.png)
This November’s regulatory shifts sharpen the global focus on financial crime and digital assets. From updated watchlists to stronger enforcement, jurisdictions are demanding more dynamic risk management. For PSPs, this means adapting onboarding processes to new global priorities and leveraging technology to stay both compliant and competitive.
Key Takeaways
- FATF reshuffles its global 'grey list', removing four nations and signalling where enhanced due diligence can be scaled back.
- The UAE ushers in a tougher AML era, targeting digital assets with lower evidence thresholds and heftier penalties.
- Canada and the UK pursue different paths, with Canada planning a new enforcement agency as the UK aims to cut compliance burdens.
- Digital asset rules mature, with California setting crypto escheatment rules and New Zealand proposing modernised digital identity checks.
Global
Regulation Name: FATF Updated Lists of Jurisdictions with Strategic Deficiencies
Effective Date: 21 November 2025
Issued By: Financial Action Task Force (FATF), announced by the Financial Crimes Enforcement Network (FinCEN)
Summary:
The Financial Action Task Force (FATF) has published its latest update to global watchlists, identifying countries with strategic weaknesses in their anti-money laundering (AML) and counter-terrorist financing (CTF) frameworks. These lists guide global financial institutions in shaping risk-based policies and determining how aggressively they must assess customers during onboarding. FATF’s changes directly influence how quickly or how cautiously merchants can be verified and approved.
Key Changes:
- FATF removed Burkina Faso, Mozambique, Nigeria, and South Africa from its "grey list" (Jurisdictions Under Increased Monitoring), indicating they have made sufficient progress in addressing their strategic deficiencies.
- The "black list" (High-Risk Jurisdictions Subject to a Call for Action) remains unchanged, continuing to include Iran, North Korea, and Burma.
- The FATF specifically reaffirmed its call for jurisdictions to apply enhanced due diligence and counter-measures to Iran due to ongoing, unaddressed risks.
What This Means for Onboarding & Risk Teams:
Your team's country risk ratings must be updated immediately. Customer and merchant relationships with connections to the de-listed countries may now be classified as lower risk, potentially simplifying due diligence. Conversely, maintaining relationships with entities connected to the high-risk jurisdictions requires the strictest enhanced due diligence and may necessitate exiting certain customers.
Recommended Actions:
- Immediately update your internal high-risk country lists to reflect the removal of Burkina Faso, Mozambique, Nigeria, and South Africa from the "grey list."
- Conduct a review of any clients or merchants with connections to these four countries to reassess and potentially reduce their risk scrutiny .
- Ensure your enhanced due diligence protocols for Iran, North Korea, and Burma are rigorously applied and documented.
- Ensure your AML and KYB screening checks reflect these changes, as these high-risk jurisdictions will require continuous scrutiny.
How OnBoard Helps:
OnBoard’s customisable KYC, KYB and AML checks instantly flag merchants tied to high-risk FATF jurisdictions, giving PSPs and financial institutions the protection they need to avoid crippling regulatory and reputational fallout. The automated decision engine scores every merchant application in real time, pushing low-risk merchants through at high speed while immediately escalating high-risk applicants for deeper due diligence. OnBoard AIQ™ then becomes your nonstop safety net by reading and validating documents instantly, saving your team hours of manual work and shielding your PSP from hidden jurisdiction risks at all times.
Source: FinCen
Regulation Name: FATF Guidance on Asset Recovery and Confiscation
Effective Date: 4 November 2025 (Publication Date)
Issued By: The Financial Action Task Force (FATF)
Summary:
The FATF has released extensive global guidance aimed at dramatically improving the detection, tracing and confiscation of criminal assets, reflecting widespread global underperformance in asset recovery. For PSPs and financial institutions, it marks a shift toward regulators expecting stronger data quality, clearer customer records and onboarding information that can support future tracing and confiscation efforts.
