AML compliance in finance: what controls are teams missing?

TL;DR: AML failures are costly and operational, according to SumSub’s Finance AML Compliance 101 Guide for 2026, which cites Starling Bank’s £28.9 million penalty and outlines obligations for banks, payments, wallets, and BNPL providers. The real lesson is that monitoring, screening, and reporting controls only work when they are treated as governed identity and risk processes, not paperwork.

NHIMG editorial — based on content published by Sumsub: Finance AML Compliance 101 Guide

By the numbers:

• Starling Bank paid £28.9 million in 2024 for its compliance failures.

Questions worth separating out

Q: How should finance teams structure AML controls so they hold up in an audit?

A: Finance teams should structure AML controls as a documented workflow with clear ownership, evidence retention, and repeatable escalation.

Q: Why do AML programmes fail even when policies exist?

A: AML programmes fail when policy is not matched by operational discipline.

Q: How can organisations know whether AML monitoring is actually working?

A: Monitoring is working when alerts are actionable, triaged on time, and linked to outcomes that can be explained later.

Practitioner guidance

• Map AML controls to named owners Assign a single accountable owner for monitoring, screening, investigation, and reporting so gaps do not hide between teams.
• Test evidence reconstruction end to end Pick a sample alert or case and rebuild it from source data, analyst notes, approvals, and filing records.
• Align screening refreshes with current risk data Refresh sanctions, customer, and counterpart data on a schedule that matches operational change, not convenience.

What's in the full article

Sumsub's full guide covers the operational detail this post intentionally leaves for the source:

• A practical AML compliance toolkit with steps for monitoring, screening, and reporting in regulated finance.
• Guidance on avoiding regulatory traps that affected high-growth financial firms in 2024 and 2025.
• Coverage of compliance obligations across banks, payments, wallets, and BNPL providers.
• A future-facing checklist intended for teams preparing 2026 AML programmes for audit and enforcement pressure.

👉 Read Sumsub's Finance AML Compliance 101 Guide for 2026 →

AML compliance in finance: what controls are teams missing?

Explore further

View Full Forum →  |  NHI Foundation Course →