European payments firms are confronting a rare convergence of regulatory pressures, and most compliance teams are being asked to absorb all three simultaneously. The EU Instant Payments Regulation (IPR) is making near real-time settlement the default across the eurozone, fundamentally altering both the scope and pace of transaction monitoring.
According to ComplyAdvantage, the Markets in Crypto-Assets Regulation (MiCA) is pulling stablecoins into the regulatory mainstream, dissolving the boundary between traditional finance and crypto-native instruments.
Meanwhile, the Single Rulebook is stripping away the national discretion that firms across the bloc have quietly relied upon for years, replacing a patchwork of locally calibrated standards with a single, higher baseline.
Any one of these changes would demand serious attention. Arriving together, they are testing the resilience of compliance functions that were not built for this kind of simultaneous pressure, and rewarding those that treat regulatory readiness as an operational priority rather than a periodic compliance exercise.
At the second session of The Future of Compliance Europe, ComplyAdvantage executive director of financial crime compliance strategy Iain Armstrong was joined by Maja Andreevska-Blazhevska, head of financial crime compliance and MLRO at Finance Incorporated Limited, and Simon McFeely, managing partner at Finvisor FinTech Partners, to unpack what each shift demands in practice.
Faster rails: the screening challenge that cannot wait
The IPR’s core requirement is unambiguous: sending institutions must execute instant payments within seconds of receiving an instruction. That timeline effectively rules out the batch processing and manual review workflows that many firms still depend on.
According to ComplyAdvantage’s 2026 State of Financial Crime survey, 61% of firms are already making real-time customer monitoring a priority in response to the anti-money laundering and countering the financing of terrorism (AML/CFT) risks that faster payments introduce.
Sanctions screening is where the operational weight lands first. Firms need straight-through processing from the moment a payment order arrives, with the capacity to run around the clock. The reach of this obligation also extends beyond the eurozone: incoming instant payments from non-EU SEPA countries, including Norway, Switzerland, and the UK, still require sanctions screening. Real-time customer screening therefore needs to be backed by tooling capable of clearing potential hits in seconds, not in the time it takes to flag and review.
The fraud risk picture also shifts. Because the IPR limits a firm’s ability to hold a customer-instructed payment, fraud controls need to move earlier in the payment journey and operate within windows measured in seconds. That is not work that manual processes can reliably handle.
A wider asset perimeter: when payments meet crypto
MiCA is bringing stablecoins in from the fringes of payments and setting a regulatory pathway for their mainstream adoption. Critically, MiCA does not displace existing AML obligations, it layers on top of them. For any payments firm adding stablecoin or broader crypto capabilities, that means two parallel regulatory frameworks and a customer base that supervisors are likely to treat as elevated risk by default.
The central operational challenge is consolidation. A firm offering cards, multi-currency accounts, and crypto-related services through a single platform can quickly find itself running separate transaction monitoring systems, sacrificing a unified view of customer behaviour in the process.
Building toward a consolidated view, rather than a collection of disconnected tools, is what makes it possible to manage combined risk and meet obligations such as the travel rule across both the traditional and crypto environments. It also demands a skills reckoning, as teams whose expertise is rooted in payments compliance will need to extend their capabilities to cover crypto-native risk.
A tighter baseline: the end of national discretion
The Single Rulebook is the force that ties the other two together. By removing the national discretion that firms have historically used to calibrate their compliance programmes, it sets a uniform floor for every firm with exposure to EU payment flows. The flexibility that came from regulatory divergence between member states is no longer available.
The first pressure points typically emerge where national regimes sat either above or below the new baseline. Customer due diligence standards and risk-scoring methodologies are among the early candidates for review, as are transaction monitoring frameworks as cross-border typologies come into scope. Governance arrangements face scrutiny too: the Single Rulebook expects a genuinely independent second line of defence and active board oversight, not structures that satisfy the form of the requirement without the substance.
The practical response begins with a precise mapping of which obligations apply to a firm’s specific model. Not every provision applies universally, and the most effective starting point is understanding exactly what is relevant before briefing boards and product leaders and designing changes to onboarding and back-end systems. The case for early investment is more persuasive when it is framed in terms of operational efficiency and growth rather than standalone compliance cost.
A platform built once, to handle the full weight of these obligations, is more durable, and ultimately more cost-effective, than one that is patched repeatedly as deadlines approach. The most robust approach, as the session made clear, pairs automation with meaningful human oversight, rather than ceding decisions entirely to models.
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst





