Published by Financier Worldwide Ltd 02026 Financier Worldwide Ltd. All rights reserved.
Permission to use this reprint has been granted by the publisher.
Financier Worldwide canvasses the opinions of leading professionals on current trends in anti-money laundering.
Adriano Correa is a partner in BDO Advisory, a division of BDO Brazil. He is a Brazilian certified public accountant, fraud examiner, business administrator, internal auditor and information systems auditor. He assists companies with matters involving corporate strategy, business model transformation, financial disputes, business negotiations, cash flow projections, valuation of distressed assets, complex financial instruments, change management and restructuring, conflict resolution, compliance, fulfilling accounting requirements, and reestablishing the economical balance of agreements. He has led several high-profile transactions and advisory engagements involving the application of financial principles, accounting principles, compliance requirements and auditing standards.
Q. What are the most pressing anti-money laundering (AML) risks currently facing Brazil? To what extent are you seeing the emergence of threats such as synthetic identities, Al driven fraud and other technology enabled laundering methods?
A. Brazil’s financial ecosystem is digitalising at an incredible pace, and with that comes a new wave of anti-money laundering (AML) challenges. Synthetic identities and artificial intelligence (Al)driven fraud are no longer theoretical, they are here. Criminals are exploiting Brazil’s Pix instant payment system, which handles billions of transactions monthly, to move illicit funds through micro-transfers and mule accounts. Add to that the complexity of cross-border flows tied to drug trafficking and corruption, and Brazil becomes a critical hub for global money laundering networks. Emerging tech adds another layer. Crypto mixers and deepfakeenabled know your customer (KYC) bypasses make detection harder than ever. To stay ahead, financial institutions need real-time monitoring and behavioural analytics, while regulators like the Council for Financial Activities Control (COAF) are tightening oversight on high-risk
digital channels. Proactive risk assessments which factor in Brazil’s unique exposure to bribery and environmental crimes will be key to managing these sophisticated threats going forward.
Q. How would you characterise the direction AML regulation and enforcement is heading in Brazil? What does this suggest about the evolving role of financial institutions, regulators and technology in combatting financial crime?
A. Brazil’s AML regime is moving toward deeper tech integration and stronger global alignment. Regulators like COAF and the Central Bank are stepping up enforcement, with penalties rising and over a million suspicious activity reports (SARs) filed annually, especially in fintech and real estate. The message is clear: risk-based approaches and enhanced due diligence, particularly for politically exposed persons, are non-negotiable. Technology is front and centre, with Al-driven monitoring becoming standard and regulatory sandboxes encouraging innovation under strict controls. Expect enforcement to tighten around cross-border flows and digital assets, with collaboration between
regulators, banks and tech providers shaping a more resilient ecosystem. Brazil is signalling a commitment to adaptive, tech-enabled regulation that meets Financial Action Task Force (FATF) standards while tackling entrenched financial crime.
Q. How are lawmakers and regulators in Brazil navigating the tension between AML obligations and data privacy laws, especially in relation to customer due diligence and information sharing?
A. Brazil faces a delicate balancing act between AML obligations and the General Personal Data Protection Law (LGPD), its General Data Protection Regulationstyle privacy law. Customer due diligence requires collecting sensitive data, but the LGPD enforces strict consent and data minimisation, creating friction, especially when sharing information with COAF. Regulators are promoting solutions like anonymised data exchange and privacy impact assessments to bridge the gap. Cross-border investigations add complexity, as FATF-driven requirements often clash with LGPD’s transfer restrictions. The way forward? ‘Privacy
by design’ frameworks, such as encrypted data silos, audit trails and purpose-limited processing, allow firms to meet AML goals without compromising individual rights. It is a nuanced approach that reflects Brazil’s commitment to both compliance and data sovereignty.
Q. What are the biggest operational challenges companies in Brazil face in maintaining AML compliance — particularly around data management, transaction monitoring and reporting? How are technology solutions helping to streamline these processes?
A. For Brazilian firms, AML compliance is often a logistical headache. Fragmented data across legacy systems slows transaction monitoring and reporting, while Pix’s massive transaction volume fuels alert fatigue. Manual onboarding processes only add to the strain. Technology is changing the game: AIpowered platforms are cutting false positives by up to 70 percent and cloud-based data lakes are streamlining integration and reporting. Regtech solutions tailored to local realities, such as language, corruption typologies and National Strategy to Combat Corruption and Money Laundering standards, are helping firms shift from firefighting to strategic risk management. The result is greater efficiency, stronger resilience and less time wasted on administrative burdens.
Q. How are companies approaching the integration of new AML technologies — such as artificial intelligence (Al) driven monitoring, automated know your customer, or blockchain analytics? What barriers are they encountering in terms of cost, interoperability or regulatory acceptance?
