AML and eWallets: How to mitigate risks and comply with regulations

An eWallet, or digital wallet, is a software-based system that holds users’ payment information and can be used to pay for goods and services, either online or in person with a mobile device. 

The global use of eWallets has grown rapidly, with offerings from established financial and technology brands alongside newer startups. According to some estimates, eWallets will account for 50 percent of e-commerce transaction value in 2025, up from 40 percent in 2021, while 60 percent of the world’s population will be using some form of digital wallet by 2026. 

While eWallets’ speed and convenience give them obvious consumer appeal, they can also be exploited for criminal use without effective anti-money laundering and countering the financing of terrorism (AML/CFT) controls in place.   

How are eWallets used by criminals?

eWallets are often used for high transaction volumes, and providers are expected to offer instant payments. These features make them vulnerable from an AML/CFT perspective. 

Money launderers can use eWallets to make payments to and from multiple accounts in a short period of time, creating increasingly complex transaction chains and making it harder to trace the source of the laundered funds. This extends to cross-border transactions: while digital wallets can make it easier to send money internationally, this risks regulatory arbitrage, where criminals exploit jurisdictional differences in regulation to evade detection. 

This means eWallets offer new channels for established money laundering typologies, such as:  

• Structuring: Splitting large transactions into several smaller ones to avoid triggering alert thresholds. 
• Money mules: Recruiting individuals to hold or transfer money on behalf of criminals. 
• Prepaid card money laundering: Some prepaid cards do not require banking or other identifying information to be used. This means criminals can add money to them and then use the cards to make purchases, introducing illicit funds into the financial system. 
• Virtual asset money laundering: The anonymity offered by cryptocurrencies compared to traditional banking makes them an attractive option for money launderers. eWallets linked to virtual asset service providers are therefore at risk of misuse. 
• Money laundering through crowdfunding platforms: This entered the spotlight in 2024, in part thanks to the use of fiat and cryptocurrency crowdfunding donations in terrorist financing, typically channeled through accounts and eWallets in third countries. 

AML regulations around eWallets

Like all payment firms and other financial institutions (FIs), eWallet service providers are subject to comprehensive AML regulations. The details of these vary according to jurisdiction, and you should consult your local regulatory obligations, but key examples globally include: 

• United States: The Bank Secrecy Act (BSA), the Anti-Money Laundering Act, and the USA Patriot Act are the major pieces of legislation in the US. These are enforced primarily by the Financial Crimes Enforcement Network (FinCEN) and the Office of Foreign Assets Control (OFAC). 
• United Kingdom: The Proceeds of Crime Act (POCA), the Money Laundering, and Transfer of Funds (Information on the Payer) Act, and the Terrorism Act are at the center of UK AML/CFT regulation. The Financial Conduct Authority (FCA) regulates eWallet providers in the UK. 
• European Union: The ‘new’ Sixth Anti-Money Laundering Directive (6AMLD) is the EU’s main piece of AML legislation. A 2024 package of new AML rules established an EU-wide regulator, the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA). 
• Singapore: The Monetary Authority of Singapore (MAS) is the financial regulator for Singapore and issues a series of Notices guiding firms on implementing AML controls. The Corruption, Drug Trafficking, and Other Serious Crimes Act (CDSA) is the country’s foundational AML law.  

These regulatory regimes, and most others, derive largely from the Financial Action Task Force’s (FATF) International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation, or ‘40 Recommendations’. These set international expectations for AML controls and revolve around a set of essential principles: 

There are also regulations in force specifically for the payments sector. These cover all operational requirements, not just AML, but typically spell out conditions around internal controls like CDD, payment screening, and transaction monitoring. Examples include: 

• The Payment Services Regulations 2017 (PSRs) in the UK. 
• The Electronic Fund Transfer Act (EFTA) in the US. 
• The revised Payment Services Directive (PSD2) in the EU. The Single Euro Payments Area (SEPA) Instant Credit Transfer (ICT) regulation also requires firms to screen their customer base daily so they can process payments in under ten seconds. 
• The Payment Services Act (PSA) in Singapore. 

