What are the current AML regulations in APAC?

Explore the current APAC AML regulations, key laws, supervisory bodies, compliance obligations, and how Napier AI helps firms streamline adherence.

Compliance with anti-money laundering (AML) regulations is a critical priority for regulated organisations worldwide, and the Asia-Pacific (APAC) region is no exception. In an environment marked by diverse regulatory frameworks, geographical risks and growing economies, understanding the legal landscape is essential to operating with confidence.

This article provides a clear and up-to-date overview of AML regulations in APAC, including:

• Key legal frameworks governing AML compliance in APAC

• The most relevant authorities and supervisory bodies

• Common compliance obligations across the region

• Recent changes, common challenges and emerging trends

• How technology, like Napier AI´s, can help simplify and strengthen compliance

‍

APAC AML regulations are a set of laws and guidelines designed to prevent money laundering and terrorist financing.

In the Asia-Pacific region, regulatory frameworks against money laundering (AML) and terrorist financing (CFT) are becoming increasingly important. Regulatory authorities have moved towards risk-based regimes, aligned with Financial Action Task Force (FATF) standards and tailored to local challenges.

Some highlights of the legislative landscape in APAC:

• Key jurisdictions such as Australia, Singapore, Hong Kong and Malaysia have strengthened their AML/CFT frameworks with new obligations for financial institutions.

• The region is undergoing a transition from a ‘tick-box’ approach to one that requires operational controls, data sharing and ongoing monitoring.

• The FATF-style body for the region, the Asia/Pacific Group on Money Laundering (APG), plays a central role in assessing and promoting the implementation of international standards among its members.

This regulatory evolution means that organisations operating in APAC must keep up with regulatory changes, implement risk-based programmes, and employ technology that allows them to scale and adapt to new requirements.

‍

Although each country in the APAC region has its own regulatory legal framework, most jurisdictions have been aligning their laws with the recommendations of the FATF and the Asia/Pacific Group on Money Laundering (APG).

Below are some of the most representative legal frameworks in the region:

‍

Australia – Anti-Money Laundering and Counter-Terrorism Financing Act

In Australia, the regulatory pillar is the Anti-Money Laundering and Counter-Terrorism Financing Act (AML/CTF Act), overseen by AUSTRAC, which establishes strict customer identification, transaction monitoring and suspicious transaction reporting obligations for banks, fintech and other regulated entities.

This framework is being progressively updated to address new risks and strengthen the risk-based approach, with an emphasis on governance and accountability at the board level.

‍

Singapore – AML/CFT regulations of the Monetary Authority of Singapore (MAS)

According to the Napier AI / AML Index, Singapore has one of the most advanced AML/CFT frameworks in the region, structured through MAS Notices and Guidelines that apply to banks, payment institutions and other financial intermediaries.

These regulations require robust risk assessments, CDD/EDD, continuous monitoring and periodic independent audits, with clear alignment to FATF standards and a very strict focus on senior management accountability.

‍

Malaysia – Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001

In Malaysia, the AML/CFT framework is articulated through the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA), enforced by various authorities, with Bank Negara Malaysia (BNM) as the primary supervisor of the financial sector.

The regulations require entities to implement risk-based controls, strengthen beneficial ownership identification and report suspicious transactions to the financial intelligence unit, with significant penalties for non-compliance.

‍

Philippines – Anti-Money Laundering Act (AMLA) and Anti-Terrorism Financing Prevention Act

In the Philippines, the main regulatory framework is the Anti-Money Laundering Act (AMLA), originally enacted in 2001 and amended multiple times, including Republic Act No. 11521 of 2021, to strengthen due diligence, supervision, and reporting obligations. These laws are complemented by the Terrorism Financing Prevention and Suppression Act (TFPSA).

The responsible authority is the Anti-Money Laundering Council (AMLC), which supervises financial institutions, currency exchange bureaux, casinos, remittance companies, virtual asset providers, real estate agencies and other regulated entities. The AMLC is an active member of the Asia/Pacific Group on Money Laundering (APG).

‍

In the Asia-Pacific region, multiple regulatory bodies and institutions are responsible for overseeing compliance with AML/CFT regulations. Some of the most relevant entities are listed below:

• Asia/Pacific Group on Money Laundering (APG) – an intergovernmental body that promotes the adoption and implementation of international AML/CFT standards in the region.

• National authorities in key jurisdictions, such as:

• Monetary Authority of Singapore (MAS) in Singapore.  

• Hong Kong Monetary Authority (HKMA) in Hong Kong.  

• Australian Transaction Reports and Analysis Centre (AUSTRAC) in Australia.  

These institutions not only supervise regulatory compliance but also collaborate with the private sector to improve controls, adapt to new types of money laundering and promote best practices in the region.

