Global Fincrime: 2025 Regulatory Changes and 2026 Outlook

In 2025, several key trends defined the fincrime landscape. Three of these trends were a push for increased corporate transparency, a tightening of corporate ownership rules, and stronger cross-border coordination between national regulators.

Governments pursued a variety of legislative objectives, while global compliance teams kept pace. As we reach the end of 2025, both regulators and businesses are looking to the horizon. But now is also a great moment to take stock of the developments of the past 12 months, as well as what we need to be ready for in 2026.

To help your organisation do that, and stay ahead of regulatory change, we’ve put together a high-level guide to 2025’s key global fincrime developments.

The United States:

The BIS 50% Rule

In September 2025, the United States’ Bureau of Industry and Security (BIS) announced that it was expanding the scope of its Entity List. Under the previous regime, BIS’ export controls, focused on preventing military end use of goods, applied only to entities specifically named on the list.

BIS export controls, aimed at preventing military end use of goods, applied only to entities specifically named on the list, even when other entities maintained extensive business or financial connections to those listed.

Under the new regime, known as the “Affiliates Rule” or the “50% Rule”, that loophole will be closed. BIS guidance states that “any entity that is at least 50% owned by one or more entities” on the Entity List now falls under the scope of the export controls.

On 1 November 2025, the White House announced that it would be temporarily suspending implementation of the Affiliates Rule. The suspension is scheduled to run from 10 November 2025 to 10 November 2026 and is currently in effect.

Regardless of the pause, the Affiliates Rule remains a paradigm shift in US policy. In practice, that will mean more extensive beneficial ownership checks on BIS-listed entities, and the application of appropriate risk-based anti-money laundering (AML) and counter-financing of terrorism (CFT) screening standards.

The rule highlights the need to shift screening focus away from single-target resolution, and towards a network-focused approach that clarifies corporate links between organisations.

The United Kingdom:

Economic Crime and Corporate Transparency Act

Introduced in 2023, the Economic Crime and Corporate Transparency Act (ECCTA) is transforming the way that the UK tackles corporate financial crime. In 2025, ECCTA implementation continued, with key developments including:

• Authorised Corporate Service Provider (ACSP) status, enabling certain professional service providers to verify clients for UK registration.
• Expedited disqualification process for fraudulently registered companies.
• Voluntary identity verification for individuals registering as companies.
• Access to certain trust information on the Register of Overseas Entities.

Compulsory identity verification for new directors and people with significant control (PSC) took effect on 18 November, 2025. It will expand to the existing 7 million directors and PSCs in 2026.

ECCTA’s focus on ultimate beneficial ownership (UBO) checks means firms will need to cross-reference public and private-sector data. They should also initiate enhanced compliance against customers who fall short of satisfactory identity verification.

The European Union

AMLA

Although it has not yet assumed its direct supervisory role over EU entities, the EU’s Anti-Money Laundering Authority (AMLA) became operational on 1 July 2025. Since then, it has been working to develop operational infrastructure and design its regulatory framework.

While there were no significant AMLA developments in 2025, EU member states continued to interpret the law and amend domestic AML/CFT legislation to align with the current, broader EU framework.

Adverse media screening

AMLA will significantly increase the need for firms to practice effective adverse media screening. As AMLA expands operationally, firms will seek to elevate their adverse media screening solutions. Compliance teams will need to explore and integrate new tools capable of efficiently identifying entities across the global media landscape.

Cybersecurity

The EU is building its regulatory focus on cybersecurity and the integration of artificial intelligence (AI). To that end, the implementation of key legislation continued in 2025:

• The EU AI Act: Introduced in July 2024, it will mainly come into effect in August 2026. The Act requires firms to consider how they implement AI within their infrastructure and take appropriate compliance steps.
• DORA: The Digital Operational Resilience Act (DORA) came into full effect across the EU in January 2025. The regulation requires firms to implement appropriate protections against cyberattacks.

Financial Action Task Force

Plenary Session

The Financial Action Task Force (FATF) also focused on corporate transparency, regulator responsibility, and international cooperation in 2025. In October, the FATF published the outcomes of its most recent Plenary session, held in Paris, France. Key outcomes included:

• The announcement of new time-bound and risk-based Mutual Evaluation processes, which place greater value on regulatory outcomes.
• The expansion of the Guest Initiative, a programme for non-member states to share views on fincrime challenges, inform FATF strategy, and strengthen global AML/CFT cohesion.
• New guidance for members regarding asset recovery and the confiscation of criminal assets. The guidance, was published in November 2025, and aims to address low levels of global asset recovery, and the rise in proliferation financing. Proliferation financing (PF) is the act of providing funds or financial services to help individuals, groups, or states acquire or develop chemical, biological, radiological, or nuclear (CBRN) weapons (Weapons of Mass Destruction or WMDs) and their delivery systems

National Risk Assessment Toolkit

In August 2025, the FATF launched its National Risk Assessment toolkit. Highlighting the threat of cross-border money laundering, the toolkit is designed to help countries assess their money laundering threats and eliminate regulatory gaps. It sets out a range of insights, including:

• Cross-border crime figures,
• Proceeds of crime estimates,
• and the most common types of predicate crimes.

2026 and Beyond

Most of 2025’s key developments are events within patterns of ongoing regulatory change, or specific milestones set out in legislation. That means compliance teams need to adjust their solutions and postures, with an eye on 2026 and the future.

In the UK, for example, the implementation of ECCTA is expected to continue until 2027. It will include expanding compulsory identity verification measures, more stringent ACSP registration requirements, and stronger business prohibitions for disqualified persons.

Similarly, in the EU, AMLA’s phased introduction will see 40 obliged entities come under the regulator’s direct supervision in 2027. AMLA is expected to achieve full operational capacity in 2028. Before then, firms should have taken the relevant steps to align with the new regime, including integrating effective adverse media screening solutions.

In the US, FinCEN AML updates are likely. In early 2026, the regulator is expected to expand AML/CFT screening requirements to registered investment advisers (RIAs) and exempt reporting advisers (ERAs).

Key Takeaway: What 2025 Tells Us About 2026

2025 reinforced the notion that global compliance focus will move further towards transparency and data quality in 2026.

It also emphasised the importance of compliance teams’ ability to understand risk across interconnected networks. The BIS 50% rule, for example, is a US regulation, but has a global impact, and many international data providers and screening platforms are already working to ensure they interpret it accurately.

The same can be said for FinCEN and AMLA in the EU: the global impact of regulations requires compliance teams around the world to not only be aware of incoming changes to their threat environment, but be ready to adapt in 2026.

The good news is that Ripjar provides firms around the world with the power and flexibility to do that. Our platform leverages advanced analytics to cut straight through data complexity and noise, and stay ahead of AML risk, now and in the future.

Talking of the future, stay tuned for our upcoming 2026 Outlook, which will go into more detail on what to look out for on the fincrime horizon.

---

Ripjar is a data intelligence platform company whose mission is to help organisations and governments screen smarter by automating the detection, investigation, and monitoring of threats from criminal activity. Founded by former members of the UK’s Government Communications Headquarters (GCHQ), Ripjar develops software products that combine automation, artificial intelligence, and data visualisation to help companies solve the most complex risk and security management problems at scale. For more information, visit ripjar.com and follow @Ripjar on LinkedIn.

The post Global Fincrime: 2025 Regulatory Changes and 2026 Outlook appeared first on Enterprise Times.