Compliance Requirements Across Regions: US vs EU vs APAC (2026 Trends)
Regulatory updates
If your business operates across borders, or is growing into new markets, one of the most immediate practical challenges you face is that compliance does not travel. A framework that satisfies regulators in Frankfurt will not automatically satisfy AUSTRAC in Sydney or FinCEN in Washington. The rules may share the same foundational logic, drawing on the Financial Action Task Force recommendations that underpin most national AML frameworks, but the specific obligations, supervisory expectations, documentation standards, and enforcement cultures differ in ways that matter enormously in practice.
2026 is a particularly consequential year to be navigating these differences. All three of the world's major compliance regions are in the middle of significant regulatory transitions. The EU is implementing the most comprehensive overhaul of its AML/CFT framework in decades. The United States has just issued a proposed rule that fundamentally rethinks how AML/CFT programme effectiveness is assessed. And across APAC, Australia is expanding the scope of its AML obligations to entirely new sectors on a tight deadline, while Singapore's MAS has revised its core AML notices to incorporate proliferation financing and tighten suspicious transaction reporting timelines.
This article walks through where each region stands right now, what the key differences mean for regulated businesses, and where the trends are converging or diverging. It is written for compliance professionals who need to understand the landscape as it actually is.
The Shared Foundation: FATF
Before diving into regional differences, it is worth anchoring on what the three frameworks share, because that shared foundation explains both the similarities you will find and the limits of comparability.
The Financial Action Task Force (FATF), the inter-governmental body that sets the global standard for AML/CFT, publishes forty recommendations that form the baseline for national legislation across its 40 member jurisdictions, which collectively represent the vast majority of global financial activity. All three of the regions covered in this article are FATF members, and all three have built their AML frameworks on those recommendations.
What FATF establishes as baseline obligations includes the risk-based approach to customer due diligence, identification and verification of beneficial owners, ongoing monitoring of business relationships, suspicious transaction reporting to a Financial Intelligence Unit, and record retention requirements. The key word is baseline. FATF recommendations are not directly binding on businesses. They bind governments, who then translate them into national law with varying levels of precision, ambition, and enforcement rigour. The differences between US, EU, and APAC frameworks are largely differences in how those governments have made that translation.
Understanding EU Regulations:
The EU's approach to AML/CFT compliance is undergoing its most significant structural change since the first AML Directive was adopted in 1991. The 2024 legislative package, which entered into force on 9 July 2024, introduces a new architecture built on three instruments.
Regulation (EU) 2024/1624, the Anti-Money Laundering Regulation (AMLR), is the first directly applicable EU AML/CFT rulebook. This is a fundamental shift from the previous directive-based approach, where Member States had discretion in how they transposed EU obligations into national law. Under the AMLR, the core substantive obligations, including customer due diligence requirements, beneficial ownership verification standards, and transaction monitoring obligations, will apply uniformly across all 27 EU Member States from 10 July 2027 without requiring national implementation. For businesses operating across multiple EU jurisdictions, this removes much of the national variance that has historically required managing separate compliance frameworks per country.
Regulation (EU) 2024/1620 established the Anti-Money Laundering Authority (AMLA), which commenced operations on 1 July 2025 and is now actively developing the regulatory technical standards and guidelines that will give the AMLR its operational detail. AMLA's public consultation on draft Regulatory Technical Standards on customer due diligence has recently closed, and the final standards will specify precisely what information must be collected and what sources are considered reliable and independent for identity verification purposes.
Directive (EU) 2024/1640 updates the institutional framework at national level, including the rules governing beneficial ownership registers and their interconnection across Member States. Under this directive, obliged entities must have timely access to the information held in the interconnected central registers, and must report discrepancies between what a customer tells them and what the register records.
The EU's approach in 2026 is characterised by centralisation, harmonisation, and a shift from minimum-standard directives to directly applicable regulations. AMLA is progressively assuming supervisory authority for the highest-risk cross-border institutions, with national supervisors retaining responsibility for others. The direction of travel is toward a single supervisory culture applied consistently across Member States, which represents a significant change for businesses that have historically managed their EU compliance on a jurisdiction-by-jurisdiction basis.
For EU-regulated businesses, the practical priority in 2026 is building compliance frameworks that are already aligned with AMLR standards, even though the regulation does not apply in full until July 2027. The regulatory technical standards AMLA is issuing now will define what adequate compliance looks like, and institutions that wait until 2027 to begin adapting will be building under deadline pressure.
