Over the past decade, neobanks have transformed the way customers interact with financial services. Built on mobile interfaces, low fees, and rapid onboarding, they offer convenience and accessibility that traditional banks often struggle to match. For younger, pro-digital generations and underserved populations, neobanks represent an appealing gateway to financial inclusion. 

 

According to McKinsey’s Global Banking Annual Review (2024), over 70% of new European banking entrants are digital-only institutions, underlining how fast the digital banking model is reshaping the financial landscape. Furthermore, Juniper Research (2024) projects that the number of global digital banking users will exceed 3.6 billion by 2024, illustrating the scale at which neobanks now operate.

However, the very features that make neobanks attractive—speed, digital onboarding, and cross-border scalability—also expose them to heightened vulnerabilities in the fight against money laundering (AML). European regulators, including the European Banking Authority (EBA) and the Financial Action Task Force (FATF), have repeatedly highlighted these vulnerabilities. 

The global neobank market, valued at USD 66.8 billion in 2022, is projected to reach USD 2,048 billion by 2030, representing an impressive compound annual growth rate (CAGR) of 54.8%, according to Grand View Research (2024). This exponential growth amplifies the importance of robust AML frameworks.

Neobanks are fully digital financial institutions that operate primarily through mobile apps and online platforms. Some hold full banking licenses, while others operate as electronic money institutions (EMIs). In Belgium, supervision falls under the National Bank of Belgium (NBB) and the Financial Services and Markets Authority (FSMA), which ensure compliance with both prudential and conduct regulations. 

AML-specific risks 

Despite their advantages, neobanks face distinct vulnerabilities when it comes to AML. Three main categories of risk stand out. 

Digital onboarding vulnerabilities 

 Remote account opening is a hallmark of neobanks, but it creates room for misuse. Fraudsters can exploit weak verification processes by submitting falsified documents, stolen IDs, or even deepfakes. The FATF has flagged digital identity misuse as a growing global trend, and European regulators have responded by tightening standards in the 5th and 6th EU Anti-Money Laundering Directives (AMLD5 and AMLD6). 

 

If biometric checks are not robust, they become vulnerable to account “farming,” where hundreds of fraudulent accounts are opened in bulk. The Belgian Law of 18 September 2017 explicitly requires institutions to identify and verify the beneficial owner before establishing a relationship. Weak remote onboarding makes compliance with this law particularly challenging. 

 

This challenge is further compounded by the rise of sophisticated identity-spoofing tools. As neobanks expand internationally, maintaining consistency in digital KYC standards across jurisdictions becomes critical to maintaining trust. 

Fast and cross-border transactions 

 Speed and convenience, while central to the neobank model, create fertile ground for money launderers. Instant payments allow criminals to rapidly transfer funds across multiple jurisdictions, obscuring their origin in a classic layering strategy. 

 Indeed, funds can be moved within seconds across different EU countries, exploiting supervision gaps between Member States. The very nature of real-time payments reduces the time window for detecting suspicious transactions. Unlike traditional banks, where settlement may take hours or days, compliance teams in neobanks often have only minutes to act. 

 In 2021, the EBA published its Guidelines on Money Mules, which highlighted the increased risks tied to instant payments and stressed the importance of real-time monitoring. As instant payments continue to expand, particularly with the upcoming EU Instant Payments Regulation, neobanks will need to invest in automation and predictive analytics to stay ahead. 

Open ecosystems and third-party exposure 

 Neobanks often integrate with third-party fintechs via APIs or provide access to crypto-asset services. These partnerships expand their product offering but create complex compliance chains. If one link in the chain is weak, the entire ecosystem can be exposed. APIs may connect a neobank to external payment providers or crypto exchanges, where AML controls may be weaker or inconsistent. 

 Criminals exploit these gaps to move funds between regulated and less-regulated entities. Inadequate due diligence on third parties could therefore lead to regulatory breaches, reputational damage, or even license withdrawal. 

 From a regulatory standpoint, the forthcoming Markets in Crypto-Assets Regulation (MiCA) and the revised Transfer of Funds Regulation (TFR) will impose stricter AML/CFT requirements on crypto-related services, directly affecting neobanks that offer crypto wallets or trading. Gartner’s Market Guide for AML Solutions (2024) notes that 65% of European financial institutions plan to increase investments in AI-driven and explainable AML systems by 2026, signaling the strategic importance of this area. 

