top of page

Regulatory Roundup - December 2025: New Transparency Rules, Expanding AI Oversight, and Rising Civil Liability

  • Writer: Steve Marshall
    Steve Marshall
  • 3 days ago
  • 5 min read

As we close out 2025, one theme is undeniable: regulators are driving accountability deeper into the financial system. Beneficial ownership transparency laws at the US state level and in the UK are advancing. Civil litigation is emerging as a powerful follow-on risk to sanctions and AML failures. State-level AI governance is accelerating in the absence of federal intervention. And rapid movement in digital assets, instant payments, and fair-access expectations continues to reshape operational priorities. This month’s roundup highlights the developments that will define early 2026, and the readiness steps that can’t wait.


ree


SPECIAL ANALYSIS: 2025 in Review and What to Expect in 2026


2025 Financial Crimes Trends 

2025 was defined by stronger cross-border enforcement, sharpened AML expectations, and major steps toward crypto regulatory clarity. Regulators zeroed in on governance failures and data-driven oversight, making it clear that delayed escalations and weak monitoring controls will no longer be excused. Instant payments continued to accelerate globally, pushing institutions to detect fraud and sanctions risks in real time. 


AI also moved firmly onto the regulatory agenda. Model transparency, explainability, and drift monitoring became foundational requirements, especially as more institutions apply machine learning to onboarding and customer risk decisions. At the same time, fair access and anti-debanking scrutiny intensified, requiring better documentation for both onboarding and exit decisions. 


Enforcement & Penalties Surge in 2025 

A year of record enforcement highlighted that ineffective governance carries significant financial and reputational consequences: 

  • $216M OFAC penalty (GVA Capital) tied to Russian sanctions risk 

  • €21M penalty (Coinbase) for failures across 30M+ transactions 

  • £39.3M FCA fine (Barclays) for CRA monitoring gaps 

  • $80M CSBS action (Cash App) for systemic AML weaknesses 

  • $45M SEC fine (Robinhood) for delayed SAR escalation 


Across sectors, the message was consistent: high-risk activity demands proactive, well-documented controls. 


Looking Ahead to 2026 

Supervisors will intensify reviews of AML program effectiveness, UBO validation, and high-risk jurisdiction exposure. Crypto compliance expectations will expand—particularly around custody, disclosures, and evasion detection. Instant payment risk governance will be tested, demanding millisecond-speed detection and resilient alert handling. 


AI governance is poised to become a standard exam domain, reinforcing model documentation, lineage, and bias mitigation. Meanwhile, fair access expectations will require institutions to justify account exits with a defensible, risk-based rationale. 


Compliance Leaders Will Move First 

2026 will reward organizations that modernize early in improving sanctions screening, operationalizing AI oversight, aligning crypto policies to new rules, and ensuring high-quality data underpins every decision. Accountability is rising. Now is the moment to build programs that are compliant and resilient. 


ANTI-MONEY LAUNDERING (AML)


UK’s ECCTA puts identity verification front and center, takes effect 18 November 2025 

Beginning 18 November 2025, mandatory identity verification requirements under the UK’s Economic Crime and Corporate Transparency Act (ECCTA) will apply to all new directors, LLP members, and persons with significant control (PSCs). The policy aims to curb criminal misuse of the UK’s open economy while improving Companies House data quality. Organizations, including charities structured as companies, must be equipped to understand and validate complex ownership structures with precision, supported by strong entity resolution technology that can surface the true ultimate beneficial owners. 


Going live January 2026: New York’s LLC Transparency Act, requiring beneficial ownership reporting 

Beginning January 1, 2026, LLCs formed in New York—as well as foreign LLCs registered to conduct business in the state—must report beneficial ownership information or attest to an exemption. Designed to expose illicit financial activity and increase accountability, the law requires detailed identity data for each applicant and beneficial owner, including legal name, DOB, verified address, and a government-issued ID number. With New York a global financial hub, organizations that assumed BOI mandates were on hold after FinCEN’s CTA delay must now prepare for wide-ranging compliance and operational impacts. 


