Regulatory Roundup - June 2025: AI, AML, and Sanctions Updates Signal a New Era of Compliance Pressure
- Steve Marshall
- Jun 16
- 3 min read
The last month or so brought a flurry of regulatory developments suggesting rising expectations across financial crime, digital assets, and AI oversight. From Credit Suisse’s guilty plea and new AML enforcement in gambling, to evolving crypto-compliance frameworks and AI cybersecurity standards, regulators are tightening the screws. Here’s what stood out this month.
ANTI-MONEY LAUNDERING
Credit Suisse pleads guilty to tax crimes
Credit Suisse Services AG pleaded guilty and was sentenced last month to conspiring to hide more than $4 billion from the IRS in at least 475 offshore accounts. The guilty plea by the Swiss corporation is the result of a years-long investigation by U.S. law enforcement to uncover financial fraud and abuse.
Strengthening crypto-compliance and monitoring through model risk management best practices
A wave of energy and potential growth has surged in the crypto industry from both users and providers with the changes in the US government’s approach—most notably, the launch announcement of a crypto task force to develop a more comprehensive and clearer regulatory framework for crypto assets. However, the nuanced elements inherent in blockchain and digital assets products pose significant risks if not implemented properly.
Online gambling business fined £2m for AML and other deficiencies
Spreadex Limited—which operates from Spreadex.com—will pay a £2,022,000 penalty after a Gambling Commission investigation revealed AML and social responsibility failings. The company will also have to undergo a third-party audit to ensure it is effectively implementing its AML and safer gambling policies, procedures, and controls. The failures were revealed during a compliance assessment in July 2023 and relate to the operator’s Gambling Commission license to offer casino and fixed odds betting.
SANCTIONS
Voluntary disclosure of export control violations critical for settling criminal liability
The Department of Justice’s (DOJ) recent announcement that it would decline to prosecute a self-reported criminal export control violation demonstrates the continuing importance of prompt, voluntary self-disclosure (VSD) and a strong compliance program to facilitate rapid remedial action. This development underscores that companies should continue to view the DOJ’s VSD policy—which encourages self-disclosure and cooperation as conditions of potential non-prosecution agreements—as integral to internal compliance programs.
FTO designations heighten risks for companies operating in Latin America
Recent Foreign Terrorist Organization (FTO) designations targeting cartels and transnational criminal organizations are expanding DOJ authority and raising enforcement risks for companies operating in Latin America. Businesses must reassess their compliance programs beyond traditional US sanctions frameworks to avoid potential counterterrorism investigations and reputational fallout.
ARTIFICIAL INTELLIGENCE
CISA releases best practices guide for securing AI data
The US Cybersecurity & Infrastructure Security Agency (CISA), the National Security Agency, the Federal Bureau of Investigation, and international partners released a joint Cybersecurity Information Sheet on AI Data Security: Best Practices for Securing Data Used to Train & Operate AI Systems. This information sheet highlights the critical role of data security in ensuring the accuracy, integrity, and trustworthiness of AI outcomes. It outlines key risks that may arise from data security and integrity issues across all phases of the AI lifecycle, from development and testing to deployment and operation.
New ETSI standard to protect AI systems from evolving cyber threats
The European Telecommunications Standards Institute (ETSI) and the UK’s National Cyber Security Centre (NCSC) and the Department for Science, Innovation & Technology (DSIT) have published two documents detailing transparent, high-level principles and provisions for securing AI: A technical specification on ‘Securing Artificial Intelligence (SAI); Baseline Cyber Security Requirements for AI Models and Systems’ and an accompanying technical report that helps stakeholders implement the cyber security provisions, including examples mapped to various international frameworks. The documents are designed to provide stakeholders in the AI supply chain (including developers, vendors, integrators and operators) with a robust set of baseline security requirements that help protect AI systems from evolving cyber threats.
NAIC releases AI/AML survey report for health insurers
The National Association of Insurance Commissioners (NAIC) has released its Artificial Intelligence and Machine Learning (AI/ML) Survey Report, offering a comprehensive overview of how health insurers are leveraging AI/ML technologies. The report explores the extent of AI/ML adoption, the involvement of third-party developers, the structure of AI governance frameworks, and how these frameworks align with the NAIC’s AI Principles and Model Bulletin. A 16-state survey reveals that 84% of health insurers are currently utilizing AI and ML in some capacity.
Stay ahead of shifting regulations with expert guidance
As compliance requirements grow more complex, FinScan’s Advisory Services team is here to support you every step of the way. From strengthening model governance and data quality to navigating sanctions and emerging technologies, we’ll help you enhance your compliance program with confidence. Let’s work together to build a stronger, more future-ready foundation.
