Relevant Results
Sorry, there are no results matching your search.
Autocomplete suggestions are available. Use up and down arrows to review and enter to select.
See more results

Financial Crime

  1. Heightened Risk
  2. Data Lineage & Quality
  3. Thresholds & Monitoring
  4. Actions
Download PDF
Share

Focus on financial crime regulation (inclusive of sanctions, anti-corruption, know-your-customer, anti-money laundering, beneficial ownership, etc.) is unlikely to abate in 2025. Anticipate expansion of regulatory coverage as well as challenges to legal jurisdictional authorities at the federal and state level to continue. Expect ongoing heightened supervision/enforcement against financial crime risks, including illicit and terrorist finance and sanctions compliance amidst rapidly evolving technology innovations and increasingly sophisticated financial crime patterns.

1. Heightened Risk

Regulators will continue to focus heightened supervisory and enforcement attention on financial crimes in 2025 due to the risks associated with rapidly evolving technologies, growing sophistication of threat actors, increasing numbers and complexity of threat attempts, and layers of interconnections and interdependencies within the financial system.

Regulators will be reviewing:

Inherent Risks

Including efforts to identify, manage, and mitigate risks derived from geopolitical divergences affecting the business and potential misuse/abuse of new or evolving technologies by malicious individuals or groups.

Priority Areas

Including efforts to factor FinCEN’s national priorities into the AML/CFT risk management and governance frameworks, inclusive of KYB/KYC and CDD. Among these priorities are: i) corruption, ii) cybercrime (e.g., cybersecurity, virtual currency, malware/ransomware), iii) terrorist financing (foreign and domestic), iv) fraud (e.g., identity theft), v) transnational criminal organization activity, vi) drug trafficking, vii) human trafficking, and viii) proliferation financing.

Companies are expected to attract and retain skilled talent, enhance their AML Programs in response to the AML priorities, develop additional tooling and automation, strengthen third-party risk management, and make strategic investments to effectively manage these expanding areas of risk.

Potential/Anticipated Regulatory Changes

The regulatory landscape is poised for change with potential new and anticipated requirements and/or expectations to include:

  • Modernization and enhancement of the AML/CFT program requirements across financial institutions (FinCEN proposal), to promote clarity and consistency across financial institutions and explicitly require implementation of a risk-based AML/CFT program with certain minimum components including a mandatory risk assessment process.
  • Updates to the National AML/CFT Priorities (expected in 2025) and requirements (as proposed) that the priorities be included as a component in the risk-based AML/CFT program.
  • Beneficial ownership reporting and related changes to CDD requirements.
  • Multi-agency focus on sanctions activity and efforts to protect national security across industries, products, and services.
  • Expanded regulatory coverage to “close the gap”, including FinCEN’s recent release of Final Rules that will require: 
    i) most investment advisers to implement an AML Program under the Bank Secrecy Act, akin to the existing requirements for banks, broker-dealers and others; and
    ii) real estate professionals to report information on non-financed residential real estate transactions.

2. Data Lineage & Quality

Regulators continue to look broadly at the strength of companies’ data risk management and governance in key risk areas such as financial crimes. Throughout 2024 they have applied heightened expectations to both data and AML/CFT management, including policies, procedures, and accountability; data outputs (e.g., reporting, models, metrics); staffing/talent management (e.g., core skills/backgrounds); and third-party risks. Attention is also focused on companies’ understanding and identification of risks around how data is collected, used, stored and shared, as well as how it is protected from misuse.

Anticipate regulatory interest in these areas in 2025:

Data Lineage

Level of process automation and coverage of the entire data flow (e.g., to consolidate data from different business units / subsidiaries) as well as the accuracy and granularity of the data.

Data Traceability

Demonstrable ability to trace and report on the relationship between data outputs and business processes, systems of record, and systems of origin at the customer and transaction level.

Data Quality

Understanding of available internal and external data sources as well as processes to manage and report on data quality issues.

Third-Party Data

Understanding data sourced from, or shared with, third parties, as well as data risk management and governance requirements embedded into third-party service agreements.

Data Risk Governance

Sustainable and robust processes and controls to identify, measure, monitor, manage, and report on risks around:

  • Access.
  • Authorization.
  • Integrity/Quality.
  • Collection, use, storage.
  • Privacy and security.
  • Retention and deletion.

