Your recent AML Outlook report highlights over €36 million in fines issued across Europe in just one year. What recurring weaknesses or compliance gaps are regulators most commonly identifying in payments and e-money firms?

John Gidla (JG): Regulators continue to flag underinvestment in anti-financial crime controls as a key concern for payments and e-money firms. Common themes include weak governance, limited oversight, and fragmented controls, all of which increase vulnerability to financial crime. There’s a growing expectation that firms scale their compliance frameworks in line with their risk exposure and growth trajectory

The report mentions that AML compliance can be costly—yet the reputational and financial risks of non-compliance are even greater. What are the most cost-effective measures firms can implement today to strengthen their AML frameworks without overwhelming their budgets?

JG: While not all firms can afford advanced compliance tools, strong governance remains one of the most cost-effective ways to reduce risk. Practical steps such as training staff on emerging threats, embedding a culture of accountability, and regularly updating frameworks as the business grows can go a long way in strengthening AML resilience without major spend.

With the creation of the EU’s new AMLA authority, do you expect a more consistent and centralized enforcement approach across Europe? How might this change how firms prepare for inspections and adapt their compliance strategies?

JG: AMLA has the potential to bring greater consistency to AML enforcement across the EU, addressing long-standing issues caused by fragmented supervision and uneven implementation by national authorities. Its impact will depend on how much direct oversight it gains, how assertively it acts on cross-border risks, and whether it can close the regulatory gaps that have permitted high-profile scandals. Firms should expect more rigorous and standardised inspections and will need to ensure their compliance programmes are not only locally robust, but scalable across jurisdictions.

Vixio emphasizes the importance of a proactive rather than reactive compliance culture. In your view, what does a ‘proactive’ AML strategy look like in 2025, and what technologies or best practices are leading firms adopting to stay ahead?

JG: A truly proactive AML strategy in 2025 extends beyond technology to encompass a strong compliance culture at every level of the organisation. Leading firms understand that combating financial crime isn’t just the responsibility of the compliance team — it’s integrated into day-to-day operations, with senior leadership driving risk awareness across departments. In terms of technology, firms are increasingly adopting AI, machine learning, and automated monitoring systems to detect suspicious activity early and reduce human error. However, culture plays a critical role; firms that foster a compliance-first mindset and invest in ongoing staff training are better positioned to adapt to emerging threats and ensure that their compliance frameworks evolve in step with business growth and digital transformation. A proactive approach also means constantly reassessing risk and using data to predict and prevent issues, rather than just reacting to them. With regulations in constant flux, and regulators ramping up enforcement, proactive compliance looks like implementing strategies to anticipate regulations, not just react to them. In Vixio’s PC Outlook Report, we found that a clear majority of firms surveyed are using some form of outsourcing for their compliance functionality, turning to firms like Vixio to get ahead of regulatory change.

Thanks to John Gidla, Head of Payments Compliance at Vixio, for his insightful responses.