Prudential Supervision: AML and CFT

Posted: Tuesday, 17 February 2026, 10:09 AM

Digital finance is plagued by risks of money laundering (ML) and terrorism financing (TF), the scale of which is difficult to estimate. The United Nations Office on Drugs and Crime (UNODC) estimates that 2–5% of global GDP is laundered each year.

Addressing and mitigating the risks associated with these crimes is referred to as Anti-Money Laundering and Countering the Financing of Terrorism, or AML/CFT. Money laundering and terrorism financing is of particular concern for prudential supervision because it can directly threaten a financial service provider’s stability, safety, and soundness. The broader impact is how it undermines public trust in the financial system as a whole.

The vast scale of money laundering and terrorism financing suggests that transaction monitoring and customer due diligence (CDD) by DFS providers and other financial firms is not always fit-for-purpose. The UNODC figures also suggest that supervisory action in this area is not yet at the scale and depth required.

While regulation is critical, it has been recognised by regulators and international organisations, such as the Financial Action Task Force (FATF), that applying AML/CFT regulation and supervision, and more recently counter proliferation financing (CPF) regulation and supervision, too rigidly or in a non-proportionate manner, can impact on financial inclusion.

Such application impedes much needed access to, and usage of, financial services by the financially excluded and/or underserved by both individuals and providers. At the same time, international standards highlight that financial exclusion is a contributor to financial integrity risks.

The following question then arises:

“How can prudential supervisors deliver proportional supervision of DFS providers to balance the demands of AML/CFT with financial inclusion?”

Supervisors need to adopt a risk-based approach to AML/CFT and CPF supervision, just like in any other area of supervision. They need to:

understand ML/TF and PF risks associated with individual DFS providers
understand the DFS industry
allocate their resources accordingly.

Supervisors often have the power to act against a DFS provider that does not comply with AML/CFT law and regulations. To be effective, supervisors should have a range of tools, such as sanctions, which can be applied in a proportionate and graduated manner depending on the nature of the case.

Supervisors should be able to impose sanctions not only on DFS providers but also on their directors and senior management. Additionally, law enforcement should investigate and prosecute these types of offences. This would complement effective supervision, but it is not a substitute.

For example, a DFS provider that faces a severe administrative sanction imposed by a supervisor for lacking effective internal controls, such as the replacement of the board of directors, may also be subject to action by law enforcement agencies due to the same underlying problem.

It becomes clear that effective investigation by law enforcement agencies requires cooperation and information sharing with DFS supervisors.

The next video will discuss inclusive and proportional supervision, starting with the role of national risk assessments and law enforcement agencies. It will then focus on specific supervisory actions, such as supervisory reviews of institutional ML/TF risk assessments, compliance with CDD rules, detecting suspicious transactions and actors, and imposing corrective and sanctioning measures.

If you have trouble playing this video, you can access an alternative player here.

Click to view the transcript.

This video has highlighted the dependence of inclusive insurance on data, especially as a means to foster inclusion and growth. You have also learned that a proportional approach, based on the risk profile of each insurance provider, is recommended by the International Association of Insurance Supervisors as the best means to balance inclusivity with prudential and consumer protection risks.

Additional Reading:

The following sources were consulted in preparing this video.

FATF, 2025, Financial Inclusion and AML/CFT Measures, https://www.fatf-gafi.org/en/publications/Financialinclusionandnpoissues/guidance-financial-inclusion-aml-tf-measures.html
FATF, 2021, Guidance on Risk-based Supervision, https://www.fatf-gafi.org/en/publications/Fatfrecommendations/Guidance-rba-supervision.html

In addition to these sources, we recommend including the following as additional reading on supervising AML/CFT:

Kerse, M., de Koker, L., and Goyal, R., 2025, Podcast: Insights on FATF Guidance - Financial Inclusion and AML/CFT Measures (Part Two), Toronto Centre, https://torontocentre.org/index.php?option=com_content&view=article&id=607&Itemid=99
Toronto Centre, 2024, The Role of Supervision in the Financial Inclusion of Forcibly Displaced Persons
https://torontocentre.org/index.php?option=com_content&view=article&id=515&Itemid=99
Toronto Centre, 2023, Supervising Inclusive Financial Sector, AML/CFT Supervision section - https://torontocentre.org/index.php?option=com_content&view=article&id=464&Itemid=99#Toc148884792

Reflection Questions for Discussion

Please post your response using the forum functionality to share your insights and thoughts with your fellow students.