Key Changes:
- Intensifies global focus on recovering criminal assets, recognising that most jurisdictions are performing poorly.
- Provides comprehensive best practices for securing, tracing, and confiscating assets across all stages of financial investigations.
- Strengthens international cooperation standards, requiring jurisdictions to act faster and more effectively on cross-border asset recovery requests.
What This Means for Onboarding Teams & PSPs:
This guidance does not directly impact the merchant onboarding landscape, but it sharply increases expectations that PSPs and financial institutions maintain clean, accurate and complete customer and ownership data that can support future tracing and confiscation efforts.When onboarding relies on rekeying the same information across siloed teams, it creates gaps, inconsistencies and blind spots that investigators will no longer overlook. The growing use of sophisticated fraud and complex financial structures also makes manual verification far too slow and error-prone, leaving PSPs exposed when authorities demand clear, reliable data that can support rapid asset recovery.
Recommended Actions:
- Strengthen KYC, KYB and AML workflows in merchant onboarding so merchants data are complete, consistent and ready to support asset-recovery requests when necessary.
- Unify onboarding, risk and compliance teams around a single shared view of merchant data to eliminate siloes, close information gaps and ensure high-risk indicators are never overlooked.
- Train onboarding and compliance teams on the indicators of complex money laundering schemes that this guidance aims to dismantle.
How OnBoard Helps:
OnBoard strengthens your asset-recovery readiness by collecting complete and structured merchant information from the start through smart, fully guided application journeys that eliminate rekeying and data siloes. OnBoard AIQ™ then reads and validates documents automatically, creating clean, consistent ownership and identity records that investigators can rely on when tracing or recovering criminal assets. And with audit-ready onboarding files that are complete, consistent and instantly retrievable, payment providers can respond to investigative requests with confidence instead of scrambling for missing data. Book a demo today.
Source: FATF
EMEA
United Kingdom
Regulation Name: Regulation Action Plan - Progress Update and Next Steps
Effective Date: Ongoing (Publication Date: 22 October 2025)
Issued By: HM Treasury (HMT) and Department for Business and Trade (DBT)
Summary:
The UK government has published a progress report on its Regulation Action Plan, outlining a concerted shift towards a pro-growth regulatory framework. The plan aims to reduce the estimated £22.4bn annual administrative burden on businesses by 25% by the end of the Parliament. Key initiatives focus on streamlining corporate reporting and challenging regulatory risk aversion. This signals a deep cultural shift that will speed up how regulators expect merchants to be verified, creating new pressure to ensure every application is accurate, complete, and fully compliant.
Key Changes:
- The Financial Conduct Authority (FCA) will consolidate the AML/CTF supervisory functions of 22 professional bodies, creating a single supervisor that gives PSPs clearer, more consistent expectations for merchant verification.
- The FCA is reducing reporting burdens by removing low-value data returns and simplifying requirements through its Transforming Data Collection Programme
- A new "provisional licences regime" will allow fintech start-ups to conduct limited regulated activities with streamlined conditions and stronger oversights .
What This Means for Onboarding Teams & PSPs:
You can expect AML oversight to be consolidated as reporting requirements are simplified. At the same time, regulators will be measured on speed, which means applications may move faster but face sharper scrutiny. The push for innovation may bring new types of customers (e.g., with provisional licences) that require adapted risk assessments.
Recommended Actions:
- Review your KYB processes to identify where simplified FCA reporting can remove unnecessary documents and speed up corporate verification.
- Prepare for a more centralised AML supervision framework under the FCA and monitor its implementation timeline.
- Assess how your onboarding journey aligns with the regulators' new performance targets for speed and efficiency.
- Engage with the 'Unlocking Business' questionnaire to highlight persistent regulatory friction points in your operations.
