With global penalties reaching new highs, the widening of the AML net into non-financial professions and a crackdown on crypto, 2025 was a busy year for both regulators and reporting entities alike.
Here we look back on the year’s most significant anti–money laundering (AML) stories, the lessons they offer, and what they mean for businesses preparing for 2026.
1. Crypto takes centre stage
OKX, one of the world’s largest cryptocurrency exchange platforms was lambasted by the Department of Justice (DoJ) in February for knowingly violating anti money laundering laws.
The breaches occurred over seven years and resulted in penalties totalling over $500 million US dollars. It’s a huge fine but it is estimated OKX facilitated over five billion dollars’ worth of suspicious transactions and criminal proceeds, and repeatedly failed to properly identify customers on whose behalf they were working.
To further exacerbate the issues OKX had with conducting proper client checks, employees actively advised customers on how to circumvent KYC processes, and they did not adequately or consistently use software to monitor and detect suspicious activity.
Learnings: There’s a lot to unpick when looking at the OKX case, but a stand out for us is how important it is for AML compliance to be installed in your culture. Yes, you need a documented process for employees to follow and smart technology to empower them, but leaders need to champion compliance and get buy-in from employees to ensure compliance doesn’t fail.
2. The Australian transformation
While not welcomed by all, Australia finally made the leap to extend its AML regulatory requirements to non-financial businesses, otherwise known as tranche 2 entities. The change has been long anticipated and means from 1 July 2026 Australian real estate professionals, accountants, legal practitioners, and conveyancers will need to comply with the AML/CTF Act.
In practice, this means putting risk-based AML programs in place, conducting customer due diligence, monitoring transactions, and reporting any suspicious activity to AUSTRAC.
This will be challenging and unfamiliar territory for many businesses.
Learnings: As we head into 2026 now’s the time to get ready for Australian reforms (if you haven’t already). One of the biggest challenges businesses face when navigating regulatory changes alone is how much time and effort it really takes, both to set things up correctly and to keep everything running smoothly.
3. Christchurch casino under fire
With large amounts of cash exchanging hands casinos can be considered a tempting proposition for criminals to launder illicit funds, and as such they are considered high-risk entities. Cases such as SkyCity’s breach of AML rules in 2024 resulting in an NZD$4.16 million fine further highlights the risk, and now we add Christchurch Casinos to the list.
In October 2025 Christchurch Casinos got hit by a NZ$5.06 million fine for repeated compliance failures. The Department of Internal Affairs (DIA) identified deficiencies in account monitoring, enhanced customer due diligence, suspicious activity reporting, record keeping and the overall effectiveness of its AML/CFT programme.
While it was noted the breaches were not deliberate, it was also noted sufficient action wasn’t taken after being made aware of the issues.
Learnings: This is a critical point we can all learn from. You may not always conduct AML requirements perfectly every time, it can be open to human error, but you must respond appropriately when failings or risks have been identified. You cannot ignore them, and you can expect repercussions if you systematically fail to meet compliance standards.
4. NZ customer risk ratings introduced
It was no surprise that a more risk-based approach to completing customer due diligence (CDD) was introduced in June 2025 as part of New Zealand’s AML regime.
The changes require risk ratings to be applied to each customer when completing CDD, and updating risk ratings as part of an ongoing due diligence programme.
The aim of this legislative change is to provide transparency on how much risk a customer presents, so you can apply the right level of scrutiny throughout the relationship.
Learnings: Establish a thorough customer risk rating methodology and ensure staff are adequately trained to make this requirement easier to handle. And don’t shy away from using technology to help streamline the process, smart risk-based workflows can go a long way to making this task less time intensive.
5. Core failures uncovered at Barclays
Even the big banks get it wrong sometimes. In 2025 popular UK bank Barclays was fined 42 million pounds by the Financial Conduct Authority (FCA) for failures in its financial crime risk management programme.
Specifically, it identified Barclays did not properly vet two of its clients which resulted in the facilitation of the movement of funds linked to financial crime. They also failed to carry out proper ongoing monitoring.
