The first half of 2025 has seen a surge of AML fines, with regulators cracking down on companies across high-risk sectors. In this roundup, we breakdown key violations and what businesses can do to avoid similar penalties.
Shutterstock.com/mykhailo pavlenko
So far this year, global regulators have already issued over US$6 billion in anti-money laundering (AML) fines targeting a broad range of sectors. As enforcement ramps up, regulators are sending a clear message: no company – from fintechs to gambling operators – is immune to financial crime risks.
Governments too are advancing broader anti-corruption agendas. A new era of financial crime enforcement is emerging in major jurisdictions, including Africa and the UAE.
Lexology PRO recently explored the lessons learned from the biggest sanctions violations of H1 2025. Now, we turn to AML, examining the top penalties issued so far this year and what businesses can learn to avoid similar compliance missteps.
OKX – US$504 million settlement for AML violations and unlicensed operations
Cooperating with authorities can significantly reduce penalties.
On 24 February 2025, the US Department of Justice (DOJ) reached a plea deal with crypto company OKX, imposing a US$84 million criminal fine and ordering the forfeiture of US$420 million in customer fees earned during the period under investigation. Combined, the penalties total more than US$500 million.
According to the DOJ, OKX neglected to:
- register with the Financial Crimes Enforcement Network (FinCEN) as required by financial institutions under the Bank Secrecy Act 1970;
- implement adequate know-your-customer (KYC) systems to identify illicit customers, including those subject to US Treasury sanctions; and
- track suspicious activity, resulting in over US$5 billion worth of illicit proceeds and transactions.
The company agreed to undertake a three-year compliance monitor to overhaul its AML and KYC programmes under the terms of the settlement. OKX’s cooperation with the investigation resulted in a 25% reduction of the recommended fine range for this type of violation – underscoring the potential rewards of cooperating with authorities.
However, OKX continues to face scrutiny elsewhere The Dutch Central Bank issued a new €2.25 million (US$2.26 million) fine against OKX in September 2025 for operating in the Netherlands without a licence and exposing the Dutch financial system to heightened AML risk.
The recent enforcement actions against OKX highlight the importance of securing regulatory approvals, as well as maintaining robust AML compliance.
Block – US$40 million fine for “critical gaps” in AML defences
Fintechs – and all businesses handling crypto payments – must treat AML compliance as non-negotiable.
On 10 April 2025, the New York State Department of Financial Services (NYDFS) announced that fintech company Block – owner of cryptocurrency CashApp and other money transmission platforms – will pay a US$40 million fine after identifying significant deficiencies in its AML compliance programmes.
The NYDFS identified three core failings by Block. The company neglected to:
- carry out adequate customer due diligence, allowing customers to bypass transaction limits by using multiple email addresses and phone numbers;
- implement the necessary risk-based controls to prevent money laundering; and
- effectively monitor transactions, enabling high volumes of anonymous Bitcoin payments to pass without adequate scrutiny.
Block was ordered to retain an independent compliance monitor to audit the company’s AML policies and procedures.
Monzo – US$28.6 million penalty for insufficient customer risk assessments and failing to mitigate the risk of financial crime
Effective customer onboarding is the frontline defence against financial crime.
On 8 July 2025, the UK Financial Conduct Authority (FCA) handed digital bank Monzo a £21.9 million (US$28.6 million) penalty, citing deficiencies in the company’s customer verification and screening processes between 2018 and 2020 that left the company exposed to financial crime.
According to the FCA, Monzo onboarded customers with patchy and implausible information such as using well-known London landmarks like Buckingham Palace and 10 Downing Street as their addresses, indicating lax onboarding processes which may allow illicit actors to slip by unnoticed.
Monzo’s customer base has expanded steadily since it began offering banking services in 2017 – rising from around 600,000 in 2018 to over 5.8 million in 2022. But according to the FCA, the company’s financial crime controls failed to keep pace with its growing size and complexity.
Revolut – US$3.8 million fine for gaps in AML transaction monitoring systems
AML compliance obligations will follow you wherever you go.
On 8 April 2025, the Central Bank of Lithuania issued UK fintech Revolut a €3.5 million (US$3.8 million) fine after a routine inspection revealed gaps in the company’s internal control systems, specifically around transaction monitoring. This meant that the company was unable to properly identify suspicious transactions and customer behaviours.
Fintechs are increasingly setting up shop in Lithuania owed to the country’s business-friendly policies and ability to fast-track banking licences. The central bank can issue them within three months – five to nine months quicker than most other EU Member States.
Even still, the fine against Revolut is not the first time it has faced regulatory action in Lithuania. The neobank came under scrutiny for poor internal controls and data collection flaws (Lithuanian language only) in August 2022, proving that compliance is non-negotiable wherever you are.
Best practices to prevent money laundering
Amid growing regulatory scrutiny, companies should adopt best practices and develop strong internal defences against money laundering.
Track and report suspicious transactions
Transaction monitoring will help flag any suspicious activity, such as unusually large or frequent payments. Companies are increasingly turning to AI to streamline their AML processes, including for transaction monitoring.
Suspicious activity should be reported to the relevant authority. For example, as in the case of Revolut, fintechs operating in Lithuania can report to the Financial Investigation Service, which investigates financial crimes and money laundering. Elsewhere, financial institutions in the US should report to the Financial Crimes Enforcement Network under the Bank Secrecy Act 1970.
Carry out robust customer due diligence checks
Due diligence helps companies spot illicit actors before they cause damage.
This should include an assessment of high-risk customers and beneficial owners against financial sanctions lists, as sanctioned individuals often pose elevated money laundering risks. Due diligence should take place on a regular basis, especially at the customer onboarding stage. The case against Monzo – who onboarded customers without verifying their personal details – underscores the importance of robust due diligence processes.
This is essential for companies operating in high-risk industries, such as fintechs, who face elevated money laundering risks due to often weak digital customer onboarding and the frequency of high-volume crypto transactions.
Invest in targeted AML training for staff
Staff training is a key prevention tool for safeguarding companies against money laundering. In the case of OKX, the DOJ’s investigation revealed that company employees advised customers on how to provide false information to bypass the company’s KYC process.
Employees with a strong awareness of red flags and other financial crime indicators are critical to a company’s compliance success.
Training should be provided regularly and in keeping with any changes to the local regulatory or enforcement landscape.