A. Brazilian companies are embracing Al-driven monitoring, automated KYC, and blockchain analytics to strengthen defences against Pix-related vulnerabilities and crypto-laundering. Major banks are leading the charge, deploying real-time anomaly detection tools aligned with Central Bank innovation initiatives. But challenges remain. High costs deter smaller players, outdated infrastructure complicates integration, and regulators demand explainable Al to avoid blackbox risks. Compliance with LGPD adds another layer of complexity. To overcome these hurdles, firms are turning to regtech partnerships and sandbox pilots for scalable, cost-effective solutions. The payoff is faster, smarter compliance — if companies can navigate the economic and
Q. How should companies assess the effectiveness of their AML regimes? What approaches or tools are proving most valuable in driving continuous improvement?
A. Assessing AML effectiveness requires more than ticking boxes. Brazilian firms are using key performance indicators like alert resolution rates, false positive reductions and SAR quality to gauge performance. Independent audits and scenario-based stress tests uncover blind spots in monitoring and due diligence. Advanced analytics dashboards provide real-time insights, while machine learning models back-test against historical cases to validate controls. Continuous improvement means regular risk assessments tailored to Brazil’s corruption and cross-border exposure, plus feedback loops from Central Bank inspections.
Culture matters too — training metrics and employee surveys help embed compliance into daily operations. The goal is an adaptive programme that evolves with emerging threats like Al-driven fraud.
Q. As financial crime continues to evolve, what do you see as the most critical
shifts that will shape the future of AML regulation, enforcement and compliance over the years ahead?
A. Brazil’s AML future will be shaped by three forces: digital regulation, global scrutiny and tech convergence. Expect tougher rules on virtual assets as open banking and crypto oversights expand. COAF will lean on Al for intelligence sharing, while LGPD integration drives privacy-preserving tools like federated learning. Public-private partnerships will grow, targeting environmental crimes and supply chain laundering. Fintech’s rapid rise will push regulators toward agile frameworks and possibly mandatory regtech adoption. Predictive analytics and cross-sector collaboration will become the norm, positioning Brazil to meet global standards while tackling its unique financial crime challenges head-on.
Distinguished in the national and international market as the fifth biggest audit and consulting company in Brazil, the firm helps its clients with audit, tax, advisory and controllership services. BDO Brazil operates in the agribusiness, energy and natural resources, sports, real estate and construction, bids, retail, healthcare and financial services sectors, among others. The firm’s professionals have expertise in attending small, medium and large-sized companies. BDO has offices established in the main Brazilian capitals.
Join our community for free to access more expert insights.
Diego Rios is a partner in BDO’s forensics services practice for Interamerica, specialising in providing technical assistance and support services in international litigation and arbitration, particularly in the estimation of economic damages. He has over 15 years of experience serving as an expert witness, leader of fraud investigation and litigation teams, and coordinator of fraud investigation and financial risk management projects. He has been appointed as an independent expert witness in arbitration tribunals of the Bogota Chamber of Commerce, as well as in ordinary and criminal courts in Colombia.
Juan Dussan serves as a senior manager in the forensic services practice. He is a certified public accountant and specialises in forensic auditing. He has over 12 years of experience in regulatory compliance consulting, anti-money laundering prevention, fraud and corruption prevention, third-party due diligence, litigation, forensic audits, fraud investigations, fraud risk assessments, AML/ CTF programmes, anti-corruption programmes and auditing. He has experience leading and coordinating fraud investigation teams in Colombia and Peru across various economic sectors, including pharmaceuticals, banking, fiduciaries, manufacturing, healthcare, construction, mining, insurance and international NGOs. He also has experience implementing anti-corruption programmes, AML/CTF frameworks and compliance with the FCPA.
Q. What are the most pressing anti-money laundering (AML) risks currently facing Colombia? To what extent are you seeing the emergence of threats such as synthetic identities, Al driven fraud and other technology enabled laundering methods?
A. In Colombia, the most relevant antimoney laundering (AML) risks remain linked to drug trafficking, illegal mining, corruption and smuggling, supported by complex corporate structures and foreign trade operations to hide illicit funds. Sectors such as finance, real estate, foreign trade, construction and gambling are highly exposed to such risks. Emerging threats include digital identity theft for product opening, fraud using artificial intelligence to bypass controls and the use of cryptoassets on unregulated platforms, which increases the speed and sophistication of laundering. There has also been an increase in technological typologies and virtual asset use, requiring stronger controls. Colombia, like many countries in South America, must rise to the challenge and combine traditional measures with technological solutions to mitigate risks in an increasingly digital environment.
Q. How would you characterise the direction AML regulation and enforcement is heading in Colombia? What does this suggest about the evolving role of financial institutions, regulators and technology in combatting financial crime?
