Every major AML framework in the world traces its architecture back to the Financial Action Task Force Recommendations. The 40 Recommendations — most recently revised in 2023 — provide the conceptual scaffold: risk-based approach, customer due diligence, suspicious transaction reporting, record-keeping, correspondent banking controls. If you have worked in AML compliance in one jurisdiction, the conceptual language translates everywhere.
The operational details do not translate. Thresholds differ. Definitions of "suspicious" differ. The specific forms and timelines for filing suspicious activity reports differ. What counts as a politically exposed person differs in meaningful ways. The scope of which institutions are covered differs. And critically, how each regulator interprets and enforces its own national implementation of FATF diverges in ways that matter daily to compliance teams at firms operating cross-border.
We map AML regulatory publications across all eight jurisdictions covered in this article for Fynrex customers. This piece draws on that monitoring work to produce a practical comparison for compliance officers who need to understand not just the structural differences but specifically where the update cadence and enforcement posture require active monitoring.
The FATF Foundation and Its Limits
The FATF Recommendations are not law. They are standards that member countries commit to implementing through their national legislation and regulatory frameworks. The FATF Mutual Evaluation process — conducted on a rolling country-by-country basis — assesses both technical compliance (whether the laws are on the books) and effectiveness (whether the system actually works). The most recent round of mutual evaluations has produced significant changes in several national AML frameworks as countries scramble to address effectiveness findings before their next assessment.
What this means practically is that even FATF-aligned jurisdictions are not static. A country that received a poor effectiveness rating in its mutual evaluation will accelerate rulemaking and enforcement in the cited areas. Cross-border compliance teams need to track not just the regulatory publications but the FATF evaluation cycle, because it is a leading indicator of where regulatory pressure is about to increase.
United States: FinCEN and the Fragmented AML Architecture
US AML regulation is governed primarily by the Bank Secrecy Act (BSA) and its implementing regulations, administered by the Financial Crimes Enforcement Network (FinCEN) within the Treasury Department. The BSA applies to "financial institutions" — a defined term that is considerably broader in the US than in most other jurisdictions and includes money services businesses, casinos, insurance companies, and, following the Corporate Transparency Act 2021, most non-exempt entities at the beneficial ownership registration level.
FinCEN's Suspicious Activity Report (SAR) program requires filing within 30 days of detecting a suspicious transaction (or 60 days with an extension when no suspect is identified). The $5,000 threshold for bank SARs and $2,000 threshold for MSB SARs are specific and enforced.
What makes US AML particularly complex for cross-border firms is the dual-track enforcement structure. FinCEN sets the rules; prudential regulators (OCC, FRB, FDIC) and FINRA enforce them for their respective regulated populations. A payment company registered as a money services business dealing with FinCEN requirements is operating under different supervisory oversight than a registered broker-dealer dealing with FINRA. The rules are consistent in theory; enforcement posture and examination depth are not.
The Corporate Transparency Act's beneficial ownership reporting requirements, fully effective from January 2024 for existing entities, added a new layer that intersects with AML customer due diligence obligations. FinCEN's access rules for the beneficial ownership database are still being worked out — the regulatory update cadence on CTA implementation has been consistent and needs active monitoring.
United Kingdom: FCA AML Supervision and the Risk-Based Approach in Practice
UK AML is governed by the Proceeds of Crime Act 2002, the Terrorism Act 2000, and the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (as amended). The FCA supervises AML compliance for financial services firms; HMRC supervises money service businesses that are not FCA-authorized.
The UK framework places extraordinary emphasis on the risk-based approach — more so than most other jurisdictions in terms of how FCA examiners evaluate AML programs. An FCA examination of an AML program will spend considerable time assessing whether the firm's risk methodology is genuinely calibrated to its actual customer base, products, and geographies, rather than applying a generic risk matrix. Firms that implement a "one-size" approach to customer due diligence without genuine differentiation of high-risk versus standard-risk customers are consistently cited.
The Suspicious Activity Report (SAR) obligation under the UK framework is broader in one important respect: it applies to "knowledge or suspicion" of money laundering, not just detected suspicious transactions. This creates a reporting obligation that extends across the firm — not just compliance — to any employee who encounters something suspicious in the course of their work. The National Crime Agency (NCA) is the SAR filing body.
The FCA also publishes regular Financial Crime thematic reviews — document types we track separately in Fynrex because they are more operationally specific than policy statements and often signal examination priorities for the following 12 to 18 months.
European Union: AMLD Generations and the Post-2023 Architecture
EU AML is currently governed primarily by the Fourth and Fifth Anti-Money Laundering Directives (AMLD4 and AMLD5), transposed into national law across member states, plus the Transfer of Funds Regulation. The EU is in transition toward the new AML Regulation (AMLR), which will be directly applicable — not requiring transposition — and the establishment of the Anti-Money Laundering Authority (AMLA), which will have direct supervisory responsibility for certain categories of financial institutions from 2025 onward.