Understanding Compliance in the United States:
The United States approaches AML/CFT compliance through the Bank Secrecy Act (BSA), administered primarily by the Financial Crimes Enforcement Network (FinCEN), a bureau of the US Department of the Treasury. The BSA framework applies to banks, broker-dealers, money services businesses, insurance companies, casinos, and a growing range of other financial institutions.
The most significant US regulatory development of 2026 is FinCEN's proposed rule issued on 7 April 2026, which the Federal Deposit Insurance Corporation (FDIC) confirmed represents a fundamental reform of AML/CFT programme requirements under the BSA. The proposed rule, which was issued jointly with the OCC, FDIC, and NCUA for banking institutions, represents the most significant overhaul of US AML/CFT programme obligations in years and implements key provisions of the Anti-Money Laundering Act of 2020.
The existing regulatory framework organises AML compliance around programme pillars. The proposed rule seeks to replace that architecture with a single overarching standard: an effective AML/CFT programme. FinCEN's stated intent is to move from a checklist-based, formulaic compliance model to a risk-focused, outcome-oriented framework. The shift is meaningful. Under a pillar-based model, an institution could demonstrate compliance by documenting that it had the required components in place. Under an effectiveness standard, the question becomes whether those components are actually working to detect and deter financial crime.
For US-regulated institutions, this represents both an opportunity and a compliance challenge. An effectiveness-oriented framework gives well-resourced institutions with sophisticated programmes more flexibility in how they design their controls. But it also means that paper compliance, where documented policies exist but are poorly implemented, will become harder to defend. Regulators will be looking for evidence that programmes work, not just that they exist.
Investment advisers are navigating a separate timeline. FinCEN delayed the effective date of the final rule requiring registered investment advisers to adopt AML/CFT programmes from January 2026 to January 2028, and has indicated it will undertake a broader review of the rule. For investment advisers currently outside the BSA framework, that extension provides additional time for preparation, but the direction of travel, bringing advisers within the scope of AML/CFT regulation permanently, is confirmed.
The US approach to AML/CFT differs from the EU approach in several important ways. The US framework is sector-specific, with different rules applying to different types of financial institutions, often administered by different regulators. The EU is moving toward a single rulebook applied uniformly across obliged entity types. The US beneficial ownership register, established through the Corporate Transparency Act and administered by FinCEN, operates differently from the EU's national beneficial ownership registers and their planned interconnection under AMLD6. And enforcement in the US involves a larger number of overlapping agencies, including FinCEN, prudential banking regulators, state regulators, and the Department of Justice, each of which can bring independent enforcement actions for the same underlying conduct.
Also read: Compliance audit checklist & what businesses must prepare
Understanding Compliance in APAC: A Region of Regulatory Diversity With Converging Standards
APAC is not a single regulatory jurisdiction. It encompasses some of the world's most sophisticated AML/CFT frameworks, sitting alongside markets that are earlier in their regulatory development. For compliance professionals, the challenge of operating across APAC is precisely this diversity: each major market has its own regulator, its own legislative framework, and its own supervisory culture.
With that said, the direction of travel across the major APAC markets is clearly toward greater alignment with FATF standards, tighter beneficial ownership requirements, and stronger enforcement. 2026 is a year of significant reform activity across the region.
Australia: Tranche 2 and the AUSTRAC Reform Programme
Australia's AML/CFT framework is built on the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), administered by the Australian Transaction Reports and Analysis Centre (AUSTRAC). After years of consultation, the reform programme that modernises the AML/CTF Act is now being implemented.
As AUSTRAC has confirmed on its regulatory reform pages, reforms for currently regulated entities commenced on 31 March 2026, with obligations for Tranche 2 entities, including the legal profession, accounting professionals, real estate agents, and jewellers, commencing 1 July 2026. The new AML/CTF Rules 2025, tabled in Parliament on 29 August 2025, provide the supplementary operational detail for the reformed regime.
The reforms shift Australia's framework from a compliance-based approach to a risk-based, outcomes-oriented model, directly mirroring the direction of travel in the US and EU. AUSTRAC has stated explicitly that its regulatory approach will be risk-based, transparent, and aligned with the objectives of the reformed Act. Businesses that are currently enrolled with AUSTRAC need to update their AML/CTF programmes to reflect the new requirements, including revised customer due diligence obligations that replace the previous applicable customer identification procedures framework.
