By Kyrylo Shevchenko
MAY 6, 2026, EUROPE–The new FATF Ministerial Declaration of 17 April 2026 is important not as a formal international ritual, but as a fairly precise indicator of where the global AML/CFT agenda is moving. For a non-specialist reader, this requires a brief explanation. The Financial Action Task Force, or FATF, is an intergovernmental body that sets global standards for financial integrity: what countries, regulators, banks, and other financial intermediaries are expected to do to prevent the financial system from being used for money laundering, terrorist financing, or proliferation financing. A ministerial declaration is not a technical manual for banks. It is a high-level political signal about the threats on which FATF believes attention should be concentrated in the coming years.
The historical background matters. FATF was created in 1989 as a body focused on combating money laundering. But the main global tightening of compliance began after the terrorist attacks of 11 September 2001 in New York and Washington, when counter-terrorist financing became a central task for the financial system. FATF itself recalls that within months of those attacks it had issued special recommendations on terrorist financing. That was the moment when controls over customers, payments, source of funds, and suspicious transactions began to evolve rapidly from a narrow banking function into a vast international compliance architecture.
If one reads the current declaration carefully, FATF draws attention to several priorities at once. First, it stresses that in a world where technology allows money to move across borders instantly, the fight against illicit finance requires faster and more flexible responses. Second, it highlights a new round of mutual evaluations in which the focus is no longer only on formal compliance, but also on risk and effectiveness. Third, it explicitly refers to threats to the international financial system associated with Russia’s war against Ukraine. Fourth, it underlines the importance of strengthening the global FATF network and taking into account the specific circumstances of low-capacity countries and micro-states within a risk-based approach.
The declaration then sets out a number of specific areas of emphasis. These include support for risk-based implementation as a core principle; revised standards on payment transparency, intended to strengthen the security of cross-border payments and, in the words of the declaration, to help “curbing sanctions evasion and fraud”; support for financial inclusion when measures are applied proportionately to risk; recognition that technology, including artificial intelligence, can improve supervisory and compliance effectiveness; a call for the rapid and effective implementation of FATF standards in the area of virtual assets; stronger action against the misuse of legal persons, legal arrangements, and complex structures; a focus on asset recovery; a separate block on fraud, including payments fraud, organised scam centres, misuse of legal persons, social media, telecommunications, and AI; a block on transnational organised crime, including drug trafficking; and finally the more traditional block covering terrorist financing and proliferation financing.
For an ordinary bank client, investor, small business owner, or simply someone who uses an account, a card, and bank transfers, all of this may sound overly abstract. In practice, however, it concerns very concrete things: how quickly an account is opened, how many times a bank asks for the same documents, how easily a standard international payment can be processed, whether a transaction will be blocked “just in case,” and how much of the financial system’s resources are spent on real threats as opposed to self-reproducing bureaucracy. International standards of this kind ultimately turn into a very tangible user experience inside the banking system. The question, therefore, is no longer only one of security. It is also about how the everyday financial life of a law-abiding customer is regulated.
This is where the most important point for Europe emerges. Contrary to the usual bureaucratic instinct, the declaration does not push for blanket tightening across the board. On the contrary, FATF explicitly speaks of the strategic prioritisation of resources and states that the system should avoid “regulatory overburdens and unnecessary compliance costs, especially for low-risk sectors.” In my view, this is the key formula in the entire declaration. It means that a risk-based approach is not a licence to expand regulatory burden indefinitely. It is an obligation to reallocate that burden toward areas where it can produce real results.
That leads directly to a conclusion Europe has long postponed, and rarely states openly. In the traditional fiat-currency sector, particularly in institutionally stable and low-risk jurisdictions, much of the core control architecture has long since been built. KYC, sanctions screening, transaction monitoring, source-of-funds checks, suspicious transaction reporting — all of this has become a mature operational infrastructure. No one is arguing that these tools should be abandoned. But in a number of segments, their further mechanical expansion is now producing not a proportionate reduction in risk, but primarily additional cost.
In that sense, excessive compliance increasingly acts as a hidden tax on legitimate financial activity. It lengthens onboarding, raises the cost of service, diverts bank resources into repetitive procedures, and weakens the efficiency of financial intermediation. Put more simply, the post-2001 control architecture was built around a very specific historical challenge: terrorism and its financing. Those risks remain. But new, faster, and more technologically adaptive threats have since been added to the picture. Compliance should therefore not continue to work by inertia against ordinary customers and ordinary companies under an outdated model. It should become sharper where the structure of risk has genuinely changed. That, in fact, is what a true risk-based approach means.
If part of the compliance burden in the mature fiat sector has reached the limit of its usefulness, the situation in the new risk zones is the exact opposite. Here the FATF declaration is particularly clear. It expressly supports revised standards on payment transparency, including “by curbing sanctions evasion and fraud.” It states directly that technology, including AI, can strengthen supervision and compliance. It calls for rapid and effective implementation of the standards in the area of virtual assets and makes clear that countries delaying such implementation will increasingly be held to account through peer review. It identifies fraud as a growing global threat, emphasises the role of cross-border fraud schemes, organised scam centres, and the misuse of emerging technologies. In other words, the regulator itself is showing where the real control deficit lies today: not in long-familiar low-risk segments of the banking sector, but in digital, cross-border, and rapidly adaptive schemes of a new generation.
That is why the debate should not be framed as a choice between “more” or “less” compliance. The correct question is different: where does additional compliance still create real value, and where does it mainly reproduce the inertia of the system? If the risk-based approach is to be taken seriously, the answer is fairly obvious. In mature, low-risk segments of the traditional banking sector, compliance should become lighter, faster, and more proportionate. The resources thereby released — supervisory, analytical, technological, and operational — should be redirected toward the areas where risk is genuinely growing: crypto-related structures, sanctions evasion, payment opacity, AI-enabled abuse, and cross-border fraud networks. That would not weaken the system. It would modernise it.
For the end user of financial services, this means something very simple. If regulation were to become genuinely risk-based, an ordinary client and a bona fide business should face not less safety, but less pointless friction: faster account opening, fewer duplicative documentation requests, smoother standard transactions, and lower direct or indirect costs generated by bureaucracy that no longer delivers proportionate value. At the same time, controls where risks have genuinely increased should become not merely more formal, but more precise and more technologically capable. In other words, this is not about “loosening the banks.” It is about stopping the law-abiding customer from paying the price for an inefficient allocation of supervisory effort.
That is the main practical conclusion to be drawn from the new FATF declaration. It is important not only because it lists new threats. It matters because it provides a fully legitimate basis for a long overdue conclusion: old compliance in low-risk environments should be eased, while new control tools should be developed much more rapidly where financial crime has already changed its form.
About the Author
Kyrylo Shevchenko is a devoted father, proud Ukrainian who was the Chief of the National Bank of Ukraine (July 2020-October 2022). A Banker/Financier with 30 years of experience, Kyrylo maintains his cool amongst immense pressure and challenges. He successfully managed war time crisis during the February 2022 Russian-Ukraine conflict, while sustaining banking system in an interrupted mode.