How OnBoard Helps:
OnBoard keeps PSPs audit-ready as AML supervision moves under a single FCA authority by generating consistent, FCA-compliant reports with real-time integrity stamps, giving firms clear proof of compliance as expectations tighten. Its adaptive smart forms and KYB data capture make it easier to verify merchants using cleaner, simplified reporting requirements so onboarding stays fast without losing accuracy. OnBoard AIQ™ then supports the shift toward innovation by validating documents and enriching data for new business models, including firms entering the market under provisional permissions.
Source: UK Government Regulation Action Plan
European Union
Regulation Name: EBA Advice on Anti-Money Laundering (AML) Standards for AMLA
Effective Date: Phased implementation, with full application of 6AMLD by 10 July 2027
Issued By: European Banking Authority (EBA)
Summary:
The EBA has issued its formal advice to the European Commission, setting the stage for the new EU Anti-Money Laundering Authority (AMLA) to take over supervision. This marks a critical step towards a harmonised EU AML regime under the forthcoming Sixth Anti-Money Laundering Directive (6AMLD). The advice focuses on creating consistent standards for customer due diligence and how supervisors assess risk. This signals a significant shift from national-level supervision to a centralised EU model with direct enforcement powers.
Key Changes:
- Financial institutions that operate in at least six EU Member States can be selected for direct AMLA supervision, including those operating through branches or cross-border services.
- Proposes new, harmonized Customer Due Diligence (CDD) standards, including enhanced due-diligence requirements, that all obliged entities must follow.
- Introduces a five-year transitional period for firms to apply the new CDD standards to existing, non-high-risk client relationships.
- Mandates that firms must prioritize the review and update of all high-risk business relationships to be fully compliant by the July 2027 deadline.
What This Means for Onboarding Teams & PSPs:
These changes mean onboarding will require far more consistent and standardized information from every merchant, with very little room for variation across different EU markets. High-risk merchants will need to be reviewed and updated quickly to avoid falling behind the new expectations, while lower-risk merchants will still create long-term workloads that must be planned for early. As supervision becomes more centralized, onboarding processes will need to stay flexible enough to adjust to new guidance without slowing approval times or risking non-compliance.
Recommended Actions:
- Identify and prioritize high-risk merchants for immediate review so you do not fall behind the early compliance expectations.
- Begin planning your multi-year CDD remediation strategy to efficiently handle non-high-risk clients within the five-year transitional window.
- Monitor the EBA and AMLA consultations closely, including the new KYC information standards, so your onboarding requirements stay aligned with the latest rules.
How OnBoard Helps:
OnBoard’s automated KYB/KYC workflows can be configured to align with the new harmonized CDD standards, ensuring consistent data collection and verification across the EU. OnBoard’s smart decision engine and real-time risk scoring help you instantly identify and prioritize high-risk merchants for review, making the 2027 deadline manageable. With OCDD and built-in audit readiness, OnBoard continuously updates merchant records and generates the documents needed to meet AMLA’s ongoing supervision requirements. See OnBoard in action now.
Source: European Banking Authority
United Arab Emirates
Regulation Name: Federal Decree Law No. 10 of 2025 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations
Effective Date: 4 November 2025
Issued By: UAE Federal Government
Summary:
The UAE has enacted a comprehensive new law to fortify its financial integrity and align with global FATF standards. This legislation significantly expands the scope of money laundering and terrorist financing offences, particularly in the digital asset space. For businesses, this marks a decisive shift towards a more assertive and coordinated enforcement environment.
Key Changes:
- Explicitly criminalizes terrorist financing conducted through digital systems, virtual assets, or encryption technologies.
- Lowers the evidential threshold, allowing convictions based on "circumstantial evidence" where a person "should have known" funds were illicit.
- Increases maximum fines for organisations to AED 100 million and introduces prison sentences of up to 10 years for individuals.
- Removes the limitation period for prosecuting money laundering, terrorism financing, and proliferation financing offences.
- Empowers the Financial Intelligence Unit (FIU) to freeze funds for up to 30 days and suspend transactions for 10 days without prior notice.