For businesses onboarding clients from the newly regulated professions, the Tranche 2 expansion also changes how counterparty risk is assessed. Law firms, accounting practices, and real estate businesses that were previously outside AML/CTF regulation are now reporting entities with their own obligations, which affects how other regulated businesses classify and manage relationships with them.
AUSTRAC is subject to a mutual evaluation by FATF commencing in 2026, as AUSTRAC has noted in its regulatory expectations guidance. This evaluation provides additional context for the urgency of the reform timeline and the expectation that institutions demonstrate genuine operational compliance rather than documented policies alone.
Singapore: MAS and the Revised AML/CFT Framework
Singapore's Monetary Authority of Singapore (MAS) is widely regarded as one of the more sophisticated AML/CFT regulators in the APAC region. MAS operates through a system of Notices and accompanying Guidelines that apply to different categories of financial institution. MAS Notice 626, the primary AML/CFT instrument for banks in Singapore, was last revised on 30 June 2025 and came into effect on 1 July 2025.
The 2025 revision to MAS Notice 626 made several important changes. One of the most significant is the formal inclusion of proliferation financing within the scope of money laundering risk assessments. As confirmed in the revised Notice, money laundering in the MAS framework now includes proliferation financing, and all references to money laundering risks in the Notice are construed accordingly. This means Singapore's banks must ensure their ML/TF risk assessments formally address proliferation financing risks in line with updated FATF standards, a requirement that has substantive implications for how businesses with clients in sensitive sectors or jurisdictions conduct their risk assessments.
The guidelines accompanying MAS Notice 626 also reinforce senior management accountability as a core compliance principle. The AML/CFT compliance function is expected to alert senior management or the board if employees in line departments are failing to adequately address ML/TF risks, and senior management is expected to take effective action in response.
For corporate customers specifically, MAS Notice 626 requires banks to understand the nature of the customer's business and its ownership and control structure where the customer is not a natural person. Banks are not required to identify beneficial owners for certain categories of customers, including entities listed on the Singapore Exchange or entities listed on a stock exchange outside Singapore that is subject to regulatory disclosure requirements and requirements relating to adequate transparency in respect of beneficial owners. Outside those categories, beneficial ownership identification and verification is required.
Japan: FSA Enforcement and the Risk-Based Approach
Japan's Financial Services Agency (FSA) is the integrated financial regulator responsible for AML/CFT supervision across banking, securities, insurance, and financial markets. Japan has been subject to increasing international scrutiny of its AML/CFT framework and has been investing in strengthening its supervisory approach.
In January 2025, the FSA issued a business improvement order to a financial institution following inspections that revealed serious failings in AML/CFT controls. The failures identified were significant: over 14,000 flagged transactions were left unreviewed over an extended period, average delays in suspicious transaction reporting had reached 152 days in early 2024, and the institution had not implemented prior supervisory recommendations. The FSA found that the board and management had fostered a culture that deprioritised AML/CFT oversight. This enforcement action illustrates the FSA's increasingly active posture and the consequences of allowing governance accountability to become nominal rather than real.
Japan's AML/CFT guidelines, updated by the FSA, mandate a risk-based approach requiring institutions to perform self-directed risk assessments and mitigation, with senior management held directly accountable for the effectiveness of internal control frameworks.
Key Differences Between the Three Frameworks
Understanding the differences between US, EU, and APAC compliance frameworks helps businesses operating across regions avoid the mistake of assuming a compliant approach in one jurisdiction transfers automatically to another.
The EU's model is moving toward a single directly applicable rulebook administered by a supranational authority, with national supervisors operating within a harmonised framework. The US model remains sector-specific and multi-agency, with a proposed shift from prescriptive programme components to an outcomes-effectiveness standard. APAC encompasses a wide range of national frameworks that share FATF foundations but differ significantly in scope, supervisory culture, documentation standards, and enforcement intensity.
On beneficial ownership, the EU is building toward a harmonised 25% threshold with interconnected national registers and an active discrepancy reporting obligation. The US has a separate beneficial ownership reporting regime under the Corporate Transparency Act, which applies to the company itself rather than to the financial institutions it deals with, though financial institutions still have their own Customer Due Diligence obligations. In APAC, beneficial ownership requirements vary by jurisdiction, with Singapore and Australia having defined frameworks and other markets at different points of development.
