Blog Main Image

Merchant onboarding regulatory updates for June 2026 show a clear shift toward risk-based, intelligence-led onboarding that extends well beyond the initial customer verification. Across major markets, regulators are reinforcing that onboarding is no longer a one-time event. Firms are expected to collect the right information from the start, assess customer risk in context, and continue monitoring customers throughout the relationship.

June's updates also highlight growing expectations around ongoing customer due diligence, sanctions screening, beneficial ownership, customer identification, and technology-enabled compliance. Manual reviews and static onboarding processes are becoming harder to defend as regulators increasingly expect firms to demonstrate that onboarding decisions are consistent, risk-based, and supported by clear governance.

In this update (for merchant onboarding and compliance teams):

What changed: New AML requirements, sanctions actions, customer identification proposals, ongoing monitoring guidance, and AI-driven compliance expectations across the UK, U.S., EU, Australia, Hong Kong, and globally.

Why it matters: Regulators increasingly expect firms to show not only that customers have been verified, but that onboarding decisions are supported by structured customer data, risk-based assessments, and ongoing monitoring.

Regulatory signals: Merchant onboarding is becoming the foundation for the entire customer lifecycle. Firms that rely on fragmented systems, manual reviews, or one-time verification may find it harder to meet rising supervisory expectations.

What to do next:

  • Review whether onboarding captures the information needed for ongoing monitoring.
  • Strengthen sanctions, jurisdiction, and beneficial ownership screening.
  • Apply risk-based onboarding that adapts to customer type and risk.
  • Reduce reliance on manual reviews where technology can improve consistency and governance.

🌍 Global

FATF High-Risk and Increased Monitoring Jurisdictions Update 

Effective date: June 2026 (immediate; member countries implement per their own schedules)

Issued by: Financial Action Task Force (FATF)

Applies to: Financial institutions, PSPs, PayFacs, VASPs, and regulated firms applying jurisdiction risk, sanctions, AML/CFT, or counterparty due diligence controls. 

Summary: 

  • What: FATF updated its lists of high-risk jurisdictions subject to a call for action and jurisdictions under increased monitoring following the June 2026 Plenary.
  • Why: These lists identify jurisdictions with strategic AML/CFT/CPF deficiencies and help firms assess jurisdiction risk, enhanced due diligence requirements, and exposure to higher-risk counterparties.
  • What’s Next: FATF will continue prioritizing fraud, risk-based supervision, information sharing, payment transparency, virtual assets, and DeFi under the incoming UK Presidency.

Key changes:

  • Bosnia and Herzegovina and Iraq were added to FATF’s list of jurisdictions under increased monitoring. 
  • Algeria and Namibia were removed from FATF increased monitoring after addressing identified deficiencies and will continue improving their AML/CFT/CPF systems. 
  • DPRK and Iran remain subject to FATF calls for countermeasures due to ongoing strategic AML/CFT/CPF deficiencies. 
  • Myanmar remains subject to FATF's call for enhanced due diligence measures proportionate to the risks arising from the jurisdiction. 
  • FATF stated it may consider countermeasures for Myanmar if further progress is not made by October 2026. 

What this means for merchant onboarding teams:

FATF’s latest jurisdiction updates should be reflected promptly in your onboarding risk ratings, enhanced due diligence triggers, and escalation workflows. Merchants, beneficial owners, counterparties, and payment flows connected to newly monitored or high-risk jurisdictions require the right level of screening, risk assessment, and escalation from the very start of the onboarding journey.

Failure to account for these changes can leave providers exposed to higher-risk relationships, regulatory scrutiny, financial penalties, and reputational damage. As jurisdiction risks continue to evolve, onboarding teams need confidence that risk classifications, due diligence requirements, and approval decisions remain accurate, consistent, and fully auditable across every application.

