AML legislation faces unprecedented challenges as criminal cash generation reaches alarming levels. The National Crime Agency estimates that over £12bn of criminal cash is generated annually in the UK, with money laundering potentially impacting hundreds of billions.
In the United States, authorities recorded 11,472 anti-money laundering events, highlighting the urgent need for robust solutions. Given these points, financial institutions must navigate increasingly complex AML CFT regulations while avoiding costly penalties.
Just recently, T.D. Bank affiliated entities agreed to pay more than $3.1 billion in financial penalties—one of the largest ever imposed on a financial institution. Meanwhile, the global anti-money laundering market is projected to grow from $1.73 billion in 2024 to $4.24 billion by 2030, at a CAGR of 16.2%.
In this article, we examine critical reforms to money laundering regulations that U.S. banks must understand to prepare for 2030. We’ll explore enhanced due diligence obligations, risk assessment reforms, simplified due diligence rules, expanding regulatory scope, and currency threshold adjustments. These insights will help your institution build effective, risk-based AML programs that protect both national security and the integrity of the U.S. financial system.
Enhanced Due Diligence (EDD)
Enhanced Due Diligence (EDD) remains one of the most misunderstood components of AML legislation, creating compliance challenges for financial institutions. The Financial Action Task Force (FATF) requires EDD for high-risk situations where there is increased vulnerability to fraud, corruption, tax evasion, money laundering, and terrorist financing. Financial institutions must distinguish between “complex” and “unusually complex” transactions when determining appropriate due diligence measures. According to UK Money Laundering Regulations, EDD is specifically required when transactions are complex or unusually large, follow unusual patterns, or have no apparent economic or legal purpose.
To identify what constitutes “complex,” banks should evaluate:
- The number of parties involved
- Multi-layered structures obscuring beneficial ownership
- Complicated payment/settlement arrangements
- Valid business reasons for complexity
For “unusually large” transactions, institutions must establish what exceeds normal parameters for their specific business model. This assessment varies significantly between organizations – what may be unusually large for one institution might be standard for another. Furthermore, banks must document how unusual transactions are classified and handled in their policies, controls, and procedures.
FATF Classifications and EDD Requirements
A critical distinction exists between countries designated under FATF’s “Call for Action” versus those under “Increased Monitoring.” This distinction fundamentally alters EDD requirements:
Call for Action Countries: These high-risk jurisdictions have significant strategic deficiencies in their regimes to counter money laundering and terrorist financing. The FATF explicitly requires enhanced due diligence for all relationships with these jurisdictions. In severe cases, countermeasures may be necessary, such as terminating correspondent relationships with banks from these countries.
Money-laundering storm engulfs Toronto-Dominion Bank, shaking Canada’s image of financial stability
Increased Monitoring Countries: Often externally referred to as the “gray list,” these jurisdictions are actively working with FATF to address strategic deficiencies. Notably, the FATF does not call for the application of enhanced due diligence measures for these jurisdictions. Instead, institutions should incorporate this information into their risk analysis while ensuring legitimate financial flows continue.
The practical impact for U.S. banks is substantial. FinCEN advises financial institutions to consider FATF’s stance when reviewing their obligations and risk-based policies. Consequently, institutions must maintain separate procedures for each category to avoid costly compliance errors.
High-Risk Sectors
Certain business sectors inherently require scrutiny under AML CFT regulations. Cash-intensive businesses represent a particular challenge as they may be misused by money launderers to legitimize illicit proceeds. These include:
- Convenience stores
- Restaurants
- Retail stores
- Privately owned ATMs
- Vending machine operators
When establishing relationships with such entities, banks must complete comprehensive due diligence at account opening and periodically throughout the relationship. Additionally, attention must be paid to the source of funds and wealth – a key distinction between standard CDD and EDD. The European Banking Authority has expanded sector-specific guidance to include newer business models such as crowdfunding platforms, corporate finance, and payment initiation service providers. This reflects how supervisory expectations continue evolving as financial services transform.