A. Regulation in Colombia is evolving toward a risk-based approach that prioritises effectiveness over formal compliance. Greater accountability from senior management, decision traceability and stronger corporate governance are required. Authorities promote controls over beneficial ownership, international operations and transaction monitoring, while encouraging the use of technology for automation, analytics and digital due diligence. This shift means companies must not only comply with reporting but also demonstrate tangible results in risk mitigation. Supervision focuses on assessing system quality and responsiveness to emerging typologies such as virtual assets and digital fraud. In Latin America, the trend is toward deeper interagency cooperation and stricter standards for vulnerable sectors. Colombia is making significant strides in order to regulate cryptoasset management.
Q. How are lawmakers and regulators in Colombia navigating the tension between AML obligations and data privacy laws, especially in relation to customer due diligence and information sharing?
A. The tension between AML and data protection is sometimes resolved by legislators through exceptions that allow processing without consent when there is a legal obligation. In Colombia, data protection laws recognise that due diligence, monitoring and reporting processes are essential to meet regulatory requirements. The challenge for companies is to ensure principles of proportionality, security and confidentiality, avoiding misuse of information. It is crucial to document the legal basis for processing, limit data collection to what is strictly necessary and establish robust access controls. Mechanisms must also be implemented to prevent leaks and ensure traceability in data handling. Proper management of this tension enables compliance with AML objectives without violating fundamental rights, strengthening trust in prevention systems.
Q. What are the biggest operational challenges companies in Colombia face in maintaining AML compliance — particularly around data management, transaction monitoring and reporting? How are technology solutions helping to streamline these processes?
A. Key operational challenges include data quality and integration from multiple sources, alert calibration in high-volume environments and timely reporting to avoid penalties. Companies often struggle to consolidate information and segment risks and keep customer profiles updated. Technology provides solutions to these challenges through rule engines, integrated platforms for know your customer checks and monitoring, and analytical tools that reduce false positives and optimise the detection of suspicious transactions. However, implementation requires investment, training and adaptation to each organisation’s risk profile. The challenge is not only technological but also cultural, as skilled personnel are needed to interpret alerts and make timely decisions. Combining technology and human expertise is essential for effective and sustainable AML systems.
Q. How are companies approaching the integration of new AML technologies — such as artificial intelligence (Al) driven monitoring, automated know your customer, or blockchain analytics? What barriers are they encountering in terms of cost, interoperability or regulatory acceptance?
A. Companies are adopting technologies such as digital due diligence, biometric authentication and advanced analytics for transaction monitoring. Blockchain-based solutions and tools to manage cryptorelated risks are also being explored. These innovations improve efficiency and reduce processing times but face significant obstacles, including high implementation and maintenance costs, especially for small and medium-sized enterprises, complexity in integrating new tools with legacy systems, and lack of confidence in automated models by regulators. Cyber security and data protection risks persist, requiring stronger internal controls. Technological adoption is inevitable but
must be accompanied by cost-benefit analysis and mitigation plans to ensure effectiveness.
Q. How should companies assess the effectiveness of their AML regimes? What approaches or tools are proving most valuable in driving continuous improvement?
A. Evaluating AML programmes should go beyond formal compliance and focus on tangible results. This means measuring the quality and timeliness of suspicious transaction reports, consistency between risk maps and segmentation, and the system’s ability to detect and mitigate emerging risks. Internal audit findings, external reviews and supervisory observations are key inputs for continuous improvement. Additionally, management and risk indicators should be defined to monitor programme effectiveness in real time. A results-based approach strengthens credibility with regulators and reduces exposure to sanctions, fostering a compliance culture that prioritises prevention over reaction.
Q. As financial crime continues to evolve, what do you see as the most critical shifts that will shape the future of AML regulation, enforcement and compliance over the years ahead?
A. The future of AML in Colombia will be marked by greater personal accountability for administrators, deeper technology integration and specific regulation of virtual assets and technology providers. Increased interagency and international cooperation is expected to address complex financial crimes and cross-border typologies. Authorities will demand more preventive systems capable of anticipating risks through advanced analytics and predictive models. Transparency, traceability and governance standards will be strengthened, especially in vulnerable sectors such as real estate, mining and foreign trade. The risk-based approach will remain central but with metrics that measure effectiveness and results, not just regulatory compliance. This shift requires investments in technology, training and an organisational culture focused on proactive risk management. http://www.bdo.com.co
BDO COLOMBIA is on a constant mission to drive its clients’ success. With over 35 years of experience in the market, the firm has built a strong reputation as reliable partners and experts in a wide range of industries. Its workforce of over 800 employees is the engine that powers excellence in every interaction and project. The firm is committed to providing its clients with exceptional service, always on time and with the highest quality standards.