On sanctions screening, all three regions require screening against applicable lists, but the lists and the expectations around calibration and documentation differ. The EBA's guidelines EBA/GL/2024/14 set out detailed requirements for EU-regulated institutions on internal policies for restrictive measures compliance. In Singapore, MAS requires that suspicious transactions involving sanctioned parties be reported within one business day, a significantly tighter timeline than applies in many other jurisdictions.
On ongoing monitoring, the EU's AMLR sets risk-based refresh timelines that require customer information to be kept current throughout the business relationship. Australia's reformed AML/CTF framework similarly shifts toward ongoing risk assessment rather than point-in-time checks. The US effectiveness standard implies that transaction monitoring calibration and alert review quality will face increasing scrutiny.
Where the Trends Are Converging
Despite the regional differences, several clear trends are converging across all three frameworks in 2026 and the years immediately ahead.
The risk-based approach is becoming non-negotiable everywhere. Every major regulatory framework in all three regions is moving away from tick-box compliance and toward requiring evidence that controls are calibrated to actual risk and that they work. FinCEN's proposed effectiveness standard, the EU's AMLR risk-based approach, and AUSTRAC's outcomes-oriented model are all expressions of the same underlying direction.
Senior management and board accountability is being elevated across all three regions. The expectation that compliance is a board-level responsibility, not a back-office function, is now embedded in MAS guidelines, the EU's governance requirements under the AMLR, AUSTRAC's reform programme, and the FSA's enforcement findings in Japan.
The scope of obliged entities is expanding everywhere. Australia's Tranche 2 brings lawyers, accountants, and real estate professionals under AML/CTF regulation for the first time. The EU's AMLR extends obligations to crypto-asset service providers, crowdfunding platforms, and other sectors. The US is progressively bringing investment advisers and other previously unregulated sectors into the BSA framework.
And the quality of the audit trail is becoming a defining measure of compliance adequacy in every jurisdiction. Whether a regulator is assessing a firm under the EU's AMLR, FinCEN's proposed effectiveness standard, or AUSTRAC's outcomes-focused model, the question they are asking is the same: can you show me that the controls you have documented are the controls you actually applied, to each individual customer and transaction, and that someone with appropriate authority reviewed and documented the decision?
About SpeedyDD
SpeedyDD is built for regulated businesses that need to manage compliance across complex, multi-jurisdictional environments without sacrificing the quality or defensibility of their documentation.
Our platform connects with over 3000 corporate registry data sources across more than 200 countries and territories, giving compliance teams access to primary-source verification data for KYB that meets the quality expectations of regulators in the EU, APAC, and beyond. Our mission is to help complex, regulated businesses maintain continuous audit-readiness, not just in a single jurisdiction, but wherever they operate and whoever is asking the questions.
Frequently Asked Questions
What are the main differences between EU and US AML/CFT compliance requirements?
The most fundamental structural difference is that the EU is moving toward a single directly applicable Regulation, Regulation (EU) 2024/1624, that applies uniformly across all 27 Member States from 10 July 2027, supervised increasingly by AMLA at EU level. The US operates through the Bank Secrecy Act, which applies differently depending on institution type and is administered by multiple agencies including FinCEN, the OCC, the FDIC, and the Federal Reserve. FinCEN's April 2026 proposed rule marks a shift from prescriptive programme components toward an outcomes-effectiveness standard. Both frameworks are risk-based, require beneficial ownership identification, and mandate suspicious activity reporting, but the specific thresholds, documentation requirements, and supervisory cultures differ materially.
How does APAC regional compliance differ from EU regulations?
APAC is not a single compliance framework. Each major jurisdiction, including Singapore, Australia, Japan, Hong Kong, and others, has its own regulator and legislative framework. Australia's compliance requirements are set by AUSTRAC under the AML/CTF Act 2006. Singapore's banks comply with MAS Notice 626 and its associated guidelines. Japan's financial institutions are supervised by the FSA. While all three major APAC markets draw on FATF foundations, the specific beneficial ownership thresholds, suspicious transaction reporting timelines, and enforcement approaches differ both from the EU and from each other. The EU's direction toward a single harmonised rulebook has no equivalent in APAC, where regulatory harmonisation happens through FATF mutual evaluations and bilateral cooperation rather than supranational legislation.