Recommended actions:

  • Update jurisdiction risk ratings to reflect FATF’s June 2026 list changes.
  • Apply enhanced customer due diligence for merchants, beneficial owners, counterparties, or payment flows linked to DPRK, Iran, or Myanmar.
  • Review exposure to Bosnia and Herzegovina and Iraq following their addition to increased monitoring.
  • Maintain increased-monitoring for Algeria and Namibia where appropriate.
  • Maintain clear audit records showing how FATF jurisdiction risk was assessed, escalated, and approved during onboarding.

How OnBoard helps: 

OnBoard helps firms stay aligned with FATF jurisdiction updates by embedding country risk checks directly into the onboarding process. 

  • Smart Forms can adapt to different jurisdictions, capturing the right information based on country risk and routing merchants through the correct workflows where enhanced due diligence is applied.
  • Integrated KYB, KYC, AML, PEP, and sanctions screening automatically validates merchants and beneficial owners against trusted global data sources.
  • Risk-based workflows automatically route higher-risk applications for enhanced review, helping teams apply the right level of due diligence consistently, regardless of jurisdiction.
  • AI-powered document intelligence reads onboarding documents in real time, extracts and validates key information, and automatically triggers the appropriate workflow actions based on jurisdiction and risk rules. 
  • Audit-ready reporting provides a clear record of risk assessments, screening results, and approval decisions for regulatory review.

Source: FATF Plenary Outcomes

🇬🇧 United Kingdom

The Money Laundering and Terrorist Financing (Amendment) Regulations 2026

Effective date: 30 June 2026 (most provisions); crypto-specific rules (Regulation 34A) effective 1 February 2027

Issued by: HM Treasury

Applies To: Financial institutions, PSPs, banks, cryptoasset exchange providers, custodian wallet providers, merchant acquirers, and regulated firms subject to the UK's AML/CTF framework. 

Summary:

  • What: HM Treasury has introduced targeted amendments to the UK's AML/CTF regime to improve effectiveness, proportionality, and clarity across customer due diligence (CDD), enhanced due diligence (EDD), crypto-asset businesses, pooled client accounts, and information sharing.
  • Why: The changes respond to findings from HM Treasury's review of the Money Laundering Regulations and are designed to close regulatory gaps, support a more risk-based approach to due diligence, strengthen controls for higher-risk activities, and maintain alignment with FATF standards.
  • What's Next: Most provisions take effect from 30 June 2026. New enhanced due diligence requirements for correspondent relationships involving crypto-asset exchange providers and custodian wallet providers will come into force on 1 February 2027

Key changes:

  • CDD Thresholds Redenominated: EUR thresholds converted to GBP (e.g. €1,000 to £800; €15,000 to £12,000), taking effect immediately.
  • Enhanced Due Diligence: Strengthened EDD requirements for complex or large transactions, high-risk jurisdictions and pooled client accounts, directly relevant to merchant acquirers.
  • Regulation 34A Crypto CDD: New obligation requiring crypto-asset exchange providers, custodial wallet providers and payment intermediaries to apply enhanced CDD.
  • FCA Alignment: AML supervision of crypto firms is brought into line with the FCA's forthcoming crypto regulatory regime (effective February 2027), including a tightened change-of-control regime.

What this means for merchant onboarding teams: 

These changes increase the need for onboarding processes that can adapt to different customer types, risk levels, and ownership structures. Firms onboarding crypto businesses, pooled client accounts, or customers connected to higher-risk jurisdictions may need to collect additional information, apply enhanced due diligence, and maintain stronger evidence of their onboarding decisions.

As AML requirements become more risk-based, relying on static onboarding processes or manual reviews can make it harder to apply the right controls consistently. Failure to identify higher-risk customers, ownership structures, or transaction risks could lead to regulatory scrutiny, remediation costs, and reputational damage.

Recommended actions:

  • Update Thresholds: Revise onboarding and transaction monitoring systems to reflect the new GBP CDD thresholds.
  • Review enhanced due diligence triggers to ensure they align with FATF Call for Action countries and unusually large or unusually complex transactions. 
  • Review Pooled Accounts: Ensure onboarding procedures collect sufficient information on the beneficial owners of pooled client accounts.
  • Train Teams: Update AML training to cover the new thresholds, EDD triggers and crypto-specific obligations.
  • Maintain clear audit trails showing how customer risk assessments, due diligence measures, and approval decisions were applied during onboarding. 