- Makes beneficial ownership registration and risk assessments mandatory for financial institutions, DNFBPs, and Virtual Asset Service Providers (VASPs).
What This Means for Onboarding Teams & PSPs:
The tougher offences, higher penalties and lowered evidential threshold mean even a single onboarding mistake or delay can expose a provider to severe regulatory and financial fallout. Mandatory beneficial ownership checks and deeper risk assessments will amplify the risk of human error, and slow or inconsistent onboarding now creates real vulnerability under the “should have known” standard. This makes incomplete files, missed details or unclear ownership structures verifications a direct pathway to frozen accounts, operational breakdowns and major reputational damage.
Recommended Actions:
- Immediately review and update AML/CTF policies to include specific procedures for virtual assets and digital financing risks.
- Enhance due diligence and ongoing monitoring checks to capture beneficial ownership and source of wealth more effectively.
- Train frontline and compliance teams on the new evidential standards and the expanded scope of predicate offences.
- Audit your current transaction monitoring and reporting workflows to ensure they can support faster action on FIU requests.
How OnBoard Helps:
OnBoard protects payment providers from the heightened risks in the new UAE AML law by capturing every ownership and risk detail upfront through structured smart forms that eliminate the gaps and human errors regulators now prosecute. OnBoard AIQ™ reinforces this by automatically reading and validating documents, creating airtight evidence for complex structures and digital-asset exposure while preventing the delays that trigger liability under the lowered evidential standard. With automated KYC, KYB and AML driving consistent real-time decisions, onboarding teams stay fast, compliant and protected as enforcement intensifies.
Source: Pinset Masons
America
United States (California)
Regulation Name: SB-822 Unclaimed Property: Digital Financial Assets
Effective Date: October 11, 2025
Issued By: California State Legislature
Summary:
California’s SB 822 brings digital financial assets under the state’s Unclaimed Property Law, meaning crypto accounts you onboard and hold may escheat to the state after three years of no owner contact or activity. These obligations create operational risk for any holder whose onboarding data is incomplete or cannot clearly establish whether California jurisdiction applies.
Key Changes:
- SB 822 classifies digital financial assets as unclaimed property, meaning custodial platforms must comply with California’s UPL when holding crypto for users.
- A digital asset account escheats after three years of no owner contact or activity, so platforms must reliably track logins, transactions and other acts of ownership.
- California jurisdiction can be established using any address indicator, making accurate location data collected at onboarding essential.
- Holders must send a state-prescribed notice 6–12 months before escheat, which depends on having valid contact information from onboarding.
What This Means for Onboarding Teams & PSPs:
Merchant onboarding teams must now collect precise address indicators and contact details at the point of signup, because this information determines whether a merchant’s digital-asset accounts fall under California’s unclaimed-property rules. If onboarding records are incomplete or inconsistent, you may be unable to send required notices, prove jurisdiction or prevent dormant merchant balances from being forcibly escheated to the state. Any merchant onboarded with poor data becomes a long-term compliance liability, especially once their digital-asset activity slows or stops.
Recommended Actions:
- Strengthen merchant onboarding to capture and store address indicators and contact details
- Ensure onboarding and customer-profile systems accurately track logins, transactions and other ownership activity
- Build the state-prescribed pre-escheat notice requirements directly into the onboarding forms and initial data capture
- Train onboarding and risk teams on these new requirements to ensure they are captured in merchant and user agreements.
How OnBoard Helps:
OnBoard protects PSPs from SB 822 risk by capturing accurate address indicators and contact details at the very start of merchant onboarding through fully structured Smart Forms, ensuring you always know when California’s unclaimed-property rules apply. OnBoard AIQ™ then validates and enriches this data automatically, eliminating the gaps and inconsistencies that lead to missed notices, misidentified jurisdiction and forced escheat of merchant assets. With a unified merchant profile and automated compliance workflows, every account is audit-ready and every notice is sent to the right place without manual scrambling.