What is FinCEN's proposed 2026 rule change and how does it affect compliance programmes?
In April 2026, FinCEN issued a proposed rule that would replace the existing pillar-based structure of BSA AML/CFT programme requirements with a single standard: an effective AML/CFT programme. The proposal moves away from requiring institutions to document that they have specific programme components in place, toward requiring them to demonstrate that their programmes actually work to detect and deter financial crime. The proposed rule is open for comment until June 2026 and, if finalised, would represent the most significant reform of US AML/CFT programme obligations in years. Institutions should monitor the finalisation of this rule closely, as it has significant implications for how compliance programmes are designed, tested, and documented.
What is Australia's Tranche 2 reform and which businesses does it affect?
As AUSTRAC has confirmed, Australia's AML/CTF reform programme extends AML/CTF obligations to Tranche 2 entities from 1 July 2026. This includes real estate professionals, legal practitioners, accounting professionals, and dealers in precious metals and stones. These sectors were previously outside the AML/CTF Act's reporting regime. From 1 July 2026, they must enrol with AUSTRAC, implement AML/CTF programmes, conduct customer due diligence, and report suspicious transactions. For businesses that already deal with these sectors as clients, the Tranche 2 expansion changes how counterparty risk should be classified and what due diligence is appropriate when onboarding them.
What did MAS update in its AML/CFT framework in 2025?
MAS Notice 626, the primary AML/CFT instrument for banks in Singapore, was revised on 30 June 2025 and took effect on 1 July 2025. One of the most significant changes was the formal inclusion of proliferation financing within the scope of money laundering risk assessments, meaning Singapore's banks must now ensure their risk frameworks formally address proliferation financing risks in line with FATF standards. MAS also tightened suspicious transaction reporting deadlines, with general suspicious transaction reports required within five business days of establishing suspicion, and reports involving sanctioned parties required within one business day. These changes reflect Singapore's close alignment with evolving FATF recommendations and its expectation of proactive rather than reactive compliance.
What is FATF and why does it matter for businesses operating across regions?
The Financial Action Task Force is the inter-governmental body that sets the global standard for AML/CFT through its forty recommendations. All three major compliance regions covered in this article are FATF members, and all have built their national AML/CFT frameworks on those recommendations. FATF conducts periodic mutual evaluations of each member country's compliance with its recommendations, and the outcomes of those evaluations affect how each country is classified for risk purposes. Australia's mutual evaluation by FATF is commencing in 2026, which is part of the context driving the urgency of the AUSTRAC reform programme. A jurisdiction that receives a poor FATF mutual evaluation rating may be identified as higher-risk by other countries, which has direct implications for how businesses operating in or with that jurisdiction are treated for enhanced due diligence purposes.
How should a business operating across US, EU, and APAC manage its regional compliance differences?
The practical approach for multi-regional businesses is to build a compliance framework to the highest common denominator across your jurisdictions while maintaining jurisdiction-specific addenda where local requirements are more prescriptive or divergent. This means a consistent core of risk assessment methodology, beneficial ownership verification standards, customer due diligence procedures, ongoing monitoring processes, and audit trail documentation, with local configurations for jurisdiction-specific thresholds, reporting formats, and supervisory expectations. The convergence of risk-based, outcomes-oriented approaches across all three regions actually makes this more achievable than it has historically been, because the underlying compliance logic is increasingly similar even where the specific regulatory instruments differ. What regulators in all three regions are looking for is evidence that controls are real, calibrated to actual risk, and applied consistently to every customer and transaction.
What does the EU's AMLA mean for non-EU businesses that interact with the EU financial system?
AMLA, established by Regulation (EU) 2024/1620 and now operational, will directly supervise the highest-risk financial institutions operating across the EU and will coordinate with national supervisors for others. For non-EU businesses that interact with EU-regulated entities, including correspondent banking relationships, payment processing, or business service arrangements, the practical implication is that their EU counterparts are subject to enhanced due diligence requirements when those counterparts assess the risk of the relationship. Additionally, under Directive (EU) 2024/1640, non-EU entities that enter into business relationships with EU-obliged entities must now submit beneficial ownership information to a Member State's central register, extending the EU's transparency requirements to third-country structures that interact with the EU financial system.