After watching the video, do you have additional activities or questions you would include in your supervisory reviews of providers to mitigate AML/CFT risks? What are these, and how do you think they will improve the efficacy of your reviews?
In what ways can technology enhance the effectiveness of supervision?

Re: Prudential Supervision: AML and CFT

by Sarim Ali - Wednesday, 4 March 2026, 7:41 AM Group 5

1. I would check how often providers review and update their transaction monitoring systems and whether high-risk customers are regularly reassessed. This helps ensure suspicious activity is actually being detected.
2. Technology can analyse large volumes of transaction data and flag unusual patterns quickly. This helps supervisors focus on higher-risk providers and respond earlier to potential AML/CFT issues.

Re: Prudential Supervision: AML and CFT

by Erah, Dominic Ose Erah - Wednesday, 4 March 2026, 9:40 AM Group 1

1. Supervisors should add checks on mandatory risk assessments, benefits ownership verification and technology driven monitoring because global reforms now require effective, risk-based AML/CFT programs and modernized detection tools. These additions strengthen oversight by reducing anonymity risks, improving detection accuracy and aligning institutions with national AML/CFT priorities.
2. Technology enhances supervision by enabling AI-powered monitoring, digital identity verification and data driven risk analysis for faster and more accurate supervisory decisions

Re: Prudential Supervision: AML and CFT

by Faith Fxentirimam Envuladu - Thursday, 12 March 2026, 5:01 PM Group 1

1. To improve supervisory reviews, I plan to use scenario-based questions, which will evaluate how effectively providers manage risks associated with complex and new AML/CFT threats. The assessment will examine their methods for monitoring high-risk transactions, their ability to identify beneficial ownership in complex corporate structures, and their capacity to handle third-party risks. The method will enable organizations to move away from static checklist assessments, which use unchanging standards, to achieve dynamic assessment methods that help evaluate their risk management capacities and their threat response abilities across different changing circumstances.
2. Supervisory work in AML and CFT operations receives major improvements through technological advancements. Advanced data analytics and AI technology enable organizations to discover indispensable patterns that they need for their monitoring of high-risk organizations. The RegTech solutions automate the reporting process together with compliance checks, which results in improved accuracy and operational efficiency. The secure communication platforms enable organizations to share information, while an AI-powered risk profiling systematizes their resource distribution to assess high-risk entities.

Re: Prudential Supervision: AML and CFT

by Lucy Kihembo - Thursday, 12 March 2026, 8:02 PM Group 4

1.In supervising DFS providers, it is important to place additional emphasis on third-party risk exposure, given the high level of interconnectedness in the sector. Many DFS providers rely on partnerships with merchants, aggregators, fintechs, and other service providers, which can introduce varying levels of AML/CFT risk. Supervisory analysis should therefore assess the onboarding processes for partners and merchants, including how institutions conduct due diligence and assign risk ratings. For example, certain partners such as casinos or gaming platforms may present higher AML risks compared to lower-risk merchants such as retail stores. It is also important to review the provider’s framework for ongoing monitoring of partners and clients, including transaction monitoring, periodic risk reassessments, and controls for high-risk relationships. This helps ensure that the evolving risk environment associated with third-party relationships is adequately identified and managed.

2. Technology enables near real time monitoring of transactions, customers/partners which enhances risk monitoring for a more proactive approach

Re: Prudential Supervision: AML and CFT

by Michael Sserwanga Sserwanga - Saturday, 14 March 2026, 4:19 PM Group 4

I think an important area of focus would be agent-level AML/CFT risks, especially in emerging / developing markets like Uganda where large agent networks support mobile money services. I think supervisory reviews could include examining how providers monitor agent behaviour, including suspicious cash in and cash out patterns, unusual transaction volumes, and compliance with customer due diligence requirements. Asking providers how they train agents to identify suspicious activities (If at all they are trained) and how these concerns are escalated internally could strengthen AML/CFT oversight.

