Regulatory anti-money laundering enforcement continues to be strict! Since March, over 20 banks have been fined for violations related to "Customer Due Diligence." The implementation of new regulations has highlighted compliance pressures in the first quarter.

Every reporter｜Liu Jia Kui Every editor｜Chen Jun Jie

Since the beginning of the year, the Chinese banking industry has been experiencing an unprecedented regulatory storm regarding the compliance of “customer due diligence.” The intensity and severity of penalties are unparalleled in history. According to statistics from the “Daily Economic News” reporter, as of March 26, over 20 banks and their branches have received regulatory fines in March for “failing to conduct customer due diligence as required,” with individual fines ranging from 114,000 yuan to 4,174,600 yuan.

The concentrated penalties on the banking industry for reasons related to “customer due diligence” closely align with the new version of the “Measures for the Administration of Customer Due Diligence and Customer Identity Information and Transaction Record Keeping by Financial Institutions,” which will be officially implemented on January 1, 2026. The regulatory authorities are reiterating the seriousness of the first line of defense against money laundering to the entire industry with a “zero tolerance” attitude.

Why did the issue of “failing to conduct customer due diligence as required” erupt in March? The reporter’s investigation found that this was not a sudden tightening of standards by regulatory authorities but rather an inevitable response following the implementation of the revised “Anti-Money Laundering Law of the People’s Republic of China” and its accompanying new regulations, which fundamentally changed the standards for law enforcement and the identification of violations, as well as a shift in regulatory logic from “monetary thresholds” to “risk categorization.”

Multiple banks fined for “failing to conduct customer due diligence as required”

The reporter noted a significant increase in the type of violation “failing to conduct customer due diligence as required” in the administrative penalty information disclosure table of local branches of the People’s Bank of China since March.

From the timeline perspective, the wave of penalties began to surge in early March. On March 2, the Guizhou branch of China Merchants Bank was warned and fined 875,000 yuan for failing to conduct customer due diligence as required and other three violations. On the same day, the rural credit cooperative of Kaiyang County was fined 650,000 yuan for similar violations. The next day, the Hegang branch of Agricultural Bank was fined 250,500 yuan for a single violation of customer due diligence. On March 5, the Zhangdian Rural Commercial Bank and the Pingxiang Rural Commercial Bank were both “listed,” fined 802,000 yuan and 994,300 yuan respectively for multiple violations.

Screenshot source: People’s Bank of China website

Entering mid-March, the density and amount of penalties increased. On March 11, the Zhoushan branch of Citic Bank and the Zhenjiang branch of Bank of Communications received fines of 961,000 yuan and 906,000 yuan respectively. March 16 became a “peak day” for penalties that month: Luzhou Bank was heavily fined 4,174,600 yuan for multiple money laundering violations, and eight responsible individuals were held accountable; the Luoyang branch of Guangfa Bank and the Kizilsu Kirghiz Autonomous Prefecture branch of Postal Savings Bank were also fined 861,600 yuan and 341,000 yuan respectively. The next day, Jiangsu Xinghua Rural Commercial Bank and the Shuanghe Corps branch of Agricultural Bank received additional fines of 990,000 yuan and 276,000 yuan. On March 25, the Zigong branch of Hengfeng Bank was warned and fined 265,500 yuan.

In terms of the types of fined institutions, there are both branches of major state-owned banks such as Agricultural Bank’s Laiwu and Hegang branches, and Bank of Communications’ Weihai, Zhenjiang, and Shandong branches; as well as joint-stock banks like the Guizhou branch of China Merchants Bank and the Zigong branch of Hengfeng Bank; city commercial banks like Changsha Bank’s Xiangtan branch; and a large number of rural financial institutions, including Shandong Zhangdian Rural Commercial Bank, Hunan Chengbu Rural Commercial Bank, Guizhou Zunyi Huichuan Rural Commercial Bank, Kaiyang County Rural Credit Cooperative, as well as several village and town banks such as Guiyang Xiaohe Technology Village Bank, Lingchuan Shentong Village Bank, Chongqing Beibei Chouzhou Village Bank, etc.

Not a single oversight, often compounded with other violations

The “Daily Economic News” reporter found that “failing to conduct customer due diligence as required” rarely appears as an isolated violation; it often comes “bundled” with other violations.

The most typical compounded violations include “failing to report suspicious transactions as required” and “conducting transactions or providing services with unidentified clients.” For example, the penalty for Luzhou Bank clearly listed multiple violations such as “failing to fulfill customer identity verification obligations as required,” “failing to report large transaction reports or suspicious transaction reports as required,” and “conducting transactions with unidentified clients.” The violations of the Kaiyang County Rural Credit Cooperative also included “providing services to unidentified clients, conducting transactions with them,” and “failing to report suspicious transactions as required.” This combination indicates that banks not only failed at the customer onboarding stage but also had significant deficiencies in ongoing monitoring and risk reporting, effectively exposing accounts to risks from illegal activities such as money laundering.

Screenshot source: People’s Bank of China website

Additionally, these violations often coexist with fundamental management loopholes. In most penalties, “violating financial statistical management regulations” and “violating account management regulations” frequently appear as accompanying items. This reflects that some institutions, especially grassroots outlets or small and medium-sized banks, have systemic weaknesses in multiple basic aspects of internal control management. The superficial nature of customer due diligence may merely be a reflection of their overall weak compliance culture and lax internal management.

Thus, it is evident that “failing to conduct customer due diligence as required” is usually a starting point for systemic risk control vulnerabilities, which spread along a clear logical chain.

