Regulators across the Asia-Pacific (APAC) region are increasing their focus (and enforcement actions) on financial firms’ non-compliance with anti-money laundering and counter-terrorism financing (AML/CFT) obligations. Financial institutions (FIs) that fall short of regulators’ expectations face serious consequences from multi-million-dollar penalties to public reprimands and business improvement orders. Some firms have already faced regulatory enforcements for inadequate due diligence, delayed suspicious transaction reporting, ineffective oversight, and more. Authorities are now acting decisively to uphold the integrity of their respective financial systems.
Enforcement actions taken by APAC regulators, including Australia’s AUSTRAC, Singapore’s MAS, Malaysia’s BNM, Hong Kong’s SFC, and Japan’s FSA highlight the need for firms to go beyond simply maintaining documented policies and performing “tick box” compliance measures. They must implement operational, risk-based controls capable of withstanding regulatory scrutiny. In each case, lapses in internal systems, governance, or responsiveness have exposed firms to financial crime risk, triggered regulatory intervention, and brought attention to their shortcomings.
This article explores the current regulatory landscape across key APAC markets, and provides an overview of expectations and enforcements of regulatory authorities in the region.
If your firm also operates within Europe, see the latest insights about EU AML/CFT regulations and enforcements in our article, AML Compliance and Regulatory Enforcement Across the European Union.
AUSTRAC has outlined a significant regulatory shift as it undertakes a modernisation of Australia’s AML/CFT regime. For financial institutions (FIs), the focus has moved from “tick box” procedural-based compliance to closing the gaps, educating reporting entities, and actively reducing the risk of financial crime across Australia’s economy.
AUSTRAC CEO Brendan Thomas explains, “Whether you’re already part of the regime or preparing to come into it, we want you to be proactive in preparing and making sustained progress towards compliance. We’re about to embark on the most ambitious overhaul of Australia’s anti-money laundering laws in a generation and we’re determined to get it right.”
The regulator aims to enable reporting entities to uphold its expectations of AML/CFT controls and reporting through three key avenues:
AUSTRAC expects firms to demonstrate meaningful efforts to reduce ML/TF risks across their operations. Existing reporting entities must revise internal systems and staff training ahead of the regulator’s 30 June 2026 deadline.
See our in-depth article, AUSTRAC’s 2025-26 Regulatory Priorities: What You Should Know for more information, or see the latest release from AUSTRAC.
In 2019, AUSTRAC commenced civil penalty proceedings against a major Australian financial institution for over 23 million breaches of the Anti-Money Laundering and Counter-Terrorism Financing Act. These proceedings uncovered failures in transaction monitoring, customer due diligence, and reporting, particularly involving high-risk correspondent banking arrangements. Some transactions were linked to serious criminal risks, including child exploitation.
On 21 October 2020, the Federal Court approved an AUD $1.3 billion penalty. The case reinforces AUSTRAC’s expectation that FIs must maintain effective, risk-based AML/CFT controls with oversight at the board and senior management level.
See the media release from AUSTRAC for more information.
In 2025, the Monetary Authority of Singapore (MAS) issued various updates to its AML/CFT framework. With revised Notices and Guidelines that took effect 01 July 2025, MAS has reinforced the obligations for FIs across Singapore’s financial sector, aligning more closely with Financial Action Task Force (FATF) recommendations.
MAS has formally included proliferation financing (PF) within the scope of money‑laundering risk assessments. As such, institutions must now ensure their ML/TF risk assessments formally address PF risks in line with updated FATF standards.
The regulator has also tightened suspicious transaction reporting (STR) deadlines. General STRs must be filed within five business days of establishing suspicion. In cases involving sanctioned parties, the deadline is just one business day. Screening and due‑diligence expectations have been elevated, with stricter requirements around source of wealth/funds establishment, improved screening tools, and cross‑unit data sharing.
Additionally, from October 2024, MAS directed firms to conduct regular independent AML/CFT audits. Audit functions must hold sufficient expertise to validate AML controls and escalate findings appropriately to senior management and the board, with frequency tailored to firms’ risk profiles.
Learn more about MAS regulations and guidelines relating to AML/CFT.
