Anti-money laundering: new rules come into force today – those who fail to cooperate will be reported to the authorities
From 1 July, the Financial Intelligence Unit’s new rules come into force: enhanced safeguards for both those who report and those who are the subject of reports, sharing of irregularities amongst operators, a focus on crypto-assets, and referrals to investigators for those who fail to cooperate
Key points
- Enough with the ‘report for safety’ feature
- Artificial intelligence, yes, but humans make the decisions
- Operators working as a team
- Cryptocurrencies are also under the microscope
- Double protection: protection for both those reported and those who report
- Operations suspended: five days’ notice
- The UIF responds: here is the feedback
- Those who don’t cooperate end up in the spotlight
- Everything goes through a single channel
No more blanket reporting as a precaution, and for the first time, algorithms are being used to track down suspicious transactions. From today, 1 July, professionals, banks and other financial operators must substantiate their suspicions, not simply accumulate them – with artificial intelligence flagging anomalies but humans validating them. This marks a turning point in the new anti-money laundering measure signed on 18 December 2025 by the director of the Bank of Italy’s Financial Intelligence Unit, Enzo Serata: a departure from the 2011 framework and a crackdown on those who do not cooperate with the checks.
The new guidelines are aimed at a wide audience: banking and financial intermediaries, other financial operators, professionals, non-financial operators, gambling service providers, financial instrument managers and gold buyers. The content has been finalised in collaboration with the Guardia di Finanza, following discussions with the Anti-Mafia Investigation Directorate, the sectoral supervisory authorities and self-regulatory bodies, and a public consultation.
Here’s what’s changing, point by point.
Enough with the ‘report for safety’ feature
This is at the heart of the reform. A Suspicious Transaction Report (STR) can no longer be triggered automatically. Six situations, on their own, are not sufficient to trigger a report: a discrepancy identified during customer checks; a high risk attributed to the individual; negative information concerning them; information obtained from other operators; requests for information received from the authorities; and precautionary measures, whether real or personal, imposed on the individual in criminal proceedings. There must be genuine suspicion, assessed on a case-by-case basis.
Artificial intelligence, yes, but humans make the decisions
For the first time, the measure explicitly regulates the use of AI to detect anomalies. The green light has been given, but subject to specific conditions: the tools must comply with applicable regulations, be based on ‘objective and verifiable data’ and be accompanied by ‘appropriate assessments carried out with human intervention’. The algorithm flags up issues, but it is still a person who validates them.

