As Head of Global Regulatory Research & Analysis at Vixio, I’m constantly tracking regulatory developments affecting the payments and financial services industry. One that is undergoing structural transformation in Europe is the Know Your Customer (KYC) regime.
Regulatory convergence, increasing expectations around financial crime prevention, and the continued growth of digital-first financial services mean KYC is no longer a narrow compliance requirement. It is now embedded in how firms define risk, build customer journeys, and scale their operations.
The regulatory direction is clear for payments firms and financial institutions (FIs): KYC processes must become sharper, faster, and more resilient while also supporting cross-border compliance. Firms must transition quickly from reactive compliance to proactive, strategic risk management.
The regulatory bar is rising, and regulators are ramping up enforcement, such as fines, licence withdrawals, and public censure, for firms that do not meet the required standards. Vixio in 2024 that regulators are focusing on AML violations – with more than half of enforcement actions in the UK and EU dedicated to that area.
The Anti-Money Laundering Rulebook Is Being Rewritten
Increasing the need for firms to get ahead and avoid enforcement action now, the EU plans to further step up its AML regulation with its upcoming Anti-Money Laundering Regulation (AMLR) and the establishment of the Anti-Money Laundering Authority (AMLA), which are set to reshape the foundations of KYC and due diligence across the European financial system.
These changes are not incremental; they represent a re-engineering of how the EU supervises, enforces, and harmonises KYC obligations across member states.
The EU has traditionally struggled with AML enforcement due to its fragmented regulatory structure, and leaving supervision to national authorities has permitted inconsistencies in implementation.
For example, in its fourth anti-money laundering and counter-terrorism financing (AML/CTF)Â supervisory review, published in December 2024, the EBA acknowledged that while national authorities had made progress in implementing risk-based supervision, enforcement remained inconsistent. Risk assessments varied widely across institutions, and cooperation among supervisory colleges, particularly with tax and enforcement agencies, was limited. This highlighted the persistent fragmentation in AML supervision and reinforced the case for more centralised oversight across the EU.
Under the AMLR, KYC rules will be directly applicable across the EU for the first time, reducing national discretion.
AMLA will act as a supervisory anchor, overseeing the riskiest cross-border firms and ensuring consistent rule application. Its goal is to become the centre of an integrated system of national AML/CTF supervisory authorities, ensuring their mutual support and cooperation.
For firms that have grown accustomed to navigating fragmentation and uneven enforcement, this creates both opportunity and challenge.
AMLA will not replace national supervisors and financial intelligence units (FIUs), but will instead seek to boost cooperation, exchange information, and identify best practices among existing organisations.
For payments firms and FIs in the EU, this may lead to increased regulatory scrutiny. Supervision will likely become more data-driven and firms with inconsistent or outdated KYC systems may struggle to meet expectations under the new risk-based regime.
Organisations should assess their onboarding processes, transaction monitoring, beneficial ownership screening, and customer risk profiling to ensure they are not risking enforcement action.
Payments Firms and PSPs: A Wider Net of Obligated Entities
Payments firms in particular should take note of the widened scope of AML obligations. The AMLR introduces new categories of obligated entities, including crowdfunding platforms and certain crypto-asset service providers.
As a result, many smaller or technology-first firms may find themselves subject to heightened due diligence requirements for the first time.
Additionally, supervisory attention is increasingly focusing on the full lifecycle of a customer relationship. This extends beyond onboarding to the quality of ongoing monitoring, the frequency and depth of reviews, and the escalation pathways when anomalies are detected, meaning risk is no longer assessed at a single point in time.
Firms will also be expected to demonstrate strong internal governance around KYC processes. This includes clearly defined ownership, effective training programmes, and the ability to show that systems are responsive to regulatory change.
Given how frequently regulatory obligations change across European markets, structured access to up-to-date obligations through capabilities like horizon scanning will be essential.
Harmonisation Does Not Equal Simplicity
Although the AMLR and the introduction of AMLA aim to achieve harmonisation, the transitional period will not be simple.
Firms operating in multiple jurisdictions will need to navigate the overlap between legacy national regimes and incoming EU-level requirements. Some member states may move faster than others, and national regulators may continue introducing additional expectations through supervisory guidance or consultation papers.
Understanding this evolving patchwork requires more than legal awareness. It will involve continuous monitoring of regulatory updates, political developments, and supervisory interpretation.
Vixio’s own horizon scanning data has a marked increase in member state consultations related to AML supervision, beneficial ownership rules, and digital identity verification across the EU-27.
The European regulatory landscape changes frequently, which makes structured regulatory intelligence essential for compliance and legal teams operating in this space.
KYC as an Enabler of Growth
Beyond compliance, firms should consider KYC as more than a safeguard; it can be an enabler of growth. Strong and scalable KYC frameworks support faster onboarding, improved fraud controls, and more confident market expansion.
Increased regulatory clarity can also provide a competitive advantage.
Firms that invest in technology-enabled KYC infrastructure, supported by timely regulatory monitoring and strong internal ownership, will find it easier to demonstrate compliance readiness to partners, auditors, and regulators.
For payments firms and FIs, KYC is becoming an operational differentiator, especially in an environment where trust, resilience, and speed are critical to success.
Action Points for Compliance Leaders
- Assess your KYC lifecycle beyond onboarding. Ensure your firm has clear escalation and review processes for ongoing monitoring.
- Map where your business falls under the scope of the AMLR. This may include activities that were previously out of scope.
- Track EU and national-level regulatory developments weekly. Use horizon scanning tools to monitor consultations, implementation timelines, and national deviations.
- Review customer risk scoring models. Ensure these models are dynamic, well calibrated, and aligned with your firm’s evolving risk appetite.
- Prepare internal governance for AMLA’s supervisory model. Clearly allocate responsibilities, document procedures, and ensure internal controls are prepared for scrutiny.