Join our community for free to access more expert insights.Join Now – It’s Free
Director, Forensic, Risk & Compliance BDO AG Wirtschaftsprüfungsgesellschaft
+49 40 30293 677 [email protected]
Johannes Matschiner is director in the forensic, risk & compliance team of BDO Germany and holds a diploma in business administration with a focus on finance and risk management. He has about 17 years of experience in advising and auditing a wide range of different national and international companies of various size regarding governance, risk and compliance management systems, focusing on international financial institutions and insurance companies.
Q. What are the most pressing anti-money laundering (AML) risks currently facing Germany? To what extent are you seeing the emergence of threats such as synthetic identities, Al driven fraud and other technology enabled laundering methods?
A. The most pressing anti-money laundering (AML) risks in Germany and the European Union (EU) currently stem from increasingly complex cross-border money flows, cyber enabled fraud schemes, and the rapid growth of decentralised finance and cryptoasset misuse. Financial institutions (Fls) and corporates are seeing a marked rise in synthetic identities and artificial intelligence (Al) generated documents, which complicate know your
customer (KYC) processes and expand opportunities for account takeovers. Al-driven fraud, particularly deepfake supported social engineering attacks, is emerging as a major threat, as criminals use automation to scale laundering operations and evade traditional monitoring patterns. Another significant risk is the misuse of professional service providers and supply chain structures to obscure beneficial ownership, which remains a persistent supervisory concern. The key challenge
for companies is that these threats evolve faster than existing control frameworks, requiring continuous model updates, advanced data analytics and stronger identity verification technologies. As a result, organisations increasingly need to integrate behavioural analytics, biometric safeguards and real time monitoring to stay ahead of technology enabled laundering methods. Additional money laundering risks in Germany revolve around the ease with which it is possible to create complex company profiles and group structures which cannot be easily overseen by external third parties. Accompanied by weak monitoring controls, it is easy to disguise the origins of illicit money.
Q. How would you characterise the direction AML regulation and enforcement is heading in Germany? What does this suggest about the evolving role of financial institutions, regulators and technology in combatting financial crime?
A. The direction of AML regulation in Germany and the EU is clearly moving toward greater centralisation, harmonisation and significantly stricter
supervisory oversight. With the EU AML package and the creation of the new
EU Anti Money Laundering Authority (AMLA), the regulatory environment is shifting toward higher transparency, deeper data integration and more realtime controls. For Fls, this means they are increasingly seen as active gatekeepers that must not only ensure compliance but also deploy intelligent risk models and comprehensive data analytics. At the same time, non-financial companies face growing expectations to professionalise their risk assessments and control frameworks. Technology, particularly Al driven monitoring solutions and enhanced data platforms, is becoming the key tool for meeting rising regulatory demands to
, AML detect financial
efficiently and proactively crime. The challenge for all businesses is eaterthat money laundering prevention always follows a risk-based approach based on the company profiles and businesses as well as rulebook i
especially in relation to customer due diligence and information sharing?
A. Lawmakers are addressing the tension between AML requirements and data privacy rules by increasingly clarifying the legal bases for processing personal data under the General Data Protection Regulation (GDPR), particularly through the EU AML package and accompanying guidance. Regulators emphasise that customer due diligence, transaction monitoring and suspicious activity reporting constitute “legal obligations” under articles 6 and 9 of the GDPR, allowing FIS to process even sensitive data when necessary for AML purposes. At the same time, both the Federal Financial Supervisory Authority and EU authorities require strict proportionality firms must limit data collection to what is demonstrably risk relevant and ensure robust governance, retention limits and access controls. Information sharing — especially cross-border and between private sector institutions — is being expanded, but only within tightly defined frameworks such as financial intelligence unit (FIU) to FIU cooperation, public private partnerships and planned EU-wide AML data hubs.
Q. What are the biggest operational challenges companies in Germany face in maintaining AML compliance — particularly around data management, transaction monitoring and reporting? How are technology solutions helping to streamline these processes?
A. Companies face significant operational challenges in AML compliance, particularly due to fragmented data landscapes, inconsistent data quality and the difficulty of integrating information from legacy systems. Transaction monitoring remains resource intensive, with high false positive rates requiring manual review and stretching already limited compliance teams. Reporting obligations, especially around suspicious activity reports, are increasingly complex, with regulators expecting faster turnaround times and more granular, risk-based justifications. Technology is helping to streamline these burdens through Al enhanced monitoring systems, automated data quality checks, workflow orchestration tools and integrated case management platforms.
Advanced analytics and machine learning models are increasingly enabling companies to prioritise genuinely suspicious activity, reduce manual tasks and improve overall compliance efficiency. Nevertheless, digitalisation and data quality is still an issue for proper automated and Al-based monitoring.
Q. How are companies approaching the integration of new AML technologies — such as artificial intelligence (Al) driven monitoring, automated know your customer, or blockchain analytics? What barriers are they encountering in terms of cost, interoperability or regulatory acceptance?
