From criminal activity to ever-increasing regulatory pressure, there are plenty of risks associated with forex platforms that can lead to substantial losses—leaving many traders extremely vulnerable. To stay safe and while keeping revenues high, many FX businesses need to balance customer onboarding, AML/CTF compliance, and fraud prevention. Here’s our comprehensive guide to making all this possible.
Why should you read this?
Forex trading is more popular than ever. With a traded volume level of more than $4 trillion a day, forex has also become a lucrative target for financial criminals. To deal with this growing threat, regulations are tightening considerably.
A West London-based forex firm was hit with £7.8 million ($10,8m) in fines after failing to meet AML obligations. This comes as part of a wider crackdown on money laundering and those organizations which fail to adequately detect it. “This record fine shows we mean business, so get your house in order before we come knocking”— regulators warn.
Forex platforms have no time to hesitate on regulatory compliance—and we’re here to help. With this article, we’ll guide you through the latest regulations and present professional KYC/AML practices for forex platforms, helping maximize efficiency and avoid harsh penalties for non-compliance.
The highlights
- How regulations impact forex platforms
- The importance of CDD and KYC
- Key regulatory requirements
- The new anti-money laundering directive
- How Sumsub can help
- Steps you can take to generate growth
How regulations impact forex platforms
As FX trading is a global activity, there isn’t one set of regulations that applies to all forex platforms (there is a FATF Risk-based Approach Guidance for the Securities Sector, but it does not have the force of law). Instead, there are multiple types of regulations, which vary depending on where forex platforms operate. Nevertheless, some of these regulations overlap across multiple jurisdictions—particularly those related to anti-money laundering (AML) and countering the financing of terrorism (CTF).
To stay in line with AML/CTF regulations, forex platforms need to enact policies and procedures that combat all forms of financial crime. This includes setting up adequate internal systems for spotting suspicious activities and reporting them to authorities. In addition, robust Customer Due Diligence (CDD) and Know Your Customer (KYC) procedures should be applied to verify customers and take precautions against money laundering and terrorist financing risks.
The importance of CDD and KYC
CDD applies to all procedures that AML-obligated entities use to verify customer identities, background information, and risk levels. When performed correctly, CDD measures identify high-risk individuals at an early stage, preventing companies from being exposed to money laundering, fraud, terrorist funding, and other financial crimes.
When establishing a business relationship with a client, the first (and most important) CDD measure is to perform KYC. This is to ensure that the clients are who they say they are. In order to achieve this, the business should obtain key information about the customer (name, address, date of birth, and so on) and verify the accuracy of this information.
CDD shouldn’t stop after the KYC stage, however. Existing customers should also be subject to CDD measures through ongoing monitoring, as customer risk profiles may change over time. Accordingly, businesses should take customers’ account activity into consideration, in addition to ensuring that all their KYC documentation remains up to date. Record-keeping is also a necessary part of ongoing CDD, which helps businesses have a clear picture of their customers throughout the entire lifecycle.
In unison, these steps help businesses prevent—or promptly react to—any crises and stay compliant with regulations.

Key regulatory requirements
Every forex platform has to effectively comply with AML/CTF regulations of their jurisdiction. These requirements may differ from country to country, so platforms should take care when choosing the jurisdiction for their business registration and brokerage license.
Below you’ll find a list of key laws, regulations, and jurisdictions that forex platforms need to comply with. Click on the country to learn more.
High-requirement jurisdictions
These are jurisdictions with high capital requirements ($20 million+), along with detailed reporting obligations and significant operating expenses. Customer complaints to regulatory agencies overseeing these jurisdictions may result in severe consequences, including seven-figure fines.
USA
Legislation:
Regulating body:
- The Financial Industry Regulatory Authority (FINRA) writes and enforces rules governing the activities of all registered brokers in the United States. To conduct securities transactions or any other business with investors in the U.S., both firms and individuals must be registered with FINRA.
Complying with CDD requirements:
- Identifying individuals: Collect their name, date of birth, address, and an identification number (typically a social security number). It is also required to create a customer risk profile and conduct ongoing monitoring.
- Identifying entities: Collect their name, principal place of business, office location, or other physical location of operations or presence, identification number, employer identification number (EIN), and beneficial ownership information.
Penalties for non-compliance: A fine of over $1,000,000.
Japan
Legislation:
Regulating body:
- The Financial Services Agency (FSA) is the watchdog for regulated forex brokers. To obtain a forex license in Japan, brokers need to follow its guidance.
