Confronting 2026 – emerging risks, sanctions compliance, regulatory convergence, and governance reform

Financial crime compliance – Q2 bulletin

In 2026, firms are operating in a financial crime environment that is becoming increasingly complex, more technology-driven and more interconnected. Artificial intelligence is reshaping how financial crime is committed, while regulatory expectations continue to rise across anti-money laundering, countering the financing of terrorism, sanctions, anti-corruption and governance. Together, these developments are increasing pressure on organisations to ensure that their compliance frameworks, controls, and decision-making structures remain fit for purpose.

When AI becomes a financial crime tool

One of the most significant developments in the current landscape is the growing role of artificial intelligence in enabling financial crime. In December 2025, the Financial Action Task Force published its Horizon Scan on AI and Deepfakes report, which set out a forward-looking view of current and emerging risks. The report highlights how AI is increasing both the scale and sophistication of criminal activity, creating new challenges for firms seeking to prevent, detect, and respond to financial crime.

Identity no longer means assurance

A key concern is the erosion of identity assurance and customer due diligence controls. Deepfakes and other forms of synthetic media can be used to create highly convincing impersonations, which may undermine biometric checks, onboarding procedures, and identity verification processes. This creates a heightened risk that criminals could use hybrid or false identities to gain access to financial systems without being detected.

Fraud at scale

AI is also lowering the barriers to entry for sophisticated financial crime. Tools that were once limited to highly capable actors are becoming more accessible and easier to use, allowing individuals with limited technical expertise to carry out increasingly complex fraud. This is contributing to a rise in the volume and sophistication of attacks, including phishing, scams, and other forms of financial deception.

At the same time, AI is strengthening fraud and social engineering techniques by enabling more persuasive impersonation and more realistic false documentation. These capabilities can be used to support a wide range of scams, including executive impersonation, investment fraud, romance scams, phishing attempts and payment redirection fraud. For firms, this reinforces the need to review not only traditional financial crime controls, but also broader fraud prevention, escalation, and staff awareness measures.

Another important risk is the automation and scaling of money laundering activity. AI can enable faster and more complex laundering methods by automating high-volume transactions and patterns designed to evade traditional monitoring systems. More advanced forms of AI, including agentic systems, may also allow criminals to manage mule networks, layering activities and transaction flows with reduced human involvement, while imitating legitimate customer behaviour in order to obscure illicit activity.

These developments are compounded by a growing technological asymmetry between threat actors and control frameworks. Detection capabilities are not always keeping pace with the rapid development of AI-enabled threats, and many legacy anti-money laundering systems were not designed to identify synthetic media or more sophisticated AI-driven activity. As a result, firms should consider whether their existing frameworks remain effective in an environment where criminal methodologies are evolving quickly.

Sanctions evasion gets smarter

Alongside the increasing risks associated with artificial intelligence, sanctions evasion continues to present a significant compliance challenge. The European Union’s anti-circumvention tool, introduced under the 11th sanctions package, reflects a more operational approach to diversion risk and re-export activity. By April 2026, Kyrgyzstan had emerged as a potential re-export route for sensitive goods destined for Russia, underscoring the importance of robust trade-related controls.

In this context, firms should remain alert to indicators of possible sanctions circumvention. These may include newly established trading companies with limited commercial substance, unclear ownership structures, unusual pricing patterns, vague product descriptions, commercially illogical shipping routes, repeated amendments to documentation and third-party payment arrangements. Addressing these risks requires more than isolated screening measures. It calls for stronger due diligence, better integration of customer, trade, shipping and ownership data, and closer coordination between AML, sanctions and export control teams. A more connected and risk-based approach will be critical in managing trade-related financial crime effectively.

The EU’s AML Rulebook takes shape

The European Union anti-money laundering framework is also continuing to evolve through new Regulatory Technical Standards being developed by the Anti-Money Laundering Authority. Recent standards under consultation focus on three areas: customer due diligence under Article 28(1) of the Anti-Money Laundering Regulation, the classification of business relationships and transactions under Article 19(9) of that Regulation, and supervisory enforcement measures under Article 53(10) of the Anti-Money Laundering Directive. These measures are intended to provide greater clarity on how firms should apply anti-money laundering obligations in practice, including customer identification and verification, ongoing monitoring, transaction categorisation, threshold application and enforcement criteria.

