When Cardinal Robert Francis Prevost became Pope Leo XIV, he didn’t just become spiritual head of the Catholic Church, but also the temporal leader of one of the largest, oldest, and wealthiest international organisations. In the Vatican City, one of the smallest countries in the world, Renaissance frescos adorn the walls of air conditioned offices, where a small army of global financiers manage assets that are literally priceless.
Pope Leo XIV takes over a financial crime apparatus that is perhaps stronger than it has ever been, an often overlooked legacy of his predecessor Pope Francis. The latest Annual Report from the Vatican City’s Supervisory and Financial Information Authority (ASIF) offers a compelling window into this unique jurisdiction’s fight against illicit finance. For professionals in financial crime and compliance, the Vatican’s journey is more than an ecclesiastical footnote—it’s a blueprint for transparency, governance, and strategic control under extraordinary constraints.
How a unique jurisdiction copes with financial crime risks
Vatican City isn’t just another financial hub. It lacks the typical ingredients of a modern economy: there’s no public debt, no equity markets, no private banks or insurers, and only one financial institution—the Institute for Works of Religion (IOR). The IOR exists not to chase profit but to “serve the Catholic Church worldwide” by safeguarding assets intended for religious or charitable purposes.
Yet despite this highly focused mandate, the Vatican is exposed to many of the same cross-border financial crime risks as large jurisdictions. Donations, charity funds, and international transfers from or to high-risk jurisdictions all present vulnerabilities. That risk, compounded by the Church’s global footprint, has driven the Vatican to adopt controls that rival those of major states.
The financial scandals of the Vatican City
London property investment scandal
In the early 2010s, the Vatican invested approximately €350 million in a luxury London property at 60 Sloane Avenue. The deal was marred by allegations of embezzlement and mismanagement. Cardinal Angelo Becciu was convicted in December 2023 for embezzlement related to this investment and sentenced to over five years in prison. Financier Raffaele Mincione, involved in the deal, was also convicted and sentenced to over five years in prison, along with a €200 million confiscation order.
Nunzio Scarano case
Monsignor Nunzio Scarano, a senior accountant at the Vatican’s Administration of the Patrimony of the Apostolic See (APSA), was arrested in 2013 for attempting to smuggle €20 million from Switzerland to Italy. He faced multiple charges, including money laundering and corruption. He denied any wrongdoing and was later acquitted, but the investigation highlighted the vulnerabilities within the Vatican’s financial oversight.
Banco Ambrosiano collapse
In the early 1980s, the Vatican Bank (IOR) was implicated in the collapse of Banco Ambrosiano, Italy’s second-largest private bank at the time. The scandal involved allegations of money laundering and connections to organized crime, leading to significant financial losses and reputational damage for the Vatican.
Vatileaks scandal
In 2012, leaked documents revealed corruption and financial mismanagement within the Vatican, including inflated contract prices and internal power struggles. The scandal possibly contributed to the historic resignation of Pope Benedict XVI and set the stage for subsequent financial reforms under Pope Francis. Wikipedia
The compliance reformation: How the Vatican countered corruption
Establishment of ASIF
In response to these scandals, the Vatican established the Supervisory and Financial Information Authority (ASIF) in 2010, initially named the Financial Information Authority (AIF). ASIF serves as the Vatican’s financial watchdog, overseeing efforts to combat money laundering and terrorist financing. It operates independently and collaborates with international bodies like the Egmont Group.
Implementation of AML/CFT Measures
ASIF has implemented stringent anti-money laundering (AML) and counter-financing of terrorism (CFT) measures. In 2024, ASIF reported a 36% decrease in suspicious activity reports compared to the previous year, attributing the decline to improved reporting quality and refined detection processes.
Structural reforms
Pope Francis initiated several structural reforms to enhance financial transparency, including:
- Appointing external auditors and financial experts to key positions.
- Shutting down numerous dormant accounts within the Vatican Bank.
- Introducing new statutes to strengthen the governance of financial institutions.
Legal actions and increased accountability
The Vatican has taken legal actions against individuals involved in financial misconduct. The convictions of Cardinal Becciu and Raffaele Mincione exemplify the Vatican’s commitment to holding high-ranking officials accountable for financial improprieties.
From scandal to reform: The rise of ASIF
Established in 2010 and reshaped under Pope Francis’ sweeping financial reforms, ASIF is Vatican City’s financial watchdog, regulator, and Financial Intelligence Unit (FIU) all rolled into one. It now operates with full independence and a mature, tripartite structure: regulatory oversight, prudential supervision, and financial intelligence.