“The starting point of the violation chain is the formalization of customer identity verification, the mid-section is the lack of ongoing due diligence, and the endpoint is the failure of risk reporting and handling,” a senior practitioner from a city commercial bank in the western region analyzed to the reporter. The combinations of violations presented in the penalties show a clear logical chain: lax account opening review (violating account management regulations) is the first step; failing to effectively identify the true identity and background of customers (failing to conduct customer due diligence as required) is the core failure; which in turn leads to an inability to effectively monitor and report abnormal fund transactions (failing to report suspicious transactions); ultimately risking becoming a channel for illegal funds (conducting transactions with unidentified clients). Regulatory penalties accurately target multiple nodes along this risk transmission path, reflecting the principle of “proportional punishment.”

Industry insiders: Banks need to build a stronger risk identification and monitoring system

Why has there been a concentrated occurrence of penalties related to “failing to conduct customer due diligence as required”? The most direct regulatory policy background is the new version of the “Measures for the Administration of Customer Due Diligence and Customer Identity Information and Transaction Record Keeping by Financial Institutions” (referred to as the “new measures”), which will officially take effect on January 1, 2026.

The new measures form a complement to the new Anti-Money Laundering Law that takes effect on January 1, 2025, and clearly adjust the long-standing term “customer identity verification” to “customer due diligence.” Behind this terminology change is a profound leap in regulatory concepts from static “checking identification documents” to dynamic “Know Your Customer” (KYC) process management.

Compared to the old regulations, one of the most significant changes in the new measures is the removal of the mandatory uniform requirement that “individual cash withdrawals exceeding 50,000 yuan must register the source or purpose of funds.” This has been misunderstood by some members of the public as a “relaxation” of regulations. However, the regulatory logic has actually undergone a fundamental transformation: it has upgraded from the previous fixed amount “one-size-fits-all” management to a “graded and categorized” management based on customer and transaction risks.

The new regulations require financial institutions to establish dynamic risk assessment profiles for each customer. For customers assessed as low risk (such as ordinary depositors with stable income sources and regular transaction patterns), simplified measures may be adopted when conducting business. Conversely, for “high-risk” situations where the system monitors abnormal transaction behavior or severe discrepancies with customer identity or historical patterns, banks must legally initiate “enhanced due diligence” to thoroughly investigate the sources and destinations of funds, and may impose reasonable restrictions on the customer’s transaction methods and scales, even refusing to conduct business or terminating business relationships if the risk exceeds management capabilities.

Senior industry analysts believe that the dense penalties in March can be seen as a “stress test” and “targeted calibration” by regulatory authorities following the implementation of the new regulations. It sends a clear signal to the market: the cancellation of the 50,000 yuan registration requirement does not mean that banks can relax or abandon their responsibility for conducting customer due diligence. On the contrary, banks need to invest more resources to build a smarter and more precise risk identification and monitoring system to achieve the regulatory goal of “effectively intercepting illegal capital flows without adding unnecessary trouble for law-abiding citizens.”

Building compliance capabilities has become a core competitive advantage

This round of regulatory storm has sounded the alarm for the banking industry, especially for the numerous small and medium-sized banks. A breakdown in the customer due diligence defense line can lead not only to economic penalties and reputational losses but also potentially make them unwittingly involved in money laundering, fraud, and other illegal criminal activities, jeopardizing the institutions’ own stable operations.

From the distribution of fined institutions, rural commercial banks, rural credit cooperatives, and village banks account for a high proportion. This exposes their common shortcomings in compliance investment, technological systems, and professional talent. Compared to national banks, small and medium-sized banks often face greater cost constraints, investing insufficiently in anti-money laundering monitoring systems and big data risk control models, relying more on manual reviews and experiential judgments, which are inadequate for addressing complex and concealed illegal capital activities. At the same time, there may also be gaps in the training of grassroots staff regarding compliance awareness and professional capabilities.

Even among large state-owned banks, some grassroots branches have not been spared. This reflects that even with a complete system at the head office level, there may be “attenuation” in the transmission and implementation of policies at the frontline outlets. Ensuring that unified compliance standards are executed without compromise at every service terminal nationwide is a long-term issue for governance in large banking institutions.

In the face of upgraded regulatory rules and strengthened enforcement, the banking industry urgently needs to shift from “passively dealing with inspections” to “actively building risk control systems.”

“For our banking institutions, anti-money laundering compliance has increasingly shifted from a ‘cost item’ that passively meets regulatory requirements to a ‘core competitive advantage’ related to the survival and development of banks,” said the aforementioned senior banking practitioner. Banks must reassess the positioning of customer due diligence. At the retail end, they should optimize due diligence processes to balance anti-money laundering compliance with financial service accessibility, avoiding exacerbating financial exclusion due to excessive risk control; at the corporate end, they should establish standardized processes for identifying beneficial owners, utilizing cross-verification with business data and credit data, rather than relying solely on customer self-reports.

For rural financial institutions, there is an urgent need to seek a compliance model of “warming together.” Given that individual village banks and rural commercial banks find it difficult to bear high technical investment and talent costs, industry insiders suggest that provincial federations or leading banks can establish shared anti-money laundering service centers to provide centralized customer risk rating, suspicious transaction monitoring, due diligence training, and other services for local institutions, reducing the compliance costs for individual institutions.

It is particularly important for banks to establish a “regulatory sandbox” mindset and proactively conduct compliance self-assessments. Given that the new Anti-Money Laundering Law has raised the maximum penalty to 10 million yuan and allows for a “double penalty system” (penalizing both the institution and responsible individuals), banks must establish a proactive compliance assessment mechanism, conduct risk investigations on existing customers, and carry out special audits on high-risk business lines, rather than waiting for regulatory penalties before making passive corrections.