Once finalised, these standards will become directly applicable across the European Union without the need for national transposition, forming part of the single anti-money laundering rulebook. This will increase consistency across Member States, but it will also raise expectations on firms to interpret and implement more detailed and more harmonised requirements. Organisations should therefore be considering the operational impact now, particularly where changes may be needed to customer due diligence processes, transaction monitoring frameworks and governance arrangements.

Anti-corruption moves up the agenda

Anti-corruption is also moving higher up the regulatory agenda. The proposed EU Anti-Corruption Directive, published on 26 March 2026, represents an important step towards a more unified European approach to corruption risk. It is designed to establish a common criminal law framework that addresses inconsistencies and gaps across national regimes. The directive introduces clearer definitions of corruption offences, including bribery and abuse of power, sets minimum penalties, extends limitation periods and requires preventive measures. It also requires Member States to establish specialised bodies and gives the European Commission a stronger role in assessing national anti-corruption efforts.

Following formal adoption, the directive is expected to enter into force in due course, after which Member States will have between 24 and 36 months to transpose it into national law. Full implementation is expected by 2028. In the meantime, the focus will increasingly turn to national transposition and enforcement planning, and firms should monitor how these developments may influence both legal obligations and supervisory expectations.

In parallel, on 11 May 2026, the European Commission launched work on a broader EU Anti-Corruption Strategy. Unlike the directive, this is a policy initiative rather than a legislative instrument. Its purpose is to strengthen the way corruption is prevented, detected and addressed across the European Union by improving coordination, identifying gaps and responding to increasingly complex and cross-border corruption risks.

The strategy is being shaped through stakeholder engagement, including an eight-week public consultation and call for evidence open to citizens, businesses and public authorities. This process is intended to help define future anti-corruption priorities and actions at EU level. The strategy is expected to complement existing mechanisms, including Rule of Law monitoring and EU anti-corruption networks, while also supporting Member States in strengthening their domestic frameworks. The consultation remains open until 6 July 2026, with the final strategy expected to be adopted later in the year.

A Renewed Regulatory Focus on Governance

At national level, the Malta Financial Services Authority General Code of Conduct for Decision Makers continues to serve as an important governance benchmark for leaders in Malta’s financial services sector. It reflects the Authority’s supervisory expectations around responsible leadership, transparency and ethical conduct.

The Code is intended to strengthen governance, organisational culture and accountability by supporting decision-makers in acting in the best interests of stakeholders and reinforcing trust, stability and credibility across the financial system. It is built on core principles such as integrity, fairness and accountability, and it adopts a flexible, risk-based approach that can be applied proportionately across different firms. Importantly, it complements rather than replaces existing legal and regulatory obligations.

The Code is already in force and applies to decision-makers in MFSA-regulated and listed entities. While it is not legally binding, it forms part of the MFSA’s broader supervisory approach and may be considered during inspections. Any shortcomings identified may therefore have implications for supervisory intervention or enforcement outcomes. For firms, this means that governance and culture should not be viewed as separate from financial crime and compliance considerations, but as an integral part of the wider control environment.

What this means for firms

Overall, the regulatory and risk landscape in 2026 points to rising expectations across anti-money laundering, sanctions, trade controls, anti-corruption and governance. Firms are being asked to respond to increasingly sophisticated risks while also preparing for a more detailed and more integrated regulatory framework. In practical terms, this will require stronger due diligence, better data connectivity, clearer accountability and more coordinated compliance structures. Organisations that take a proactive approach will be better placed to manage both financial crime and conduct risk in a rapidly changing environment.

How can we help?

We support organisations in navigating an increasingly complex regulatory and risk landscape through an integrated approach to financial crime, governance and compliance transformation. This includes helping firms assess their exposure to evolving AML/CFT, sanctions and anti-corruption risks, strengthen control frameworks, and prepare for upcoming regulatory requirements, including the EU AML package and related Regulatory Technical Standards.

We also support organisations in reviewing governance structures against supervisory expectations, including those arising from the MFSA’s General Code of Conduct for Decision Makers. Through culture and compliance assessments, as well as tailored training and workshops for boards, senior management, and operational teams, we help firms embed stronger decision-making, reinforce compliance culture, and enhance regulatory readiness across the organisation.

This article was written by Parameshwaree Chellen, a Tax Associate.

Confronting 2026 –emerging risks, sanctions compliance, regulatory convergence, and governance reform