UIF

Anti-money laundering: new rules come into force today – those who fail to cooperate will be reported to the authorities

From 1 July, the Financial Intelligence Unit’s new rules come into force: enhanced safeguards for both those who report and those who are the subject of reports, sharing of irregularities amongst operators, a focus on crypto-assets, and referrals to investigators for those who fail to cooperate

by Ivan Cimmarusti

Adobestock

3' min read

Translated by AI
Versione italiana

3' min read

Translated by AI
Versione italiana

No more blanket reporting as a precaution, and for the first time, algorithms are being used to track down suspicious transactions. From today, 1 July, professionals, banks and other financial operators must substantiate their suspicions, not simply accumulate them – with artificial intelligence flagging anomalies but humans validating them. This marks a turning point in the new anti-money laundering measure signed on 18 December 2025 by the director of the Bank of Italy’s Financial Intelligence Unit, Enzo Serata: a departure from the 2011 framework and a crackdown on those who do not cooperate with the checks.

The new guidelines are aimed at a wide audience: banking and financial intermediaries, other financial operators, professionals, non-financial operators, gambling service providers, financial instrument managers and gold buyers. The content has been finalised in collaboration with the Guardia di Finanza, following discussions with the Anti-Mafia Investigation Directorate, the sectoral supervisory authorities and self-regulatory bodies, and a public consultation.

Loading...

Here’s what’s changing, point by point.

Enough with the ‘report for safety’ feature

This is at the heart of the reform. A Suspicious Transaction Report (STR) can no longer be triggered automatically. Six situations, on their own, are not sufficient to trigger a report: a discrepancy identified during customer checks; a high risk attributed to the individual; negative information concerning them; information obtained from other operators; requests for information received from the authorities; and precautionary measures, whether real or personal, imposed on the individual in criminal proceedings. There must be genuine suspicion, assessed on a case-by-case basis.

Artificial intelligence, yes, but humans make the decisions

For the first time, the measure explicitly regulates the use of AI to detect anomalies. The green light has been given, but subject to specific conditions: the tools must comply with applicable regulations, be based on ‘objective and verifiable data’ and be accompanied by ‘appropriate assessments carried out with human intervention’. The algorithm flags up issues, but it is still a person who validates them.

Operators working as a team

It is now possible to share incidents with different recipients. There is one condition, however: those sharing the information must omit any reference to the possible sending of an SOS.

Cryptocurrencies are also under the microscope

Among the sources cited are EU Regulation 2023/1113 on transfers of funds and crypto-assets, a sign that the scope now also encompasses the digital world.

Double protection: protection for both those reported and those who report

Confidentiality is reinforced on two fronts. On the one hand, the person who is the subject of the report. On the other, the person who actually made the report, who must not be identifiable even by the role they hold: for example, there must be no references to the ‘branch manager’ or the ‘head of the legal department’.

Operations suspended: five days’ notice

The UIF may freeze one or more suspicious transactions. The timetable is as follows: the Unit must respond within two working days, and the freeze shall last for a maximum of five working days from the date of notification via certified email (PEC). The measure is subject to official secrecy and must not be disclosed to the customer.

The UIF responds: here is the feedback

Feedback to operators is also changing. At least every six months, the results of the reports are provided, divided into two lists: List A for those without sufficient risk factors, and List B for those classified as low risk. For those who submit a significant number of SOS reports, a feedback form is provided at least once a year.

Those who don’t cooperate end up in the spotlight

A two-tier system of automated checks on reports: confirmation, rejection or non-blocking anomalies. If the UIF requests that an SOS be corrected or supplemented and the recipient fails to respond within 30 days, the Unit will nevertheless forward the report to the investigating authorities, noting that the incompleteness is due to a lack of cooperation. In particularly serious cases, the SOS may be cancelled. Please note: the operator’s conduct, together with any corrections or cancellations, also carries implications in terms of sanctions.

Everything goes through a single channel

Reports are submitted exclusively via the Infostat-Uif portal. Cross-border reports must be completed in English, using code 005 for money laundering and code 006 for terrorist financing.

Copyright reserved ©
  • Ivan Cimmarustigiornalista

    Luogo: Roma

    Lingue parlate: Italiano, inglese

    Argomenti: Sicurezza, giudiziaria, inchieste, giustizia tributaria

    Premi: Nel 2011 tra i vincitori del Premio Internazionale Antimafia Livatino-Saetta

Loading...

Brand connect

Loading...

Newsletter

Notizie e approfondimenti sugli avvenimenti politici, economici e finanziari.

Iscriviti