Financial institutions should implement risk-based monitoring procedures that increase the degree and nature of supervision for high-risk relationships. Indeed, this ongoing monitoring represents an essential element of effective EDD implementation, ensuring suspicious activities are promptly identified and reported.
Customer Due Diligence (CDD) Framework
The Customer Due Diligence (CDD) framework forms the foundation of effective AML legislation. Recent reforms aim to address longstanding gaps in the existing system, balancing security needs with operational efficiency. Financial institution failures, though uncommon, create urgent challenges for displaced customers needing immediate banking access.
To address this scenario, regulators have introduced to standard CDD requirements, allowing customers of insolvent banks to access new accounts more rapidly specialized carve-outs. These exceptions primarily focus on streamlining verification processes during banking crises, ensuring financial continuity for affected individuals and businesses. The carve-outs represent a practical response to real-world contingencies, recognizing that displaced customers shouldn’t face additional hurdles during already stressful circumstances. Moreover, these provisions acknowledge that prior verification conducted by the insolvent institution can sometimes be leveraged, reducing redundant documentation requirements.
Risk Assessment Reforms
Contrary to initial proposals, financial institutions will not be explicitly required to use the National Risk Assessment (NRA) as the primary source for their own risk assessments. This decision follows industry feedback highlighting the need for flexibility in risk modeling approaches. The NRA should nevertheless serve as “a starting point to inform national strategies and policies, development of an action plan and prioritization of risk”.
KuCoin faces $14 million fine for failing to comply with Canadian anti-money laundering rules
In essence, institutions must incorporate NRA insights while maintaining the freedom to develop customized risk frameworks appropriate to their specific business models. This approach aligns with the Financial Crimes Enforcement Network’s (FinCEN) emphasis on “effective, risk-based, and reasonably designed AML/CFT programs”. Regulators will focus on ensuring supervisory guidance clearly articulates how to conduct proper risk assessments, encouraging sector-specific examples rather than mandating one-size-fits-all methodologies.
Digital Identity Verification (IDV) Reforms
The financial sector’s digital transformation has prompted regulators to address electronic identity verification methods. In 2025, a joint guidance from the Treasury and Department for Science, Innovation and Technology will outline acceptable digital approaches for identity verification under AML CFT regulations.
This guidance arrives as digital identity verification (IDV) becomes increasingly critical for financial institutions seeking to:
- Mitigate fraud risks through advanced technology including biometrics and AI
- Ensure compliance with complex multi-jurisdictional regulations
- Accelerate customer onboarding processes without compromising security
The 2025 guidance acknowledges that high-assurance mobile driver’s licenses, eIDAS credentials and other NIST IAL 2+ artifacts can satisfy CIP “reasonable belief” requirements. This marks a significant shift from paper-based verification toward digital-first approaches that better serve today’s online banking environment.
FinCEN has further demonstrated commitment to technological advancement through its joint tech sprint with the FDIC, focusing on digital identity innovation. This initiative reflects the AML Act’s purpose of “encouraging technological innovation and the adoption of new technology by financial institutions to more effectively counter money laundering and the financing of terrorism”.
Beyond mere compliance, these reforms support a wider modernization of the Bank Secrecy Act, promoting both innovation and financial inclusion. Ultimately, the changes allow institutions greater flexibility to adopt verification methods suited to their business models without compromising the fundamental objective of preventing financial crime.
Simplified Due Diligence (SDD)
Simplified Due Diligence (SDD) represents the lowest tier of customer verification within AML legislation, allowing financial institutions to streamline onboarding for low-risk clients. This approach enables banks to allocate resources more efficiently while maintaining regulatory compliance.
Pooled Client Accounts (PCAs) present unique challenges under revised AML CFT regulations. Financial institutions must now maintain greater transparency regarding the underlying clients whose funds are aggregated in these accounts. Essentially, banks must establish clear policies determining when and how to access identity information for individuals within pooled arrangements.