Source: California Legislative (SB-822)
Canada
Regulation Name: Budget 2025 - Sanctions and Financial Crimes Enforcement Measures
Release Date: November 4th - Enabling legislation expected Spring 2026; other measures to follow
Issued By: Government of Canada (Department of Finance)
Summary:
Budget 2025 signals a significant ramp-up in Canada's financial crime enforcement and sanctions regimes. It introduces a new centralised Financial Crimes Agency (FCA) to lead complex investigations and proposes sweeping amendments to anti-money laundering (AML) and terrorist financing laws. These changes sharply increase enforcement pressure on PSPs and financial institutions, raising the stakes for how high-risk merchants are verified and approved during onboarding.
Key Changes:
- Establishes a new Financial Crimes Agency (FCA) as the sole lead authority for investigating complex financial crimes like money laundering and fraud.
- Replaces FINTRAC's optional compliance agreements with a mandatory framework, forcing entities in violation into binding agreements.
- Proposes a massive increase in administrative monetary penalties, raising the cap for very serious violations from $500,000 to $20 million.
- Introduces a prohibition or limit on third-party cash deposits, payments, or donations of $10,000 or more.
- Expands the list of reporting entities to explicitly include mortgage administrators, brokers, and lenders.
- Amends sanctions law to require financial institutions to provide information on property held by sanctioned persons, which may be subject to a new "Targeted Windfall Profit Charge."
What This Means for Onboarding Teams & PSPs:
PSPs and onboarding teams now face far higher financial risk and scrutiny, which means every merchant must be risk-screened with extreme accuracy. You will also need stronger controls around sanctions exposure and third-party activity as the government begins using financial institution data more aggressively for enforcement.
Recommended Actions:
- Review your current AML compliance frameworks to identify gaps against the proposed stricter penalty and mandatory agreement regime.
- Begin planning for enhanced due diligence processes to identify and screen third-party cash transactions.
- Assess your customer base and onboarding flows to determine if you engage with newly in-scope entities like mortgage brokers.
- Strengthen your sanctions screening and property reporting capabilities to prepare for new information-sharing obligations.
How OnBoard Helps:
OnBoard gives PSPs and financial institutions the power to onboard newly regulated mortgage entities with confidence, ensuring every application meets the tightened AML and sanctions expectations in Budget 2025. OnBoard’s smart decision engine scores applications in real time and auto-approves or rejects based on customisable rules, stopping high-risk merchants before they create costly damages. OnBoard AIQ™ and real-time monitoring then extract key risk details and flag sanction-linked or suspicious third-party activity instantly, delivering full end-to-end protection throughout onboarding. Experience the full power of OnBoard by booking a demo today.
Source: McMillan LLP Summary of Budget 2025
APAC
Australia
Regulation Name: AML/CTF Act Reforms Guidance
Effective Date: 31 March 2026 (for existing entities) / 1 July 2026 (for new entities)
Issued By: Australian Transaction Reports and Analysis Centre (AUSTRAC)
Summary:
AUSTRAC has released comprehensive guidance to support the significant expansion of Australia's Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) regime. This move aims to close critical gaps in the financial system exploited by organized crime. Existing reporting entities must also adapt to the updated legal framework.
Key Changes:
- The AML/CTF regime will expand from 1 July 2026 to include new sectors: real estate agents, accountants, lawyers, and dealers in precious metals and stones.
- Existing reporting entities, such as banks and payment providers, must comply with the updated laws by 31 March 2026.
- The guidance includes sector-specific risk indicators and insights to help new entities identify and mitigate money laundering threats unique to their operations.
- AUSTRAC will provide further resources, including starter kits for building AML/CTF programs, to aid the transition for newly regulated businesses.
