France's Market Regulator Finds AML Weaknesses That Still Reach the Foundations of Compliance
Key Takeaways
- Recurring Weaknesses Point to Structural Issues: The AMF's review of 46 inspections found that many AML/CFT deficiencies, including weak governance, incomplete procedures, and ineffective controls, continue to recur across supervised firms rather than appearing as isolated failures.
- Customer Due Diligence Remains a Core Vulnerability: Inspectors identified persistent shortcomings in customer identification, beneficial ownership verification, source-of-funds documentation, politically exposed person screening, and the maintenance of accurate client records.
- Third-Party Oversight Continues to Lag: The regulator found that firms often lacked sufficient oversight of delegates, distributors, service providers, and other third parties responsible for elements of know-your-customer and due diligence processes.
- Effective Reporting Depends on Strong Foundations: The AMF emphasized that suspicious transaction reporting to TRACFIN is only as effective as the underlying risk assessments, customer data, employee training, and internal controls that enable firms to recognize unusual activity.
Deep Dive
The French Autorité des Marchés Financiers' latest review of anti-money laundering and counter-terrorist financing controls, published as part of the regulator's 2026 supervisory priorities and its broader Impact 2027 strategy, distills what inspectors found across 46 examinations that resulted in regulatory follow-up between January 1, 2022, and December 31, 2025. Those inspections produced 16 sanction decisions, 16 administrative settlement agreements, and 16 follow-up letters requiring firms to remedy deficiencies, with some inspections leading to more than one form of regulatory action.
The publication is presented as an educational exercise, intended to help supervised firms understand where expectations lie. It also serves another purpose. Read from beginning to end, it becomes difficult to escape the conclusion that many of the shortcomings are no longer isolated compliance failures but recurring patterns that continue to appear across different organizations and business models.
What inspectors encountered was often less a failure of effort than of design. Firms had AML and counter-terrorist financing procedures, but they were incomplete, insufficiently detailed, or disconnected from the activities they were supposed to govern. Risk maps identified threats in broad terms yet frequently stopped short of explaining how those risks translated into concrete vigilance measures. The documents existed. The operational logic tying them together often did not.
That same disconnect appeared in customer due diligence. Inspectors identified weaknesses in collecting, maintaining, updating, and documenting information about customers, beneficial owners, the origin of funds, and whether clients qualified as politically exposed persons. These are not peripheral details within an AML framework. They are the information upon which almost every meaningful judgment depends.
The review also points toward a problem becoming increasingly familiar across financial supervision: responsibility does not disappear simply because a process has been delegated. The AMF found shortcomings in the oversight of delegates, distributors, service providers, and other third parties involved in know-your-customer due diligence, suggesting that some firms had outsourced operational tasks without building equally robust oversight of the organizations performing them.
Other failures emerged further downstream. Inspectors identified deficiencies in applying due diligence to investment and divestment transactions involving fund assets, along with breaches of reporting obligations owed either to the AMF itself or to TRACFIN, France's financial intelligence unit. Employee training was sometimes irregular or insufficient for the obligations staff were expected to meet, while internal control systems were criticized for lacking adequate formalization or for failing to demonstrate that they actually worked in practice rather than on paper.
The report also extends beyond traditional AML obligations. Inspectors found shortcomings in how firms addressed their responsibilities under the Automatic Exchange of Information regime for tax purposes, reinforcing the regulator's view that governance weaknesses rarely confine themselves to a single regulatory framework.
Perhaps the clearest message comes in the AMF's discussion of transaction reporting. An effective AML system, the regulator argues, depends on an organization's ability to recognize unusual activity before deciding whether it warrants a suspicious transaction report to TRACFIN. That sounds obvious until one considers how many of the weaknesses identified earlier in the report (poor customer information, incomplete risk assessments, weak internal controls, inadequate training) directly undermine that judgment. Suspicious activity reporting is often treated as the visible endpoint of an AML program. The AMF's findings suggest it is better understood as the product of everything that precedes it.
The publication arrives as Europe's anti-money laundering framework enters a period of institutional change. The creation of the Anti-Money Laundering Authority in June 2024 marks the beginning of a more centralized European approach to supervision, with the new authority assuming both direct and indirect oversight responsibilities while helping shape the region's regulatory framework. National regulators will continue carrying much of the day-to-day supervisory burden, but they will increasingly do so within a system designed to produce greater consistency across borders.
The AMF leaves little doubt about what comes next. Inspections will continue. So will enforcement, applied according to a risk-based approach. The regulator also intends to remain actively involved in the European work accompanying AMLA's gradual establishment.
There is something quietly revealing about the report's cumulative effect. None of the individual findings is especially novel. Incomplete procedures, weak documentation, ineffective controls, inadequate oversight are all issues financial regulators have been identifying for years. What gives this review its weight is repetition. When the same weaknesses continue to surface across dozens of inspections over several years, they cease to look like isolated compliance mistakes. They begin to resemble structural habits, and those are invariably harder to correct than any single deficiency.
The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.