The updated requirements specify that entities managing PCAs must make beneficial ownership information available upon request, even when simplified measures are applied. Previously, financial institutions could rely solely on the identity of the entity managing the pooled account. Currently, organizations must verify that PCA managers have robust procedures for collecting and storing underlying client identities.
The Financial Action Task Force (FATF) has broadened scenarios where Simplified Due Diligence may be appropriate. Unlike previous approaches that automatically applied SDD to predefined customer categories, financial institutions must actively demonstrate low risk through documented analysis.
Accordingly, the following scenarios now potentially qualify for SDD application:
- Public authorities and state-owned enterprises
- Companies listed on regulated exchanges with adequate beneficial ownership disclosure
- Insurance products without cash payouts except upon specific trigger events
- Pension schemes where contributions come via wage deductions and member interests cannot be assigned
Financial institutions must document their risk analysis and justify the implementation of simplified measures. Furthermore, the level of simplification must be proportionate to the assessed risk level. Despite streamlined processes, SDD still requires adherence to the four core components outlined by FATF.
Financial institutions must implement appropriate safeguards to prevent misuse of simplified procedures. Critical controls include periodic review of SDD classifications and ongoing monitoring to detect unusual activity patterns incompatible with low-risk profiles. Obviously, SDD remains inappropriate for customers from jurisdictions subject to FATF countermeasures or countries with inadequate AML/CFT frameworks.
Newton psychologist Eric Brown pleads guilty to wire fraud and money laundering charges
The CDD Rule still requires covered institutions to understand the nature and purpose of customer relationships even when applying simplified measures. Under SDD regimes, this understanding may be developed based on relationship type and historical transaction patterns rather than through extensive information gathering during onboarding.
For U.S. banks preparing for 2030, striking the right balance between simplified procedures and effective controls will be crucial for both regulatory compliance and operational efficiency. Surprisingly, automated SDD processes represent a significant opportunity for innovation, allowing institutions to enhance both compliance outcomes and customer experience simultaneously.
Expanding Regulatory Scope
Recent changes to aml legislation focus on closing regulatory gaps in areas historically vulnerable to financial crime. These expansions respond directly to emerging threats while strengthening the overall integrity of the financial system.
Trust and Company Service Providers (TCSPs) have long operated under anti-money laundering oversight, yet a critical gap remained. The government is expanding regulations to include the —pre-formed corporations that can be purchased and activated immediately sale of “off-the-shelf” companies. This addresses a longstanding loophole in the current regime. Criminals often use these readily available corporate structures to create a veneer of legitimacy while concealing true ownership and control of assets.
Interestingly, the Financial Action Task Force (FATF) has identified TCSPs as particularly vulnerable since they facilitate company formation services that can mask asset ownership or transfer assets between persons. The impact on TCSPs is expected to be minimal, as the administrative burden should not significantly increase due to the declining use of off-the-shelf companies in recent years.
The European Anti-Money Laundering Authority (AMLA), operational since July 2025, has placed crypto-assets at the top of its agenda. AMLA’s strategy focuses on the unique vulnerabilities of crypto-asset service providers (CASPs), primarily due to their technological features, cross-border operations, and anonymity-enhancing capabilities. Under the Markets in Crypto-Assets Regulation (MiCA), CASPs must now obtain licenses to provide services in the EU and implement comprehensive aml cft regulations from their first day of operation. This alignment aims to ensure consistent application of AML requirements across the rapidly evolving crypto sector, with AMLA directly supervising larger cross-border crypto businesses.
Originally established in 2017 for UK trusts paying taxes, the Trust Registration Service has fundamentally transformed into a comprehensive registry targeting high-risk arrangements. Currently, virtually all express trusts must register—not just those with tax liabilities. The requirements extend to providing detailed information about beneficiaries and assets, including descriptions and values. Importantly, the TRS will become accessible to a broader class of applicants with “legitimate interests,” effectively creating a public register of trusts. Failure to register can result in penalties and, in extreme cases, imprisonment. For financial institutions, this expansion creates additional compliance obligations, as they must now collect proof of a trust’s TRS registration at the beginning of business relationships.
