Enforcement actions in Europe nearly doubled in H1 2025. Expert John Gidla breaks down the cultural gaps, the shift to costly operational orders, and the urgent compliance audit required for PSPs ahead of AMLA and PSD3/PSR.
The regulatory environment delivered a stark ultimatum in the first half of 2025: compliance failure is endemic, and the operational costs are escalating. Europe emerged as the undisputed epicenter of enforcement, with activity nearly doubling year-on-year. For corporate treasurers, financial crime risk is now a front-and-center strategic concern.
Drawing on expert analysis, including insights from John Gidla, Head of Global Regulatory Research & Analysis, we detail the H1 2025 enforcement shockwave, the crucial compliance gaps, the decisive shift from financial fines, and the urgent need to audit third-party payment providers.
Europe recorded a staggering 123 enforcement actions in H1 2025, almost double the 67 cases in H1 2024. This leap is a reflection of the market’s scale but primarily signals that firms have yet to embed a genuine “compliance-first” culture. Our methodology defined an enforcement action as any public regulatory intervention imposing a penalty, restriction, remedial measure, or license action, excluding informal warnings. While numerous sectors were scrutinized, banks remain overrepresented due to their systemic importance.
Institutions worldwide are falling short on foundational AML obligations. As John Gidla noted on the findings: “regulators around the world identified failures in key areas such as customer due diligence, transaction monitoring, suspicious activity reporting and politically exposed person (PEP) screening, and imposed penalties accordingly”.
Organizations that avoid sanctions share three design patterns, proving compliance can be a competitive advantage:
Automated, Risk-Based Monitoring.
Stringent Governance and a verifiable Audit Trail.
Proactive Regulator Engagement.
The fine is losing its dominance. While financial penalties accounted for 65% of cases in H1 2025, this is down 15% year-on-year, indicating that fines are becoming a “last resort”. Regulators are moving toward a more interventionist and preventative approach, using license revocations and remedial orders.
Operational Burden: These remedial orders and license conditions present the highest operational burden. They compel fundamental process redesign, governance changes, and resource allocation, as demonstrated by cases like the UK’s fine against Barclays for failing a “simple check” on a client, and Lithuania’s penalty on Paysera for inadequate due diligence on an acquisition.
The new regulatory framework will mandate significant operational shifts. The Anti-Money Laundering Authority (AMLA) will raise standards, initially focusing on crypto firms and their supervisors. The PSD3/PSR package will require firms to anticipate more uniform AML standards, tighter onboarding requirements for high-risk clients, and increased monitoring for instant payment channels and sanctions screening.
Are PSPs a greater conduit of treasury risk? PSPs are undeniably significant conduits of financial risk, particularly in AML and sanctions. The $80m multi-state settlement against Block underscores the severe, cross-jurisdictional scrutiny these providers face, forcing the reassessment of contractual risk.
Treasurers must rigorously audit providers on key areas:
Governance: Scrutinizing the model governance frameworks (requesting validation frequency) and clarity on client fund safeguarding.
AML Operations: Focusing on metrics like the average time to clear alerts and file SARs (late SARs are a critical red flag), and confirming real-time sanctions and PEP screening.
Operational Resilience: Mapping critical outsourcing dependencies to understand fourth-party exposure and demanding assurance reports (e.g., SOC2).
With compliance teams perpetually overwhelmed, cuts are dangerous in key areas like CDD/KYC reviews and transaction oversight.
The ROI case for the CFO lies in strategic automation. Investment in automation for routine monitoring and data aggregation manages cost and frees valuable staff to focus on judgment-intensive tasks. Treating compliance as a driver of strategic growth, not just a cost center is the only way to get ahead.