluntary nature and approval requirement mean that uptake will be gradual, but the framework’s activation opens the door to public-private intelligence sharing arrangements that didn’t previously have a legal basis in Canada.
FATF mutual evaluation results imminent
Canada’s next mutual evaluation by the FATF will be adopted in June 2026. The review focuses to a greater extent on Canada’s ability to demonstrate the effectiveness of its AML/ATF regime, including the country’s ability to investigate and prosecute financial crime and deprive criminals of offence-related property and the proceeds of crime.
The stakes are high because if Canada does not effectively implement FATF’s 40 Recommendations, Canada could be at risk of being grey-listed, which could have negative economic consequences and reputational damage. The entire wave of legislative reform underway (increased penalties, universal enrollment, private-to-private sharing, expanded sector coverage) is explicitly sequenced around this evaluation. The June publication will set the tone for Canadian AML enforcement and legislative priorities for years ahead.
FINTRAC publishes implementation roadmap for sweeping PCMLTFA amendments (April 13, 2026)
FINTRAC published its official implementation roadmap for significant PCMLTFA amendments, which collectively represent the most significant expansion of Canada’s AML framework in years.
The roadmap is particularly meaningful because it gives financial institutions greater clarity on regulatory expectations, implementation timelines, and operational priorities. This allows compliance teams to begin preparing for substantial changes to reporting, monitoring, governance, and beneficial ownership requirements.
APAC
Australia
New AML legislation came into effect on 31 March for existing entities under the Australian AML/CTF Act. Prior to this date, initial CDD was delayed until March 2029, with transitional rules introduced allowing current Customer Identification Procedures to be used. It is expected that during this period, reporting entities move to perform initial CDD, which means any EDD that needs to be performed must occur before the service is provided.
From July, the newly regulated businesses (professional services) – so-called tranche 2 – come into the Australian regulatory framework.
Current threat focus areas for AUSTRAC include illicit tobacco and mortgage fraud. The former has been a focus for banks looking at vulnerable sectors, including convenience stores, and AUSTRAC have flagged the importance of tranche 2 entities for topics like shell company registration.
Mortgage fraud remains a priority area after the Commonwealth Bank revealed its retail bank (RBS) was exposed to a large-scale mortgage fraud. Falsified documents and shell companies have been reported as key aspects of the case, allowing organized crime the ability to borrow money and offset the proceeds of crime.
AGC
Singapore
Singapore continues to harden their approach to misuse of corporate vehicles, with additional rules and guidance on AML/KYC for foreign shareholders – a continuation of reforms since the so-called $3b laundering case.
Meanwhile, Singapore’s mutual evaluation was adopted by the FATF Plenary in February 2026 and was published on 6 May 2026. The report found that Singapore’s financial crime challenges are being met by a competent and coordinated regime that is willing to try new solutions to meet modern illicit finance challenges. The FATF also noted that though there have been some successes in Singapore’s fight against financial crime, their AML/CFT/CPF system must be sharper in producing demonstrable and consistent risk-based results.
Malaysia
After the December 2025 publication of the Malaysia mutual evaluation report (5th Round), the country remains in regular follow-up, with a focus on areas including asset recovery and conversion of charges into convictions.
SymphonyAI Engagements
To close out this edition of Risk Radar, SymphonyAI has been involved in several recent events and engagements, which we thought we would update you on here, alongside future opportunities for you to meet us in person.
Recent events
April 2026
Event: ACAMS Assembly Hollywood
SymphonyAI was on the ground at ACAMS Assembly Hollywood in Florida, with a busy and engaged booth full of interested industry representatives. Alongside the discussion on the conference floor, Brian Ferro also hosted a fascinating talk about AI Agents with representatives from M&T Bank and TD Bank Group, AI Agents in Financial Crime Compliance: Threat or Trusted Ally?
Event: The 4th Annual FinCrime Leaders Summit Europe
Held in Amsterdam on 23 April, this industry conference shared a wealth of insights across AML, Sanction and fraud. SymphonyAI had the pleasure to present on the topic of Integrated Intelligence: Applying Agentic AI to Financial Crime Control, sharing why traditional automation has hit its limits and how to advance with agentic AI with the right risk signals, the right AI agents, and the right momentum.
Webinar: From Theory to Action: AI Agents Transforming Financial Crime Compliance in Real-Time
Craig Robertson (SME) and Jordan Hoo (AGC Solutions Consultant) hosted a webinar with the Asia Institute of Chartered Bankers (AICB). The session discussed Always-on Compliance and included a demo of Symphony Risk Intelligence. The session was attended by over 200 attendees from Malaysia, Singapore and Australia.
Webinar: Re-engineering the Risk-Based Approach
During this webinar, Re-engineering the risk-based approach: Agentic AI as the engine of continuous risk assessment & control calibration, Elizabeth Callan presented her thought leadership on how agentic AI can positively disrupt how the risk-based approach is deployed within financial institutions and can continuously and autonomously inform and influence FI risk assessments and drive risk-based control calibration.
Looking ahead
June 2026
Economic Crime Prevention Europe 2026 – 10-11 June
Economic Crime Prevention Europe 2026 – Zurich returns for its fifth year, uniting 400+ senior compliance executives, regulators, and enforcement leaders across fincrime domains. SymphonyAI’s Charmian Simmons joins the programme with a keynote session – “From Intelligence to Control: Solving the hidden FinCrime detection gap with intelligence”. We look forward to seeing you there.
Online webinar w/ EY – 18 June
Register today for From Regulation to Action: Getting EU AMLA-ready and hear from Charmian Simmons and a guest speaker from EY talk about the latest open public consultations for several AMLA RTS’s, including Articles 28(1), 19(9) on CDD, and how to get AMLA-ready in 2026.
—
That’s it from this issue of Risk Radar. If you’d like to discuss any of the themes covered here, from risk-based supervision to AI-led compliance transformation, simply get in touch and we’d be happy to continue the conversation.
Recent resources
Why the Know Your Customer (KYC) Market Is Shifting to Continuous Risk Monitoring
Celent Vendor Profile – SymphonyAI KYC
Case study: Spanish bank hugely reduces screening false positives
Whitepaper: The New Financial Crime Ecosystem
Going beyond continuous compliance with Always-on Compliance
Learn more about Symphony Risk Intelligence
Contact us to find out more about Symphony Risk Intelligence and Always-on Compliance and to receive a personalized demo.