What happened, why it matters and how companies can avoid the same fate

The US subsidiary of global fintech giant Wise agreed to a $4.2 million settlement with six state financial regulators. The penalty stems from serious deficiencies found in the company’s anti-money laundering and countering the financing of terrorism (AML/CFT) program during a routine multi-state examination.

The story reveals valuable lessons for any company operating in the money transmission or fintech space, most especially those scaling fast and crossing borders.

What went wrong at Wise?

The joint examination, which covered activity between July 2022 and September 2023, revealed a range of compliance violations under both federal and state law. Among the most significant findings:

• Inadequate AML program reviews: Wise failed to conduct independent reviews of its AML program frequently enough, despite its size and complexity. 
• Delayed suspicious activity reports (SARs): The company did not investigate or report potentially suspicious transactions in a timely manner. 
• Data integrity issues: Transaction monitoring data lacked accuracy and reliability, raising red flags around how suspicious activity could even be identified. 
• Failure to fix previous issues: Wise had been notified of some deficiencies in prior exams and independent audits — but had not acted on them. 
• Regulatory violations: Wise also breached aspects of the Consumer Financial Protection Bureau’s (CFPB) Remittance Transfer Rule, which governs transparency and consumer rights in cross-border payments. 

These findings culminated in a coordinated enforcement action demanding significant remedial measures.

What happens now?

As part of the consent order, Wise US must:

1. Pay a $4.2 million penalty. 
2. Conduct a “lookback” review of previously closed accounts to identify missed issues. 
3. Implement enhanced data integrity controls across its transaction monitoring and customer account systems. 
4. Engage an independent third party to verify AML/CFT improvements, conduct quarterly reviews, and validate all corrective actions. 
5. Submit quarterly progress reports for two years to all six state regulators involved in the settlement. 
6. Strengthen suspicious activity reporting procedures and due diligence processes to mitigate AML/CFT risk going forward. 

The regulatory landscape

This case highlights an increasingly assertive stance by state financial regulators, especially as federal agencies like the CFPB face political and operational uncertainty. Under a growing “Networked Supervision” model, state regulators coordinate licensing, supervision, and enforcement, particularly in areas like money transmission, where companies often operate across multiple jurisdictions. 

This is not a one-off event. Earlier in 2025, Block, operator of Cash App, paid $79 million in a similar multi-state settlement for AML shortcomings. This is the second major enforcement this year focused on AML/CFT compliance among money transmitters.

Clearly, states are not waiting for Washington to act. Companies must recognize that their compliance obligations do not stop at the state line and failure to adapt can result in costly, reputationally damaging enforcement actions.

How to avoid this

Whether you’re a fintech, money transmitter, or financial institution, the Wise case offers practical insights on what not to do and how to stay on the right side of the regulators.

Conduct frequent, independent AML reviews

Annual or more frequent independent reviews are a must, especially if your company’s risk profile is high or expanding internationally. These reviews should be truly independent, robust, and well-documented.

Fix issues the first time

Regulators have little patience for companies that ignore prior warnings. If a gap or failure is identified, fix it swiftly and completely. Repeat deficiencies are a major trigger for enforcement.

Get your data in order

Your AML program is only as good as the data feeding it. Inaccurate, incomplete, or poorly maintained transaction data undermines your ability to detect and report suspicious activity. Data integrity should be a priority not just for operations but also compliance.

File SARs on time or risk serious penalties

Delayed or missed suspicious activity reports are one of the biggest red flags for regulators. Ensure your team is trained, your monitoring tools are effective, and your escalation procedures are watertight.

Don’t scale compliance last

Fintechs and fast-growing firms often focus on innovation and customer acquisition. But regulators expect your compliance function to scale with your business. This means more resources, more expertise, and more structure as you grow.

Coordinate across jurisdictions

If you operate in multiple states (or countries), you need a compliance framework that can manage and respond to differing requirements. Centralize your compliance intelligence and engage proactively with regulators at both state and federal levels.

Compliance is not optional 

The Wise settlement serves as a sharp reminder that regulators are actively watching, especially at the state level. But it also presents an opportunity. Companies that take compliance seriously can build more resilient, trustworthy and ultimately more successful operations. In a world of increasing regulatory collaboration and consumer scrutiny, treating AML/CFT not as a check-the-box requirement but as a core part of your business strategy is the only smart move.

Financial institutions are prime targets for money launderers, and regulatory expectations around AML compliance have never been higher. This essential guide explains how banks, investment firms and other financial services providers can identify red flags, conduct effective risk assessments and meet their legal obligations under UK AML laws. Get it here.