‍

Regulated organisations in the APAC region must comply with a series of AML/CFT obligations aligned with FATF standards and the requirements of each jurisdiction. The most important ones are listed below:

• Customer due diligence (CDD) and enhanced due diligence (EDD)

Entities must verify the identity of customers, assess their risk level, and apply enhanced controls when high-risk factors exist.

• Example: In Singapore, financial institutions must apply EDD when customers are located in jurisdictions considered high risk by the MAS or FATF.

• Real-time monitoring and transaction surveillance

Organisations must constantly review their customers' activities to detect unusual patterns or red flags.

• Example: In Australia, AUSTRAC requires continuous monitoring to identify structured or unusual transactions, especially in sectors such as remittance companies or digital asset service providers.

• Suspicious activity reports (SARs/STR)

When an entity detects a potentially illegal transaction or behaviour, it must report it to the financial intelligence unit of the relevant country.

• Example: In the Philippines, institutions must submit Suspicious Transaction Reports to the AMLC within the established legal deadlines.

• Sanctions screening

Companies must screen customers, beneficiaries and transactions against national and international sanctions lists.

• Example: In Japan and Malaysia, screening must include local lists in addition to UN Security Council lists.

• Record keeping and staff training

Most APAC jurisdictions require records to be kept for 5 to 7 years and ensure that compliance teams receive regular training.

• Example: In Hong Kong, regulated entities must retain documentation for at least 6 years and demonstrate that their staff receive training tailored to their role.

These obligations vary slightly by jurisdiction, but all share the same goal: to ensure a risk-based approach, improve the detection of financial crime, and protect the integrity of the APAC region's financial system.

‍

The APAC region continues to undergo significant changes in AML/CFT compliance, driven by both domestic reforms and the latest assessments and updates from the Financial Action Task Force (FATF) and the Asia/Pacific Group on Money Laundering (APG).

The most relevant developments are highlighted below:

Latest FATF update – October 2025

In October 2025, the FATF published a new update to its list of jurisdictions under enhanced supervision (grey list) and high-risk jurisdictions (blacklist). This update directly affects several APAC economies, including:

• The Lao People's Democratic Republic, currently under enhanced supervision, with an active action plan.

• Myanmar, which remains in the high-risk category and subject to a reinforced ‘call for action’.

• The Philippines, which recently left the grey list after significant progress, but remains under close monitoring by the APG and FATF.

These designations have an immediate impact on the region, as they require banks, fintechs, remittance companies and virtual asset providers to apply enhanced due diligence measures for customers or transactions with links to these jurisdictions.

National legislative and regulatory reforms

• Australia

Australia has continued to strengthen its AML/CFT regime following reforms introduced by the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act, with new expectations for risk governance, senior management responsibility and controls for DNFBP sectors.

• Singapore

The MAS has updated several AML/CFT guidelines related to digital assets, risk-based supervision and model governance. Expectations regarding the quality of internal audits have increased significantly.

• Malaysia

Bank Negara Malaysia (BNM) has issued revisions to its AML/CFT policies, including stricter requirements for beneficial owners and more in-depth controls for sectors exposed to cross-border remittances and payments.

• Philippines

Following the Philippines' removal from the grey list, the AMLC has strengthened requirements for VASPs, casinos and real estate agencies, with an emphasis on continuous monitoring and risk-based controls for high-value transactions.

‍

AML compliance in the APAC region presents significant challenges due to regulatory diversity, rapid technological evolution, and differences in the maturity of financial systems. Here are some of the most common challenges organisations face:

Complex and constantly evolving requirements

AML/CFT laws in APAC change frequently and vary considerably between jurisdictions. This forces organisations to keep up with multiple regulatory frameworks, FATF guidelines, and simultaneous national updates.

• Example: A fintech operating in Singapore, the Philippines, and Australia must comply with MAS AML notices, Philippine AMLC rules, and AUSTRAC obligations, each with different nuances in CDD, reporting, and monitoring.

High cost of compliance

Companies must invest in specialised equipment, monitoring technologies and ongoing internal audits. For institutions in emerging APAC markets, these costs can be particularly high.

• Example: Small remittance companies in Indonesia or the Philippines often struggle to sustain manual alert review processes, which impacts time, cost and accuracy.

Legacy systems and siloed data

Many organisations, especially traditional banks in APAC, still operate with legacy systems that hinder data integration, real-time monitoring, and complex pattern analysis.

• Example: A regional bank may have data distributed across local systems by country, making it difficult to identify suspicious cross-border behaviour.

Resource strain on compliance teams

The high volume of alerts, false positives, and reporting requirements can overwhelm compliance teams, who must manage repetitive manual tasks while facing increasing regulatory expectations.

• Example: Financial institutions in markets such as India and Vietnam report annual increases in STR/SARs that require more analysts and greater investigative capacity.

‍