How OnBoard helps: 

OnBoard helps firms apply the new AML requirements consistently across different customer types and risk levels. 

  • Smart Forms adjust the information collected based on customer risk, business type, jurisdiction, and onboarding scenario, helping teams capture the right information for crypto businesses, pooled client accounts, and higher-risk customers.
  • Integrated KYB, KYC, and AML screening automatically verifies merchants, beneficial owners, and related parties against trusted global data sources, helping firms strengthen due diligence and ownership checks.
  • AI-Assisted verification reads onboarding documents in real time, extracts and validates key information, and automatically triggers the appropriate verification and risk checks. This helps teams reduce manual reviews, capture the information needed to understand customer risk and ownership structures, and build a more complete and trusted view of each customer before onboarding.
  • Risk-based workflows automatically trigger additional reviews and approvals for higher-risk applications, helping teams apply enhanced due diligence consistently and maintain clear records of onboarding decisions.

Source: HM Treasury

🇺🇸 United States 

Payment Stablecoin Issuers (GENIUS Act) 

Proposal date: 18 June 2026

Issued by: Financial Crimes Enforcement Network (FinCEN), Office of the Comptroller of the Currency (OCC), Federal Reserve Board, Federal Deposit Insurance Corporation (FDIC), and National Credit Union Administration (NCUA)

Applies to: Permitted Payment Stablecoin Issuers (PPSIs), stablecoin providers, crypto payment firms, and payment providers onboarding or partnering with stablecoin issuers.

Summary: 

  • What: U.S. regulators have proposed new Customer Identification Program (CIP) requirements that would require Permitted Payment Stablecoin Issuers (PPSIs) to establish written, risk-based procedures for identifying and verifying customers.
  • Why: The proposal implements the GENIUS Act requirement for PPSIs to maintain an effective CIP as part of their AML/CFT program.
  • What's Next: Public comments are open for 60 days following publication in the Federal Register, after which regulators will consider feedback before finalizing the rule.

Key changes proposed: 

  • Permitted Payment Stablecoin Issuers (PPSIs) would be required to establish and maintain a written, risk-based Customer Identification Program (CIP).
  • Before opening an account, PPSIs would be required to collect a customer's name, address, identification number, and date of birth or date of formation.
  • PPSIs would be required to verify customer identities using both documentary and non-documentary verification methods.
  • For certain business customers, PPSIs may need to collect information about individuals with authority or control over an account as part of the identity verification process.
  • PPSIs would be required to maintain records of customer information collected through the CIP process.
  • PPSIs would be required to screen customers against government-issued lists of known or suspected terrorists and terrorist organizations.
  • CIP programs would need procedures for handling customers whose identities cannot be verified, including account closure and potential Suspicious Activity Reports (SARs).

What this means for payment providers:

For payment providers onboarding stablecoin issuers and digital asset businesses, this proposal signals a clear move toward more risk-based onboarding. Firms will need processes that can collect, verify, and retain customer information based on risk, rather than relying on the same checks for every customer.

As customer identification requirements become more formalized, manual identity reviews and fragmented verification processes may no longer be enough. Firms will need a consistent way to verify customer identities, understand who controls an account, and maintain accurate records throughout the onboarding journey. Failure to do so could increase compliance risk and make it harder to demonstrate that customers have been properly identified and verified.

Recommended actions:

  • Review onboarding workflows for stablecoin issuers and digital asset businesses to ensure customer information is collected and verified based on risk.
  • Assess whether existing identity verification processes can scale without relying heavily on manual reviews.
  • Strengthen onboarding controls for higher-risk customers, including clear escalation paths when customer identities cannot be verified.
  • Review recordkeeping processes to ensure customer identification information can be retained and retrieved when required.
  • Monitor the final rulemaking process and prepare for potential changes to customer onboarding and verification requirements.

How OnBoard helps:

OnBoard helps firms move from manual identity checks to a more scalable, risk-based approach to collecting, verifying, and maintaining customer information under the proposed Customer Identification Program (CIP) requirements.

