The new EBA framework for AML & KYC

Aug. 25, 2025

EU and German flags in front of an authority

Between innovation and duty

With the statement on money laundering and terrorist financing risks published on 28 July 2025 (EBA/Op/2025/10The European Banking Authority paints a clear picture: The EU financial sector is operating in a riskier, more complex environment than ever before.  

Rapid technological developments, new financial products such as crypto-assets and an ever closer networking of services open up opportunities and at the same time create new attack surfaces for financial crime. 

FinTechs and RegTechs are particularly in focus: Innovation drives efficiency, but without clear governance, expertise, and effective controls, it can itself become a risk. The EBA warns against "technology for technology's sake," because digital tools do not replace responsibility. 

For us at KYCnow, this isn't a new insight, but rather confirmation of our mission: We rely on smart technology that is not only modern, but also substantial, compliant, and effective. Our KYC platform combines digital efficiency with deep regulatory grounding – precisely where the EBA report identifies the greatest challenges. 

Key statements from the EBA and our position on them 

The EBA statement identifies key problem areas in dealing with money laundering and Terrorist financingrisks arise, especially in combination with innovative technologies. 

Technology can provide support, but it does not replace clear responsibility, regulatory understanding, and functioning process control.  

In the following, we take a targeted look at the aspects of the EBA statement that are particularly relevant for KYCnow and explain how we, as a responsible RegTech provider, are specifically responding to them. 

FinTechs: Growth needs compliance, not chaos

According to the EBA, 70% of competent authorities in the EU report high or increasing ML/TF risks in the FinTech sector. Particularly critical is the fact that many companies prioritize growth and customer acquisition over regulatory compliance.  

In practice, serious shortcomings are evident in customer due diligence – that is, in the identification and verification of customers. The EBA attributes this to a lack of expertise, weak governance structures, and inadequate risk management processes. 

This supports KYCnow Sustainable growth with integrated compliance 

This is precisely where our platform comes in. We don't see digitalization as an end in itself, but as a means to make compliance efficient, sustainable, and scalable.

With KYCnow, we offer a global solution for KYC (Know Your Customer) and KYB (Know Your Business), enabling financial service providers to implement regulatory requirements automatically and in an audit-proof manner. 

Our platform offers: 

  • Automated identification and structured processing of all relevant company data and beneficial owners
  • Direct connection to the transparency register for plausibility checks and reporting of discrepancies 
  • Comprehensive Name and Adverse Media Screening
  • Risk assessment to determine the applicable due diligence obligations under the Money Laundering Act (GwG). 
  • Continuous Monitoring of KYC data

Our goal is not only to comply with legal obligations, but also to relieve the burden on compliance teams and strengthen operational efficiency. In this way, compliance becomes a competitive advantage, not a hindrance. 

Whitepaper: Transparency Register Checklist

The transparency register is a key component in the fight against money laundering and terrorist financing – and relevant for all entities obliged to comply under the German Money Laundering Act (GwG). However, the requirements are complex and violations can be costly.

Learn how to easily and securely fulfill your legal obligations in our whitepaper.

To the whitepaper
Cover images of the transparency register checklist; the file is available for download.

RegTechTechnology needs control 

While the EBA explicitly acknowledges the potential of RegTech solutions, it warns of the risks of uncontrolled or poorly implemented automation.

According to the EBA, over half of the serious compliance violations in the EuReCA database (European Reporting System for Material CFT/AML Weaknesses) are due to the improper use of RegTech tools. 

From the EBA's point of view, the use of technology without sufficient monitoring, without suitable control mechanisms and without sufficient expertise in implementation and operation is particularly problematic. 

KYCnow stands for responsible RegTech-Use with Governance and transparency 

We fully share this assessment. We consider responsible technology use to be key to effective money laundering prevention. 

That's why we at KYCnow consistently focus on: 

  • Modular architecture that can be adapted to the individual risk profile of our customers 
  • Professionally guided introduction instead of "plug-and-play", including test phases and training. 
  • Linking automation and human control: Our systems deliver alerts that are validated and documented by qualified personnel. 
  • Transparent processes that can be traced and audited in an audit-proof manner.

For us, the combination of technology, governance and expert advice is not an add-on, but an integral part of a functioning RegTech solution. 

Digitalization, yes, but responsibly 

The EBA report makes it clear: Digitalization in the financial sector is irreversible, but it also brings new vulnerabilities, especially when technologies are used without sufficient integration into risk management. 

The EBA is particularly critical of the use of artificial intelligence (AI) by criminal actors, for example to automate money laundering processes, forge documents, or circumvent controls. Financial institutions urgently need to catch up, both technically and organizationally. 

KYCnow combines AI potential with transparency and oversight 

We expressly welcome the EBA's call for responsible digitalization. AI is a powerful tool. However, it must be meaningfully integrated, transparently controlled, and monitored. 

Our own goal is to ensure transparency, integrity, and control in all automated processes. Therefore: 

  • Will our AI not be used as a black box, but in a comprehensible and explainable way? 
  • Can customers manually intervene or configure decision parameters at any time? 
  • We continuously work on improving our algorithms based on regulatory developments (e.g. EBA guidelines, FATF recommendations, AML amendments)

Automation is not a risk as long as it is implemented carefully. KYCnow sees itself as a partner for precisely this approach. 

Conclusion: Technology is not an end in itself 

The EBA's statement is not an attack on innovation, but a call for greater responsibility in its use. Those who invest in RegTech today are investing not only in automation, but also in trust, security, and future viability. 

That's precisely why we at KYCnow consistently pursue the path between efficiency and integrity. With a platform that is not only technically impressive but also thoroughly compliant with regulations. 

In an environment of growing risks and rising expectations, more than just tools are needed. Partners are needed who think along with us, grow with us, and share the responsibility. We are ready. 

Photo by Niklas Jeromin: https://www.pexels.com/de-de/foto/33441381/
Parts of the text were created with ChatGPT.

Roczniewski