A. Companies are increasingly adopting new AML technologies such as Al driven transaction monitoring systems, automated KYC tools and blockchain analytics platforms, but integration remains uneven across sectors. Many organisations are piloting these solutions to reduce manual workloads and improve detection quality, yet they often face high upfront investment costs and lengthy implementation timelines. Interoperability is a major barrier, as new tools frequently need to communicate with fragmented legacy systems and inconsistent data infrastructures. Firms are also cautious because regulators expect explainability and robust governance for any Al supported decision making, which slows adoption and requires additional documentation and testing. Despite these challenges, regulatory momentum,
especially through the EU AML package and the EU Al Act, is gradually increasing acceptance of advanced technologies. As a result, more institutions are moving toward hybrid models that combine human expertise with automated analytics to improve overall AML effectiveness.
Q. How should companies assess the effectiveness of their AML regimes? What approaches or tools are proving most valuable in driving continuous improvement?
A. Companies should assess the effectiveness of their AML programmes by combining risk-based performance metrics, independent testing and ongoing quality reviews to evaluate whether controls are mitigating identified risks. Regarding money laundering and fraud prevention,
as well as operational risk, FIS are already required to conduct yearly assessments. Companies just need to expand these assessments to the operational effectiveness of their Al-driven review tools and their understanding. Increasingly, firms rely on data-driven tools, such as analytics dashboards, model validation frameworks and automated quality assurance checks, to identify weaknesses in transaction monitoring, KYC processes and reporting workflows. Scenario effectiveness testing and back testing of alert models are proving particularly valuable, as they help FIS quantify detection performance and reduce false positives.
Q. As financial crime continues to evolve, what do you see as the most critical shifts that will shape the future of AML regulation, enforcement and compliance over the years ahead?
A. Over the coming years, AML regulation and enforcement will be shaped by greater international harmonisation, driven in Europe by the AMLA and a unified rulebook that raises supervisory expectations across all sectors. Regulators will increasingly shift toward real-time oversight and data-centric supervision, requiring firms to provide higher quality, more structured data and to demonstrate ongoing model governance and explainability. Financial crime itself is becoming more sophisticated, particularly through cyber-enabled fraud, cryptoasset misuse and complex global supply chain structures, which will force companies to redesign their risk assessments and scenario libraries more frequently. A major challenge will be balancing innovation with compliance. While Al supported monitoring and digital KYC tools offer clear benefits, regulators will demand strong controls, documentation and validation frameworks before granting
full acceptance. Another challenge lies in talent and resource constraints, as many organisations struggle to maintain the specialised skills needed to manage advanced analytics, model risk and complex regulatory change. Ultimately, the future of AML compliance will depend on firms’ ability to combine technology, cross-functional collaboration and continuous risk-based optimisation to stay ahead of evolving threats and supervisory expectations.www.bdo.de
With a group turnover of 461m and more than 3250 employees, BDO is ready to serve as competent partner for your company’s success at 28 offices across Germany. For audits and audit-related services, tax and business law consulting or general advisory, BDO always provides just the right professional contacts and sustainable solutions. Personal assistance, reliability, and the highest in quality demands as well as integration into the international BDO network performance ensure services that are coordinated precisely with your individual needs. BDO AG Wirtschaftsprüfungsgesellschaft is a founding member of the international BDO network.
Join our community for free to access more expert insights.
Edgars Volskis is an expert in financial crime investigations and AML compliance reviews with 26 years of international experience. His practice has primarily focused on work with financial institutions, including banks, insurance companies and pension and investment funds in the EU and CIS countries. Recently, after completing digital and financial forensic courses at the University at Buffalo, US, School of Computer Science and Engineering, Dr Volskis has been involved in numerous projects related to financial and technological crime investigations and has provided independent expert opinion as a court-assigned expert.
Janis Ciguzis leads BDO’s anti-money laundering and sanctions practice group. He provides guidance to domestic and international clients on the development of customised internal control systems to combat money laundering and to ensure compliance with EU sanctions. Since the onset of the war in Ukraine, he has been actively involved in addressing EU and OFAC sanctions issues. This includes drafting opinions on the applicability of sanctions to specific counterparties. He also offers expert opinions in litigation cases related to antimoney laundering and sanctions violations.
Q. What are the most pressing anti-money laundering (AML) risks currently facing Latvia? To what extent are you seeing the emergence of threats such as synthetic identities, Al driven fraud and other technology enabled laundering methods?