  • Smart Forms dynamically collect the information required for customer identification, ensuring the right data is captured based on customer type and risk profiles at the point of onboarding..
  • Automated KYC Workflows help teams apply consistent identity verification processes, reducing reliance on manual reviews and supporting a more risk-based approach to onboarding.
  • OnBoard AIQ™ reads onboarding documents in real time, extracts key information, and validates customer details automatically. This helps teams verify identities faster while building a more complete and trusted view of each customer.
  • Automated Decision Engine uses predefined rules to trigger the appropriate verification, review, and approval steps based on customer risk, ensuring that only higher-risk cases are routed to teams for further investigation while lower-risk customers can be onboarded more efficiently.

Source: FinCEN

Treasury Action Against Prince Group TCO and Proposed Expansion of Huione Restrictions

Proposal date: 23 June 2026

Issued by: U.S. Department of the Treasury (OFAC and FinCEN)

Applies to: Payment service providers, banks, fintechs, crypto businesses, and any firm onboarding customers, merchants, or partners with exposure to Southeast Asia, digital assets, or cross-border payments.

Summary:

  • What: The U.S. Treasury sanctioned nine individuals and 26 entities linked to the Prince Group Transnational Criminal Organization (TCO) and proposed expanding restrictions to include H-Pay Service PLC and any successor entities linked to Huione Group.
  • Why: Treasury identified Prince Group and Huione-linked networks as key facilitators of cyber-enabled fraud, scam compounds, money laundering, and digital asset investment scams targeting victims around the world.
  • What's Next: Financial institutions should review sanctions screening and customer due diligence controls immediately, while FinCEN's proposed amendment remains open for public comment for 30 days following publication in the Federal Register.

Key changes proposed:

  • OFAC sanctioned nine individuals and 26 entities linked to the Prince Group TCO, including leadership figures, investors in scam compounds, and front companies.
  • FinCEN proposed amending its October 2025 Huione Group rule to include H-Pay Service PLC and any successor entities.
  • Treasury identified Huione Group as a key channel used to transfer and consolidate scam-related proceeds and launder funds connected to cyber-enabled fraud.
  • The action forms part of a broader U.S. effort to disrupt digital asset investment scams, money laundering networks, and scam compounds operating in Southeast Asia.
  • U.S. persons are prohibited from engaging in transactions involving designated parties, and financial institutions face sanctions risk when dealing with blocked persons or entities.

What this means for payment providers:

For payment providers onboarding merchants, partners, and customers involved in cross-border payments, digital assets, or Southeast Asian markets, sanctions screening and risk assessments need to keep pace with rapidly evolving enforcement actions. Criminal networks are increasingly using complex ownership structures, front companies, and payment channels to move funds, making it harder to identify exposure through manual reviews alone.

Failure to identify sanctioned entities or links to high-risk networks can expose firms to regulatory penalties, financial losses, and reputational damage. Strong onboarding controls are critical to identifying higher-risk relationships before they enter your portfolio.

Recommended actions:

  • Update sanctions screening systems to include newly designated Prince Group-linked individuals and entities.
  • Review onboarding and due diligence processes for customers with exposure to high-risk jurisdictions, digital assets, or complex ownership structures.
  • Strengthen beneficial ownership verification to identify indirect connections to sanctioned parties.
  • Assess whether existing screening and escalation processes can detect emerging sanctions risks without relying on manual reviews.
  • Monitor the outcome of FinCEN's proposed H-Pay amendment and prepare for any resulting compliance obligations.

How OnBoard helps:

OnBoard helps firms identify higher-risk customers, ownership structures, and sanctioned parties earlier in the onboarding process, reducing the risk of prohibited relationships entering the portfolio.

