This Week in Global Compliance — Supervisors Push Transparency and Crypto Enforcement Accelerates
This Week in Global Compliance — Supervisors Push Transparency and Crypto Enforcement Accelerates
November 28, 2025 — Week of 22–28 November
Executive Summary
The final full week of November brought intensified pressure on transparency, crypto controls, and governance standards. Regulators in Europe advanced new supervisory requirements for customer-risk classification, beneficial-ownership records, and AI model governance. Meanwhile, U.S. agencies ramped up enforcement actions against exchanges, mixers, OTC brokers, and cross-border laundering networks.
Across APAC, FIUs and central banks warned of significant increases in AI-enabled scams and instant-payment fraud, prompting calls for forensic identity-verification layers for high-value transactions. Sanctions activity remained active, with coordinated U.S.–EU actions targeting cyber-infrastructure, dual-use suppliers, and logistics conduits supporting sanctioned entities.
For compliance leaders, the week reinforces three themes: (1) transparency requirements are tightening across all business lines; (2) crypto enforcement is entering a predictable, industrialized phase; (3) fraud threats are converging with AML and cyber domains, demanding unified governance.
Top Signals
1. EU supervisors mandate deeper transparency on customer-risk classification
European authorities issued new expectations requiring banks and PSPs to maintain auditable rationale for risk ratings, including transaction-pattern evidence and beneficial-ownership verification logs.
Why it matters:
Supervisors want provable reasoning, not just model outputs. Firms must ensure every risk rating can be reconstructed, audited, and justified.
2. U.S. agencies escalate actions against exchanges and OTC crypto brokers
Multiple enforcement actions this week targeted exchanges that failed to file SARs, OTC brokers tied to darknet markets, and wallet infrastructure providers routing funds from sanctioned jurisdictions.
Why it matters:
Crypto enforcement is shifting from “reactive penalties” to ongoing operational pressure — expect more subpoenas, platform restrictions, and KYC/beneficial-owner lookback demands.
3. APAC regulators warn of widening AI-enabled fraud
Authorities highlighted rising cases of impersonation scams using deepfake voice/video, along with instant-payment fragmentation to bypass monitoring.
Why it matters:
AI-enabled fraud is becoming a systemic risk, requiring tighter onboarding checks, enhanced transaction profiling, and multi-factor identity controls.
4. Coordinated sanctions actions target logistics and dual-use suppliers
The U.S. and EU issued coordinated sanctions targeting logistics firms, spare-parts suppliers, and cyber-support networks linked to sanctioned states.
Why it matters:
Sanctions exposure now extends into supply-chain networks. Firms must screen logistics partners, maintenance vendors, and subcontractors with higher granularity.
5. Beneficial-ownership verification under renewed global scrutiny
Supervisors in Europe and North America issued notes criticizing incomplete beneficial-ownership files and insufficient validation steps for complex structures.
Why it matters:
BO validation is moving from “document collection” to risk-based interrogation — firms must demonstrate ongoing monitoring, pattern-based verification, and enhanced controls for multi-layered entities.
Deep Dives
1. Regulation & Supervision — Transparency as the new baseline
Regulators in Europe and parts of APAC accelerated demands for transparency in governance and decision-making. Themes include:
- Documented rationale for KYC risk scoring
- Explainability of screening and monitoring models
- Audit trails for third-party data sources
- Beneficial-ownership validation with proactive checks
- Governance expectations for AI model updates
Practical impact:
Compliance teams must expand documentation controls, strengthen second-line challenges, and prepare dashboards summarizing model logic, drift metrics, and risk-rating justifications.
2. Enforcement — Crypto actions industrialize
U.S. DOJ, SEC and CFTC activity this week included:
- Crackdowns on OTC brokers routing transactions for darknet markets
- Asset seizures involving privacy wallets and obfuscation tools
- Actions against exchanges failing to file required SARs
- Penalties for mixing services facilitating sanctions evasion
Practical impact:
Firms dealing with any crypto exposure must tighten VASP-risk frameworks, maintain travel-rule compliance, and enhance monitoring for nested accounts and wallet clusters.
3. Sanctions — Infrastructure, logistics and cyber links in focus
Sanctions bodies targeted:
- IT infrastructure supporting malware deployment
- Logistics providers facilitating sanctioned trade
- Spare-parts suppliers tied to defense and dual-use industries
Practical impact:
Sanctions screening must expand to third-party ecosystems — infrastructure partners, shipping intermediaries, suppliers, and maintenance vendors.
4. Fraud & Typologies — AI, instant payments and fragmentation patterns
APAC’s typology updates highlighted:
- Deepfake voice/video scams impersonating executives
- Transaction fragmentation via instant-payment rails
- Cross-border laundering rings using mule accounts at fintech PSPs
- Identity hijacking for high-value transfers
Practical impact:
Firms must enhance fraud typologies, merge cyber + AML data streams, and apply higher friction for anomalous high-value transactions.
Data Points
- $200M+ in funds traced to OTC brokers linked to darknet routes.
- 30–60% increase in AI-enabled impersonation scams across APAC markets.
- Thousands of entities flagged in sanctions updates tied to logistics and dual-use supply chains.
- Hundreds of millions USD estimated to be laundered via instant-payment fragmentation networks.
Watchlist
- Expected Q4 AI-governance guidance from European supervisors.
- Potential next phase of U.S. crypto enforcement, focusing on OTC liquidity providers.
- Increasing scrutiny of PSPs and fintech firms participating in instant-payment networks.
- Updated ransomware-ecosystem sanctions expected from U.S.–EU alignment.
Sources
This briefing consolidates publicly available information from global regulators, FIUs, law-enforcement agencies, sanctions authorities, and trusted media sources covering the week of 22–28 November 2025.