Complying with CDD requirements:
- Identifying individuals: Collect their name, address, and date of birth (has to be verified from valid customer identification documents: a driving license, passport, alien registration card or any other acceptable documents), details on their profession and other occupations, purpose of transaction, status of asset and revenue, confirmation of personal identification data of the person in charge of the transaction, confirmation of agency power for the person in charge of the transaction. For higher risk customers, it is also required to verify assets and income.
- Identifying entities: Collect name, location of the head or main office, the nature of the company, purpose of transaction, identity of beneficial owner. For higher risk customers, it is also required to verify assets and income.
Penalties for non-compliance: A fine of up to ¥3,000,000 ($27,215) for individuals and up to ¥300,000,000 ($2.7m) for legal entities. The maximum penalty is imprisonment of up to two years for responsible persons.
Moderate-requirement jurisdictions
Reputable jurisdictions with high to moderate capital requirements, moderate expenses, and reporting.
Malta
Legislation:
- The Prevention of Money Laundering Act (Chapter 373 of the Laws of Malta);
- The Implementing Procedures, issued in terms of Regulation 17 of the Prevention of Money Laundering and Funding of Terrorism Regulations (PMLFTR).
Regulating body:
- Malta Financial Services Authority (MFSA) is the regulating authority for all forex brokers in Malta. To carry out their activities in Malta, brokers should be authorized by the MFSA.
- Financial Intelligence Analysis Unit (FIAU) is a government agency established under the Prevention of Money Laundering Act. The Unit is responsible for monitoring compliance with AML provisions.
Complying with CDD requirements:
- Identifying individuals: Collect their name, address, place and date of birth, identity card reference number (where available) and nationality.
- Identifying companies: Collect their name, registration number, date of incorporation or registration, and registered address or principal place of business.
Penalties for non-compliance: A fine up to €5,000,000 ($5.9m) mor the equivalent of 10% of total annual turnover (according to the latest financial statements).
Cyprus
Legislation:
Regulating body:
- Cyprus Securities and Exchange Commission (CySEC) is the financial regulatory agency of Cyprus that oversees and provides licenses to forex brokers.
Complying with CDD requirements:
- Identifying Individuals: Collect their name, address, telephone and fax numbers, e-mail address, signature, date and place of birth, details on their profession and other occupations, including the name of their employer.
- Identifying entities: Collect their name, registration number, office address, location of the head or main office, telephone numbers, fax numbers, e-mail address, the members of the board of directors, the persons that are duly authorised to operate the accounts of the company and act on behalf of the company, the registered shareholders, the business profile of the company.
- Specific procedures required by CySEC: Check the adequacy of the data and information pertaining to the customer’s identity and economic profile when:
- an unusual or significant transaction takes place;
- there is a change in the customer’s legal status and situation;
- there is a change in the rules and methods of customer account operation.
Penalties for non-compliance: An administrative fine of up to €200,000 ($235,250). In case the offense continues, an additional administrative fine of up to €1,000 ($1170) is imposed for each day.
Australia
Legislation:
- Registered AML Rules (Australian Transaction Reports and Analysis Centre);
- Australian Anti-Money Laundering and Counter Terrorism Financing Act 2006;
- Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1).
Regulating bodies:
- The Australian Securities and Investment Commission (ASIC) regulates forex trading in Australia.
- The Australian Transaction Reports and Analysis Centre (AUSTRAC) is responsible for monitoring the AML compliance of financial institutions. Financial institutions are required to register and enroll their business with AUSTRAC.
Complying with CDD requirements:
- Identifying individuals: Collect their name, date of birth, and address.
- Identifying companies: Collect their name, addresses of registration and principal place of business, registration number (either their Australian Company Number or Australian Registered Body Number), the nature of the company, and the names of the directors. Only the name, legal form and registration number must be verified.
Penalties for non-compliance: A civil penalty of up to A$4,440,000 for an individual and up to A$22.2 million for a corporation. This is the maximum penalty applied, where the penalty unit amount is $222.
*Under the Notice of Indexation of the Penalty Unit Amount, a penalty unit is currently $222. Penalty units are used to calculate fines for various offences. Fines are calculated by multiplying the value of one penalty unit by the number of units that offence carries.
Low-requirement jurisdictions
Jurisdictions with low to moderate regulatory environments, capital requirements, operating expenses, and minimal reporting
Belize
Legislation:
Regulating body:
- The International Financial Services Commission (IFSC) regulates forex brokers in Belize.