  • PEP and Sanctions Screening checks merchants, beneficial owners, and related parties against 200+ global sanctions lists, PEP databases, watchlists, and adverse media sources in real time, helping teams identify politically exposed persons and sanctioned entities before they become compliance risks. 
  • Automated KYB Workflows help teams verify business ownership structures and identify potential links to sanctioned or high-risk entities through KYB checks.
  • Real-Time Risk Scoring helps prioritize higher-risk applications based on jurisdiction, ownership structures, sanctions exposure, and other risk indicators.
  • Automated Decision Engine applies predefined rules to route higher-risk customers for investigation while allowing lower-risk applications to move forward efficiently.

Source: U.S. Department of the Treasury 

OFAC Expands Sanctions Designations Against Financial Facilitators and Money Service Businesses

Effective date: 22 June 2026

Issued by: Office of Foreign Assets Control (OFAC), U.S. Department of the Treasury

Applies to: Banks, payment service providers, fintechs, crypto businesses, money service businesses, merchant acquirers, and firms onboarding customers involved in cross-border payments.

Summary: 

  • What: OFAC designated three individuals and six entities involved in facilitating cross-border financial transactions through money service businesses and payment channels operating across multiple jurisdictions.
  • Why: Treasury is increasing pressure on financial institutions to identify and prevent sanctioned individuals and organizations from accessing the global financial system through direct or indirect business relationships.
  • What's Next: Financial institutions should review sanctions screening, beneficial ownership verification, and customer due diligence controls to ensure newly designated parties and related entities can be identified quickly.

Key changes:

  • OFAC designated three individuals and six entities operating across Europe, the Middle East, and West Africa.
  • The designations include several money service businesses (MSBs) and financial facilitators that were involved in moving funds across multiple jurisdictions.
  • Financial institutions may face sanctions exposure if they knowingly conduct or facilitate significant transactions involving designated persons or entities.
  • Sanctions restrictions also apply to entities that are 50 percent or more owned, directly or indirectly, by one or more blocked persons.

What this means for payment providers: 

This action reinforces that sanctions compliance is no longer just about screening the customer standing in front of you. Regulators increasingly expect firms to understand who owns, controls, and benefits from a business relationship, particularly when customers operate across multiple jurisdictions or use complex ownership structures.

For onboarding teams, screening the merchant alone may not be enough. Businesses can be connected to sanctioned individuals or entities through ownership, control, or related-party relationships that are not immediately visible. Failure to identify these connections can expose firms to regulatory penalties, enforcement action, and reputational damage.

Recommended actions

  • Update sanctions screening systems immediately to include the newly designated individuals and entities.
  • Review beneficial ownership verification processes to identify indirect links to sanctioned parties.
  • Assess whether onboarding controls can identify ownership and control relationships that create sanctions exposure.
  • Strengthen due diligence procedures for money service businesses, digital asset businesses, and customers involved in cross-border payments.
  • Review escalation procedures for sanctions matches and higher-risk customer relationships.

How OnBoard helps:

OnBoard helps firms identify sanctions exposure across customers, beneficial owners, and partner ecosystems before risk enters the business.

  • Integrated KYB, KYC, and AML Screening automatically screens businesses, beneficial owners, authorized representatives, and related parties against 200+ global sanctions lists, PEP databases, watchlists, and adverse media sources in real time, helping teams identify sanctioned individuals and organizations before onboarding.
  • White-Label partner onboarding enables payment providers to apply consistent onboarding, screening, and compliance controls across partner ecosystems, helping maintain visibility and oversight even when customers are onboarded through third parties or referral networks.
  • Real-Time Risk Scoring helps identify higher-risk customers based on sanctions exposure, jurisdiction, ownership complexity, and other risk indicators, allowing teams to focus enhanced due diligence efforts where they are needed most.
  • Ongoing customer due diligence continuously monitors customers, beneficial owners, and related parties for changes in sanctions status, PEP exposure, adverse media, and other risk indicators, helping firms identify emerging risks after onboarding and take action when needed.

Source: U.S. Department of the Treasury

🇪🇺 European Union

Initiative name: AMLA Draft Guidelines on Ongoing Customer Monitoring

Effective date: Published for consultation 3 June 2026; final guidelines expected later in 2026

Issued by: European Anti-Money Laundering Authority (AMLA)

Applies to: Financial institutions, payment service providers, fintechs, crypto-asset service providers, crowdfunding platforms, and other obligated entities subject to ongoing customer due diligence and monitoring requirements under the EU AML framework.

