The release of the 2025 Opinion on the risks of money laundering (ML) and terrorist financing (TF) by the European Banking Authority (EBA) is considered a critical point in the development of a new anti-money laundering system in the EU. Publication of the Opinion dated July 28, 2025, addresses vulnerabilities that arise when financial technology and digital assets rapidly grow, with focus on inadequate compliance among fintech firms. As the EU modernizes its financial architecture, the EBA’s findings highlight the friction between innovation and regulatory safeguards.
As announced in the Opinion, 70% of competent AML/CFT authorities in the EU perceive fintech as a high or even growing ML/TF risk. This figure is an indicator of a growing anxiety about poor due diligence of customers, lack of proper governance, and the use of third-party service providers who have little oversight. Digital offerings/services and their aggressive growth have resulted in new risk profiles that require innovative assessment of the suitability of current AML frameworks in a dynamic financial environment, which places regulators under pressure to alleviate them.
Governance and compliance challenges within fintech
Inadequate internal structures and expertise
The EBA points out most fintech companies lack adequate AML/CFT governance and trained or adequate compliance officers. This deficiency establishes an imperfect fit between expectations of regulation and the capacity of institutions, which may invite variations in depth or execution of fundamental controls. Companies that focus on the number of users and market share run the risk of losing the specific focus on risk management, and thus become susceptible to the abuse of their services by organized criminal groups.
Aggravating the situation is the fact that the level of innovation is extremely high. Examples of fintech business models, such as neobanks or decentralized finance platforms, are known to adopt technology at a pace that supervisory frameworks cannot keep up with. Here, the enforcement weaknesses arise, especially in the practices regarding onboarding, monitoring transactions, and escalating the same. The Opinion addresses these disparities by recommending that the supervisory enforcement harmonization is achieved and that national regulators should align with each other.
Fragmented supervision and inconsistent enforcement
Many EU member states remain at different stages of developing fintech-specific supervision strategies. The EBA identifies fragmented supervisory approaches as a core problem, stressing the need for cross-border coordination and knowledge-sharing mechanisms. Without unified practices, firms operating across jurisdictions may exploit regulatory arbitrage, choosing locations with more lenient oversight or slower enforcement.
The upcoming EU AML Authority (AMLA), scheduled to be operational by 2026, is intended to address this gap. The EBA’s 2025 Opinion is therefore viewed as both a diagnostic tool and a foundation for AMLA’s agenda-setting, especially in monitoring the fintech ecosystem and ensuring uniform rule application.
The role of RegTech: promise and pitfalls
Regulatory technology adoption and system misuse
The emergence of RegTech, which is targeted in the direction of automation and use of data analytics to increase compliance, is both a solution and a problem. The EBA notes that although there may be efficiencies that can be achieved using RegTech tools to facilitate AML/CFT, such tools are increasingly being used improperly. Based on searching in the EuReCA databases, worse cases of compliance failures that were reported were linked to improper implementation of RegTech solutions in over 50 percent of the cases recorded between 2023 and 2025.
Causes of these failures are usually attributed to improper integration, lack of thorough training of staff, or over-reliance on the outcomes of the automated processes without checking. Contrarily, technologies that have been implemented to soften risk can spur up exposure when there are no checks to govern it. The EBA has encouraged the companies to implement RegTech responsibly, citing the importance of control, clarity of algorithms, and risk-sensitive design.
Operationalizing RegTech in AML systems
In order to be able to enjoy the advantages offered by RegTech without creating additional vulnerability, the EBA suggests placing these tools at the center of broader AML schemes, including continuous capacity-building of the staff and internal auditing procedures. Through the Opinion, it is indicated that future regulatory guidance is likely to outline additional detail in relation to minimum standards in RegTech deployment within a high-risk environment, especially when start ups have no in house-compliance experience.
Crypto assets as a persistent high-risk sector
Regulatory pressure on crypto-asset service providers
The EBA 2025 Opinion provides much consideration of crypto assets and how crypto-asset service providers (CASPs) act. The popularity and momentum of investment and regulation in the EU, which are embodied in the Markets in Crypto-Assets Regulation (MiCA) for the crypto market, have nonetheless observed authorized CASPs increase by more than 150 percent between 2022 and 2024. Nonetheless, the report establishes that most CASPs continue to have weak AML infrastructure, poor due diligence processes and weak transaction monitoring systems.
