Regulatory Roundup - May 2025: AML Deadlines, Crypto Enforcement Shifts, Sanctions Guidance, and AI Oversight
- Steve Marshall
- May 16
- 4 min read
The last month or so brought a wave of important regulatory updates across financial crime compliance, digital assets, sanctions enforcement, and artificial intelligence. With just a few months left until FinCEN’s AML rule takes effect for investment advisers, and new advisories on terrorist and fentanyl-related financing, financial institutions face growing pressure to strengthen their risk-based frameworks. Meanwhile, US and UK regulators are refining their approaches to crypto oversight, AI model testing, and sanctions evasion—each carrying compliance implications for banks, FinTechs, and traditional firms alike. Here’s what you need to know.
ANTI-MONEY LAUNDERING
Less than 250 days left: FinCEN’s Investment Adviser Rule puts AML obligations front and center
Starting January 1, 2026, investment advisers will officially fall under FinCEN’s definition of a “financial institution” and must comply with AML and countering the financing of terrorism (CFT) program requirements. That means developing and implementing a written AML/CFT program with the following core elements:
Internal policies, procedures, and controls
Independent testing of the program
Designation of a compliance officer
Ongoing training for personnel
Risk-based customer due diligence procedures
However, final rules around customer identification and verification (CIP) have not yet been issued—making it critical for advisers to start building flexible, risk-based frameworks now. The countdown is on.
FinCEN issues advisory on financing of ISIS
In a new advisory, FinCEN outlines red flags linked to the financing of ISIS, urging financial institutions to strengthen customer due diligence (CDD). Indicators include sudden liquidations followed by travel purchases to ISIS-affiliated regions, peer-to-peer fund collections consolidated into large transfers, unexplained remittances, and virtual currency movements across geolocations. The advisory underscores the need for vigilance around suspicious behavior.
FinCEN warns of sophisticated fentanyl financing networks
FinCEN’s latest analysis reveals how cartels and chemical brokers exploit front companies, money mules, and US-based intermediaries to move fentanyl precursor chemicals from suppliers into China. These suppliers accept diverse payment methods and advertise openly online, including on e-commerce platforms. FinCEN urges financial institutions to update risk assessments and customer profiles to account for these red flags and evolving threat patterns.
Block fined $40M by NYDFS for major AML failures
The New York State Department of Financial Services (NYDFS) has fined Block, the parent company of Cash App, $40 million for “significant failures” in its Bank Secrecy Act/Anti-Money Laundering (BSA/AML) program due to rapid growth outpacing its infrastructure. The enforcement action cites inadequate CDD, poor transaction monitoring, and a failure to implement risk-based controls—particularly around Bitcoin transactions, which were allowed to proceed anonymously.
Financial institutions face heightened risk for terrorism-linked transactions
Amid a shifting political landscape, the focus on CFT remains high—and so does the risk for financial institutions. Firms may face civil or criminal liability for knowingly or unknowingly assisting customers involved in terrorist activities. Violations could range from failure to report suspicious funds and negligent AML lapses to more serious offenses like material support to terrorists, IEEPA violations, and structuring. Consequences can be severe, including forfeiture actions, steep penalties, and even loss of a bank charter.
DOJ narrows digital asset enforcement scope, shifts focus to illicit actors
A new US Department of Justice (DOJ) memo signals a shift in digital asset enforcement, deprioritizing prosecutions for process-related missteps—such as licensing or registration oversights—and instead, focusing on pursuing illicit actors directly. This change reduces criminal exposure for compliant crypto firms but leaves open questions for banks and platforms that may unknowingly serve bad actors. The move aligns with broader policy trends favoring risk-based enforcement, but financial institutions should stay alert as priorities evolve.
SANCTIONS
OFAC tightens Iranian oil sanctions evasion guidance for maritime sector
On April 16, 2025, The US Office of Foreign Action Control (OFAC) reissued and expanded its advisory for shipping and maritime stakeholders, strengthening guidance on detecting and mitigating Iranian oil sanctions evasion. The update adds new red flags and emphasizes risk mitigation strategies such as verifying vessel insurance, flag registration, and implementing “Know Your Vessel” (KYV) protocols. OFAC also urges contractual safeguards and denial of services to sanctioned vessels, reinforcing the sector’s frontline role in global sanctions compliance.
ARTIFICIAL INTELLIGENCE
UK’s FCA to launch live AI testing service for regulated firms
The UK Financial Conduct Authority (FCA) is rolling out a new live AI testing service to help firms validate consumer- or market-facing AI tools before deployment. The initiative offers a collaborative environment where companies can test AI models with direct regulatory support—aimed at encouraging innovation while ensuring responsible and compliant adoption of artificial intelligence in financial services.
NIST updates Privacy Framework to align with cybersecurity and AI guidance
The US National Institute of Standards and Technology (NIST) has released an updated version of its Privacy Framework, now more closely aligned with its cybersecurity guidelines. Key changes include targeted revisions to the core “govern” and “protect” functions, along with a new section focused on managing privacy risks related to artificial intelligence. The update reflects the growing intersection of privacy, cybersecurity, and emerging technologies.
Navigate regulatory change with expert precision
Compliance demands are always evolving—but you don’t have to face them alone. Our Advisory Services team offers strategic support to help you address challenges like model risk, data governance, sanctions compliance, and more. Whether you're refining policies or fine-tuning AI models, we’ll help you build a resilient, future-ready compliance program. Ready to move forward with confidence? Let’s connect.