Summary: 

  • What: AMLA published draft guidelines explaining how obligated entities should perform ongoing monitoring of business relationships, including customer reviews, transaction monitoring, and activity monitoring.
  • Why: AMLA aims to create a more consistent, effective, and risk-based approach to ongoing monitoring across the EU under the new AML Single Rulebook.
  • What's Next: The consultation remains open until 3 September 2026, with final guidelines expected in Q4 2026.

Key changes:

  • Risk-Based Ongoing Monitoring: Obligated entities must periodically refresh customer data and risk assessments (not just at onboarding) with frequency proportionate to risk profile.
  • Transaction Monitoring: Transactions must be screened against up-to-date customer risk profiles; anomalies should trigger mandatory review.
  • Expanded Scope: Guidelines explicitly cover newer sectors including crypto-asset service providers, crowdfunding platforms and digital payment firms.
  • High-Risk Focus: Particular scrutiny required for high-risk relationships; enhanced documentation and more frequent reviews expected.

What this means for payment providers: 

For payment providers, onboarding is no longer the finish line for customer due diligence. It is the starting point. Firms should collect complete, accurate, and structured customer information from the very beginning, ensuring it can be used consistently across onboarding, ongoing reviews, transaction monitoring, and future risk assessments.

This requires a unified and centralized approach to customer data. Instead of fragmented systems or one-time verification processes, firms need a single, reliable source of truth that captures customer information, business activities, ownership structures, and risk profiles. As these elements change over time, having centralized data makes it easier to detect updates, maintain an accurate understanding of the customer, and identify unusual activity before it becomes a compliance issue.

Recommended actions:

  • Design for Lifecycle Compliance: Ensure onboarding workflows capture the data needed for ongoing monitoring, not just initial verification.
  • Automate Re-KYC Triggers: Implement risk-based refresh cycles, with higher-risk merchants reviewed more frequently.
  • Assess whether transaction monitoring controls are aligned with customer risk profiles and expected business activity
  • Review escalation procedures for unusual or suspicious activity identified during ongoing monitoring. 
  • Engage with Consultation: Submit feedback to AMLA before the September 2026 deadline to help shape the final guidelines.

How OnBoard helps: 

OnBoard helps firms carry structured customer data, risk assessments, and due diligence controls from onboarding into ongoing monitoring, helping maintain a consistent and trusted customer profile over time. 

  • Smart Forms dynamically adapt in real time based on customer inputs and risk indicators, helping firms collect the right information from the start to support customer due diligence, risk scoring, and ongoing monitoring. 
  • Automated KYB, KYC, and AML screening helps create a trusted customer profile from the start by validating businesses, beneficial owners, and risk indicators against trusted global data sources. 
  • OnBoard AIQ™ reads and validates onboarding documents in real time, creating a clear audit trail and trusted customer profile that supports ongoing monitoring throughout the customer relationship. 
  • Ongoing customer due diligence (OCDD) continuously monitors customer information, ownership structures, sanctions exposure, PEP status, and other risk indicators, helping firms identify material changes after onboarding. 

Source: European Anti-Money Laundering Authority 

🇦🇺 Australia

AUSTRAC Terrorism Financing Risk Assessment for Australia's Non-Profit Organization Sector Assessment

Effective date: May 2026

Issued by: Australian Transaction Reports and Analysis Centre (AUSTRAC)

Applies to: Banks, payment service providers (PSPs), fintechs, merchant acquirers, payment facilitators, remittance providers, and firms onboarding or servicing non-profit organizations (NPOs).

Summary: 

  • What: AUSTRAC published an updated assessment of terrorism financing risks linked to Australia's non-profit organization (NPO) sector.
  • Why: The assessment helps financial institutions identify and manage higher-risk activity using a proportionate, risk-based approach, without unnecessarily affecting legitimate NPOs.
  • What's Next: AUSTRAC says the updated understanding should support more targeted and proportionate risk mitigation across higher-risk parts of the sector.

