Will The EU’s New AML Rulebook Break the Fintech Growth Playbook?
By Adil Sassa, VP of Solutions Consulting at ThetaRay
At the end of last month, the European Banking Authority closed its consultation on a major package of draft technical standards on customer due diligence and risk assessment, its most consequential update to the EU’s AML framework in over a decade. The EBA is now preparing its submission to the European Commission, a step that will lay the operational foundation for Europe’s new single rulebook and, ultimately, for the supervisory approach of the Anti-Money Laundering Authority (AMLA).
For fintechs, this marks the beginning of the end of an era. The practices that shaped a decade of hypergrowth through simplified onboarding, static risk scoring, and minimal due diligence are now fundamentally misaligned with Europe’s regulatory direction.
Compliance is evolving from documentation toward demonstrable performance across the customer lifecycle, as national supervisors are already adopting AMLA’s key principles, traceability, behavioural insight, and provable effectiveness.
This change targets the core of fintech onboarding strategies. Previously, onboarding offered a competitive edge: collect data, perform sanctions checks, assign a basic risk score, and enable transactions. Risk was seen as fixed at sign-up and only occasionally reviewed.
The new EBA framework fundamentally redefines risk as a dynamic pattern, not a static label. A low-risk customer can become high-risk in days, and if a firm’s systems fail to detect and respond to that shift, the entire risk model is invalid. Moving forward, supervisors will require proof of performance, not just policies. Compliance must be built on evidence.
This is more than a technical adjustment. It represents a philosophical shift in how Europe defines risk management. Under the new regime, a “low-risk” customer is a temporary judgment that must be tested against every new piece of information. Simplified due diligence remains permissible, but only where firms can prove that the relationship continues to present a genuinely low level of risk.
For fintechs built on speed and seamless customer journeys, the implications are structural. It means moving from static templates to adaptive scoring models that update with behaviour. It means embedding explainability into every algorithm and building governance processes that document each change. The logic of compliance is changing from a one-off obligation to an ongoing proof of competence. The architecture of compliance must be as dynamic as the customers it monitors.
The timing could not be more critical. As 2026 approaches, national supervisors across Europe are aligning their inspection frameworks with the EBA’s draft standards and AMLA’s forthcoming methodology. Financial Institutions that treat AMLA’s 2028 supervision date as a distant concern will find themselves already behind.
However, for firms willing to adapt early, this transition is a strategic opportunity. Modernizing systems now to enable adaptive, explainable onboarding will help them avoid remediation orders and secure a competitive edge by earning the confidence of banking partners, investors, and regulators. The ability to prove control effectively becomes a powerful differentiator, not just an operational cost.
Simplified onboarding is not being outlawed, but simplicity is. Europe’s new AML architecture is built on one principle: compliance must be dynamic, transparent, and defensible. For fintechs that still rely on outdated onboarding models, the simplicity that once fueled growth may soon become their greatest regulatory risk.
Adil Sassa is Vice President of Solution Consulting at ThetaRay, where he works with financial institutions worldwide to deploy AI-driven transaction monitoring and risk detection that uncovers hidden financial crime across complex and high-risk payment networks.
Photo Credit- European Parliament, Strasbourg. (Credit: Elekes Andor/Wikipedia, CC BY 4.0)
The post Will The EU’s New AML Rulebook Break the Fintech Growth Playbook? appeared first on European Business & Finance Magazine.
