Five years after a €480 million settlement, ABN Amro is fined again
ABN Amro has been fined €8.5 million over customer due diligence failures, while Cash App's owner will pay $45 million over fraud failings. These are different cases but here is what you need to know
It’s always fun breaking down enforcement actions. Welcome to another Wednesday edition of AboutAML
This week we are looking at two major enforcement actions.
One from the Netherlands
The other came from the United States
You might wonder if they are related
Not directly, but they do send the same message.
Knowing your customer isn’t something you do once, it’s something you keep doing.
ABN Amro fined €8.5 million over AML failures
The Dutch central bank has fined ABN Amro €8.5 million after finding serious weaknesses in how the bank monitored some of its customers.
The investigation covered the period between September 2023 and September 2024 and focused on customers that are considered to present a higher integrity risk.
According to the regulator, the bank fell short on due diligence and ongoing monitoring of those higher-risk customers.
“ongoing monitoring” is one of the most important concepts in anti-money laundering.
Many people think customer due diligence only happens when someone opens an account. You know
You verify their identity
Collect the required documents
Complete the onboarding checks
And that’s it, job done
But that’s only the beginning.
Once someone becomes your customer, firms are expected to keep reviewing the relationship.
Has the customer’s behaviour changed?
Are transactions still consistent with what you know about them?
Have they started sending money to higher-risk countries or carrying out unusual transactions?
Has their overall risk changed?
These questions are designed for ongoing monitoring to answer.
Also note that the higher the risk, the closer that monitoring should be.
According to the investigation, this is exactly where ABN Amro fell short.
Why does this matter?
This isn’t the first time ABN Amro has faced serious AML enforcement.
In 2021, the bank agreed to pay €480 million to settle a criminal investigation due to failures to prevent money laundering. Dutch prosecutors said the bank had failed to properly investigate customers and detect unusual transactions over several years.
The latest fine relates to different shortcomings between September 2023 and September 2024.
After a major enforcement action, firms usually update policies, improve systems, hire more compliance staff and strengthen controls.
But regulators don’t just accept that those changes worked.
They come back, test the controls,
and if they still find weaknesses, then they can take enforcement action again.
That’s one of the biggest lessons from this case.
Block pays $45 million over Cash App fraud failings
We have crossed over to the Atlantic, another major financial company has reached a settlement.
Block, the company behind Cash App agreed to pay $45 million to settle claims brought by 46 US states.
Unlike the ABN Amro case, this wasn’t about money laundering.
It was about fraud protection.
State attorneys general argued that Cash App’s fraud controls and customer support did not match what customers were led to expect.
Block denied wrongdoing but agreed to the settlement.
The interesting part is that the settlement also requires Block to improve how it supports customers.
That includes providing 24-hour customer support, with live phone agents available for at least 13.5 hours every day via phone and at least 18 hours a day via live chat
That requirement says a lot about where regulation is heading.
Regulators are now looking at a broader question
If people trust your platform with their money, are you doing enough to protect them when something goes wrong?
What to note in this breakdown
One case is about customer due diligence.
The other is about fraud protection.
But they’re connected by the same principle.
Financial firms don’t just have a responsibility to bring customers onto their platforms.
They also have a responsibility to keep watching for risks and protect customers throughout the relationship.
This restates why:
FATF has increased its focus on fraud
Technology companies are facing growing pressure over scams on their platforms.
Payment apps are under greater regulatory scrutiny.
Across the industry, expectations are changing.
Regulators expect firms to prevent harm, not just to respond after it happens.
For compliance teams
Incase you are asking, what does this mean for me?
First ask yourself one question
When was the last time your organisation tested whether ongoing monitoring is actually working for higher-risk customers?
Not whether the policy exists
But whether the monitoring is rightfully identifying unusual activity and prompting action.
That’s exactly where regulators looked in this case.
For businesses navigating AML obligations
The Block case shows that what you promise customers matters.
If your marketing says customers are protected, your systems, processes and customer support need to deliver on that promise.
Otherwise, regulators may see the gap between the promise and the reality as a compliance issue.
For people learning AML
These two cases explain one of the biggest misunderstandings in anti-money laundering.
Customer due diligence doesn’t end when someone becomes a customer.
That’s where it starts.
The real work is monitoring risk throughout the entire business relationship.
Understanding that one idea will help you understand why so many AML enforcement cases focus on ongoing monitoring rather than onboarding.
What does AML regulation say?
Ongoing monitoring is a core customer due diligence obligation under FATF Recommendation 10 and the EU Anti-Money Laundering Regulation (AMLR), which will apply from 10 July 2027.
Firms must monitor transactions throughout the business relationship, ensure they are consistent with what they know about the customer, keep customer information up to date, and apply enhanced scrutiny where the risk is higher.
Customer due diligence is not a one-off check at onboarding, it’s a continuous process for as long as the customer remains with the firm.
What to watch next
Whether other European supervisors begin placing greater emphasis on ongoing monitoring for higher-risk customers.
How Block implements the customer service improvements required by the settlement.
Whether other payment platforms face similar enforcement over fraud prevention and customer protection.
One thing though,
Whether you’re a traditional bank or a fintech platform, regulators expect firms to keep protecting customers long after they’ve signed up
That’s no longer just good practice
It’s an expectation.
Official sources
If you found this useful, feel free to share it with a colleague who works in compliance, risk, fraud, or financial crime.
AboutAML covers regulatory developments like this every Monday and enforcement actions every Wednesday.
Don’t miss a read.
Subscribe free here: Substack.
Tosin
AboutAML