MAS has made it clear that management accountability is a vital component of a firm’s AML/CFT obligations. MAS enforcement actions, published 04 July 2025, signalled the regulator’s zero‑tolerance approach to compliance failures. The regulator imposed penalties totalling SGD $27.45 million on nine institutions, including major banks, due to weaknesses in customer due diligence, risk assessments, and STR handling. MAS emphasised that firms must implement consistent AML/CFT policies across the organisation and that serious breaches will attract strong regulatory response. For more information about these enforcement actions, see the media release from MAS.
Malaysia’s AML/CFT framework is governed under the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA), enforced by several authorities according to the financial sector, as follows:
Bank Negara Malaysia (BNM): The country’s central bank is the primary authority for supervising FIs’ compliance with the AMLA. It oversees reporting obligations, customer due diligence, risk assessments, and suspicious transaction reporting.
Securities Commission Malaysia (SC): Responsible for enforcing AMLA compliance within the capital markets sector, including fund managers, investment banks, and brokers.
Malaysian Anti-Corruption Commission (MACC): Investigates money laundering offences, particularly those related to corruption and public sector misconduct. MACC also supports inter-agency coordination in major financial crime cases.
On 05 February 2024, the BNM issued a revision to its policy on AML/CFT/CPF and TFS for Financial Institutions. This document sets out mandatory requirements for reporting institutions in the financial sector, anchored in a risk-based approach and aligned with FATF standards.
The regulator’s policy document highlights that firms must identify, assess, and mitigate ML/TF/PF risks across business lines, customers, products, and delivery channels. This oversight includes conducting CDD, implementing ongoing due diligence measures, and applying the appropriate controls based on customer risk profiles.
Suspicious Transaction Reporting (STR) is mandatory whenever there is reason to suspect activity related to ML/TF, including attempted or proposed transactions. STRs must be submitted promptly to BNM’s Financial Intelligence and Enforcement Department, with reporting mechanisms ensuring confidentiality and documentation of decision-making by the FI’s Compliance Officer.
BNM’s AML/CFT regime expects financial institutions to demonstrate governance, accountability, and technical capacity to manage and report risks effectively. Firms must embed these standards operationally and at board level, supported by internal expertise, regular audits, and ongoing staff training.
Read more about the BNM policy document.
In May 2025, Bank Negara Malaysia (BNM) imposed over RM $3.7 million in penalties on two FIs for serious AML/CFT compliance failures. The FI’s breaches included inadequate customer due diligence, poor verification of beneficial ownership, and delayed sanctions screening during onboarding and periodic reviews.
BNM cited weak internal controls, insufficient system capability, and recurring lapses despite earlier remediation efforts. In both cases, staff knowledge gaps and ineffective risk management processes increased exposure to ML/TF risks. The AML/CFT enforcement actions taken by BNM are the most significant in recent years. The gravity of these enforcement actions highlight the need for FIs to implement robust and mature risk-based controls and demonstrate ongoing accountability in managing financial crime risks.
See more information about BNM’s enforcement actions resulting in a monetary penalty of RM $3,264,000 and RM $493,500.
Hong Kong’s Securities and Futures Commission (SFC) enforces AML/CFT requirements under the Anti‑Money Laundering and Counter‑Terrorist Financing Ordinance (AMLO) and the Securities and Futures Ordinance (SFO), through its Guideline on AML/CFT, for Licensed Corporations and SFC‑licensed Virtual Asset Service Providers (VASPs). This Guideline sets statutory standards covering risk-based AML systems, customer due diligence (CDD), ongoing monitoring, suspicious transaction reporting (STR), sanctions compliance and staff training.
Effective from 01 June 2023, the SFC published its updated Guideline to reflect enhancements under the Anti‑Money Laundering and Counter‑Terrorist Financing (Amendment) Ordinance 2022. Key amendments include the reclassification of politically exposed persons (PEPs) into non‑Hong Kong PEPs and Hong Kong PEPs, and an updated definition of beneficial ownership for trusts, expanding verification requirements to beneficiaries and classes of beneficiaries under a trust structure.
The SFC mandates that licensed corporations maintain a holistic institutional risk assessment, alongside customer risk assessments that inform appropriate levels of CDD and monitoring. These assessments must be documented, reviewed by senior management, and proportionate to identified ML/TF risk factors, including product, geographic and delivery channel risks.
AML/CFT systems must include robust governance arrangements, such as:
For digital engagement, the Guideline also permits reliance on recognised digital identification systems for identity verification, subject to satisfactory risk assessment. However, a condition of this engagement is that FIs must ensure the identity verification based on digital systems is reliable and independent, and recognised by the relevant authorities.