This transition is the key regulatory change management challenge for firms operating in the EU. The AMLR framework is being developed through implementing technical standards issued by ESMA and EBA, with AMLA eventually absorbing that function. The precise effective dates for various AMLA supervisory powers, combined with the ongoing transposition of existing directives, means that the EU AML update cadence is unusually high right now. Firms with EU-supervised entities need to be tracking both the pan-EU publications and the national competent authority updates as transposition diverges.
The EU's travel rule requirements under the Transfer of Funds Regulation — the obligation to include originator and beneficiary information with transfers — extended to crypto-asset service providers (CASPs) in 2024 under the MiCA regulation. If your firm operates in the digital asset space in the EU, this is a live AML obligation with active enforcement beginning.
Singapore: MAS AML and the APAC Enforcement Standard
Singapore's AML framework is administered by the Monetary Authority of Singapore under the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act and MAS Notices MAS 626 (for banks) and equivalent notices for other regulated entities. Singapore operates on a Notice-and-Guideline architecture: Notices are legally binding, Guidelines are not but describe MAS's expectations in detail and are treated as de facto requirements in practice.
MAS's approach to AML enforcement has hardened over the 2022 to 2025 period, following several high-profile money laundering cases involving Singapore-based entities. The 2023 case involving proceeds from overseas fraud — which became one of the largest money laundering prosecutions in Singapore's history — led directly to MAS issuing additional guidance on enhanced customer due diligence for high-risk customers and a consultation paper on expanding the definition of "designated offences" that trigger AML obligations.
For firms monitoring MAS publications, this means the Notice and Guideline framework is currently in an active revision cycle. We have seen MAS issue more consultation papers on AML-related topics in the 2023 to 2025 window than in the preceding five years combined.
Australia: AUSTRAC and the Tranche 2 Question
Australia's AML framework is administered by AUSTRAC under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006. Australia remains a significant outlier in the FATF framework: it has not yet extended its AML obligations to Tranche 2 entities — lawyers, accountants, real estate agents, and trust and company service providers — despite FATF repeatedly identifying this as a gap in Australia's mutual evaluations.
For financial services firms, the AUSTRAC framework requires enrollment, program establishment, and transaction reporting (Threshold Transaction Reports for transactions of AUD 10,000 or more; Suspicious Matter Reports for suspicious activity). The SMR obligation differs from many other jurisdictions in that it applies to "suspicion" rather than requiring certainty — a lower threshold that AUSTRAC has consistently emphasized in its guidance.
The Tranche 2 reform — extending AML obligations to the non-financial designated businesses — has been under active consultation and has advanced significantly in 2024 and 2025. If your firm has any advisory or services relationship with Australian legal or accounting entities, the Tranche 2 implementation timeline is worth tracking, as it will change the AML risk landscape for Australian correspondent relationships.
Where the Key Divergences Create Operational Complexity
For a payments fintech operating across the US, UK, EU, Singapore, and Australia simultaneously, the highest-friction divergences are:
Enhanced Due Diligence triggers. Every jurisdiction requires enhanced due diligence for high-risk customers, but the specific triggers — high-risk country lists, PEP definitions, transaction pattern thresholds — are not identical. The US OFAC SDN list, the EU consolidated sanctions list, the UK HMT list, and the MAS sanctions list all need to be screened independently. They overlap substantially but are not identical, and they update on different schedules.
SAR/SMR filing timelines. The US 30-day SAR filing deadline, UK's "as soon as practicable" standard, the EU's national transposition variations, Singapore's "as soon as reasonably practicable" under MAS Notices, and Australia's three-day Suspicious Matter Report window are operationally incompatible with a single global filing workflow. A transaction flagged on the same day needs to be routed into different filing processes depending on which jurisdiction's rules apply.
Record retention. Retention periods range from five years (US BSA baseline) to seven years (several EU member state implementations). A global data governance policy that applies the shortest permitted retention period to control storage costs will be non-compliant in the higher-retention jurisdictions.
We are not saying that harmonization of AML rules across these jurisdictions is achievable or even desirable — different countries have different risk profiles and policy priorities. The point is that compliance teams need to maintain jurisdiction-specific program elements and cannot safely assume that a policy or procedure that meets one jurisdiction's standard will satisfy another's.
The Update Cadence That Requires Active Monitoring
AML regulatory publications are not annual events. Each of the jurisdictions covered here generates multiple relevant publications per year — guidance updates, FAQ documents, supervisory expectations letters, enforcement findings, consultation papers. The EU is currently the highest-cadence environment because of the AMLA transition; MAS has accelerated following its enforcement actions; FinCEN continues active rulemaking on the beneficial ownership and correspondent banking fronts.
A quarterly review of AML developments is no longer adequate for firms with exposure across all of these jurisdictions. The gap between a publication date and a compliance program update is exactly where examination and enforcement risk lives.