This page collates the FIN-FSA’s key releases and texts on the prevention of money laundering and terrorist financing in 2024.

The FIN-FSA anti-money laundering and counter-terrorist financing activities in 2024 focused on, among other things, virtual asset service providers and consumer lenders as well as the assessment of sanctions risk. These areas have a need for continuous supervision and the development of supervision in order to respond to increasingly complex threats.

Virtual asset service providers as a significant risk group

In November 2024, the FIN-FSA published a summary of the anti-money laundering and counter-terrorist financing risk assessment concerning virtual asset service providers. According to the assessment, the anonymous nature and worldwide availability of virtual assets make them attractive to criminal operators. They enable cross-border person-to-person payments in near real time. In addition, in many cases it is very difficult to identify the parties involved in virtual asset transfers.

With regard to risk controls, there are significant shortcomings in the sector in, for example, risk assessment and organising operations in compliance with regulation. There is also room for improvement in procedures for the ongoing monitoring of customer relationships.

National regulations on virtual asset service providers have been replaced by the EU Regulation on markets in crypto-assets (MiCA Regulation). Entities entered in the register of virtual asset service providers must apply for authorisation as crypto-asset service providers (CASPs) in accordance with the new Regulation if they intend to continue their operations. In the authorisation process, the FIN-FSA will pay particular attention to verifying that procedures for the prevention of money laundering and terrorist financing have been arranged in accordance with the regulatory requirements.

• A summary of the risk assessment of money laundering and terrorist financing for virtual asset service providers has been published

Consumer lenders as a new group of supervised entities

In 2023, the year preceding the review year, consumer lenders came under the supervision of the FIN-FSA. A review concerning their anti-money laundering and counter-terrorist financing activities revealed a varying degree of risk management shortcomings.

According to the review, the FIN-FSA’s active measures have had a positive impact on enhancing the entities’ awareness of ML/TF risks and thereby also on their risk management. The majority of the entities have reacted swiftly to the FIN-FSA’s requests for further clarifications. They have embraced the feedback given by the FIN-FSA by developing their internal risk management processes in order to combat money laundering more effectively. The findings of the review will be used as a basis for targeting risk-based ongoing supervision.

The FIN-FSA also examined the up-to-dateness of information in the register, whether registered entities meet the requirements for registration, and updated the registered information of several entities to better correspond to current regulatory requirements.

In ongoing supervision, the FIN-FSA will pay attention to ensuring that the entities notify any changes to information entered in the register.

• Consumer lenders have various shortcomings in AML/CFT risk management; registered information on supervised entities assessed and updated

Sanctions risk assessment

In autumn 2024, the FIN-FSA published a summary of its sanctions risk assessment. The risk assessment covers sectors supervised by the FIN-FSA under the Anti-Money Laundering Act. The sanctions risk assessment assesses, for each sector, the policies, procedures and internal controls in place to comply with sanctions regulations and national freezing orders in relation to the sector’s risk exposure.

According to the risk assessment, exposure to sanctions risk is elevated in sectors providing various types of cross-border payment services that enable one to transfer funds fast and easily from one place to another. These include, for example, credit and payment institutions providing international payment services. These operators should pay particular attention to the level of policies, procedures and internal control.

Money remitters and virtual asset service providers should also pay particular attention to ensuring that they have sufficient policies and procedures in place to comply with sanctions regulations. The level of controls and the risks related to deficiencies in controls were relative to the requirements set out in the law and the FIN-FSA’s regulations and binding guidelines.

In connection with the summary of the sanctions risk assessment, information obtained through cooperation between authorities and from reliable public sources on identified ways of evading sanctions was also published. The purpose of this was to provide supervised entities with information they can utilise when preparing their own policies and procedures to prevent sanctions evasion.

• The Financial Supervisory Authority has published a summary of its sanctions risk assessment

Artificial intelligence was used in writing the article. However, the article was finalised and reviewed by FIN-FSA’s specialists.