Regulatory Roundup - August 2025: Rising Standards, Sharper Scrutiny
- Steve Marshall
- Aug 18
- 4 min read
Updated: Oct 2
From sweeping legislative reforms to high-profile enforcement actions, regulators worldwide are signaling that compliance expectations are climbing quickly. FinTechs face heightened AML oversight, Mexico tightens its AML regime, and the US unveils a landmark stablecoin law. Sanctions cases reveal critical control gaps, the FATF warns of persistent terrorist financing risks, and AI governance moves firmly into the compliance spotlight. This month’s developments make one point clear: no matter the sector or jurisdiction, proactive risk management and governance are now essential for staying ahead.
SPECIAL ANALYSIS
Board room discussions around technology governance
In today's corporate landscape, boardrooms are increasingly centering discussions around technology governance. As executive leadership crafts and executes strategy, technology doesn’t merely support operations; it drives strategic direction, risk mitigation, and value creation. This shift is propelled by accelerating changes in data privacy, cybersecurity, and AI regulations, which demand far deeper oversight.
Boards now prioritize evaluating their own technological literacy, staying ahead of regulatory shifts, engaging meaningfully on risk management, and assessing whether their workforce is both skilled and prepared for tech-driven transformation—and scrutinizing technology investments to ensure alignment with corporate objectives. This trend is well-supported by recent data:
A 2025 survey by the National Association of Corporate Directors (NACD) found that over 62% of boards now dedicate full-board agenda time to AI discussions, up from just 28% in 2023.
The number of S&P 500 companies that have designated a committee with AI oversight responsibilities more than tripled in 2025, according to EY’s proxy season review.
Nearly half of Fortune 100 companies cited AI experience as a qualification for board directors in 2025, almost double the 26% who did so in 2024.
These statistics underscore a tangible shift: boards are moving from passive oversight to proactive, expert-led technology governance.
ANTI-MONEY LAUNDERING (AML)
FinCEN delays investment advisor AML rule, plans re-evaluation
FinCEN announced its intent to postpone the enforcement of the Investment Adviser Anti‑Money‑Laundering (IA AML) Rule, shifting the deadline by two years to January 1, 2028 and reopening it for further review. In tandem, FinCEN and the SEC intend to reassess their jointly proposed Customer Identification Program (CIP) requirements. In the meantime, RIAs and ERAs should still examine their processes now to ensure compliance with AML obligations that may be embedded partner contracts. Importantly, this delay does not remove the obligation to maintain an effective sanctions compliance program, including ongoing screening.
GENIUS Act establishes US stablecoin framework
Signed into law on July 18th, the GENIUS Act creates the first federal framework for payment stablecoins. Only approved issuers may issue or redeem stablecoins and must maintain 1:1 reserve backing in low-risk assets. The Act removes these stablecoins from SEC and CFTC oversight, placing regulation with banking authorities. As a result, issuers will need updated compliance risk management programs and technologies capable of handling stablecoin transactions while meeting new regulatory requirements.
Mexico enhances AML regime
Mexico has enacted major reforms to its AML law, expanding “vulnerable activities,” tightening beneficial-ownership rules, and imposing stricter monitoring, reporting, and training requirements. Whether coinciding with or prompted by recent US Treasury actions, the changes mean impacted entities must significantly strengthen their compliance programs.
FATF warns of persistent terrorist financing risks
The FATF’s July 2025 update warns that terrorist groups continue to exploit traditional and digital channels, including NPOs, virtual assets, and shell entities. With 69% of jurisdictions showing major deficiencies in terrorism financing (TF) enforcement, there is a clear need for financial institutions and NPOs to strengthen risk identification and mitigation strategies to avoid unwitting involvement in TF schemes.
COUNTERING THE FINANCING OF TERRORISM (CFT)
OFAC settlement highlights sanctions compliance gaps
Interactive Brokers LLC will pay $11.8 million to settle violations involving 12,367 transactions across multiple sanctions programs. Deficiencies included IP geoblocking failures and weak escalation controls. The case underscores the need for a broad, risk-based approach to sanctions compliance, incorporating IP address screening and stronger alert escalation.
Harman settlement underscores global sanctions compliance needs
Harman International agreed to pay $1.45 million to settle Iran sanctions violations tied to overseas sales. The case highlights the need for a broad, risk-based compliance program that extends policies and controls across all regions and subsidiaries, backed by strong monitoring, testing, and independent audit functions. In global organizations, sanctions compliance cannot be a one-person effort.
ARTIFICIAL INTELLIGENCE (AI)
When AI goes wrong: rising litigation risks in banking tech
Banks face mounting litigation risks tied to AI, particularly algorithmic bias, system failures, and “AI washing” claims where AI capabilities may be overstated or misrepresented. With 75% of financial firms already using AI, 47% have experienced at least one adverse outcome tied to its deployment.
Financial institutions must be prepared to clearly articulate where and how AI is used, including its functionality and security. Equally important is a strong focus on data quality assessment and validation, which are essential components of any effective AI risk management program.
AI governance is now a compliance imperative
Against the backdrop of emerging AI legislation like the EU AI Act and state-level frameworks, AI governance has become integral to legal compliance. Companies must explicitly articulate when and where AI is used in their offerings and be prepared to discuss its development, functionality, and security, especially as global AI and compliance frameworks evolve.
Navigating regulatory change, simplified
With compliance demands becoming increasingly complex, FinScan’s Advisory Services team can guide you through every stage of the journey. Whether improving model governance, elevating data quality, or addressing sanctions and new technologies, we help you advance your compliance program with assurance. Together, we can lay the groundwork for a stronger, future-ready operation. Book a discovery call today.
