The first few weeks of 2026 didn’t ease anyone in gently. Across Anti-Money Laundering (AML), fraud, and compliance, it felt like regulators were already collectively turning up the heat. From updates to sanctions lists and major fines for non-compliance, to shifts in digital ID policy and rising concerns around AI-driven fraud, the landscape has been anything but quiet.
Here’s a look at the key developments from January and the stories that are already shaping conversations in AML compliance teams which are likely to set the tone for the year ahead.
The United Kingdom
Sanctions list consolidation
Towards the end of the month, the UK government completed the process of merging its sanctions lists into a single consolidated list. Previously, firms had to reference either the UK Sanctions List (UKSL), managed by the Foreign, Commonwealth and Development Office or the OFSI Consolidated List, overseen by the Office Financial Sanctions Implementation to track designations, depending on the regime or issuing authority.
From 28th January, all UK sanctions designations now sit in one place: the UK Sanctions List.
The move followed long-running calls for a simplification from industry and aligns the UK more closely with how other major jurisdictions present sanctions data. The consolidated list covers individuals, entities and ships subject to asset freezes, travel bans and trade restrictions.
The change coincided with continued UK enforcement focus on Russia-related sanctions, which remain one of the most active and complex regimes firms are dealing with.
You may also like: The UK’s move to a single sanctions list: What compliance professionals need to know
City of London Police launch new national fraud reporting service
The City of London Police publicly launched a new fraud reporting service in January, marking the biggest overhaul of the system in years. The updated platform, called Report Fraud, is designed to make it easier for victims of fraud and cybercrime across England, Wales and Northern Ireland to report incidents.
The Report Fraud services is open to individuals as well as businesses, reflecting the scale of fraud affecting UK organisations and the growing overlap between consumer and corporate fraud and financial crime.
According to the Commissioner of the City of London Police, the new service gives victims a “front door to policing” and provides a significant upgrade to “the UK’s defences against economic crime.”
U-turn on digital ID policy
January also bought an unexpected shift in the UK government’s approach to digital identities. After months of policy development and ministerial discussion around wider adoption and support for digital ID schemes, the government reversed course, scaling back its plans to implement digital IDs for workers to prove their right to work in the UK.
Instead, Labour ministers said the current system of identity checks, based on documents such as biometric passports, will be fully moved online by 2029.
The move drew attention after a significant period of campaigning, with digital identity widely discussed as a way to simplify access to services and improve identity checks across sectors.
According to an article by the BBC, the government will now seek to “place more emphasis on the argument that digital ID can be a useful tool for the public when accessing public services.”
While no immediate regulatory changes followed the U-turn, the shift was closely watched by financial services and other regulated firms tracking developments in identity verification and client onboarding technology.
Bank of Scotland fined for breaching Russia sanctions
In late January, the UK’s Office of Financial Sanctions Implementation (OFSI) imposed a £160,000 civil monetary penalty on The Bank of Scotland, part of Lloyds Banking Group, for breaching the UK’s Russia financial sanctions regime. Between 8 and 24 February 2023, the bank processed 24 payments totalling around £77,000 to and from a personal current account held by an individual on the UK sanctions list.
The account was opened using identification that included a spelling variation of the individual’s name compared with the sanctions list entry, meaning the bank’s automated screening did not flag it at the time. The bank disclosed the issue to authorities in March 2023, and OFSI applied the maximum 50% discount to the penalty for voluntary disclosure.
The Bank of Scotland’s parent, Lloyds Banking Group, commented that it had acted transparently and worked closely with regulators, noting steps had been taken to strengthen controls following the breach.
You may also like: A misspelt name: the sanctions slip that cost Bank of Scotland £160,000
The European Union
AI-driven fraud flagged as a “growing concern” at World Economic Forum
Discussions at the World Economic Forum (WEF) in Davos filtered into January’s compliance headlines, with AI-driven fraud emerging as a recurring theme in banking and financial crime sessions. Reporting by QA Financial highlighted how senior executives and regulators repeatedly raised concerns about the speed at which artificial intelligence is being adopted by criminal networks.
According to a WEF report shared with QA Financial, 73% of surveyed CEOs, or someone in their professional network, had been affected by cyber-enabled fraud in 2025 – a figure that now sits ahead of traditional cyber risks such as ransomware in executive risk prioritisation.
Several industry figures warned that AI is reducing the cost and effort required to run sophisticated fraud campaigns, allowing criminals to operate at scale while tailoring attacks to individual victims. This was contrasted with the slower pace at which many financial institutions are adapting monitoring systems, training and response models.
The issue was discussed alongside broader debates at Davos on AI governance, regulatory coordination and accountability, with fraud risk increasingly framed as a core financial stability concern rather than a niche operational problem.
The United States
US authorities reach major settlement with crypto exchange Paxful
In the United States, January saw the Department of Justice and FinCEN announce multi-million-dollar resolutions with crypto exchange Paxful. The enforcement action focused on allegations that Paxful operated as an unlicensed money services business and failed to implement an effective AML programme.
According to US authorities, the firm did not meet registration requirements, failed to file suspicious activity reports as required, and did not apply adequate controls to manage illicit finance risks on its platform. The settlement reinforced the US government’s stance that crypto firms engaged in money transmission are subject to the same regulatory expectations as traditional financial institutions. The case follows a series of high-profile crypto-related enforcement actions over the past two years.
A chock-full month for AML and compliance before the year really began
Taken together, January 2026 delivered a significant run of developments across AML, fraud and compliance.
From UK sanctions changes and enforcement, through to changes in fraud reporting infrastructure, to settlements in the US and technology-driven risks discussed in Europe, the month offered a clear snapshot of where attention is already focused early in the year.
If you want to improve your own Know Your Business (KYB), Know Your Customer (KYC), and Anti‑Money Laundering (AML) controls against the same issues that surfaced this month, from sanctions screening to identity verification and fraud prevention, get a demo of our platform and see how it supports the kind of controls regulators are now scrutinising in real cases.
