Key Lessons from 2024 AML Enforcement: Best Practices for 2025

ComplyCube

From Penalties to Proactive Compliance: The New AML Imperative 

In 2024, regulators worldwide took a firm stance on AML, deciding that a lack of compliance could no longer be tolerated. Record-breaking fines were handed out across varying sectors, especially within financial services, reminding businesses of the hefty cost of non-compliance. In 2024, the FCA handed out over £176 million in fines in the UK, with big names such as Barclays and Starling among the recipients. The US handed out over $4.3 billion in penalties, with $3 billion of that hitting TD Bank alone.  

A Look at Recent Notable Fines 

The enforcement actions taken against Starling Bank, TD Bank, and KuCoin highlight the broadening regulatory focus beyond traditional financial institutions. Authorities are penalizing not just negligence but systemic compliance failures. 

TD Bank: TD Bank faced one of the largest AML enforcement actions in history, agreeing in October 2024 to pay $3.09 billion in fines for severe Bank Secrecy Act (BSA) and AML compliance violations. This unprecedented penalty reflected years of systemic failures, as three money laundering networks collectively transferred more than $670 million through TD Bank accounts from 2019 to 2023.  

Starling Bank: In September 2024, the Financial Conduct Authority (FCA) fined Starling Bank £28.9 million for significant AML control failures. The bank’s rapid expansion—from 43,000 customers in 2017 to 3.6 million in 2023—outpaced its ability to enforce effective financial crime controls.  

KuCoin: KuCoin, a major cryptocurrency exchange, pleaded guilty in January 2025 to operating an unlicensed money-transmitting business in the U.S., agreeing to pay nearly $300 million in fines and forfeitures. Illicit actors exploited the platform to conduct billions of dollars in suspicious transactions, including funds linked to darknet markets and ransomware attacks.  

Identifying Common Compliance Failures 

Regulators are now focusing not just on individual infractions but on systemic AML failures. Firms face penalties for failing to implement risk-based controls, including Politically Exposed Person (PEP) screening and sanction screening, real-time monitoring, and timely reporting of suspicious activity.  

• Weak Know Your Customer (KYC) Procedures 

The surge in sophisticated forms of fraud, including AI-powered deepfakes, has led to a need for fortified KYC checks within onboarding processes. One of the most frequently cited compliance failures in 2024 was inadequate KYC procedures, as firms failed to properly verify customer identities or update risk profiles in a timely manner.  

In November 2024, Binance agreed to pay $4.3 billion in penalties after U.S. authorities found that the exchange had knowingly failed to verify customer identities properly, allowing “bad actors”, including sanctioned entities and terrorist financiers, to trade on its platform.  

In July 2024, the Hong Kong Monetary Authority (HKMA) fined DBS Bank HK$10 million for failing to conduct enhanced due diligence on high-risk customers. The official enforcement report noted that DBS “did not regularly update customer risk profiles, increasing exposure to potential financial crime.”  

Without leveraging advanced AI-powered biometric checks powered by liveness detection, businesses risk bad actors gaining access to their platforms with fraudulent identities. 

• Ineffective Transaction Monitoring 

Transaction monitoring failures were another significant cause of enforcement actions in 2024, with regulators cracking down on firms using outdated, rule-based monitoring systems that failed to detect suspicious activity in real-time. 

In July 2024, Deutsche Bank was fined $186 million for failing to fix ongoing transaction monitoring deficiencies despite multiple regulatory warnings. In November 2024, Metro Bank was fined £17 million for serious transaction monitoring lapses.  

• Inadequate Suspicious Activity Reporting (SARs) & Active Monitoring 

Regulators have increased scrutiny of firms that are failing to report suspicious transactions in a timely manner or maintain effective transaction monitoring systems. In May 2024, N26 Bank was fined €9.2 million by Germany’s Federal Financial Supervisory Authority (BaFin) for failing to submit SARs in a timely manner. According to BaFin’s official statement, “N26 systematically reported suspicious activities late, violating the Act on the Detection of Profits from Serious Crimes.” The digital bank later confirmed that it had allocated €80 million to strengthen its compliance infrastructure and personnel to prevent similar failures. In January 2025, the Dutch state-owned lender de Volksbank was fined €20 million for inadequate risk management and failing to prevent money laundering.  

Conclusion: Lessons from 2024 and the Path Forward 

The AML enforcement actions of 2024 serve as a stark reminder that failing to meet compliance obligations has severe financial, reputational, and operational consequences. Regulators worldwide have demonstrated a zero-tolerance approach to financial crime, and enforcement is set to intensify in 2025. The shift from penalties to proactive compliance isn’t just necessary; it’s a business opportunity that sets the stage for success in a highly regulated world.  

For more information on how to safeguard your business from fraud and fortify operations for 2025, get in touch with one of ComplyCube’s compliance experts.  

As the UK’s largest trade association for technology, techUK includes many Digital ID companies as members, and acts as a leading voice in the sector. 

To find out more about our work, visit our Digital ID hub and sign up for our newsletter here.