The Laundromat – May Edition 2026

Welcome to the May issue of The Laundromat Newsletter. This time we are taking a look at the real estate sector, which – right after the financial sector – is considered particularly vulnerable to money laundering.

Real Estate Sector Needs to Reform AML Measures

It is certainly nothing new that the real estate market is strained and that prices are rising steadily, especially in metropolitan areas. Nor should it come as a surprise that real estate transactions are a popular avenue for money laundering.

Experts estimate that up to 30 billion euros in illegally obtained funds are reinvested in the German real estate market each year: This accounts for approximately 15 to 30 percent of all criminal assets, with a transaction volume of around 250 billion euros.

Money laundering has additional effects that place further strain on the real estate market:

• Driving up real estate prices:

Money laundering leads to a statistically measurable increase in real estate prices. Studies, such as one conducted by the University of Trier, show that a 10% reduction in money laundering activities could lower real estate prices by about 1.9%.

• Market disruption:
  As criminal actors are willing to accept investment losses of 10 to 60 percent in order to “launder” their funds, they can systematically outbid honest market participants, thereby distorting competition in the long term.

Criticism of the Supervision of Notaries in Anti-Money Laundering Efforts

Notaries play a key role in preventing money laundering in real estate transactions, as their offices are required to conduct Know Your Customer (KYC) and Know Your Business (KYB) identification procedures in a manner that is legally compliant and audit-proof. However, these requirements and, above all, regulatory oversight, are increasingly being criticized:

• Extensive obligations:
  In addition to general obligations regarding KYC compliant identification and other organizational and documentation requirements, notaries are subject to strict reporting obligations when certifying real estate transactions. These include, for example, monitoring the prohibition on cash payments (Section 16a of the German Money Laundering Act) as well as specific, non-suspicion-based reporting obligations pursuant to the “Regulation on Matters Subject to Reporting under the Money Laundering Act in the Real Estate Sector” (GwGMeldV-Immobilien).

• Intransparent supervision:
  For many, the anti-money laundering oversight carried out by the 120 presidents of regional courts in Germany is something of a “black box.” This is because, unlike the financial sector – where reporting is highly transparent under the supervision of BaFin – many federal states obscure their oversight activities in the non-financial sector by using aggregated statistics, which at the very least make it difficult to assess the quality and scope of their efforts.

• Shortcomings in “naming and shaming”:
  Furthermore, the legal obligation to publish sanctions (Section 57 of the German Money Laundering Act) is not consistently fulfilled in many federal states, even though this also constitutes a violation of applicable EU law. Only Berlin (Berlin Regional Court II) complies with the transparency requirements and the supervisory quality standards.

• Reforms falling short:
  As oversight is increasingly being transferred to higher courts, such as the Higher Regional Courts, there is a growing call for notary offices to improve the quality and frequency of their audits in order to meet the requirements of the Financial Action Task Force on Money Laundering (FATF).

The overall situation regarding anti-money laundering efforts in the real estate sector reveals a significant gap between legal requirements and their actual implementation by the relevant state authorities, as mafianeindanke e.V. pointed out in January 2026.

In Case You Missed It: AML News Overview

CSSF Imposes Fine on Rakuten Europe Bank for AML/CTF Deficiencies

The Commission de Surveillance du Secteur Financier (CSSF), Luxembourg’s top financial regulator, has imposed a fine of 185,000 euros on Rakuten Europe Bank S.A. for serious deficiencies in its anti-money laundering and counter-terrorist financing (AML/CTF) systems.

The Luxembourg subsidiary of the Japanese fintech group Rakuten Group, Inc., which offers cross-border payment services and e-commerce-related banking solutions throughout Europe, has been found to have various deficiencies.

In particular, the audit identified weaknesses in customer due diligence (CDD) and enhanced due diligence (EDD) procedures, inadequate screening of politically exposed persons (PEPs) and beneficial owners, transaction monitoring, and risk assessment. Furthermore, the bank’s systems for AML risk analysis were deemed outdated, new risks in the crypto sector and regarding Virtual Asset Service Providers (VASPs) were not sufficiently addressed, and the follow-up of transaction anomalies detected by the system was not implemented effectively enough.

