ACAMS Assembly Las Vegas ’25 made one thing clear: compliance leaders are being asked to deliver certainty in a world defined by volatility. Rules shift. Enforcement tightens. Criminals evolve faster than frameworks.
The path forward isn’t static or checkbox-driven. It’s continuous, contextual, and collaborative.
Here are the biggest lessons that resonated across sessions:
Regulation is volatile, but examiners aren’t
While beneficial ownership rules were rolled back, examiners didn’t relax. Enforcement actions increased, and regulators are demanding more rigor around governance, resourcing, and data lineage.
In his keynote, John Hurley, Undersecretary of the Treasury for Terrorism and Financial Intelligence, emphasized a significant change in the Treasury’s approach. Rather than adding new requirements, regulators are prioritizing:
- Encouraging innovation in how financial institutions tackle compliance.
- Streamlining administrative tasks so teams can focus on critical risks.
- Prioritizing actionable information sharing to drive real law enforcement outcomes.
The shift from “reasonably effective” to “reasonably designed” signals a future where annual check-ins won’t be enough — programs must adapt continuously and show their work.
Identity proofing is moving past the “golden four”
Name, address, SSN, and DOB no longer anchor trust. SSNs and EINs can even be supplied by third parties, underscoring how fragile single-factor checks have become. Synthetic identities and deepfakes add to the risk, pushing institutions to layer signals and adopt progressive onboarding — balancing low-friction entry with deeper verification as customer relationships grow.
Want a deeper dive?
Learn how leading institutions are balancing stronger security with a smoother onboarding experience. Read the guide.
Governance and data health are non-negotiable
When budgets are tight, institutions are expected to “show the math” behind team sizing. Data ownership and quality are becoming exam-critical; banks that can’t execute against their own documented standards risk being “hung by their own rules.” Compliance leaders also voiced fatigue with excessive reporting requirements that drain time from investigations and cross-team strategy. As institutions expand, the message is clear: controls must exist before new products or regions go live.
SARs and CTRs are due for modernization
The $10k CTR threshold, unchanged since the 1940s, floods the system with low-value filings. SARs, too, are overburdened with noise. Institutions need modernization that prioritizes signal over volume. Otherwise, compliance teams will continue drowning in false positives rather than surfacing meaningful risk.
Debanking requires clarity and fairness
Banks face mounting pressure to ensure customers aren’t excited for subjective reasons. Separating financial-crime risk from other risks, maintaining updated blacklists, and documenting objective exit criteria were emphasized as best practices. Transparency, where possible, will go a long way in reducing confusion and frustration for customers.
Partnerships come with shared responsibility
Bank–fintech relationships remain under the spotlight. Regulators support them, but only when oversight is strong and banks can demonstrate visibility into their customer’s customer’s customer. Standardized verification, consistent monitoring, and audit-ready evidence across portfolios are now the baseline.
Digital assets don’t fit neatly into old rules
Stablecoins and digital assets remain in regulatory gray space. Whether entirely new frameworks emerge or old ones are adapted, institutions can’t afford to wait. They must design controls that can evolve quickly, demonstrate intent, and show regulators they’re actively mitigating risk.
AI is raising both expectations and opportunities
AI’s value today is in efficiency — SAR drafting, transaction monitoring, and onboarding. A poll during the event showed that 70% of attendees are already using AI in some way, pointing to accelerating adoption across AFC. But regulators are looking ahead to explainability. Institutions will need to show what data models used, how decisions were reached, and why. AI won’t replace investigators, but it will free them to focus on higher-value work, if governance and transparency keep pace.
Post-onboarding is where reality hits
Fraud and sanctions risks don’t stop after onboarding. Dormant-to-spike transaction patterns, account takeovers, and insider fraud continue to challenge institutions. RFIs often burden customers unnecessarily when business context could provide the answer. The strongest teams blend verified business identity with behavioral metadata to baseline normal activity — and act quickly when it shifts.
The bigger picture: continuous, contextual compliance
Taken together, these themes point to a compliance future that is:
- Continuous: Designed for ongoing monitoring, not one-off reviews.
- Contextual: Enriched with business identity and behavioral baselines that make alerts meaningful.
- Collaborative: Involving product, risk, operations, and compliance from the outset.
This is where the industry is heading and where Middesk is already focused. By delivering trustworthy business identity, verified ownership, sanctions exposure, and continuous monitoring, Middesk helps compliance leaders build programs that meet today’s volatility with tomorrow’s resilience.
Bottom line: ACAMS reinforced that compliance can’t be static in a dynamic world. The institutions that thrive will be those that balance risk, regulation, and reality, by designing AML programs that are always-on, explainable, and rooted in trust.