Licensed firms must regularly review and update AML/CFT policies and controls to ensure continued alignment with SFC expectations and FATF standards. Non‑compliance may lead to disciplinary action, including revocation of licences or other regulatory sanctions under the SFO or AMLO.
In March 2022, the SFC fined two licensed financial firms HKD $5.4 million for failing to implement effective AML/CFT controls over third-party fund transfers. Between December 2016 and December 2017, the firms processed over 760 third-party deposits and withdrawals, totalling more than HK$1 billion, without proper scrutiny or supporting documentation.
Despite various red flags, staff approved transfers based solely on client-provided explanations. The SFC found breaches of the Anti-Money Laundering and Counter-Terrorist Financing Ordinance, AML/CFT Guideline, and the Code of Conduct. While the firms later strengthened their controls and cooperated with the investigation, the SFC imposed sanctions to send a strong message about the importance of enforcing AML/CFT standards across Hong Kong’s financial sector.
See the SFC’s news release about this enforcement action.
Japan’s Financial Services Agency (FSA) has finalised its Discussion Paper on “Issues and Practices for Dialogue on Validation of Effectiveness of AML/CFT Frameworks”, marking a renewed emphasis on dynamic, risk-based compliance. The Paper advises FIs to continuously assess whether their AML/CFT frameworks remain proportionate, effective, and aligned with evolving ML/FT risks.
To ensure effectiveness, the FSA calls on firms to scrutinise and validate that their AML/CFT programs are functioning as intended. This process is a vital exercise in identifying gaps, assessing controls, and adjusting to emerging threats. The Discussion Paper outlines a structured approach for both FIs and regulators to engage in meaningful dialogue, focusing on the concepts and procedures behind acceptable validation, including:
As Japan sharpens its regulatory approach, effective AML/CFT validation is no longer optional. For Chief Compliance Officers and compliance teams in Japan, the FSA’s direction provides a directive to review internal frameworks, ensure accountability, and adopt technologies that support ongoing vigilance and adaptability.
See our full article, AML/CFT Compliance in Focus: Japan FSA Validation Expectations, or the FSA’s discussion paper for further detail.
In January 2025, Japan’s Financial Services Agency (FSA) issued a business improvement order to a financial institution after inspections revealed serious failings in its AML/CFT controls. 14,639 flagged transactions were left unreviewed between mid-2023 and late 2024, with average delays in suspicious transaction reporting reaching 152 days in February 2024.
The FSA found the institution had not implemented prior recommendations, failed to introduce required systems, and did not confirm the effectiveness of its controls. The board and management were found to have fostered a culture that deprioritised AML/CFT oversight. The institution must submit a detailed improvement plan and report quarterly on its progress, reinforcing Japan’s expectation of board-level accountability and proactive AML/CFT governance.
Learn more about the administrative action imposed by the FSA.
Criminals can often exploit complex legal structures and industries outside the financial sector to move and conceal funds. VASPs, including crypto exchanges and digital wallet services, add to the risk due to their decentralised nature and anonymity of transactions. Coupled with growing international threats, FIs in Australia and worldwide face increasing pressure to ensure their AML/CFT frameworks are not just compliant but genuinely effective. To prevent economic losses, reputational harm, and regulatory enforcement, firms are adopting end-to-end RegTech solutions, like MCO.
MCO delivers more than AML/CFT controls. The complete compliance platform covers all aspects of compliance, including Employee Conflicts of Interest, MNPI and Control Room Compliance, and Compliance Program Management. This integrated approach allows firms to maintain oversight, respond to evolving risks, and demonstrate effectiveness across their entire compliance program.
MCO’s AML suite empowers firms to enhance their financial crime defences through automation, risk-based screening, and integrated workflows. Key features include:
Partner Screening: Automated matching against global sanctions and watchlists. Includes configurable rules to minimise false positives while ensuring robust coverage.
UBO Screening: Identification and verification of Ultimate Beneficial Owners, including complex ownership structures, to satisfy transparency and due diligence obligations.
Adverse Media Screening: Continuous monitoring of global news sources to detect reputational or regulatory risk signals linked to individuals or entities.
Risk-based classification: Dynamic scoring of alerts and entities based on multiple factors, allowing prioritisation of higher-risk cases.
Transaction Monitoring: Detection of unusual or suspicious transaction patterns using configurable rules and behavioural analysis, with escalation workflows to support timely investigation.