Financial Crime

5 briefs · 4 new

DNB ·

DNB fines ABN AMRO €8.5m for structural AML client due-diligence failures

Dutch banks must conduct critical, thorough ongoing monitoring of high-risk clients — verifying client statements against objective data and acting on risk signals — following DNB's €8.5m AML fine on ABN AMRO

SFC ·

SFC bans OTP login and mandates phishing-resistant authentication for internet brokers and VASPs by 8 July 2027

Internet brokers and SFC-licensed VASPs must stop using OTP for login and device binding and adopt phishing-resistant authentication (e.g. passkeys, bound devices) no later than 8 July 2027, with monitoring, incident-reporting and client-awareness measures required sooner

EBA ·

EBA publishes final 4.3 reporting technical package for third-country branches and AMLA risk-assessment reporting

Third-country-branch reporting teams and AMLA-scope obliged entities must produce reports conforming to the EBA 4.3 DPM, validation rules and XBRL taxonomy — AMLA risk-assessment reporting from 31 December 2026 and CRD Article 48l TCB reporting from 31 March 2027