.svg)
Where Regulators Will Strike Next: Lessons from AML Enforcement Actions
2025 proved to be another defining year for anti-money laundering (AML) enforcement and the implications for 2026 are already clear. Regulators are more forensic, more assertive and increasingly willing to revisit historic misconduct.
Fenergo’s Where Regulators Will Strike Next webinar brought together leading experts to unpack global enforcement trends and explore what they signal for compliance leaders worldwide. The discussion offered an analysis of enforcement activity, and the operational realities institutions must confront in the year ahead.
The Persistence of Long-Tail Risk
One of the dominant themes was the prevalence of historic cases. Several enforcement actions in 2025 targeted misconduct dating back a decade or more.
Joy McKnight, Freelance Financial Journalist and Former Editor of The Banker, opened the discussion by underscoring the enduring impact of legacy risk, noting that “Investigations traced issues back more than a decade, reinforcing the dominance of legacy and historic cases.”
Ruth, Partner in the Corporate Crime and Investigations Team at US law firm Michelman Robinson, explained that regulators are deliberately re-examining past conduct with greater forensic capability and far less tolerance for delay. As she put it, they are “no longer treating the passage of time as a mitigating factor, but rather as an aggravating factor”.
It is no longer enough to improve controls inclemently over time, those improvements must be demonstrable. Ruth adds that “improvement that can't be evidenced will be treated as if it didn't occur.” For financial institutions, this reinforces the importance of structured governance, clear audit trails and the ability to evidence consistent decision-making across the client lifecycle.
Digital Assets Under Intensified Scrutiny
Although traditional banks remained the most significant recipients of fines, accounting for 56% of total global fine value, digital asset firms experienced a sharp rise in enforcement activity.
Digital asset firms received $1.192 billion in fines, representing 29% of the global total, with fines against the sector increasing by 56% year on year.
The discussion highlighted how the rapid expansion of crypto exchanges, coupled with evolving regulatory expectations, has resulted in intensified scrutiny.
Maturity also plays a role. Traditional financial institutions have had decades to develop and refine AML frameworks. By contrast, many exchanges have scaled quickly without the same depth of compliance infrastructure.
For institutions operating across both traditional and digital ecosystems, the expectation is clear: consistent risk standards, enhanced due diligence and scalable monitoring capabilities are essential.
The Hidden Cost of Enforcement
Headline fines often dominate public discourse, but they tell only part of the story. Jim Richards, Financial Crime Compliance Consultant, underscored this point during the discussion, explaining that “a fine is the first part and often the smallest part of the remediation”. His comment highlighted the broader financial, operational and reputational burden that follows an enforcement action. Following a financial penalty, institutions face multi-year remediation programs, technology overhauls, independent monitors, reputational damage and operational strain.
For boards and executive teams, enforcement should not be seen simply as a regulatory expense. It is a signal of deeper operational and governance weaknesses that require structural change.
Data Quality: The Cornerstone of Resilience
When the conversation turned to technology strategy, a consistent theme emerged: data integrity is foundational.
Panellists stressed the importance of centralized ecosystems rather than fragmented systems holding disconnected information. Without integration and connectivity, institutions struggle to respond efficiently to regulatory requests and demonstrate defensible decision-making.
Jim Richards emphasized the importance of strong data foundations, stating, “You have to have clean, consistent, labelled data before you can deploy AI or machine learning.”
He also reinforced the practical realities of documentation and record keeping, explaining that effective information management requires data to be “complete, clean, categorized, current and connected.”
In an environment where regulators increasingly test audit readiness, the ability to retrieve, connect and explain information quickly is essential.
Cross-Border Risk and Governance Gaps
Cross-border enforcement actions also featured prominently in the discussion. Multi-jurisdictional operations often reveal mismatches in expectations between headquarters and subsidiaries, as well as inconsistencies in due diligence standards.
Institutions must ensure that group-level policies align with local regulatory requirements and that risk assessments reflect the full spectrum of cross-border exposure.
Failure to standardize processes across jurisdictions continues to surface as a recurring control gap particularly in cases with complex client structures.
Looking Ahead to 2026
The enforcement trajectory is clear: regulators are becoming more coordinated, more technologically sophisticated and less tolerant of weak governance frameworks.
Historical misconduct remains in scope. Digital asset oversight is intensifying. Data quality and documentation discipline are non-negotiable.
For compliance and technology leaders, the path forward requires:
- Centralized and connected client lifecycle data
- Evidence-based governance and defensible decisioning
- Proactive remediation before regulatory intervention
- Scalable technology frameworks aligned to risk exposure
The cost of inaction is rising, not only in financial penalties, but in operational disruption and reputational impact.
To gain deeper insights into the global enforcement trends shaping 2026, including expert commentary and audience Q&A, watch the ‘Where Regulators will Strike Next’ Webinar on demand.