Patchwork of regulations are putting huge economic pressures on financial services. Will a more harmonized, pan-European approach to identity verification and AML make operations easier? Or will the associated costs of compliance make it worse?
As of June 2025, there were approximately 4,752 bank brands operating in the European Union; 10% fewer than in 2023 (5,304), which itself saw a 2.9% decline on the previous year.
The reduction in the number can be explained by several factors but is often linked to a bank’s resilience in remaining efficient and/ or profitable amid market shifts and technological changes, as well as being able to offer the services – and experiences – that consumers expect.
“The challenges associated with operating in Europe include the need to provide a wide range of identity verification methods, process hundreds of different identity document types, and comply with national interpretations of the most robust of regulatory frameworks.”
To remain profitable and efficient in 2026 and beyond is no easy feat, which is why many banks stay in an almost constant flux of structural or digital transformation or decide to consolidate with other brands.
Uwe Pfizenmaier, Director of Product at IDnow.
Under [regulatory] pressure.
While regulations are designed to perform several key functions, including protecting consumers, and maintaining the proper functioning of financial markets, they also cause major economic pressures for banks.
For example, Europe’s largest institutions spend, on average, €14.5 million per year to remain compliant with AML and KYC requirements. Plus, with 2024’s introduction of AMLD 6, costs have increased dramatically. In fact, a PWC study found that over half of financial institutions have seen their AML compliance costs rise by more than 10% over the last two years.
Failure to comply with AML can be catastrophic, with minimum fines for serious breaches doubling from €5 million to €10 million. Some banks escape with fines; others aren’t as lucky and can even have their licences revoked.
Alongside long-established regulations like Anti-Money Laundering Directives (AMLD), there are also newly created ones, such as the Digital Operational Resilience Act (DORA) that aims to strengthen the IT security of financial entities such as banks, insurance companies and investment firms and making sure that the financial sector in Europe is able to stay resilient in the event of a severe operational disruption. While compliance with DORA can cost a bank up to €1 million, the cost of non-compliance far outweighs that, with financial sanctions varying from 2% of annual global turnover or 1% of average daily global turnover.
Considering the financial risk, compliance with new and existing regulations is understandably a chief focus for European banks right now. In fact, on average, many financial services allocate over 10% of their budgets to new compliance technologies and tools.
While for the consumer it has never been easier to register and start their customer journey, via a range of identity verification methods, for banks, the road to ensuring that experience remains compliant throughout Europe is far from straightforward, and one only likely to become bumpier and more expensive – for the next two years anyway. After 2027, however, operating in the EU will become decidedly easier and more efficient – in theory. But buckle up banks, it is likely to get worse before it gets better…
How did financial services become so fragmented?
Before we look ahead, let us first consider how Europe’s financial services became so fragmented. In 2014, in a bid to facilitate secure, cross-border online financial transactions, the European Union enacted the Electronic IDentification, Authentication and Trust Services (eIDAS) regulation.
However, despite the best of intentions, it was widely accepted that the first iteration of the regulation failed in its mission; by 2020, only 60% of EU citizens had access to a trusted identification system, while adoption and usage were even lower. It also became apparent that the interoperability of national services and infrastructures was not sufficient. As such, it proved difficult for banks to use it as an international Know Your Customer system.
In 2025, not only does each EU member state have their own national interpretation of AML rules and therefore enforcement standards, but they also invariably adhere to different regulatory requirements for remote identity verification processes. For example, while some European regulatory bodies accept fully automated identity verification, others such as the German BaFin have historically required all new financial services customers to undergo either in-person or video verification as part of the onboarding process. However, a 2024 draft bill has laid the way for more automation in the identity verification process, which would bring German identity verification processes more in line with other EU member states.
Clearly, consistency is key to any meaningful impact in the European fight against fraud and money laundering. However, the fact remains that in 2025, the EU is effectively stitched together with a patchwork of national regulations and processes that threaten the fabric of financial services.
Bringing the EU together in regulatory harmony by 2027.