ASIF’s work is particularly significant given the Vatican’s recent history of financial scandal. Today’s report illustrates a transformed approach, defined by sophisticated inspections, regulatory alignment with FATF and EU standards, and regular cooperation with MONEYVAL and the Egmont Group.
In 2024, ASIF:
- Completed a targeted AML/CFT inspection of the IOR focused on suspicious activity reporting.
- Conducted ongoing supervisory evaluations (SREP), including assessments of ESG risk, financial resilience, and governance.
- Exchanged 44 international cooperation requests with foreign FIUs.
- Delivered training and strategic reviews to sharpen the IOR’s risk-based approach.
Fewer reports, better intelligence
Interestingly, while the number of suspicious activity reports (SARs) filed in 2024 dropped to 79 from 123 in 2023, the number of high-quality reports referred to prosecutors remained stable. ASIF attributes this to a “refinement of the selection process.” This is a sign that front-line detection is becoming more accurate, not more passive.
Preventive measures taken included:
- €817,280 in suspended transfers.
- €2.1 million in frozen accounts.
- Two new cases triggering full investigation by the Office of the Promoter of Justice.
The most common red flags in 2024 included:
- Unusual cash transactions (26% of SARs).
- Transactions inconsistent with customer profiles (23%).
- Negative media coverage (12%).
ASIF shows that a sharper selection process and targeted detection efforts can result in a more accurate picture, and potentially greater results. One reason could be that the ASIF is many bodies rolled into one, so benefits from tighter coordination and less siloing of responsibilities often found in other countries. For global firms, the lesson is clear. Investing in smarter, risk-based intelligence—not just volume—can dramatically enhance the effectiveness of financial crime controls.
Ecumenical lessons for global compliance teams
As both a nation-state and complex global entity, the Vatican has a complex challenge in financial crime compliance, but one that will be somewhat familiar to many global compliance teams.
The Vatican’s AML efforts might once have seemed symbolic at best. But today, they represent a credible, rigorous framework that aligns deeply with global standards. Far from a ceremonial role, ASIF is an active agent of reform, both doctrinal and procedural.
For compliance professionals, the Vatican’s model is a reminder that even the most mission-driven institutions must operate with rigour and transparency. And for multinationals grappling with sprawling structures and global risks, the Vatican offers something rare: a compliance regime that is both centralised and strategic, anchored in values, bruised by experience, but hardened by reality.
Risk-based, values-driven compliance
The Vatican’s entire compliance model hinges on proportionality and mission alignment. The IOR’s controls are tailored to its unique role in supporting global religious activity, yet they meet the same FATF standards expected of any European bank.
Lesson: Large multinational firms with diverse portfolios can benefit from a similarly nuanced approach—aligning controls to business purpose while ensuring global compliance.
Tight control over beneficial ownership
In response to earlier MONEYVAL recommendations, the Vatican reformed its transparency framework around beneficial ownership. Recommendation 24 (legal persons) moved from ‘Partially Compliant’ to ‘Compliant’ status.
Lesson: Beneficial ownership remains a weak point for many multinationals. Tightening this area—especially for group structures and subsidiaries—can significantly reduce exposure.
Continuous risk assessments and strategic risk analysis
The Vatican’s General Risk Assessment is an evolving process, regularly updated using the World Bank’s tools and MONEYVAL guidance. This feeds into ASIF’s strategic planning and informs its annual inspections.
Lesson: Firms should regularly update enterprise-wide risk assessments—especially when entering new markets or adapting to global conflicts that may increase sanctions or other risks, such as proliferation or terrorist financing.
Embedded training and behavioural reinforcement
ASIF holds targeted AML/CFT training sessions across the jurisdiction, focusing on anomaly detection, typologies, and recent trends (e.g., terrorism financing via crowdfunding, misuse of citizenship-by-investment schemes).
Lesson: Training must go beyond annual box-ticking. Embedding real case studies and emerging typologies makes training more effective and actionable for front-line teams.
Proactive, not reactive, governance
Rather than waiting for misconduct, the Vatican proactively updates controls in line with emerging risks—such as requiring ESG disclosures, adapting to FATF’s evolving standards, and freezing high-risk transactions pre-emptively.
Lesson: Multinationals should seek to strengthen pre-emptive control mechanisms. This includes automated red flag alerts, transaction monitoring tailored to geographic exposure, and early internal audits.