With this announcement, the CSSF is once again signaling that Luxembourg maintains a clear zero-tolerance policy in financial supervision. In 2025 alone, it imposed fines totaling 5.2 million euros in over 20 cases for violations of AML requirements, which can be seen as further evidence that it is conducting comprehensive reviews and taking decisive action. But not only there: in the context of the new European Anti-Money Laundering Authority (AMLA), a significant increase in sanctions across the EU is expected.

Rakuten Europe Bank has since implemented extensive measures in response to the identified shortcomings: AI monitoring, additional compliance staff, and a new AML policy. The bank’s customers can breathe a sigh of relief: the identified shortcomings have no impact on customer funds.

The full CSSF report on Rakuten Bank in Luxembourg can be read here.

FinTech Platforms Vulnerable to Organized Money Laundering via Business Accounts

FinTech platforms enable fast, fully digital account opening and offer powerful payment features specifically tailored to freelancers and micro-entrepreneurs, including business payment capabilities in an international context. As a result, they are particularly popular with fraud networks and are considered highly vulnerable to money laundering. To circumvent Know-Your-Customer processes, fraudsters use stolen identities, social engineering, and technical infrastructures such as SIM farms. In doing so, they continuously refine their methods to evade detection systems. So-called mule accounts, which serve as a staging ground for stolen funds, play a key role.

Such verified freelancer accounts are offered for sale on dark web marketplaces, and the financial damage is severe: According to the European Banking Authority (EBA) and the European Central Bank, losses from wire transfer fraud in the European Economic Area were estimated at 2.5 billion euros in 2024, with mule accounts playing a central role.

This shows that one-off KYC checks are insufficient when legitimate users are tricked into completing identity verification processes for accounts they would never use themselves through social engineering. KYC checks become significantly more secure when agents who are continuously trained in money muling and social engineering traps oversee the identity verification process – and, for example, ask targeted questions during a live video call that can uncover signs of identity fraud. Effective fraud prevention also requires a holistic view across the entire lifecycle of an account, as well as the analysis of network structures to identify suspicious connections at an early stage. On this topic, we recommend the blog post by Group-IB.

 

German Consumer Organisation Warns of Fraud via POSTIDENT

Fraudsters specifically exploit the POSTIDENT procedure to take out loans in consumers’ names. They fabricate legitimate reasons, such as security checks or purchase transactions, to trick victims into confirming their identity. A common tactic involves sending fake letters purporting to be from banks. In these letters, recipients are asked to perform a supposed security check or data update via POSTIDENT. In reality, however, they are thereby authorizing a loan agreement with an unknown provider. This scam is also used in private online commerce. Sellers are asked by supposed prospective buyers to identify themselves to “secure” a transaction. At the same time, a loan is being applied for in the background.

The article on POSTIDENT published in Retail News highlights a fundamental tension: while digital identity verification processes enable quick and efficient contract conclusion, they also increase the risk of fraud. However, the problem here lies less in the technology itself and more in psychological manipulation and users’ reliance on familiar procedures. Since the identification process is legally binding, affected parties must go to great lengths to contest contracts after the fact.

 

Further Reading

Identifying Beneficial Owners

There are various reasons why the identification of beneficial owners (also known as “Ultimate Beneficial Owners,” or UBOs) in accordance with the Anti-Money Laundering Act (AMLA) and, in the future, the AMLR, may fail within the framework of Know-Your-Business (KYB) procedures.  WebID demonstrates how regulated companies can successfully identify UBOs in compliance with the AMLR.

Social Engineering

Recent news articles about the POSTIDENT procedure and accounts for freelancers and micro-entrepreneurs show that social engineering is and remains a serious threat. Our glossary entry provides more background information on this fraud method.

Achieving EU AMLR Compliance

The European Anti-Money Laundering Regulation (EU-AMLR) harmonizes anti-money laundering rules across the EU for the first time and will apply directly to all obligated entities starting July 10, 2027. In addition to the financial sector, this also applies to, among others, certified public accountants and companies in the real estate sector. We recommend reading the WebID blog post “Achieving AMLR Compliance.”