3. Thresholds & Monitoring

Financial crime risks, exposures, and complexities are increasing alongside technological developments, geopolitical events, and evolving interconnections and interdependencies in financial networks, increasing the importance of continuous improvement in identifying, monitoring, and mitigating potential risks and suspicious activity.

Key areas where regulators will focus in 2025 include:

Risk Tolerance

Established periodic and documented risk assessment processes as well as board approval for risk tolerance levels consistent with the company’s risk appetite.

Emerging Threats

The adequacy and continual improvement of threat detection, monitoring, and response capabilities, including the reliability of processes (e.g., due diligence, access, safeguards) and coverage of novel and emerging threats and vulnerabilities (e.g., digital assets, sanctions evasion, malware/ransomware, human rights/forced labor, organized crime). and the adequacy of investment in staffing, training, and resources.

Transaction Monitoring/ Surveillance

The quality of transaction monitoring and surveillance systems, processes, and controls, with expectations for:

  • Increased accuracy and consistency, as well as better and more efficient outcomes via automation and potential innovative technologies such as AI.
  • Adequacy of investment in staffing, training, and resources.
  • Regulatory attention in evolving areas such as BSA/ AML/CFT, trading activity, and KYC/CDD and beneficial ownership.
  • Preparation for implementing risk-based compliance programs in priority areas.

4. Actions

  • Strengthen client onboarding: Implement analytics and automation in client onboarding processes and strengthen processes to gather, store, report, and monitor KYC information, including beneficial ownership, as appropriate.
  • Develop a mature insider risk program: Promote a culture of compliance through ongoing communication, consistent enforcement of consequences for violations, and clear behavioral expectations. Implement tailored training and awareness programs for all personnel. Leverage technical tools and advanced analytics to monitor behavior and human input to identify anomalous insider behavior.
  • Strengthen security: Establish robust authentication and access protocols for real-time and faster payments to minimize account takeover and social engineering risks. Enhance controls around regulatory focus areas, such as malware, phishing, and identify theft in addition to areas of national AML/CFT priority such as corruption, cybercrime, terrorist financing, trafficking (drug, human), transnational criminal organizations, and proliferation financing.

Dive into our thinking:

Ten Key Regulatory Challenges of 2025

Rolling through the Shift

Download PDF

Get the latest from KPMG Regulatory Insights

KPMG Regulatory Insights is the thought leader hub for timely insight on risk and regulatory developments.

Subscribe

Explore more

Points of View

Points of View

Insights and analyses of emerging regulatory issues and their impact.

Read more

Regulatory Alerts

Quick hitting summaries of specific regulatory developments and their impact.

Read more
Regulatory Insights View

Regulatory Insights View

Series covering regulatory trends and emerging topics

Read more

Meet our team

Image of Amy S. Matsuo
Amy S. Matsuo
Principal, Growth & Strategy, Regulatory Insights, KPMG LLP
Read bio
Image of Daniel Boylan
Daniel Boylan
Principal, Advisory, Forensic, KPMG US
Read bio
Image of John Caruso
John Caruso
Principal, Forensic, KPMG US
Read bio
Image of Charles A. Jacco
Charles A. Jacco
Principal, Cyber Security, KPMG US
Read bio
Image of Amy S. Matsuo
Amy S. Matsuo
Principal, Growth & Strategy, Regulatory Insights, KPMG LLP
Read bio
Image of Daniel Boylan
Daniel Boylan
Principal, Advisory, Forensic, KPMG US
Read bio
Image of John Caruso
John Caruso
Principal, Forensic, KPMG US
Read bio
Image of Charles A. Jacco
Charles A. Jacco
Principal, Cyber Security, KPMG US
Read bio

Thank you

Thank you for signing up to receive Regulatory Insights thought leadership content. You will receive our next issue when we publish.

Get the latest from KPMG Regulatory Insights

KPMG Regulatory Insights is the thought leader hub for timely insight on risk and regulatory developments. Get the latest perspectives on evolving supervisory, regulatory, and enforcement trends. 

To receive ongoing KPMG Regulatory Insights, please submit your information below:
(*required field)

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's . Privacy Statement

An error occurred. Please contact customer support.

KPMG. Make the Difference.


Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. KPMG LLP does not provide legal services.

The information contained herein is not intended to be “written advice concerning one or more Federal tax matters” subject to the requirements of section 10.37(a)(2) of Treasury Department Circular 230.

© 2025 KPMG LLP, a Delaware limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's . Privacy Statement

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Search now!

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Submit

Office locations

View locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Learn more

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Contact

Headline