The Opinion stresses the need for full and uniform implementation of the EU’s crypto regulatory frameworks. Supervisors are encouraged to use thematic inspections and targeted audits to prevent CASPs from using structural gaps or jurisdictional inconsistencies to avoid scrutiny.
Exploiting loopholes and evolving criminal methods
The report also highlights how certain CASPs manipulate unregulated peer-to-peer channels or use privacy coins and mixers to obscure transaction origins. These tactics reduce traceability and complicate enforcement efforts. Criminal groups increasingly rely on these mechanisms to launder illicit proceeds through a mix of crypto and fiat paths, demanding a more sophisticated supervisory response.
Emerging threats from automation and AI
Criminal adaptation and AI-driven laundering
The EBA’s 2025 Opinion underlines the growing sophistication of criminals using artificial intelligence (AI) to forge documentation, generate synthetic identities, and deploy automated laundering across jurisdictions. Deepfake technology has been weaponized to bypass identity verification systems, while generative AI enables criminals to simulate customer activity and build realistic transaction patterns that evade basic detection.
The EBA encourages financial institutions to upgrade their AML detection systems to incorporate AI-driven pattern recognition while maintaining robust human-in-the-loop processes. Staff training must evolve to reflect the new AI-based typologies emerging in money laundering schemes.
Responsible AI and regulatory expectations
The Opinion urges responsible use of AI within institutions, calling for documentation of AI use cases, explainability of algorithmic decisions, and redress mechanisms for false positives or automated rejections. Supervisors are encouraged to strengthen internal AI risk assessment protocols and evaluate institutions based on their ability to govern emerging technologies responsibly.
Impact on EU AML legal and supervisory frameworks
Guiding legislative reform and risk assessment
The EBA’s 2025 Opinion is timed to feed into the European Commission’s Supranational Risk Assessment (SNRA), a central mechanism for evaluating systemic ML/TF threats across the EU. The Opinion also supports implementation of the AML package adopted in 2023, which includes uniform due diligence requirements and the establishment of AMLA as a direct supervisory authority over high-risk entities.
The EBA notes that poor sanctions implementation remains a vulnerability, particularly in jurisdictions with complex ownership structures and limited access to beneficial ownership data. Its forthcoming guidelines on sanctions compliance, effective from late 2025, aim to clarify expectations and reduce institutional disparities in how restrictive measures are applied.
Institutional reform and regulator capacity-building
The report stresses that regulators themselves must invest in capacity-building to understand the technologies shaping fintech and crypto ecosystems. Recruiting data scientists, AML technologists, and fintech analysts into supervisory teams is viewed as essential. This forward-looking approach reflects the EBA’s view that AML supervision cannot remain static while the financial sector undergoes digital transformation.
Stakeholder and public commentary on the EBA Opinion
Industry analysts view the EBA’s 2025 Opinion as a call for recalibration. Some argue that fintech’s AML lapses stem from the sector’s prioritization of scalability over compliance maturity. Others believe that regulatory uncertainty has left startups confused about which rules apply, particularly in cross-border service delivery.
Public discussions following the report’s release reflect a mixture of concern and support. Financial crime researchers underscore the importance of balancing innovation with security. The scale and complexity of emerging threats—including AI-enhanced laundering—demand agile, technology-literate regulatory structures. Several commentators note that EBA’s recommendations may be a prelude to more intensive scrutiny of startups and tech-heavy financial institutions in the coming regulatory cycle.
The future of AML supervision in a fintech-driven EU market
As fintech continues reshaping the EU’s financial sector, the EBA’s 2025 Opinion crystallizes the dual challenge of encouraging innovation while containing financial crime risks. More effective integration of RegTech solutions and enhanced monitoring of the crypto players, or making institutions ready to face the AI-enhanced risks, the report reveals the path of regulatory modernization.
How successful the EU will be in using these lessons will be determined by how agile its organizations are and whether or not fintech providers are willing to invest in compliance as a central business process as opposed to a compliance feature. Such a juggling act will affect not only the strength of the EU economic integrity but also that of the entire international image of its financial technology sector.
The coordination across the supervisory functions, accountability and technological vision will spell the difference between the resilience in the system as the regulatory architecture reacts to new risks. The 2025 Opinion shows that this critical point is to be reached now, and the EU has to choose the way it may use innovation without jeopardizing security, as the latter will determine the EU financial future in the next several years.