Financial crime compliance continues to be one of the most pressing challenges for regulated firms, with supervisory scrutiny showing no signs of easing. To provide industry practitioners with the latest analysis, fscom has released its Fincrime Compliance Report 2025, offering a detailed review of recurring weaknesses, progress made since last year, and the areas of heightened regulatory focus.
Key findings from the report
Between July 2024 and June 2025, fscom conducted 73 AML/CTF compliance audits across a diverse range of firms, including e-money institutions (EMIs), authorised payment institutions (APIs), virtual asset service providers (VASPs), money transmission businesses (MTBs), virtual currency exchanges (VCEs), and bureau de changes (BDCs).
The audits revealed that while firms are improving in some areas, persistent
weaknesses remain in others:
- 311 findings were recorded across 14 core review areas, with 74 rated as high impact.
- Compliance monitoring emerged- as the single largest source of findings, accounting for 14.5% of all issues – a rise on last year’s report.
- Whole firm risk assessments and PEPs, sanctions and adverse media screening continue to show recurring deficiencies, reflecting challenges around methodology, calibration, and resourcing.
- Encouraging progress was observed in AML training and MLRO reporting, signalling stronger governance and cultural embedding.
Overall the average number of findings per firm fell from 4.8 in 2024 to 4.26 in 2025, and high impact findings dropped which are clear signs of progress. However the concentration of weaknesses in operational oversight and screening controls suggests that regulators’ attention will remain firmly fixed on these areas.
Why this matters
The report highlights a famillar theme: many firms still treat compliance monitoring and risk assessments as static compliance obligations rather than live, strategic tools. This lack of integration leaves businesses vulnerable to supervisory criticism and, more importantly, exposes them to real-world financial crime risks.
For example, nearly one in five firms failed to include a proliferation financing (PF) risk assessment, despite this being a legal requirement since 2022. Meanwhile, weaknesses in sanctions screening systems, such as alert backlogs and calibration failures, pose serious risks at a time of heightened geopolitical volatility.
“The message is clear: firms that embed compliance into governance and decision-making processes are best placed to withstand regulatory scrutiny and to protect themselves against financial crime”
Insights from our webinar
To help firms digest these findings and take practical action, fscom hosted a webinar in which our financial crime and audit specialists, Evan McGookin and Nicola Hanratty, unpacked the report’s findings, explored supervisory focus areas for 2025, and shared practical recommendations for strengthening compliance frameworks.
If you missed the live session, you can download the recording from the fscom website and gain access to expert analysis and real-world examples on how to embed effective AML/CTF controls.
Download the webinar recording here.
Download the report
The Fincrime Compliance Report 2025 is available now and is essential reading for compliance professionals, MLROs, and senior managers looking to benchmark their frameworks against industry trends. Download the guide here.
About fscom
fscom Compliance Maturity SpecialistsTM provide regulatory compliance solutions to financial services firms across the UK and Europe. With expertise in payments, asset management, capital markets, banking, and crypto, fscom helps firms benchmark compliance against regulatory requirements and industry peers, giving them a clear understanding of where they stand and how to reach their goals. Our mission is simple: to help firms raise compliance standards so together, we can protect people, prevent financial crime and create a safer society.
This post contains a general summary of advice and is not a complete or definitive statement of the law. Specific advice should be obtained where appropriate.