Best Practices 

 To counter these vulnerabilities, neobanks must adopt AML measures that are both technologically advanced and fully aligned with regulatory expectations across several key areas 

 Stronger KYC controls 

 Beyond simple ID scans, robust procedures include biometric verification, cross-checking against multiple databases, and machine-learning-based fraud detection. For business accounts, verifying ultimate beneficial ownership (UBO) is crucial. 

 The Belgian AML Law of 18 September 2017 requires customer due diligence before entering into a business relationship, including identifying and verifying the UBO. AMLD6 further extends liability for aiding and abetting financial crime. 

 Implementing tiered KYC based on risk exposure, for example, enhanced due diligence for cross-border customers helps balance speed with security. 

 Risk-based monitoring 

The EBA Guidelines on risk factors (2021) explicitly call for a risk-based approach, emphasizing proportionality and the identification of “red-flag” indicators such as unusual cross-border flows. Instead of applying uniform thresholds to all customers, neobanks must implement differentiated monitoring based on each client’s profile, geography, and transactional behavior. 

High-risk corridors (e.g., cash-intensive economies or FATF “grey list” countries) require heightened scrutiny. Automated detection systems that learn from customer behavior can significantly improve accuracy and reduce false positives. 

Advanced transaction surveillance 

As mentioned earlier, instant payments reduce the time to detect suspicious activity. Neobanks should therefore rely on automated systems capable of real-time alerts, supplemented by compliance analyst review. Artificial intelligence and machine-learning models can identify unusual patterns, structuring, or smurfing that may not be visible through rule-based systems alone. 

The FATF and the European Commission emphasize that automated solutions must remain explainable to regulators. “Black box” models without auditability are insufficient for compliance. The forthcoming EU AML Regulation (part of the 2021 AML package) will harmonize transaction monitoring requirements across Member States, reducing opportunities for regulatory arbitrage. 

Academic research also points to the growing relevance of graph-based machine-learning approaches for detecting hidden transaction networks and layering schemes a direction neobanks may increasingly explore in the coming years. 

Governance and compliance culture 

 Even with advanced technology, a strong compliance function is indispensable. Neobanks must appoint a compliance officer with direct reporting lines to senior management, as required under Belgian law. Suspicious Transaction Reports (STRs) must be promptly filed to the Financial Intelligence Unit (FIU). 

 The EU’s newly created Anti-Money Laundering Authority (AMLA) will further strengthen cross-border supervision as of 2026, when it becomes fully operational. Employees, even outside the compliance team, should be trained to recognize red flags. This is not only a legal requirement but also an operational safeguard. A robust compliance culture must extend beyond procedures to mindset positioning AML as a shared responsibility across departments. 

 Managing third-party and crypto exposure 

 Neobanks frequently rely on fintech partners (e.g., payment processors, lending platforms). Contracts must clearly allocate AML responsibilities and include audit rights. Under MiCA, crypto transfers must include full originator and beneficiary information. 

 Neobanks offering crypto wallets must therefore implement blockchain analytics and risk scoring of crypto addresses. The anti-money-laundering software market, currently valued at USD 1.73 billion in 2024, is projected to reach USD 4.24 billion by 2030 (CAGR 16.2%), reflecting a growing reliance on automation and data-driven compliance (Grand View Research, 2024). 

 Key takeaway 

 Regulatory frameworks in Belgium and across the EU are clear: neobanks are held to the same AML standards as traditional banks. What differs is the risk profile speed, scale, and digital integration make neobanks more exposed to specific vulnerabilities. 

By strengthening onboarding, tailoring monitoring, investing in explainable AI, and embedding a compliance culture across the organization, neobanks can turn regulatory compliance into a competitive advantage rather than a burden. 

As the digital banking user base surpasses 3.6 billion globally (Juniper Research, 2024), and AI-driven AML systems become a USD 4-billion market (Grand View Research, 2024), the most successful neobanks will be those that treat compliance not as an obligation, but as a cornerstone of trust and sustainable growth.