FinCEN signals broader use of Section 311 to target Mexican gambling transactions 

FinCEN has issued a Notice of Proposed Rulemaking (NPRM) designating a category of transactions tied to 10 Mexican gambling establishments as “of primary money laundering concern” under USA PATRIOT Act Section 311. The proposal reflects an increasingly dynamic application of Section 311 authorities and suggests a potential shift in FinCEN’s approach to identifying and disrupting money laundering networks. If finalized, U.S. financial institutions would be required to implement “special measures” — making it essential to assess current policies, controls, and system readiness now.  


Debanking under scrutiny: regulators signal focus on discriminatory account closures 

Regulators are actively reviewing a rising volume of complaints alleging unfair “debanking,” with indications that some cases may involve discrimination based on religion or political affiliation. This heightened oversight is expected to lead to new regulatory actions and clearer enforcement expectations. Financial institutions should proactively examine complaint datasets, customer risk rating methodologies, and account closure policies to ensure decisions are grounded in objective, measurable, and non-discriminatory criteria—and be prepared to remediate issues if identified. 


SANCTIONS


10 key sanctions areas to watch in 2026 

  1. Russia remains a priority 

  2. Enforcement activity is high and likely to increase 

  3. Balancing China’s dual role – key trading partner vs. political rival 

  4. Points of divergence between US, UK, and EU sanctions grow 

  5. Uncertain fate of US tariffs 

  6. Expansion of extraterritorial reach 

  7. Growing regulatory requirements and expectations 

  8. Whistleblowing as a key method of intelligence 

  9. Economic tools beyond sanctions 

  10. Novel use of sanctions 


Sanctions breaches now driving civil liability; landmark ruling raises the stakes 

A recent court decision found a financial institution civilly liable for financing a genocidal military campaign in Sudan, even after the firm had already admitted to sanctions violations in prior enforcement actions. The ruling signals a new era of accountability: sanctions compliance failures can trigger litigation long after regulatory penalties are resolved. Institutions must now expand their risk assessments to consider exposure from private plaintiffs who may build cases on historical enforcement records—driving higher compliance expectations and costs. 


Binance and former CEO face civil suit alleging support of terror financing 

US nationals injured in the October 7, 2023 Hamas attack have filed suit against Binance and its former CEO, alleging the platform “knowingly, willfully, and systematically” facilitated millions of dollars in transfers for designated terrorist groups. This action further establishes a growing trend where sanctions and AML failures trigger private litigation in addition to regulatory enforcement. Like traditional financial institutions, fintechs must now factor civil exposure into their sanctions risk frameworks and ensure controls can stand up to heightened legal scrutiny. 


Record OFAC penalty signals heightened scrutiny of US real estate transactions 

OFAC has issued a $4.7 million penalty—its largest ever against an individual—for willfully purchasing, renovating, and selling property linked to a blocked Russian oligarch. The years-long pattern of violations exposed multiple parties to sanctions risk and underscores OFAC’s intensified focus on real estate as a channel for illicit finance. Buyers, sellers, brokers, and investors must ensure robust due diligence that identifies indirect ownership and flags sanctioned actors before a transaction proceeds.   


ARTIFICIAL INTELLIGENCE & DIGITAL ASSETS


State AI transparency and governance rules expanding fast across the US 

State governments continue to advance their own AI oversight rules focusing on transparency, accountability, and responsible model governance. As laws diverge across California, Colorado, Utah, Texas (and others soon to follow), organizations must pinpoint their obligations and adjust policies, controls, and documentation to match. Compliance will increasingly require a coordinated approach that can handle varying regulatory demands without slowing innovation. 


ree

Specialized support for evolving compliance challenges


As regulatory expectations advance and legal risks evolve, FinScan’s Advisory Services offer the insight and hands-on guidance organizations need to stay proactive. Whether improving model oversight, elevating data quality, or addressing sanctions and AI-driven risks, our experts help build stronger, future-ready compliance programs. Partner with us to enhance resilience—and move forward with confidence.  


bottom of page