A mid-sized US neobank paid a nine-figure fine in 2024 for a compliance program that, by its own admission, never caught up with the pace of new account growth. The penalty was not unusual, what was unusual was how many times the same pattern has repeated across the US fintech sector since 2022. Anti-money laundering spending has become one of the fastest-growing cost centres inside US financial firms, and the software and services market built around it has grown with it. The global anti-money laundering market was valued at roughly $3.4 billion in 2024 and is projected to surpass $10.8 billion by 2030, according to Grand View Research.
What AML actually covers
Anti-money laundering in US financial services is a stack: customer identification and verification (KYC), ongoing transaction monitoring, sanctions and politically-exposed-person screening, suspicious activity reporting, and record-keeping under the Bank Secrecy Act. Each layer has its own vendors, and each has seen its own wave of technology replacement in the last five years.
The US regulatory frame comes from the Financial Crimes Enforcement Network, whose rules apply to banks, money-transmitter fintechs, broker-dealers, and most recently to certain crypto and investment-adviser firms. FinCEN’s anti-money laundering rule for investment advisers finalised in 2024 extended core AML obligations to a swath of the asset-management industry that had previously been lightly supervised, and the category’s spending rose as a direct result.
Why fintechs are the hardest segment to get right
Fintechs carry AML obligations that are identical to those of banks, but they onboard customers much faster, typically digitally, and usually without branch-level human review. That speed was the original value proposition; it is now the single biggest source of AML program weakness.
The three failure modes that regulators cite most often in US fintech enforcement actions are the same: inadequate customer due diligence at onboarding, transaction monitoring rules that did not evolve with product changes, and late or missing suspicious activity report filings. Each of those is solvable with better technology, but the solutions add cost and friction, and fintechs that try to preserve a five-minute onboarding experience while adding serious AML controls often end up solving only part of the problem.
The context for this tension is the rapid scaling of US fintech onboarding overall, which we covered in our reporting on digital banking adoption among SMEs.
The vendor and technology split
The AML software market in the US breaks cleanly into four functional tiers, each with its own dominant vendors.
| Function | Representative US vendors | Typical deployment |
|---|---|---|
| Identity verification | Alloy, Socure, Persona | Real-time at onboarding |
| Transaction monitoring | Actimize, ComplyAdvantage, Unit21, Hummingbird | Continuous post-onboarding |
| Sanctions screening | Refinitiv World-Check, Dow Jones Risk | Onboarding and periodic |
| Case management / SAR filing | Hummingbird, Unit21, Alessa | Compliance team workflow |
Source: Grand View Research and company disclosures; see the Grand View AML report.
The tier that has changed most in the last two years is transaction monitoring. Legacy rule-based monitoring systems produce false-positive rates that are often above 95 percent, which forces compliance teams to spend most of their time reviewing alerts that turn out to be nothing. The current vendor competition is around machine-learning-based anomaly detection that flags fewer, more meaningful alerts, a shift that is measurable in headcount per billion dollars of transaction volume.
The 2024-2025 enforcement wave
US enforcement has become more aggressive against fintech AML failures than against bank AML failures, partly because the gaps have been more visible and partly because fintechs have historically had smaller compliance budgets than the scale of their customer base warranted. The settlements that have drawn the most attention, Block’s Cash App, multiple crypto exchanges, several BaaS sponsor banks, all share a common fact pattern: rapid user growth, lagging investment in monitoring infrastructure, and regulatory action that arrived several years after the growth.
One consequence is that sponsor banks in the banking-as-a-service model are now under particular pressure, because they are legally responsible for AML across their fintech partners. Several US sponsor banks have publicly pulled back from the BaaS model altogether in the last two years. That shift is part of the larger strategic rebalancing covered in our piece on why fintech is becoming a strategic priority for financial institutions.
What this means for operators and investors
For fintech operators, AML has moved from a compliance line item to a first-order product decision. Founders who previously treated it as something to be outsourced to a vendor now build it into product design from day one, because retrofitting it after growth is materially more expensive.
For investors, the AML category is a rare venture-attractive corner of regtech. Transaction monitoring, case management, and identity vendors have benefited from the enforcement wave and from the extension of AML rules to new segments. The companies attracting capital are those that can demonstrate measurable false-positive reduction rather than generic workflow features. The venture-capital pattern that has funded this wave is part of the trend we examined in our piece on the role of venture capital in fintech growth.
Where the compliance stack is heading next
Three structural changes will shape the category over the next 24 months. The first is the arrival of LLM-assisted investigator tooling, which uses language models to draft suspicious-activity-report narratives and to surface connections across alerts that a human analyst would take hours to find. Early adopters report that the narrative-drafting workflow cuts SAR preparation time by more than half, which directly reduces the cost of the most expensive part of the compliance stack. The second is the consolidation of identity and transaction monitoring into single-vendor platforms, so that the same underlying data powers both onboarding decisions and ongoing monitoring; the regulatory expectation is shifting in the same direction, with examiners increasingly asking whether identity signals at onboarding are consistent with the behaviour a customer later shows. The third is the rise of federated monitoring, where multiple fintechs and sponsor banks share high-confidence signals about known bad actors through a neutral infrastructure layer, without exposing raw customer data. The vendors furthest along on these three fronts are positioned to take disproportionate share of new spending.
The longer arc
Anti-money laundering in US fintech has moved through three phases in ten years: from a compliance-theatre checklist, through a period of rapid fintech growth during which AML did not keep up, and now into a phase where AML is a board-level cost and risk category inside every meaningful US financial platform. The next few years will be decided less by new regulation and more by how well fintechs close the gap between onboarding speed and monitoring quality. For a wider framing of how this compliance pressure sits inside the broader fintech competitive map, our analysis of how fintech is reshaping financial-services competition sets the scene.