Complying with CDD requirements:
- Identifying individuals: Collect their name, address, date and place of birth, nationality, contact details, signature, purpose of the account and the nature of the business relationship.
- Identifying corporate customers: Collect their name, principal place of business and registered office, contact details, board resolution, certificate of incorporation, identities of all account signatories and details of their relationship with the company, identity information on the natural persons with a controlling interest in the corporate entity.
- Non-face-to-face identification: Take specific and adequate measures to compensate for the higher risk. This includes communicating with the customer at an address that has been verified, two-factor authentication, requiring copy documents to be certified etc.
Penalties for non-compliance: A fine of up to $25,000, imprisonment up to 3 years, or both.
Bulgaria
Legislation:
- Measures Against Money Laundering Act, 2008, amended in 2018;
- The 4th EU Money Laundering Directive (the new amendments to the law implement the Directive into Bulgarian legislation).
Regulating body:
- The Bulgarian Financial Supervision Commission (BFSC) regulates the forex market in Bulgaria.
Complying with CDD requirements:
- Identifying individuals: Collect their name, date and place of birth, personal identification number/unique Identification number of client, nationality, country of permanent residence, address.
- Identifying UBOs: Collect information on entities, legal persons and other bodies that directly or indirectly control a company.
Penalties for non-compliance: A fine ranging from $300-$3,000 for individuals, $600-$6,000 for legal entities. The penalties are to be applied monthly until the requested information is duly registered.
Least regulated jurisdictions
These jurisdictions have weaker institutional control and less detailed legislation than others. Only offshore companies fall into this category. It is worth considering that companies registered in offshore jurisdictions are almost always regarded by counterparties as high risk partners / providers / clients, etc.
Marshall Islands
Legislation:
Regulating body:
- The Marshall Islands have no local forex trading regulatory bodies. However, there are a number of forex brokers in the Marshall Islands that are authorized and licensed by different types of international regulatory bodies, such as CySEC of Cyprus, and others. Therefore, if a company is regulated by CySEC it must comply with all the requirements set out by CySEC, including its branches.
Complying with CDD requirements:
- Identifying individuals: Collect their name, address, telephone and fax number, date and place of birth, nationality, details on their profession and other occupations, including the name of their employer, a copy of their passport or national ID, signature, purpose of the account and the potential account activity, written authority to obtain independent verification.
- Identifying entities: Collect their certificate of incorporation, Articles of Association, location of their head office or registered agent, description and nature of their business, board resolution, the names and addresses of all officers, directors, and beneficial owners, confirmation that the corporate entity has not been struck off the register or is not in the liquidation process, purpose of the account and the potential parameters of the account, written authority to obtain independent verification.
Penalties for non-compliance: A civil penalty up to $10,000 per violation for any willful violation of any record-keeping; up to $500 per violation for any negligent violation of any requirement.

The new anti-money laundering directive
On December 3, 2020, the Sixth Anti-Money Laundering Directive (6AMLD) took effect in the European Union to ramp up the fight against money laundering. The directive affects KYC/AML procedures and was supposed to be implemented by financial institutions by June 3, 2021.
The directive does not require businesses to significantly change their KYC/AML procedures. Rather, these procedures must be updated to align with the latest definition of “money laundering,” as well as the new list of predicate offenses:
- The definition of “money laundering” now expands to property as well as the acquisition, concealment, and distribution of all physical and virtual assets stemming from illegal activities, be it money, artworks, or real estate.
- The extended list of predicate offenses now covers cyber and environmental crime. The latter includes the illegal wildlife trade, air pollution, and other crimes that impact the environment. 6AMLD also took further measures to incriminate persons if they know “or ought to have known that someone is involved in money laundering activities.”
Click here to find our practical advice on complying with 6AMLD.
How Sumsub can help
With Sumsub, forex platforms can enjoy quick and easy KYC that converts even the least motivated users in minutes. The verification process requires just two photos from the users and takes just a couple of minutes. As a result, the business can increase conversion by 30% or greater.

Sumsub’s identity verification platform enables businesses to increase customer conversion—all while ensuring compliance with regulations worldwide (ongoing monitoring, record keeping and so on). The solution is globally applicable, as its approach and methodology are carefully designed according to the latest recommendations on AML and CTF.
The bottom line

As the forex market grows and generates more interest across the globe, scammers become an ever-increasing threat. However, if you put time and effort into implementing professional KYC and AML practices, you’ll minimize the risk of fraud and other dangers. Plus, you’ll be best-equipped to deal with constantly shifting regulations, avoiding steep fines and penalties along the way.