KYC regulatory trends to watch in 2026

As financial crime risks intensify and regulators demand proof over policy, 2026 is set to be a defining year for KYC. Signals from FATF, the FCA and the EBA point to deeper scrutiny of onboarding quality, beneficial ownership, governance and the effective use of technology across the customer lifecycle. 

An article written by Binh Dang, Due Diligence Specialist at smartKYC

What FATF, FCA and EBA Expectations Mean for Banks  

As financial crime risks grow more complex, geopolitical instability reshapes exposure profiles, and enforcement actions continue to make headlines, 2026 is emerging as a defining year for Know Your Customer (KYC) and customer due diligence (CDD). Banks are operating in an environment characterised by volatile sanctions regimes, increasingly complex ownership structures, heightened fraud risk, and sustained regulatory pressure to evidence effectiveness rather than intent. 

Across jurisdictions, regulators are no longer asking whether firms have KYC policies, procedures, and systems in place. Instead, they are asking whether those controls work in practice, whether they are proportionate to risk, and whether senior management can demonstrate clear oversight and accountability. In this context, KYC is no longer viewed as a static onboarding exercise, but as a continuous risk management discipline that spans the entire customer lifecycle. 

Signals from the Financial Action Task Force (FATF), the UK Financial Conduct Authority (FCA), and the European Banking Authority (EBA) all point in the same direction: deeper scrutiny of onboarding quality, beneficial ownership identification, governance, management information, and the controlled use of technology. For banks, the implication is clear, KYC is becoming a core supervisory priority and a board‑level issue, not merely a compliance function. 

EU AML reform and AMLA: convergence becomes unavoidable 

Across the European Union, 2026 represents a pivotal transition year as the EU’s comprehensive AML reform package moves from legislation toward implementation. Central to this shift is the creation of the Anti‑Money Laundering Authority (AMLA), designed to drive greater consistency and supervisory convergence across Member States. 

Although AMLA’s direct supervision of selected institutions will follow in later phases, 2026 is critical for setting the technical foundations. By 10 July 2026, AMLA must deliver draft Regulatory Technical Standards (RTS) that will directly shape how KYC is implemented across the EU.  

These RTS will cover: 

. Customer due diligence information requirements and minimum data standards 

. Group‑wide AML/CFT policies, procedures, and internal controls 

. Expectations for ongoing monitoring and lifecycle risk management 

For banks operating across multiple EU jurisdictions, these developments signal a clear move away from nationally interpreted KYC approaches toward harmonised, group‑level frameworks. Divergent onboarding thresholds, inconsistent documentation standards, and locally customised risk methodologies will become increasingly difficult to justify. 

Many institutions will therefore use 2026 as a preparation year to rationalise KYC frameworks, align data standards, and strengthen group‑wide governance in anticipation of closer supervisory convergence. 

EBA priorities: embedding KYC into governance and risk frameworks 

The EBA’s 2026 Work Programme, published on 1 October 2025, reinforces the expectation that AML and KYC controls are embedded within firms’ broader governance and risk management frameworks. While the EBA does not directly supervise individual banks, its guidance strongly influences how national competent authorities conduct supervision. 

Key themes relevant to KYC in 2026 include: 

. Clear alignment between business‑wide risk assessments and customer‑level KYC controls 

. Defined governance structures that allocate accountability for AML and KYC decision‑making 

. Strong oversight of outsourcing arrangements and reliance on third‑party data providers 

The EBA’s direction reinforces the view that KYC is not a standalone compliance task, but a core enterprise risk control that intersects with operational risk, conduct risk, and reputational risk.

 Beneficial ownership: an enduring and unresolved challenge 

Despite years of regulatory attention, beneficial ownership transparency remains one of the most persistent weaknesses in KYC frameworks. Complex corporate structures, nominee arrangements, trusts, and cross‑border ownership chains continue to challenge traditional onboarding processes. 

In 2026, supervisors are likely to intensify scrutiny of: 

. How banks identify and evidence indirect ownership and control 

. The extent to which ownership conclusions rely on corroborated sources rather than customer assertions 

. Whether changes in ownership or control are captured promptly and reflected in risk assessments 

. Whether ownership risk triggers enhanced due diligence, senior management review, or escalation 

This focus reinforces the broader regulatory shift toward living customer profiles, where ownership understanding evolves continuously rather than being refreshed only at fixed review points. 

Technology and intelligent KYC under supervisory scrutiny 

By 2026, the use of automation, AI, and advanced analytics in KYC is no longer novel. Regulators broadly accept that technology can enhance coverage and consistency, but supervisory expectations have moved firmly toward governance, explainability, and control. 

Regulators across the UK and EU are increasingly focused on: 

. Transparency and explainability of automated or model‑assisted KYC decisions 

. Model governance, validation, testing, and performance monitoring 

. Clear change‑management processes for updates to logic, thresholds, and data sources 

. Evidence that technology improves risk identification and decision quality, not merely efficiency 

Banks deploying intelligent KYC capabilities in 2026 must be prepared to explain how decisions are made, demonstrate appropriate oversight, and evidence alignment with regulatory expectations. 

What 2026 means for banks in practice 

Taken together, the regulatory signals for 2026 are consistent and reinforcing. KYC is evolving: 

. From static, periodic reviews to continuous customer understanding 

. From policy‑led compliance to evidence‑driven supervision 

. From fragmented national approaches to greater international convergence 

Banks that treat 2026 as a preparation year strengthening their governance, improving data quality, and embedding KYC more deeply into risk management will be better positioned to reduce remediation risk and withstand supervisory challenge. 

Credibility, accountability and board‑level ownership 

The year ahead is less about new rulebooks and more about credibility. FATF mutual evaluations, FCA data‑led supervision, and EU convergence under AMLA are all converging on the same outcome: regulators expect banks to prove that KYC works in practice. 

For banks, 2026 is the year KYC firmly belongs in the boardroom, not as a box‑ticking exercise, but as a strategic control central to trust, resilience, and long‑term value. 

The article in full here