Recent proposals and commentary from the Financial Crimes Enforcement Network (FinCEN) have highlighted several areas where firms are continuing to fall short of existing AML/CFT expectations.

While many of the proposed regulatory changes are not expected to take effect until next year, the findings provide a useful indication of where regulators are already seeing weaknesses across firms.

We spoke with Margita Layne, Consultancy Manager at Neopay, about the common failings highlighted by FinCEN, the operational challenges firms face, and the practical steps firms can take now to strengthen their AML/CFT frameworks. Drawing on her experience supporting payment firms, fintechs, and other regulated businesses with compliance, financial crime, and regulatory matters, Margita shares her insights on why these weaknesses continue to arise and how firms can address them.

What stood out to you most from FinCEN’s recent findings?

What stood out most was that many of the issues identified are not new or particularly technical. A lot of the weaknesses relate to fundamentals such as risk assessments, monitoring, governance, and ensuring policies are actually being followed consistently in practice.

FinCEN also highlighted the increasing use of data and AI tools to identify failings, which suggests firms are likely to face greater scrutiny around the quality and effectiveness of their frameworks moving forward.

Why do risk assessments continue to be such a common weakness for firms?

Risk assessments are the foundation of an AML/CFT framework, so weaknesses there can affect almost every other area of compliance.

FinCEN highlighted issues where firms were not adequately identifying higher money laundering or terrorist financing risks, meaning those risks were not properly addressed within their AML/CFT programmes.

There were also concerns around firms relying on insufficient or inaccurate data within their assessments, which can significantly reduce the effectiveness of the overall framework.

How can weaknesses in risk assessments impact the wider AML framework?

If a firm does not properly identify its higher-risk areas, it becomes much more difficult to apply appropriate controls, monitoring, and oversight.

That can create knock-on effects throughout the AML/CFT programme, including gaps in transaction monitoring, ineffective controls, or insufficient escalation procedures.

In practice, weaknesses in risk assessments can affect how firms allocate resources, identify suspicious activity, and respond to emerging risks.

What issues are regulators seeing with monitoring systems and transaction oversight?

FinCEN highlighted concerns around monitoring systems failing to capture significant volumes or types of transactions, which is obviously a major issue from a financial crime perspective.

They also referenced situations where warning signs and red flags were either missed or not acted upon appropriately.

Monitoring frameworks need to be aligned with the firm’s risk profile and reviewed regularly to ensure they remain effective as products, services, and customer activity evolve.

FinCEN also identified operational weaknesses. What does this look like in practice?

A lot of operational weaknesses come down to implementation rather than documentation.

For example, firms may have policies and procedures in place, but they are not always followed consistently across the business. FinCEN also referenced lack of resources, insufficient or overly generic training, and situations where employees do not have a clear process for escalating concerns.

These issues can become more significant as firms grow or scale quickly, particularly where compliance processes have not evolved alongside the business.

How is increased use of data and AI changing regulatory expectations?

Regulators are increasingly using data-driven approaches and enhanced analytics to identify inconsistencies, gaps, and potential failings more quickly.

As a result, firms should expect greater scrutiny not only of whether controls exist, but whether they are operating effectively in practice and producing appropriate outcomes.

This places additional importance on data quality, governance, monitoring, and evidence of effective implementation.

What practical steps should firms take now?

Firms should take the opportunity to review their frameworks before the proposed changes come into effect.

That includes:

  • Reviewing risk assessments and ensuring higher ML/TF risks are properly identified
  • Assessing the quality of data and monitoring processes
  • Undertaking sample file testing and employee interviews to understand how controls operate in practice
  • Reviewing training to ensure it is tailored to the business and specific employee roles
  • Identifying operational bottlenecks or situations where resource constraints may lead to inconsistent application of controls

The key point is that firms should not only focus on whether policies exist, but whether frameworks are genuinely working effectively in practice.

How Neopay Global Can Help

At Neopay Global, we support firms with:

  • AML/CFT framework reviews
  • Independent compliance assessments
  • Risk assessment reviews
  • Monitoring and operational effectiveness testing
  • Audit preparation and remediation support
  • Financial crime and AML/CFT training tailored to specific business activities and employee roles
  • Ongoing compliance advisory services

As regulatory expectations continue to evolve, firms should ensure their frameworks are operationally effective, appropriately documented, and capable of standing up to increased regulatory scrutiny.

To discuss how Neopay Global can support your compliance framework and operational readiness, please contact our team.

About Margita

Margita Layne brings over a decade of experience in compliance within financial services to her role at Neopay. Previously serving as Head of Compliance and MLRO at an industry-leading e-money firm, as well as holding various compliance and managerial positions at CFD/FX brokerage institutions and asset management companies. Margita’s extensive experience and Master’s Degree in Finance, Banking and Investments enable her to provide exceptional advice and assistance to clients in meeting their regulatory and compliance needs.