Alipay was found to have committed serious breaches of Luxembourg’s anti-money laundering and counter-terrorist financing (AML/CFT) obligations, including failures to report suspicious transactions and verify customer identities, the country’s financial regulator concluded in an administrative decision dated 19 May 2025 and announced on 2 September 2025. The company, one of the world’s largest digital payment platforms, operates in Europe through its Luxembourg entity, Alipay (Europe) Limited SA, which is authorised as an electronic money institution. The Luxembourg Financial Sector Supervisory Commission (CSSF) imposed a fine of €214,000 following an on-site inspection.
Major AML/CFT breaches
The CSSF said Alipay failed to file suspicious transaction reports in six cases linked to counterfeit goods despite red flags generated by its monitoring system. Three of those cases concerned accounts that were closed without notification to the Financial Intelligence Unit, in breach of the requirement to report promptly when reasonable grounds for suspicion exist.
The inspection also revealed that Alipay processed alerts with significant delays, undermining its ability to respond quickly to suspicions of money laundering or terrorist financing. Sanctions-related alerts were similarly delayed, meaning restrictive measures could not have been applied without immediate effect if necessary.
Customer verification failures
The regulator found missing identification documents for clients and beneficial owners, leaving identities unverified. It also concluded that Alipay did not apply compensatory safeguards for non-face-to-face relationships, despite acknowledging exposure to fake “know your customer” documentation.
In three client cases reviewed, the company failed to investigate unusual transactions or inconsistencies between merchant activities and products sold, even where documents on file were incoherent.
Weak controls and oversight gaps
The CSSF reported that Alipay’s blocking process allowed transactions to continue on accounts already flagged for suspicion of money laundering or incomplete due diligence. Outsourcing arrangements lacked sufficient detail and monitoring, preventing effective oversight of delegated tasks.
The compliance monitoring plan was deemed “too generic” with no clear controls or key performance indicators, and the second line of defence failed to conduct regular checks on outsourced obligations. The regulator concluded that Alipay’s framework breached multiple provisions of the AML/CFT Law, the AML/CFT Grand-ducal Regulation and CSSF Regulation No 12-02.
In setting the €214,000 fine, the CSSF said it considered the gravity and duration of the breaches, Alipay’s financial situation, and the company’s cooperation during the proceedings. It noted that corrective measures had been taken after the inspection to address the shortcomings identified.
Paprjam could not immediately reach Alipay for a comment.