A. In Latvia, the most pressing anti-money laundering (AML) risks are complex corporate structures and the concealment of beneficial ownership, as well as traditional risks such as trade-based money laundering and tax-related offences. At the same time, technology-enabled threats are becoming increasingly prominent. Synthetic identities, artificial intelligence (Al)-driven fraud, and other sophisticated schemes have emerged in recent years, particularly in digital and online payment services. Crypto fraud, including callcentre-based crypto investment fraud networks, is also a growing concern. In 2025, criminals hijacked individuals’ and company computers to generate cryptocurrency, diverting the proceeds to their own accounts. By way of a response, financial institutions (Fls) and regulators in Latvia are closely monitoring these trends, enhancing deep customer due diligence and real-time transaction monitoring with advanced analytics tools to detect unusual patterns, anomalies and potential illicit activities.
Q. How would you characterise the direction AML regulation and enforcement is heading in Latvia? What does this suggest about the evolving role of financial institutions, regulators and technology in combatting financial crime?
A. The direction of AML regulation and enforcement in recent years has been focusing on system effectiveness and the restoration of international confidence. Latvia is the first country to be assessed under the new, revised Financial Action Task Force methodology by the MONEYVAL Committee of Experts on the Evaluation of Anti-Money Laundering Measures and the Financing of Terrorism, with the official report still pending. This assessment demonstrates the country’s commitment to showing significant progress since 2018, when the national AML system was deemed ineffective and found to have strategic deficiencies. Since then, comprehensive legislative and institutional reforms have been implemented, and the capacity of supervisory and control authorities has been strengthened. The Bank of Latvia as a supervisor and regulator now relies on a modern, risk-based approach, actively using data analytics and regulatory technologies, including Al tools. While a positive outcome is anticipated, it should be noted that we may have possibly overdone it for large Fls, while smaller market participants may face a considerable administrative and financial burden.
Q. How are lawmakers and regulators in Latvia navigating the tension between AML obligations and data privacy laws, especially in relation to customer due diligence and information sharing?
A. The perceived tension between AML obligations and data protection requirements has been addressed through a clear legal hierarchy and disciplined regulatory practice. Legislators and supervisors have consistently treated AML and combatting the financing of
terrorism (CFT)-related processing as a mandatory exercise of public authority grounded in EU and national law, rather than an optional or consent-based activity.
As a result, core AML functions are firmly anchored in statutory obligation and public interest, providing a stable legal basis for processing extensive personal data, including special categories and data relating to criminal offences. This legal certainty does not, however, dilute the application of General Data Protection Regulation principles. Latvian regulators have been explicit that AML compliance must remain proportionate and purpose bound. FIS are expected to collect only what is necessary to
meet defined AML requirements, to use such data exclusively for AML/CFT purposes, and to observe strict statutory retention periods. Indiscriminate or speculative data accumulation is viewed as incompatible with both regimes. Information sharing is similarly calibrated.
Latvian AML legislation, aligned with EU AML Directives, expressly permits data exchange with competent authorities and, in limited and clearly delineated circumstances, between obliged entities.
Q. What are the biggest operational challenges companies in Latvia face in maintaining AML compliance — particularly around data management, transaction monitoring and reporting? How are technology solutions helping to streamline these processes?
A. The biggest operational challenges in maintaining AML compliance relate to data management, transaction monitoring and reporting, particularly for smaller entities. Large AML subjects, such as banks and major Fls, generally manage these requirements effectively due to their scale, resources and established compliance frameworks. However, for smaller participants, such as independent accounting or outsourcing service providers, the same high regulatory standards can represent a disproportionate burden. Collecting, verifying and monitoring customer data, managing alerts from transaction monitoring systems, and preparing reports for authorities require significant time and expertise, which can be difficult for small teams to maintain. Technology solutions, including automated customer due diligence tools, Al-assisted monitoring and centralised data platforms, are increasingly used to streamline these processes, reduce errors and allow compliance staff to focus on higher-risk activities.
Q. How are companies approaching the integration of new AML technologies — such as artificial intelligence (Al) driven monitoring, automated know your customer, or blockchain analytics? What barriers are they encountering in terms of cost, interoperability or regulatory acceptance?
A. Large Fls, such as the Bank of Latvia and commercial banks, have implemented advanced solutions, including Al-driven transaction monitoring, automated know your customer systems, and blockchain analytics for virtual assets. For example, the Bank of Latvia’s publicly available guidelines outline automated controls for mandatory data fields, verification of client information and alerts for document expiry, all of which support the identification of client risk factors, AML/CFT risk assessment and sanction checks. Additionally, the Bank of Latvia has developed unsupervised machine learning tools, such as the Isolation Forest algorithm, to detect anomalies in crossborder payment flows, enhancing the efficiency of transaction monitoring and risk evaluation.
Q. How should companies assess the effectiveness of their AML regimes? What approaches or tools are proving most valuable in driving continuous improvement?