Key changes: 

  • AUSTRAC confirmed that Australia's NPO sector presents a limited terrorism financing risk overall, with risk concentrated in a very small subset of sectors.
  • Higher-risk indicators include links to Suspicious Matter Reports (SMRs), large cash transactions, outbound international funds transfers, and activity involving higher-risk jurisdictions.
  • AUSTRAC found that most NPOs are not covered by the AML/CTF Act, meaning they generally do not have obligations such as customer due diligence, transaction monitoring, or submitting SMRs.
  • The report notes that suspicious activity can be difficult to detect because it may look like legitimate charitable work, including donations, religious contributions, or emergency relief.
  • AUSTRAC also identified online fundraising platforms and digital payments as increasingly relevant risk areas, especially where funds move offshore or through intermediaries.

What this means for payment providers

This assessment reinforces that not all non-profit organizations carry the same level of risk. For payment providers onboarding NPOs, a risk-based approach is needed where an organization operates in higher-risk jurisdictions, sends funds overseas, or has activities that require closer scrutiny. 

Collecting the right information during onboarding helps build a clearer  understanding of an organization's purpose, operations, and international activities. This gives compliance teams a stronger foundation for transaction monitoring, identifying unusual activity, and meeting Suspicious Matter Reporting (SMR) obligations when risks emerge.

Recommended actions

  • Apply risk-based onboarding for NPOs instead of a one-size-fits-all approach.
  • Collect additional information for organizations operating internationally or sending funds to higher-risk jurisdictions.
  • Review transaction monitoring rules for outbound international transfers, large cash transactions, and other higher-risk indicators highlighted by AUSTRAC.
  • Train onboarding and compliance teams to recognize the higher-risk characteristics identified in the assessment.
  • Review internal escalation and Suspicious Matter Reporting (SMR) procedures to ensure higher-risk activity can be identified and investigated promptly.

How OnBoard helps

OnBoard helps firms apply AUSTRAC's risk-based approach by adapting onboarding requirements to each non-profit organization's activities and risk profile.

  • Smart Forms dynamically adapt in real time based on customer inputs, prompting additional questions for organizations operating internationally, sending funds overseas, or presenting higher-risk characteristics. This helps teams collect the right information without adding unnecessary friction for lower-risk organizations.
  • Automated KYB, KYC, and AML screening verifies organizations, office holders, beneficial owners, and related parties against PEP and sanctions databases, watchlists, and adverse media, helping identify higher-risk organizations before onboarding.
  • Real-Time Risk Scoring combines customer information, jurisdiction, ownership, and screening results to help teams identify organizations that require enhanced due diligence and closer review.
  • Ongoing customer due diligence (OCDD) continuously monitors changes to sanctions exposure, adverse media, ownership, and other risk indicators, helping firms identify emerging risks throughout the customer relationship.

Source: AUSTRAC 

Hong Kong

Initiative name: HKMA Supporting A.I. Adoption in Fighting Financial Crime 

Effective date: June 2026 (ongoing)

Issued by: Hong Kong Monetary Authority (HKMA)

Summary: 

  • What: HKMA published guidance encouraging the responsible use of A.I., network analytics, and advanced behavioral analytics to strengthen financial crime detection.
  • Why: HKMA says traditional transaction monitoring and static rule-based controls are under growing strain as financial crime becomes faster, more digital, and more complex.
  • What's Next: HKMA expects institutions to move toward well-governed, intelligence-led risk management, with clear accountability, explainability, human oversight, and measurable improvements in detection.

Key findings:

  • HKMA said standing still is not an option, and financial institutions need to adopt proven technologies at scale as financial crime threats evolve.
  • The guidance encourages firms to move from static rule-based monitoring toward more dynamic, risk-based intelligence using A.I., behavioral analytics, network link analysis, and anomaly detection.
  • HKMA emphasized that A.I. should improve risk identification, prioritization, and escalation, not just automate existing workflows.
  • The guidance highlights real-world use cases where A.I. supports customer onboarding, mule account detection, transaction monitoring, alert triage, investigations, and suspicious activity reporting.
  • HKMA made clear that A.I. is not a replacement for human judgment, but a tool that should operate within controlled, explainable, and accountable risk frameworks.

