AML Compliance in France (2026): TRACFIN, Enforcement, and What Fintechs Need to Operationalize

France is one of Europe's most active AML enforcement environments. It's a FATF founding member, home to one of the EU's most active financial intelligence units, and a jurisdiction where regulators have shown they will act — against banks, fintechs, and crypto platforms alike. For regulated businesses operating in France, AML compliance is not a background function. It shapes licensing, banking relationships, and market access.

This guide covers the France-specific AML layer: the regulatory framework, TRACFIN obligations, sector-specific risks, and enforcement context. For the underlying AML system architecture — identity ingestion, risk engine, monitoring and enforcement layers — see our AML Requirements guide.

The Legal Framework

French AML obligations are anchored in the Code Monétaire et Financier (CMF), regularly updated to align with FATF standards and EU AML directives. The current framework reflects AMLD5 implementation, with France actively preparing for the EU AML Regulation (AMLR) and the new EU AML Authority (AMLA), which will directly supervise the highest-risk entities across the EU from 2026.

A 2024 update to the CMF introduced new requirements for digital asset service providers (DASPs), implementing MiCA (EU Markets in Crypto-Assets Regulation) at the national level. This makes France one of the first EU jurisdictions to have a clear post-MiCA AML framework for crypto businesses.

Regulatory Authorities

TRACFIN (Traitement du renseignement et action contre les circuits financiers clandestins) is France's financial intelligence unit. It receives suspicious transaction reports, analyses financial intelligence, and coordinates with law enforcement and international partners. TRACFIN received over 165,000 suspicious transaction reports in 2022 — with reports from payment institutions and fintechs growing the fastest of any sector.

ACPR supervises banks, payment institutions, e-money institutions, and most fintechs for AML/CFT compliance. It conducts inspections, issues findings, and imposes sanctions for compliance failures.

AMF covers investment firms, fund managers, VASPs, and securities markets. It has been increasingly active in AML enforcement against crypto platforms specifically.

Ministry of Economy and Finance oversees broader AML policy and transposition of EU directives into national law.

France's FATF Standing

France is a founding FATF member and underwent its most recent Mutual Evaluation in 2022. The evaluation rated France as largely compliant with nearly all FATF recommendations, with high effectiveness scores in supervision and international cooperation.

Key areas where France received strong ratings:

• Supervisory effectiveness (ACPR and AMF coordination)
• TRACFIN operational capacity and international information sharing
• Beneficial ownership framework (though access restrictions have since tightened further)

Areas under continued monitoring include non-financial sector coverage and consistency of enforcement across DNFBPs — which directly informs the 2025 expansion of supervision to real estate agents and legal professionals.

Sector-Specific AML Risks and Requirements

Fintechs and Payment Institutions

Payment platforms and fintechs operate under ACPR supervision with specific AML expectations around:

• Risk-based CDD at onboarding, documented and tiered
• Ongoing transaction monitoring with real-time or near-real-time alert capability
• TRACFIN reporting — increasingly scrutinised for volume and quality, not just existence
• KYB for business clients, including UBO verification (covered in our KYB Compliance in France guide)

Crypto and DASPs

France was one of the first EU states to implement a structured VASP/DASP registration regime under AMF. AML obligations for DASPs include:

• Full CDD and KYB on all clients — individual and business
• Travel Rule compliance for crypto asset transfers above €1,000
• Transaction monitoring adapted to crypto-specific typologies (mixing, layering through multiple wallets, privacy coins)
• TRACFIN reporting — the AMF has been explicit that DASPs are expected to contribute meaningfully to France's suspicious activity reporting

In 2023, prosecutors launched investigations into crypto platforms for weak CDD controls, with Binance's French operations among those scrutinised. The AMF has denied or revoked registrations for platforms unable to demonstrate adequate AML infrastructure.

Real Estate and Luxury Goods

Real estate agents, notaries, and luxury goods dealers are obliged entities under the CMF. Enhanced supervision of these sectors was a specific outcome of France's 2022 FATF evaluation, which identified gaps in non-financial sector coverage. Since 2025, real estate agents face significantly stricter AML expectations — relevant for any platform serving or partnering with this sector.

Legal and Accounting Professions

Lawyers, accountants, and auditors are designated non-financial businesses and professions (DNFBPs) under TRACFIN's supervision. These sectors have historically operated with lighter compliance infrastructure — which creates friction when onboarding them as business clients.

TRACFIN Reporting in Practice

Suspicious activity reports must be submitted to TRACFIN via the ERMES platform. The obligation applies to all obliged entities and covers:

• Transactions or relationships where the source of funds or business purpose cannot be established
• Activity inconsistent with the declared nature of the client relationship
• Patterns suggesting layering or structuring
• Any situation where the firm suspects proceeds of crime, regardless of amount

Key operational requirements:

• Records must be retained for 5 years after the relationship ends
• Documentation must be available to TRACFIN within 30 days upon request
• TRACFIN can request information proactively — not just in response to filed reports

France's TRACFIN is one of Europe's most active FIUs. Report volume from fintech and payment institutions has grown significantly year over year, and regulators have been clear that low reporting volume from a platform serving high-risk client segments will itself attract scrutiny.

Enforcement: What Has Actually Happened

France's AML enforcement record is concrete enough to be instructive:

• 2023: Prosecutors launched investigations into crypto platforms for weak CDD controls. Binance's French operations were among those scrutinised — one of the highest-profile AML enforcement actions against a crypto business in the EU.
• Luxury goods seizures tied to money laundering cases have been reported, with assets in the tens of millions of euros.
• ACPR and AMF penalties have been imposed on banks and investment firms for failing to identify UBOs — a finding that directly implicates business onboarding processes.
• VASP registrations have been denied or revoked for inadequate KYC and AML infrastructure.

The pattern: enforcement is not limited to egregious cases. Systematic gaps in CDD, KYB, or monitoring infrastructure are themselves grounds for regulatory action.

What Increased Scrutiny Means Operationally

For fintechs and regulated platforms, France's AML environment in 2026 translates into a few practical realities:

Documentation quality matters. ACPR inspections assess whether AML controls are operationally real — not just whether a policy document exists. Audit trails need to be complete, accessible, and structured for review.

Monitoring must connect to onboarding. Many platforms build adequate CDD at account opening but fail to extend it into lifecycle monitoring. This is a recurring ACPR finding and a specific gap in TRACFIN's view of fintech compliance.

Third-party relationships are in scope. Vendors, payment processors, and KYC providers used by regulated entities must themselves meet French AML standards. Contracts must specify compliance responsibilities.

Crypto counterparties require status checks. For any platform transacting with crypto businesses, verifying AMF registration or MiCA authorisation status is now part of the business verification workflow.

VOVE ID is used by fintechs and regulated businesses operating in France to build onboarding and monitoring workflows that hold up under ACPR and AMF scrutiny — identity verification, KYB, sanctions screening, and audit-ready documentation in one system. If you're building or reviewing your AML infrastructure for the French market, talk to our team.

This article is intended for general informational purposes only and does not constitute legal, financial, or regulatory advice. KYC requirements may vary depending on jurisdiction, industry, and specific business circumstances. For up-to-date and binding compliance obligations, readers should refer to the relevant regulatory authorities or consult qualified professionals.