Learnings: This is a reminder to all of us that customer due diligence isn’t a set and forget process. It requires continuous monitoring, proper analysis of source of wealth and source of funds as well as ensuring the appropriate response to red flags.
6. Monzo takes a hit for past mistakes
The FCA struck again in July, fining Monzo bank over 21 million pounds for anti-money laundering compliance failures spanning nearly two years.
Key among the compliance breaches was the failure to implement and maintain adequate customer onboarding, customer risk assessment, and transaction monitoring systems. These findings resulted in an independent review of Monzo’s financial crime framework being ordered by the FCA.
Therese Chambers, FCA joint executive director of enforcement and market oversight, said:
“Monzo onboarded customers on the basis of limited, and in some cases, obviously implausible information… This was compounded by its inability to properly comply with the requirement not to onboard high-risk customers.”
Learnings: Another reminder that not only do you need robust processes in place to deal with onboarding and high-risk customers, you also need adequate resources, governance, and oversight by senior leadership.
7. Financial institutions feel the wrath of MAS
The Monetary Authority of Singapore (MAS) sends a strong message to nine financial institutions with fines totalling 27.45 million Singaporean dollars.
While it was noted most entities had established AML procedures there were failures in implementation.
Specifically, it was noted that customers risk ratings were not implemented correctly, there were breaches in establishing source of wealth, failures to review transactions flagged as suspicious, and failure to take risk mitigation measures after filing suspicious transaction reports.
Learnings: It’s not enough to create policies and procedures that comply with your jurisdiction, you must ensure these policies and procedures are correctly implemented, and controls are in place to ensure this is done to the required standards.
8. Regulatory reform for NZ
New Zealand passed a number of risk-based amendments to the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 in November.
Once guidance is officially updated it may mean:
- You no longer need to verify the address of a customer, a beneficial owner or a person acting on behalf of a customer when conducting standard customer due diligence.
Note: Electronic identification verification would still require proof of address at times, and address verification would still be required as part of enhanced customer due diligence.
- The time for business to report prescribed transaction reports has been extended from 10 to 20 working days.
- The time for law firms to submit a suspicious activity report to the Financial Intelligence Unit (FIU) has been extended from 3 to 5 working days.
Learnings: AML regimes are subject to change. Entities must stay alert and be ready to evolve and respond to regulatory changes.
9. Pokies take a hit
During the year a well-known poky in Australia faced civil penalty proceedings from AUSTRAC for failure in its approach to its anti-money laundering obligations.
Along with allegations that the business failed to appropriately maintain its AML/CTF program, it was also identified that they did not have adequate risk assessment processes, failed to appropriately train staff, and did not conduct proper due diligence or customer monitoring.
Learnings: While it appears this gaming business had an AML/CTF program in place the lack of maintenance led to compliance breaches. A lesson to all of us that compliance isn’t a set and forget process, it needs to be regularly reviewed, assessed and monitored to ensure it is effective and fit for purpose.
10. Auckland comes under the AML spotlight
When we review breaches in compliance and subsequent penalties from around the world, New Zealand may seem small in comparison, but even smaller cases of AML breaches can have a big impact.
An Auckland-based foreign exchange and money remittance company was fined NZD$1.125 million earlier in 2025 for failing to report suspicious activities and to submit prescribed transaction reports.
While the transactions in question were only undertaken by two individuals the total value was over $19.14 million.
The DIA also advised the business failed to carry out adequate customer due diligence, and relied on questionable verification documents.
Learnings: Use the correct identity documents to verify customers and don’t get complacent. It may seem unlikely that the transactions you are dealing with are part of illicit activity but remember all suspicious transactions have the potential be linked to money laundering or terrorist financing activities.
Conclusion
As always, there’s a lot going on in the AML world and lessons we can learn along the way. This year, we’ve seen how AML obligations can change, and how important it is to be able to adapt and not take a set and forget approach.
2026 will continue to be a year of change for some jurisdictions, but getting the basics right and creating an environment that treats AML capability as an ongoing event will not only help meet regulatory expectations but contribute to the integrity of the global financial system.
