EU Identifies Crypto and AI as Financial Crime Threats
The European Union’s premier regulatory authority for the banking sector has released a new assessment regarding the risks of money laundering and terrorism financing. The report highlights that the realm of digital assets is considered a significant area of risk, while the misuse of artificial intelligence (AI) is on the rise. On July 28, the European Banking Authority (EBA), responsible for overseeing banking regulations across the 27 EU member states, published its 2025 Opinion, addressing the threats posed by money laundering and terrorist financing (ML/TF) to the EU’s financial system. According to the EBA, there has been a staggering 2.5-fold increase in the number of authorized crypto-asset service providers (CASPs) from 2022 to 2024, many of which exhibit insufficient anti-money laundering (AML) and counter-financing of terrorism (CFT) measures, with some attempting to evade regulatory scrutiny. The report also pointed to a rising trend of fraud facilitated by AI, with criminals leveraging the technology to streamline laundering operations, fabricate documents, and avoid detection.
Financial Institutions Struggle with Evolving Risks
The EBA expressed alarm that financial institutions are finding it challenging to adapt to these increasingly sophisticated threats, underlining the necessity for responsible use of AI and comprehensive monitoring systems. The report stated, “Since the EBA’s fourth Opinion on ML/TF risks was published in 2023, the financial sector has faced a dynamic and increasingly complex ML/TF risk landscape.” Rapid advancements in financial technology and the emergence of new products, including cryptocurrencies, have created additional vulnerabilities within the financial ecosystem. The Opinion Report draws from data collected between January 2022 and December 2024 and incorporates feedback from 52 national regulators responsible for AML/CFT oversight across the EU.
RegTech: A Double-Edged Sword
In discussing regulation technology (RegTech), the EBA acknowledged its potential benefits, such as improving operational efficiency and enabling institutions to manage large datasets effectively. The agency found that 29% of anti-money laundering authorities recognized effective RegTech practices. However, half of the surveyed authorities also identified associated ML/TF risks, with 15% believing these risks have worsened. The EBA attributed this concerning trend to the “unthinking” application of RegTech, highlighting significant risks stemming from outsourcing, automation without proper oversight, and a lack of internal expertise.
Concerns Over Digital Asset Risks Persist
The EBA reiterated that the misuse of digital asset services for criminal activities remains a pressing issue, exacerbated by the surge in transaction volumes and the growing number of authorized CASPs in the EU. The report noted that the number of registered CASPs had increased 2.5 times, reaching a total of 2,525 by the end of 2024, alongside a rise in the volume and average value of crypto transactions. Consequently, 17% of competent authorities observed an uptick in digital asset-related risks compared to the previous year, while others reported that risks remained stable or had decreased. The EBA highlighted that many CASPs often lack effective AML/CFT systems, indicating a discrepancy between regulatory expectations and actual practices.
Interconnected Financial Services Heighten Risks
The report emphasized that the integration of CASPs with traditional financial service providers raises significant concerns. The EBA noted, “This means that ML/TF risks affecting CASPs are also spilling over into other sectors.” Approximately 35% of competent authorities reported increased service overlap between CASPs and electronic money institutions (EMIs) as well as payment institutions (PIs) for converting cryptocurrencies to fiat currencies. While some European authorities have sought to alleviate concerns about risks from the crypto sector, stating that the crypto market has minimal connections to the traditional financial system, the EBA’s findings suggest otherwise.
Fraud in the Digital Asset Space is Rising
A major concern highlighted in the EBA report is the rise in fraudulent schemes targeting digital asset investors, particularly ‘rug pull scams.’ In these scenarios, fraudulent tokens attract investors before the creators disappear with their funds. Additionally, the report raised alarms about unregulated token sales on decentralized platforms, which can lead to both fraud and regulatory violations. Investigations by law enforcement within EU member states have shown that digital assets continue to be utilized for terrorism financing. Notably, the EBA observed a shift in criminal activity from Bitcoin to stablecoins, aligning with findings from the Financial Action Task Force (FATF) indicating that stablecoins are increasingly favored by illicit actors.
Need for Strong Regulatory Frameworks
To address the highlighted risks, the EBA underscored the importance of stringent due diligence, continuous oversight, and well-defined regulatory frameworks. The agency pointed out that the comprehensive Markets in Crypto Asset (MiCA) regulations, which came into full effect at the end of 2024, introduced essential AML/CFT mandates for CASPs. These regulations require CASPs to be authorized by EU authorities, ensure compliance with AML/CFT rules, and implement measures to mitigate significant ML/TF risks, including providing detailed information regarding the origins and beneficiaries of digital asset transfers.
AI: An Emerging Challenge for Financial Security
The EBA also highlighted the growing risks associated with AI, as criminals exploit the technology to enhance their money laundering tactics, conceal the origins of illicit funds, and conduct high-risk transactions that evade detection. The report noted that AI is being utilized to create fraudulent documents, simulate legitimate business operations, and employ deepfake technologies to bypass customer due diligence processes. The EBA warned that financial institutions face mounting challenges in detecting these sophisticated AI-driven attacks, which are increasing in both frequency and complexity.
Overall Trends and Future Outlook
The EBA’s findings indicate that 70% of competent authorities reported heightened ML/TF risks within the financial sector, attributing these concerns to inadequate AML/CFT controls and insufficient governance. The report concluded that while technological advancements offer potential benefits in combating financial crime, the current trajectory suggests that the drive for innovation may outstrip the sector’s capability to manage associated risks effectively. The EBA reiterated the significance of its forthcoming guidelines, set to take effect at the end of 2025, aimed at standardizing practices across the EU’s banking and finance landscape, including enhanced protocols for high-risk transactions and customer due diligence. As AI continues to evolve, the integration of robust regulatory frameworks and cutting-edge technological solutions will be critical in ensuring the integrity and security of financial systems.