A. The effectiveness of an AML programme is assessed not by the existence of policies or controls, but by their ability to identify, manage and mitigate actual money laundering, terrorism financing and sanctions risks in practice. The Bank of Latvia’s AML handbook makes clear that effectiveness must be demonstrated through outcomes, not form. Assessment begins with a comprehensive enterprisewide risk assessment and extends to regular evaluations of whether customer risk classification, due diligence measures, transaction monitoring scenarios and escalation processes remain proportionate to the institution’s evolving risk profile. Static or purely rules-based frameworks are viewed as inherently deficient. Supervisors place particular emphasis on qualitative and quantitative testing. Trend analysis, root-cause reviews of control failures, and structured feedback loops following supervisory findings or internal incidents are essential to demonstrating
that the AML framework is adaptive, responsive and sustainable over time. Effectiveness, in this context, is ultimately measured by the institution’s capacity to evolve its controls in line with risk.
Q. As financial crime continues to evolve, what do you see as the most critical shifts that will shape the future of AML regulation, enforcement and compliance over the years ahead?
A. Financial crime is increasingly defined by impersonation, speed and technological sophistication, prompting a shift in AML regulation and supervision. Three developments are particularly consequential. First, corporate entity impersonation fraud is rising. Criminals clone the digital presence, communications and payment practices of legitimate companies, using Al enabled voice tools and falsified documentation to deceive counterparties. In Latvia, supervisors are emphasising dynamic verification of payment requests, behavioural monitoring and scrutiny of unusual counterparty changes, rather than relying solely on static identification. Second, Al-driven social engineering challenges traditional controls. Deepfake audio, synthetic identities and highly targeted scams undermine standard authentication and internal approval processes. Latvian regulators increasingly require robust governance over client communications,
staff awareness, and rapid escalation frameworks. Third, cryptoasset money laundering could emerge. Illicit proceeds can be layered through various crypto platforms championing privacy before re-entering regulated institutions. The Markets in Crypto-Assets Regulation (MiCA) framework, complemented by enhanced supervision from the Bank of Latvia, strengthens oversight of crypto intermediaries, integrating these risks directly into standard AML, transaction monitoring and sanctions controls. Collectively, these trends signal an AML landscape that prioritises behavioural intelligence, adaptability and institutional resilience, moving beyond static compliance toward proactive risk management.www.bdo.lv
BDO is one of the leading companies in Latvia, offering audit, accounting, tax, risk management, legal and business consulting services. The firm combines international expertise with a deep understanding of the local market to help organisations not only grow but also transform purposefully and stay ahead of change. The strength of the BDO international network lies in more than 115,000 professionals in 166 countries and territories, who are experts in various industries and markets worldwide. BDO clients can rely on our swift, tailored solutions, personal approach and genuine longterm relationships that drive growth.
Join our community for free to access more expert insights.Join Now – It’s Free
Sanjay Sidhu is an executive director in multiple advisory practice areas, an audit partner, and sits on the BDO global risk advisory steering committee and the BDO global forensic steering committee. He has over 34 years of investigative, dispute resolution, compliance, assurance and advisory experience in corporate and professional services roles across South East Asia, and the Europe, Middle East and Africa regons.
Q. What are the most pressing anti-money laundering (AML) risks currently facing Malaysia? To what extent are you seeing the emergence of threats such as synthetic identities, Al driven fraud and other technology enabled laundering methods?
A. Malaysia has long battled corruption and fraud, both of which have served to feed a large informal or shadow economy that relies heavily on cash transactions. While the authorities and mechanisms for the identification and investigation of such activities have grown stronger and more proficient, there remains a dearth of prosecutions and convictions. This situation has been exacerbated by a combination of an increase in the number of scams and investment fraud increasing the pool of illicit funds, as well as the emergence and rapid growth of the digital and fintech ecosystem. As a region, South East Asia has become a hub for large-scale illicit activity that is increasingly technologically- and cyberenabled. This actively exploits artificial intelligence (Al)-driven synthetic identities and autonomous cyber crime and leverages cryptocurrencies, decentralised finance and automation to achieve intelligent layering.
Q. How would you characterise the direction AML regulation and enforcement is heading in Malaysia? What does this suggest about the evolving role of financial institutions, regulators and technology in combatting financial crime?
A. Malaysia’s anti-money laundering (AML) regulatory and enforcement landscape is intensifying, becoming more coordinated, more technologically driven and more aligned with global Financial Action Task Force standards. The national bank has significantly stepped-up surveillance and enforcement, supported by increasing reliance on data analytics and investigative technologies and continued enhancement of AML requirements and directions, resulting in growing convictions and asset forfeitures. Reforms for greater beneficial ownership transparency are also underway. Financial institutions (Fls), regulators and technology are therefore being increasingly combined into a holistic tool for prevention and detection. This trend is mirrored across the Association of Southeast Asian Nations (ASEAN) region, which is also entering a deeper level of cross-border cooperation and intelligence sharing among member states, and further afield.