What this means for merchant onboarding teams: 

For payment providers, this guidance signals that manual reviews and static monitoring rules may be less effective against increasingly complex financial crime risks. Fraud networks, mule accounts, synthetic identities, and hidden links between customers can be difficult to detect through traditional checks alone.

This reinforces onboarding as a critical control point. Firms need to assess risk earlier, verify customer information more effectively, and support intelligence-led monitoring across the customer lifecycle. A.I. and analytics should not be used for technology's sake. They should help teams identify higher-risk customers sooner, escalate the right cases, and maintain clear evidence of how decisions were made.

Recommended actions:

  • Review whether current onboarding and transaction monitoring controls rely too heavily on static rules or manual review.
  • Assess where AI, behavioral analytics, or network analytics could improve risk detection, alert prioritization, and investigation quality.
  • Strengthen governance around any AI-enabled compliance tools, including , model validation, human oversight, and Board-level accountability.
  • Ensure customer onboarding data is structured enough to support risk scoring, monitoring, and investigation workflows.
  • Review escalation procedures to ensure higher-risk customers, mule account indicators, and suspicious activity are identified early and consistently.

How OnBoard helps: 

OnBoard helps firms build an intelligence-led onboarding process that combines automation with governance, giving compliance teams greater confidence in every customer decision.

  • Smart Forms are central to intelligent end-to-end onboarding. They dynamically adapt in real time based on customer inputs, business type, and risk indicators, collecting the right information at the point of capture to feed into OnBoard AIQ validation, risk scoring, and website risk analysis with structured, decision-ready data.
  • OnBoard AIQ™ and SiteScanner use AI to automate document validation, data extraction, and website risk analysis within your organization's existing rules, workflows, and risk framework. Every action is traceable, creating a clear audit trail while helping identify hidden merchant and website risks before onboarding.
  • Automated Decision Engine applies a management-by-exception approach, allowing lower-risk applications to move through onboarding faster while automatically routing higher-risk cases for human review.
  • Risk scoring combines customer information, ownership, screening results, and risk indicators to identify higher-risk applications early, helping teams prioritize reviews based on risk rather than static rules alone.

Source: Hong Kong Monetary Authority 

Cross-market signals for onboarding and compliance teams 

June 2026 highlights a clear shift in regulatory expectations: onboarding is no longer viewed as a one-time verification process. Regulators increasingly expect firms to collect the right information from the start, understand customer risk in context, and continue monitoring customers as risks change over time.

Several common themes emerged this month:

  • Risk-based onboarding continues to replace one-size-fits-all customer verification.
  • Ongoing customer due diligence (OCDD) is becoming an essential part of managing customer risk throughout the relationship.
  • Sanctions, jurisdiction, and beneficial ownership screening remain critical for identifying higher-risk customers before they enter your portfolio.
  • AI and intelligent automation are gaining regulatory support when used with strong governance, explainability, and human oversight.
  • Firms are increasingly expected to maintain clear audit trails that show how onboarding decisions, risk assessments, and due diligence were applied.

This month's updates reinforce that effective onboarding is about more than verifying identities. It is about building a trusted customer profile that supports risk assessment, ongoing monitoring, and defensible compliance decisions throughout the customer lifecycle.

OnBoard by MVSI supports that approach by bringing digital onboarding, KYB, KYC, AML screening, AI-assisted verification, underwriting, and ongoing customer due diligence (OCDD) together in a single platform built for regulated payment environments.

By combining adaptive data collection, policy-driven decisioning, and continuous monitoring, OnBoard helps payment providers build onboarding processes that are scalable, auditable, and aligned with evolving regulatory expectations.

This content is provided for general information only and does not constitute legal or regulatory advice. 

Frequently Asked Questions

No items found.
Scroll To Top Arrow