Technology can’t fix willful blindness in AML compliance cultures
Recent headlines from three very different corners of the compliance world point to a truth that every AML professional knows but few like to say out loud: The best technology in the world can’t make an institution care about AML.
In New York, the Paxos settlement with NYDFS shows what happens when oversight of a partner falls short, even in a highly regulated environment. In Australia, AUSTRAC’s case against Mounties alleges $140 million in suspicious gaming transactions that went undetected for years, revealing how lucrative activity can slip past when detection and escalation aren’t truly prioritized.
Hong Kong bucks the trend, requires cryptocurrency KYC
And then there’s Hong Kong — a striking contrast. As of August 1, the territory has introduced one of the world’s most stringent stablecoin frameworks. According to Reuters, the law requires that every holder of a regulated stablecoin be verified through customer due diligence. That means no anonymous wallets, no exemptions for small transactions, and no gaps in the chain of identity. The Hong Kong Monetary Authority is also restricting the number of licenses it will issue, making clear that only issuers with robust AML and counter-terrorism financing controls need apply.
In today’s global context, that’s an unusually hard line. Many jurisdictions have favored lighter-touch approaches to avoid stifling innovation. Hong Kong’s position runs counter to that tide. It sends a message that safeguarding the integrity of the financial system is worth the operational and political cost. Whether this stance will hold up under industry pressure is another question. But for now, it’s a rare example of a regulator going all in on AML at the policy level.
AML compliance culture and leadership remain key
The facts differ, but the throughline is clear: Technology and rules alone are not enough. Without leadership will, a strong AML compliance culture, and a genuine commitment to root out illicit activity, the most advanced platforms can end up as just another unchecked box.
That’s not to say technology doesn’t matter. In fact, for institutions that do prioritize AML, platforms like RegTechONE are powerhouses. They orchestrate data across systems, apply dynamic risk rules, and enable real-time monitoring that can surface risks faster and with more precision than ever before. They give compliance teams the tools to act decisively — and the agility to adapt when threats or regulations change.
But the value comes from how those tools are used. Technology can illuminate risk, connect the dots, and streamline action. It can’t decide that the action should be taken. That part rests with the institution’s leadership — and with a compliance culture that sees doing the right thing not as a cost, but as a core part of the business.