Malaysia navigating the tension between AML obligations and data privacy laws, especially in relation to customer due diligence and information sharing?
Act was significantly updated in 2024 to tighten privacy controls and impose new compliance obligations on FIS performing AML functions. In parallel, financial sector specific data regulations direct FIS to comply with the Act while fulfilling AML requirements. This is achieved through a combination of legal carve-outs, strengthened governance and regulated channels for data sharing. This is aligned with efforts in this area at a regional level, where ASEAN has adopted region-wide frameworks in personal data protection and digital data governance, regional data transfer mechanisms and recognition of the need for data free flow with trust. ASEAN is also moving toward digital cooperation under the Digital Economy Framework Agreement.
Q. What are the biggest operational challenges companies in Malaysia face in maintaining AML compliance —
particularly around data management, transaction monitoring and reporting? How are technology solutions helping to streamline these processes?
A. The most significant challenges arise from fragmented, siloed and incomplete data, beneficial ownership transparency gaps, the rising prevalence and speed of digital payments, and the relatively high cost and complexity of identifying and reporting suspicious transactions, all of which are overlaid with stricter data protection requirements. Organisations are recognising and operationalising the need to rapidly deploy and rely on technology solutions to address and manage these challenges. These include centralised data platforms fed and supported by automated and Al-driven e-know your customer (KYC) and beneficial ownership verification, transaction monitoring and suspicious transaction report generation, as well as integrated AML and fraud monitoring platforms.
Q. How are companies approaching the integration of new AML technologies — such as artificial intelligence (Al) driven monitoring, automated know your customer, or blockchain analytics? What barriers are they encountering in terms of cost, interoperability or regulatory acceptance?
A. There is an increasing shift toward Al-enabled or Al-enhanced monitoring platforms in an effort to move onward from linear analysis and detection and to address the rapidly evolving types and modes of fraud. The central bank has stepped up scrutiny of digital onboarding, driving accelerated adoption of automated KYC solutions, and companies are increasingly exploring the adoption of central, unified AML and fraud platforms, and blockchain and crypto related analytics. These technologies and solutions are relatively expensive to acquire and operate, placing many of them out of reach of all but the largest Fls. Costs aside, the fragmentation and gaps in data collected and stored in existing or legacy solutions, and the varying degrees of readiness of such systems to integrate with newer
technologies, remains the largest barrier to adoption.
Q. How should companies assess the effectiveness of their AML regimes? What approaches or tools are proving most valuable in driving continuous improvement?
A. Like the assessment of any compliance programme, this should be grounded in a thorough understanding and assessment of the risk environment and exposure to the identified risks, followed by an assessment of the control environment emplaced to address those risks. This would come from a combination of traditional internal audit type reviews, ideally backstopped by targeted compliance reviews, periodic scenario testing and real-time auditing, especially where technology and Al-driven compliance programmes are in place. Key to the overall AML environment would be a need to ensure sufficient frequency of benchmarking to regulatory requirements, peer standards and developments in the risk universe. Finally, and this is particularly applicable to the Asian environment, there absolutely must be a focus on evaluating actual operational outcomes as opposed to merely the presence of policies and regulation.
Q. As financial crime continues to evolve, what do you see as the most critical shifts that will shape the future of AML regulation, enforcement and compliance over the years ahead?
A. The most critical shift is the pace of technological advancement. Fraud and corruption, and related AML risks and exposures, are changing in nature, pace, complexity and transparency — or opacity — due to rapid technological advancement, be it Al-driven schemes, the vagaries of crypto or the ease of funds transfers. Lawmakers, regulators, Fls, corporations and the compliance functions within all these organisations do, and will continue to, face an ever increasing struggle to understand the mechanisms deployed to perpetrate corruption, fraud and related laundering activity, so as to be able to design, deploy, operate and monitor regulation, process, controls and tools that will operate apace of the activities they combat. Al-native, real time and predictive compliance will have to be the order of the day, founded upon integrated data sets and ecosystem-wide risk, fraud and sanctions models, harmonisation of regulation and enforcement regionally and globally, and continuous intelligence driven risk assessments and the design of responses.
BDO IN MALAYSIA is a member firm of BDO International, the world’s fifth largest network of professional firms providing audit & assurance, advisory and tax services to businesses ranging from established multinational conglomerates to growth-oriented organisations, whether public or private. Founded in 1964, BDO Malaysia has more than 50 years of experience in Malaysia’s commercial landscape with a strong reputation as a top-quality professional services provider. The firm has a well-qualified and experienced team of close to 1000 staff led by over 100 partners and directors through its offices in Malaysia, Brunei, Cambodia, Lao PDR, Myanmar and Vietnam.