The EU has devised three key regulations, bodies, and initiatives that it hopes will create a more harmonized approach to AML efforts and remote identity verification. Each promote cross-border digital identity verification and trust services, simplify customer onboarding and KYC,and boost secure digital transactions for banks and consumers. All will be effective across the EU by late 2027/ early 2028
- eIDAS 2.0: The second iteration of eIDAS, eIDAS 2.0 establishes the European Digital Identity (EUDI) framework and mandates all member states to offer EUDI Wallets to citizens by November 2026. It also addresses weaknesses in the original regulation, such as data protection, and introduces new trust services, including data preservation/ archiving services, and Qualified Electronic Attestations of Attributes (QEAA), which will allow users to share verified credentials across a range of use cases. Banks will need to accept said Wallets for user onboarding and authentication by November 2027.
- Anti‑Money Laundering Authority (AMLA). By creating a coherent AML framework for member states to follow, the newly formed EU authority hopes to strengthen the fight against money laundering and terrorism financing. It also creates a common supervisory culture at EUlevel. The AMLA will be fully operational (with a staff of 430) and begin direct supervision by 2028.
- The Anti-Money Laundering Regulation (AMLR): Perhaps the boldest of all upcoming regulations and initiatives, AMLR creates one set of rules across the EU and establishes stronger checks and rules for KYC, monitoring, and Customer Due Diligence. It also essentially standardizes and distils compliant identity verification into three methods:
a) EUDI Wallet: Consumers can use their EUDI Wallet for authentication for KYC purposes and compliant AML onboarding.
b) Notified eID Schemes: Consumers will be able to use their national electronic identification (eID) scheme (including smartcards, mobile and log-in) along with all other eID Schemes in Europe.
c) Qualified Trust Services: Here, consumers use Qualified Electronic Signatures (QES) and Qualified Electronic Attestations of Attributes (QEAA) for compliant automated and hybrid identity verification.
AMLR will replace the current national directive-based approach to AML efforts by July 2027.
Based on the European Commission’s impact assessment study, streamlined, consistent onboarding procedures for financial services could generate annual savings of between €860 million to €1.7 billion, while enhanced fraud prevention measures could yield additional savings ranging of €1.1 billion to €4.3 billion per year.
But wait, there’s a costly catch.
However, it’s worth noting that the same study also predicts significant implementation costs to ensure compliance with AMLR and eIDAS 2.0. While it’s difficult to know the exact amount that individual banks will need to outlay to become compliant (as it depends on size and scale), the EU Commission estimates eIDAS 2.0 implementation costs to be north of €3.2 billion.
Top 5 financial services compliance challenges.
To prepare for AMLR and eIDAS 2.0, European banks will encounter substantial costs for system upgrades, staff training, and compliance preparation. As such, banks must rethink their technology stacks and risk models, compliance procedures, and customer experience strategies.Here are the top costs that banks need to prepare for.
1. Banks will need to integrate 27+ national identity wallets, each requiring separate registration.
2. Each Wallet will have its own diverse APIs and data formats, which will increase integration complexity and associated costs.
3. There will also be significant development and maintenance costs, regardless of whether systems are built in-house or supplied by multiple different vendors.
4. Although only the EUDI Wallet is mandatory, for banks that wish to provide each of the three compliant identification methods (Qualified Trust Services, eID Schemes, Wallets), they will face a considerable cost.
5. Ongoing data checks and controls.
“Whereas in the past, European banks faced challenges associated with fragmented regulations they now face significant technical and user experience challenges, which can be effectively addressed with the right solutions that needn’t cost the earth. As a Qualified Trust Service Provider, IDnow uniquely supports all three required identification methods through our AI-driven platform — enabling businesses to transform compliance from a challenge into a trust-building opportunity that drives sustainable growth,” said Uwe.
To learn more about how IDnow can support your AMLR compliance journey, contact our team of experts today.
By
Jody Houton
Senior PR & Content Manager at IDnow
Connect with Jody on LinkedIn
