On 10 March 2026, Finologee hosted a webinar bringing together regulatory expertise and operational practice to examine what the next wave of AML and KYC requirements will mean for financial institutions on the ground. Joining the session as guest speakers were two KPMG Luxembourg specialists: Giovanna Giardina, Partner and Forensic & Financial Crime Leader, and Andrea Marchetto, Senior Manager. Stefan Kirsch, Head of Business Development at Finologee, and Jonathan Prince, rounded out the panel with a live demonstration of the KYC Manager platform. 

The session attracted almost 200 registrants and a near-equivalent number of live attendees, drawn from across the compliance, AML and financial crime community, spanning asset managers, fund administrators, banks, insurance companies and payment institutions.

The session delivered a clear message: the next 12 to 24 months will require more than process refinement. Data governance, auditability and continuous control are becoming the defining metrics by which supervisors will judge an institution’s compliance posture.

KYC and AML compliance in 2026 what financial institutions need to know
The regulatory backdrop

Giovanna Giardina opened with an overview of the incoming EU AML package, built on three foundational instruments: the AMLA Regulation, the AML Single Rulebook and the AML Directive. With AMLA planning to deliver 24 of its 40 technical mandates in 2026 alone, institutions should brace for a dense pipeline of regulatory technical standards, implementing technical standards and guidelines covering customer due diligence, risk assessments and sanctions, running through 2026 and into 2027.

AMLA’s supervisory model combines direct oversight of approximately 40 selected institutions through Joint Supervisory Teams with reinforced indirect supervision of all others via national authorities, with the stated aim of harmonising supervisory methodology across Member States.

On the digital identity front, eIDAS 2.0 requires Member States to make certified EU Digital Identity Wallets available by November 2026, with large regulated-sector companies required to accept them for identification purposes by end of 2027. This shifts onboarding progressively from document collection towards the consumption of verified digital attributes. However, as Giardina was careful to emphasise, the EUDI Wallet will not substitute for Know Your Business obligations: it may streamline the identification and verification of representatives, but verification of legal existence, beneficial ownership checks and risk assessments remain firmly required regardless.

“Digital identity is not a shortcut around KYC obligations. It is an accelerator for institutions that already have strong data structures and governance in place.”

Giovanna Giardina, Partner, KPMG Luxembourg

From process to data governance

Andrea Marchetto shifted the focus to the operational challenge, arguing that the root problem for most institutions is not a lack of regulatory understanding but a lack of data governance. KYC information is typically scattered across onboarding tools, spreadsheets and email threads, making it difficult to demonstrate, at short notice, that data is complete, current and properly governed.

Five recurring pain points were identified:

  • Fragmented data with unclear ownership
  • Manual, spreadsheet-driven remediation
  • Diffuse accountability across teams
  • Accumulating exceptions that gradually erode the control environment
  • Client fatigue stemming from repetitive information requests

The prescription is correspondingly straightforward to articulate, if harder to execute: build a central KYC data layer, treat KYC as a living dataset updated by material events rather than periodic reviews, and make governance visible within the workflow itself, not merely in policy documents.

“The practical test is simple: could your institution produce a full portfolio view, with risk categories, refresh status and outstanding items, if a supervisor asked for it today?”

Andrea Marchetto, Senior Manager, KPMG Luxembourg

KYC Manager in practice

Stefan Kirsch demonstrated how Finologee’s KYC Manager platform addresses these challenges in practice. The platform covers client onboarding, lifecycle management and data update campaigns, connecting internal systems with external data providers including Dow Jones, LSEG Risk Intelligence and Dun & Bradstreet. Workflows are configurable and dynamic; all actions are logged for audit purposes; and the platform maintains a complete history of each client profile, supporting the traceable, defensible KYC records that supervisors increasingly expect to find. Critically, event-driven triggers ensure that checks are run automatically whenever a document is updated or a client profile changes, keeping the monitoring process continuous rather than periodic.

“KYC Manager acts as the operational layer that makes continuous, data-driven KYC processes more easily executable and centralised, avoiding the siloed approach between multiple tools and the manual overwork that comes with it.” 

Stefan Kirsch, Head of Business Development, Finologee

Watch the full webinar replay

Miss the live session? Access the full recording, including the live KYC Manager demonstration and the Q&A, by filling in the short form.

AML/KYC regulatory update - thumbnail
Where do institutions stand? What the live polls revealed

Three audience polls run during the session gave a frank picture of where practitioners currently find themselves, and the results were telling.

On overall readiness for AMLA, eIDAS 2.0 and the incoming regulatory technical standards, only 8% of respondents considered their KYC model already data-centric and fully prepared. The remaining 92% fell somewhere between actively improving and not yet having assessed the impact at all.

The data governance question was equally instructive: 66% of participants acknowledged they still rely on manual consolidation to produce a coherent KYC picture for supervisors, while a further 25% described their data as fragmented across systems and documents. Just 7% could say with confidence that their data is centralised, structured and auditable.

When asked about the most disruptive challenge ahead, operational change and data structuring together accounted for two thirds of responses, reinforcing the session’s core thesis that the compliance gap today is not primarily a regulatory knowledge problem, but an organisational and data infrastructure one.

“It is very good to see ‘moderately confident’ as the most common answer. Most probably, those who are fully prepared have already implemented a data-centric KYC model.”

Giovanna Giardina, Partner, KPMG Luxembourg

The takeaway

Supervisory expectations are becoming more granular and more data-focused. Institutions that treat data governance as a strategic priority now, mapping critical KYC data, defining a minimum viable data model, centralising their client information and stress-testing their supervisory readiness, will be considerably better placed when the next wave of regulatory requirements arrives. Those that wait for full regulatory clarity before acting may find the runway considerably shorter than anticipated.

Share article on social media