Currency Threshold Adjustments
Maintaining currency threshold consistency presents ongoing challenges for financial institutions navigating aml legislation. U.S. banks must understand these nuances as they prepare compliance frameworks for 2030. Currency conversion methods critically impact AML compliance requirements. Currently, U.S. financial institutions must convert Euro-denominated thresholds using daily exchange rates. This creates operational complexity, as staff must calculate equivalent amounts for each transaction.
To reduce confusion, some jurisdictions are replacing Euro references with direct local currency equivalents, using a straightforward one-to-one conversion method. For transactions subject to thresholds, institutions must document their conversion methodology, including information sources, calculation responsibilities, and review procedures.
Irvin C. Francois III pleads guilty to CARES Act fraud and money laundering in New Orleans
Threshold adjustments must maintain alignment with international standards. Remarkably, the U.S. currency transaction reporting threshold of, has never been adjusted for inflation $10,000, established in 1972. This outdated threshold has contributed to a 62% increase in CTR filings since 2002. If adjusted for inflation, the 2023 threshold would be approximately $72,880. In response, proposed legislation would raise CTR thresholds to $30,000 and index them for inflation every five years.
Ultimately, supervisory practices often influence compliance more than legislative changes. The Office for Professional Body Anti-Money Laundering Supervision found that while most supervisors comply with regulations, their supervision remains inconsistently effective. Specifically, weaknesses exist in enforcement powers utilization, with declining numbers and values of fines. Fundamentally, effective supervision requires evolution from rule-based to risk-based approaches that encourage preventative measures within regulated sectors.
Conclusion
As we look toward 2030, financial institutions face significant challenges yet also opportunities in adapting to evolving AML legislation. Throughout this analysis, we have examined critical reforms that will reshape compliance frameworks for U.S. banks in the coming years.
The clarification of Enhanced Due Diligence obligations stands out as particularly important, especially regarding the distinction between “complex” and “unusually complex” transactions. Additionally, banks must recognize the crucial difference between FATF “Call for Action” countries versus those under “Increased Monitoring” – a distinction that fundamentally alters their compliance requirements.
Risk assessment reforms likewise represent a major shift, though financial institutions thankfully retain flexibility in developing customized frameworks appropriate to their specific business models rather than rigidly following National Risk Assessments.
Digital identity verification will undoubtedly transform customer onboarding processes, with the forthcoming 2025 guidance expected to formalize acceptable digital approaches. Simplified Due Diligence presents another area of substantial change, particularly regarding Pooled Client Accounts where greater transparency about underlying clients will become mandatory. The expanded scenarios for SDD eligibility offer potential operational efficiencies, provided banks carefully document their risk analyzes and justify any simplified measures.
The scope of AML legislation continues to widen, addressing vulnerabilities through inclusion of off-the-shelf company sales under TCSPs and strengthened cryptoasset regulations aligned with AMLA standards. Meanwhile, the transformation of the Trust Registration Service into a comprehensive registry targets high-risk arrangements through enhanced transparency requirements.
Currency threshold inconsistencies remain problematic for many institutions, though proposed legislation would raise outdated thresholds and index them for inflation. Beyond specific regulatory changes, supervisory practices often influence compliance more than legislative reforms themselves, highlighting the need for evolution from rule-based to risk-based approaches.
U.S. banks that proactively adapt to these reforms will not only avoid costly penalties but also build more effective, risk-based AML programs. Though compliance demands will certainly increase, these changes ultimately serve the dual purpose of protecting national security and maintaining the integrity of the financial system. Financial institutions that embrace technological innovation while carefully balancing compliance requirements with operational efficiency will be best positioned to thrive in this evolving regulatory landscape.