Given that non-compliance with these regulations can result in significant fines or other enforcement actions, as well as reputational damage, you should make sure your firm has procedures in place to deal with any AML threats you face.

The State of Financial Crime 2025

Read our fifth annual state-of-the-industry report, built around a global survey of 600 senior compliance decision-makers.

Download your copy

How to comply with eWallet AML regulations

In 2023, a European Banking Authority (EBA) report found that many payments firms’ AML controls were not proportionate to the inherently high levels of risk they face. If you work in a smaller or newer firm, investing strategically in solutions with machine learning (ML) capabilities can be a highly efficient way to match larger businesses’ longer-standing and resource-intensive compliance infrastructures. In particular, when implementing your compliance program, you should: 

• Know the risks to watch out for: To satisfy regulators, you should conduct in-depth risk assessments that go beyond box-checking exercises. These should consider your product, customer, and geographic risks. For example, the EBA has identified individuals de-risked from the banking sector, including PEPs, as an increasing threat to the payments sector. 
• Carry out robust CDD: Criminals often seek to conceal their identities and exploit weak eWallet customer onboarding processes. You should ensure your system remains protected by running CDD checks to verify information such as names, addresses, and dates of birth, and screening customers against sanctions lists, watchlists, adverse media, and politically exposed person (PEP) information. 
• Ongoing customer monitoring: Due diligence should be an ongoing process, rather than a one-time event. To ensure this is the case and support compliance with SEPA ICT rules, your AML solution should be able to update you automatically on changes in customer risk scores, so you don’t have to manually re-screen customers. 
• Screen payment counterparties: While ongoing CDD minimizes your risk exposure within your customer base, you should screen all payment details, including counterparties and references, to ensure your services are not being used to send money to high-risk entities. 
• Implement tailored transaction monitoring: While some suspicious activity only becomes apparent over time, real-time transaction monitoring minimizes any delay in detecting these patterns and reporting them to the authorities. You should adapt your transaction monitoring rules and scenarios to the risks you will likely face. This will allow you to pick up on red flags such as repeated transactions just below reporting thresholds, immediate withdrawals or transfers of funds transferred to accounts, or transactions for no clear purpose. 

“If your firm is operating in or exposed to crypto, you should take its potential for exploitation seriously. Given its growing ubiquity in certain aspects of economic and financial crime, your team can not simply shrug off the risks as an overreaction of regulators or the mainstream financial system. You, therefore, need to deploy appropriate AML/CFT measures – robust due diligence, monitoring, and screening – to protect not only your businesses but also the longterm reputation and credibility of the sector. Crypto has much to offer, and this should not be sacrificed out of an unwillingness to take appropriate precautionary measures.”

Iain Armstrong, Regulatory Affairs Practice Lead, ComplyAdvantage

AML compliance solutions for digital payments providers 

Using ComplyAdvantage Mesh for your AML screening and monitoring needs, you can protect your firm and improve regulatory compliance while retaining the smooth customer experience central to digital wallets. Specifically, ComplyAdvantage can empower your compliance analysts with: 

• Real-time sanctions updates: Bolster your due diligence and payment screening solutions with system-wide updates to sanctions lists in under an hour. ComplyAdvantage sources data straight from regulators using automated systems with expert oversight. 
• Payment screening with high straight-through processing: Firms using ComplyAdvantage payment screening have experienced up to 60 percent reductions in false positives while being able to process 99 percent of transactions instantly, ensuring compliance and business growth go hand in hand. 
• AI-powered transaction monitoring: ComplyAdvantage’s transaction monitoring solution comes with an industry-leading library of rules, a self-serve rule builder for full customizability and ML capability to fill in the gaps where existing rules don’t cover unexplained activity.