Raising the Bar: Supervisory Expectations for AML and KYC Quality

In our recent expert webinar, Arend Koper, Senior Supervisor for Financial Economic Crime at the Dutch Central Bank (DNB), shared a clear supervisory perspective on where expectations are heading. The message was consistent throughout: effectiveness, proportionality, and explainability are becoming the core benchmarks for supervisory assessments.

Below, we summarize the key insights and include the results of our live audience surveys.

The Compliance Balancing Act: Effectiveness, Proportionality, Fairness

Supervisors increasingly expect institutions to strike a careful balance:

• Effectively counter ML/TF risks
• Allocate resources proportionally based on top risks
• Avoid unintended consequences such as de-risking, financial exclusion, and discrimination

In the Netherlands, strong enforcement actions and large settlements have significantly increased compliance pressure. As a result, many institutions have tightened onboarding policies, exited higher-risk segments, or introduced additional controls. While understandable, this can create side effects that supervisors now scrutinize more closely.

Live Survey: Unintended Consequences Are Widespread

We asked participants:

“Do you encounter unintended consequences of money laundering regulations in your day-to-day compliance practice?”

Results:

• 37%: Yes, but rarely
• 14%: Yes, often
• 37%: No, but I know examples of de-risking, financial exclusion, or discrimination
• 11%: No, never
  
  

Nearly 90% of participants either experience unintended consequences themselves or are aware of real examples.

This confirms what supervisors are seeing: risk-based frameworks, if applied too rigidly or defensively, can lead to de-risking, overly conservative classifications, and even perceived discrimination.

Why “Risk-Based” Often Becomes Risk-Averse

Arend highlighted several recurring supervisory observations:

Procedural Certainty Over Professional Judgment

Analysts rely heavily on work instructions and checklists, limiting contextual decision-making.

Feedback Loops That Inflate Risk

Internal quality controls and supervisory reviews often focus on under-estimating risk. This can unintentionally encourage systematic over-classification as high risk.

Automatic Escalation Through Risk Indicators

Published risk indicators, when embedded rigidly in automated scoring, can override context and proportionality.

Capability Gaps in Large Remediation Programs

Junior-heavy teams may lack the experience required to apply nuanced, risk-based judgment in complex cases.

Supervisors are not looking for perfection. They are looking for evidence that institutions truly understand their risks and allocate resources accordingly.

Live Survey: Mitigating Discrimination Risk

Next, we asked:

“Does your organization actively mitigate the risk of discriminating clients?”

Results:

• 16%: Yes, this is an important topic and we actively mitigate the risk
• 32%: Yes, but it can be improved
• 20%: No, but we informally discuss these risks
• 32%: No, we do not (need to) mitigate this risk
  
  

Only a small share of institutions have a structured, active mitigation framework in place.

This gap between awareness and formal mitigation is significant. Supervisors increasingly expect institutions to:

• Define discrimination risk clearly
• Assign ownership
• Implement feedback mechanisms
  Integrate discrimination risk into compliance governance
  

For further context on regulatory expectations and explainability in AML frameworks, see the Sinpex article EU AML Package 2025: A Wake-Up Call for Europe’s Compliance Landscape.

The ML/TF Risk Assessment Must Drive the Framework

One of the clearest supervisory expectations: the risk assessment must become a steering document.

It should:

• Identify and prioritize top risks
• Direct resource allocation
• Feed into monitoring and management reporting
  Be data-driven, not only judgment-based
  
  

Institutions often complete annual risk assessments as a formal requirement. Supervisors expect something stronger: a living document that shapes operational reality.

This includes:

• Risk-based sampling of high-risk files
• Event-driven reviews tied to top risks
• Meaningful management information on tool effectiveness
• Continuous feedback loops for improvement

To see how technology can help digitalize and operationalize risk policies, check out the Sinpex resource Digitize Your AML Risk Policy: Automate KYC/KYB Risk Assessments.

If your organization is reviewing how to operationalize risk-based prioritization, explore the Sinpex product overview for AML / KYC / KYB automation.

Live Survey: EU AML Package Preparation

We also asked:

“Has your organization started to prepare for the EU AML Package?”

Results:

• 20%: Yes, extensive gap analysis and active involvement
• 45%: Yes, but only minor gap analysis
• 20%: No, but will start before applicability
• 15%: No, will only look at it when it becomes applicable
  

While most institutions have started preparations, many are still at an early stage.

Given the operational impact of the AML Regulation, AMLA, and regulatory technical standards, preparation should not remain a paper exercise. Data requirements, governance adjustments, and enhanced CDD expectations will require structured implementation planning.

For concrete guidance, see the Compliance Checklist for the EU AML Package by Sinpex.

Explainability Is Becoming Non-Negotiable

Across all topics, one theme dominated: explainability.

Supervisors expect institutions to clearly explain:

• Why customers are classified as high or low ris
• Why certain controls apply
• Why resources are allocated in specific ways
• How tools and models produce outcomes
  How effectiveness is measured

AI and automation are welcome, but only if institutions can demonstrate effectiveness and transparency. Black-box compliance is unlikely to meet supervisory standards in 2026 and beyond.

The Most Common Misconception About AML Effectiveness

When asked what institutions still misunderstand, the answer was clear:

Many focus on completing project milestones and documenting controls, but forget to verify whether the framework actually works in practice.

Supervisors increasingly look beyond documentation. They assess whether:

• Analysts have the right expertise
• High-risk cases are handled proportionally
• Controls produce meaningful output
• Governance enables real steering
  
  

In short: AML quality is measured by outcomes, not paperwork.

Final Thoughts

The direction is clear:

• Do more where the top risks sit
• Be proportionate and defensible
• Monitor unintended consequences
• Build explainable, auditable frameworks
• Prepare early for AMLA and the EU AML package

A big thank you again to Arend for sharing such transparent and practical supervisory insights.

If you would like to discuss how your organization can strengthen AML/KYC quality, improve risk prioritization, or prepare for upcoming regulatory changes, feel free to reach out to the Sinpex team.

‍