Supervisory Technology (SupTech) can allow supervisors to analyse large volumes of transaction data, regulatory returns/ reports , and suspicious transaction reports more efficiently. Machine learning models can detect emerging patterns and potential compliance issues earlier, allowing supervisors to focus their attention on higher risk areas

Re: Prudential Supervision: AML and CFT

by KABIRU MUDASHIRU - Sunday, 15 March 2026, 3:49 PM Group 1

1. I would most likely include the following: Customer due diligence and enhanced customer due diligence. The categorization of customers as either PEP (politically exposed persons) or not

2. Considering the growing number of Fintech-led institutions and the increasing number of transactions, manually reviewing transactions or looking for violations effectively is near impossible. Activities can only be effectively supervised with robust suptech technology that can flag violations in real time. The flagged violations would be critically reviewed; although, this would not negate the use of natural judgment in some scenarion.

Re: Prudential Supervision: AML and CFT

by Usman Bayero - Tuesday, 17 March 2026, 12:27 PM Group 1

1. We should include automated transaction pattern analysis and digital identity verification audits to spot "smurfing" or rapid layering that manual samples miss. Integrating biometric consistency checks ensures that the person performing a mobile transaction matches the KYC record on file, reducing synthetic identity fraud.
2. Technology allows SupTech tools to analyze detailed, up-to-date data, helping supervisors spot potential risks and liquidity issues before they become serious problems. It automates regulatory reporting and validation, which eliminates human error and frees up staff to focus on high-impact thematic reviews and strategic intervention.

Re: Prudential Supervision: AML and CFT

by Elsabet Getachew Mulugeta - Thursday, 19 March 2026, 5:03 AM Group 2

1. DFS capability of identifying suspicious transactions, do they have a system to identify suspicious transactions? are the staffs trained to identify suspicious transactions? , is there a procedure to report suspicious transaction to the compliance officer? are these information kept confidentially and reported to the FIS?
2. the suspicious transaction detection mechanisms can be parametrized to the goals intended and assessment of the AML/CFT risks.

Re: Prudential Supervision: AML and CFT

by Aboo Badhasa Aboma - Thursday, 26 March 2026, 12:59 PM Group 2

1. To mitigate AML/CFT risks, supervisory reviews should include thematic on-site inspections focusing on beneficial ownership transparency and automated transaction monitoring audits to ensure real-time detection of suspicious patterns. These activities improve efficacy by moving beyond basic compliance checklists to identify complex, hidden illicit networks and ensuring that a provider's risk mitigation tools are functioning as intended.

2. Technology enhances supervision by enabling RegTech solutions that automate the analysis of vast datasets, allowing regulators to identify high-risk anomalies with greater speed and precision. Furthermore, the use of Application Programming Interfaces (APIs) facilitates seamless, real-time data sharing between providers and supervisors, shifting the regulatory model from periodic reporting to continuous, proactive oversight.

Re: Prudential Supervision: AML and CFT

by Agaba Albert Busingye Agaba - Wednesday, 1 April 2026, 8:57 PM Group 4

1. Supervisors of DFS providers could review the transactions logs, beneficiaries of the suspicious transactions and third party risks of partnering fintech and other service providers who have encountered different levels of AML, CFT and CPF. Supervisors should put more emphasis on partnering institutions and agent on their strategic processes and assessments of other service providers brought, their internal controls to identify and monitor transactions, customer profiles or background information, beneficiaries of the large suspicious transactions in detecting AML/CFT/CPF risks and consumer protection risks.

2. Using the Supervision Technology, can help supervisors understand and analysis vast volumes of data/transactions and filtering the suspicious transaction, identifying the high-risk areas using AI-powered monitoring to accurately provide a risk analysis and mitigation measures to support supervisors give the proportionate risk-based approach or supervisory decisions.

Re: Prudential Supervision: AML and CFT

by Elsabet Assefa - Friday, 3 April 2026, 12:48 PM Group 2

1. Yes. Additional activities and or questions to include in supervisory reviews
Review the DFS provider’s own ML/FT risk assessment and compare it with the supervisor’s findings.
Consult the national ML/FT risk assessment when evaluating the provider.
Request information directly from the FIU on the quality/promptness of the provider’s STRs (vs. peers) and any unreported suspicious transactions/fund movements.
2. Technology (SupTech) enhances supervision by using AI tools to process large volumes of data (transaction reports, regulatory filings, STRs, and even public/social-media sentiment), detect emerging risks through pattern recognition and sentiment analysis, focus resources on higher-risk providers/activities, reduce burdens on lower-risk ones, and enable proactive intervention making AML/CFT supervision more effective and proportionate.

Course Navigator