What This Means for Onboarding Teams & PSPs:
Providers will soon need to perform KYB checks on a new, diverse set of merchant types with varying risk profiles. This expansion means your compliance workflows must adapt, with broader risk assessments and more customizable application forms to support these newly regulated industries. . For existing PSPs, your own AML/CTF programs will need updating to meet the stricter standards by March 2026.
Recommended Actions:
- Map your existing merchant base to identify any clients in the newly regulated sectors who will require enhanced due diligence.
- Update your compliance workflows and risk assessment model to include a broader range of merchant types and industry-specific behaviors.
- Integrate the new sector-specific risk indicators released by AUSTRAC into your onboarding and ongoing monitoring workflows.
- Review the AUSTRAC guidance and prepare for the release of further sector-specific starter kits.
How OnBoard Helps:
OnBoard gives PSPs the confidence to onboard Australia’s newly regulated sectors with smart forms that capture the exact information required for high-risk industries, removing guesswork from the first step. Its flexible KYB and AML workflows adapt instantly to different merchant types and risk profiles, so your team can stay in control even as your portfolio becomes more complex. The smart decision engine applies AUSTRAC’s sector-specific risk metrics to spotlight risky merchants instantly, while OCDD keeps every profile continuously updated, protecting your business and giving you total clarity as the AML/CTF regime expands.
Source: AUSTRAC
New Zealand
Regulation Name: Updated Identity Verification Code of Practice (Proposed Changes)
Effective Date: Draft proposal presented November (anticipated implementation April 2026)
Issued By: The AML/CFT Supervisors (Reserve Bank of New Zealand, Financial Markets Authority, Department of Internal Affairs)
Summary:
New Zealand's AML/CFT supervisors have proposed a significant update to the Identity Verification Code of Practice (IVCOP), which hasn't been revised since 2013. The update aims to modernise the framework by incorporating digital identity verification methods and adopting a more risk-based approach.
Key Changes:
- Formally integrates the Digital Identity Services Trust Framework (DISTF) as a new, fourth verification pathway, allowing reliance on accredited digital identity providers.
- Mandates that in-person document checks (Part 1) require a visual comparison of the customer to the photo ID.
- Clarifies that certified copies of documents can be accepted electronically if they meet specific security standards, not just as physical "wet ink" copies.
- Makes Electronic Identity Verification (EIV) rules more prescriptive, elevating the NZTA Driver Licence Verification Service to the same level as the DIA Confirmation Service and removing the need for a second source to corroborate the name.
- Extends the IVCOP's "safe harbour" to cover high-risk customers, providing assurance that your verification steps for these individuals are compliant.
- Proposes a more risk-based approach for verifying beneficial owners and representatives, potentially removing the mandatory IVCOP requirements for low/medium-risk entities.
What This Means for Onboarding Teams & PSPs:
These changes force rapid redesigns of verification flows, system rules, and operational processes. Your onboarding teams will feel an immediate surge in pressure and accountability as stricter checks and new digital pathways raise the risk of error. Without fast adaptation, PSPs and financial institutions face regulatory heat, onboarding slowdowns, and merchants defecting to competitors who move quicker.
Recommended Actions:
- Review your current customer onboarding workflows and identity verification policies against the proposed changes.
- Assess the potential of integrating with accredited DISTF providers to future-proof your verification process.
- Update internal guidance and train staff on the new requirement for a visual photo comparison.
- Prepare your systems to accept securely certified electronic documents as an alternative to physical copies.
- Provide feedback to the AML/CFT supervisors by the 19 January 2026 deadline if these changes impact your operations.
How OnBoard Helps:
OnBoard lets payment providers build fully custom digital application journeys that capture every required merchant and ownership detail upfront, removing the gaps and bottlenecks that tighter identity rules would normally create. OnBoard AIQ™ then reads and validates documents automatically, eliminating manual effort and progressing merchants applications in real-time. With automated AML KYC KYB and real time decisioning, payment providers stay fast, protected and unshaken at all times.
