Across the United States, 2025 has marked a clear shift in how regulators approach financial-crime oversight. Penalties are larger, enforcement is broader, and agencies are taking a more coordinated approach to identifying and correcting AML deficiencies. For financial institutions, fintechs, MSBs, and wealth managers, this year’s actions send a simple message: strong intentions are no longer enough. Examiners now expect programs that can demonstrate effectiveness, not just meet procedural requirements.
A Record Year for U.S. Enforcement
This year was one of the most active enforcement periods in the past decade. In the first half of the year alone, U.S. regulators issued approximately 139 penalties totaling roughly US$1.23 billion. That represents a 417% increase compared to the same period in 2024.
This surge wasn’t limited to traditional banks. Enforcement actions ranged across:
- Money services businesses
- Fintechs and neo-banks
- Broker-dealers
- Wealth and investment firms
- Crypto and digital asset platforms
- Global correspondent networks connected to U.S. flows
What’s notable is that regulators are not only issuing more penalties; they’re focusing on structural weaknesses that undermine program effectiveness. Many cited failures relate to governance, monitoring coverage, alert quality, and data integrity.
Regulators are also signaling that this heightened scrutiny will continue into 2026 and expand into adjacent areas of financial-crime oversight. Several agencies, including FinCEN, the OCC, and state regulators, have indicated that upcoming examinations will place greater emphasis on program effectiveness testing, governance documentation, and the use of technology to support increasingly complex risk profiles. This means institutions will not only be evaluated on whether policies exist but on whether the underlying controls work consistently across products, subsidiaries, and third-party partners.
Another emerging trend is regulator interest in how institutions manage partner and fintech-embedded risk. Banks working with payment processors, crypto on-ramps, cross-border remitters, or digital onboarding platforms are being asked to prove they can trace monitoring decisions end-to-end. This pressure aligns with the broader enforcement theme: fragmented tools and legacy workflows are no longer acceptable when transaction velocity and customer acquisition models create continuous exposure.
For many organizations, these signals point to a clear takeaway: modernization is no longer optional. Institutions that proactively strengthen data integrity, automate investigations, and adopt risk-based screening tools will be in a far stronger position heading into the 2026 exam cycle.
What Regulators Appear to Be Zeroing In On
- Data Quality and List Completeness
Several enforcement actions highlighted outdated sanctions and PEP data, incomplete list coverage, and monitoring gaps for high-risk jurisdictions. Firms relying on fragmented or static data faced scrutiny for missing high-risk relationships and failing to refresh data frequently enough.
- Weak Transaction Monitoring and SAR Backlogs
Regulators pointed to outdated models, poor threshold governance, and insufficient context in SARs. Backlogs—particularly those affecting crypto and cross-border flows—appeared frequently in enforcement narratives.
- Program Governance and Board Oversight
Similar to recent OCC actions, many institutions were cited for governance gaps, including:
- Limited Board reporting
- Unclear ownership of AML systems
- Insufficient resources assigned to high-risk business lines
- Fintech and MSB Controls
The coordinated multi-state consent order against Wise US, Inc. served as a reminder that money transmitters, payment companies, and fintechs must operate AML programs that match their scale. Regulators expect monitoring systems, customer risk models, and screening processes to evolve with transaction volume and new product launches.
- National Security–Linked Risks
New actions under the FEND Off Fentanyl Act signal that AML enforcement is expanding into geopolitical and national-security arenas. This includes expectations for monitoring related to opioid precursors, cross-border gambling networks, and cartel-linked entities.
The Emerging Standard: Demonstrable Effectiveness
The theme across 2025 enforcement is clear: regulators are no longer satisfied with checklists, policies, or periodic updates. They want evidence that programs:
- Identify true risk
- Reduce false positives
- Detect suspicious activity faster
- Produce higher-quality investigations
- Maintain clear audit trails
- Adjust dynamically to new threats
This shift mirrors broader global trends, including FATF’s focus on outcomes over documentation.
How Compliance Teams Can Strengthen Their AML Programs for 2026
- Refresh Data Sources and Expand Coverage
Ensure sanctions, watchlists, PEPs, and adverse media sources are comprehensive and updated sub-daily. Outdated or incomplete data was one of the most common drivers behind penalties.
- Modernize Screening and Monitoring Models
Review thresholds, matching rules, typologies, and country-risk factors. Document the rationale behind each change. Examiners increasingly expect clear governance around model performance.
- Reduce Noise and Backlogs With Better Triage
Use analytics and automation to prioritize true-risk alerts, route investigations automatically, and suppress repetitive false positives.
- Strengthen Program Governance
Clarify ownership, improve Board reporting, and align staffing to risk. Regulators expect resource decisions to match your institution’s product mix and geographic footprint.
- Integrate Onboarding, Monitoring, and EDD
Break down silos between onboarding due diligence, ongoing monitoring, and EDD reviews. Consistency across the customer lifecycle is now a core expectation.
- Use Technology and AI to Improve Accuracy and Auditability
Adopt tools that apply machine learning, natural-language processing, and workflow automation to enhance screening accuracy and reduce manual effort. Modern solutions can spot hidden ownership connections, classify risk signals, and surface relevant adverse media faster than traditional methods.
Where Alessa Helps Institutions Stay Ahead
Alessa supports compliance teams navigating rising regulatory demands with a platform built for accuracy, efficiency, and auditability:
- Global coverage of sanctions, watchlists, PEPs, and adverse mediaHigh-precision matching that reduces false positives and improves analyst productivity
- 360° Client View consolidates customer risk data across onboarding and monitoring
- Advanced triage and case management, routing alerts based on severity and entity type
- Usage-based data model to control costs without sacrificing quality
- PEP scoring model that evaluates geography, role, exposure, and relationships
- False Positive Analyzer to help teams tune matching rules based on evidence
With enforcement accelerating, institutions that invest in more intelligent risk detection, supported by the right data and technology, will be better equipped to demonstrate program effectiveness and manage regulatory expectations.
Final Thoughts
The enforcement wave of 2025 is more than a temporary spike. It reflects a new standard emerging in U.S. AML supervision, one that emphasizes performance, responsiveness, and cross-functional controls. For compliance leaders, now is the time to solidify foundations, modernize screening processes, and build programs that can stand up to heightened scrutiny.
Alessa