Lemonway’s €100,000 AML fine, mounting regulatory pressure on Worldline Belgium, and persistent rumors of operational issues at Worldline Italia (formerly Axepta) have reignited concerns over anti-money laundering failures across Europe’s fast-growing payment industry. These developments highlight not only firm-specific issues but also systemic vulnerabilities in how payment service providers and electronic money institutions manage financial crime risks. As national regulators intensify scrutiny, the spotlight is shifting toward operational resilience, due diligence rigor, and the broader capacity of non-bank financial entities to meet Europe’s evolving AML standards.
Table of Contents
Lemonway AML Failures Spark €100,000 Penalty
The Italian central bank has issued a formal €100,000 administrative fine against Lemonway SAS, a French-based payment institution operating in Italy, citing serious anti-money laundering (AML) failings. According to the May 2025 ruling, Banca d’Italia found significant violations across key AML pillars, including deficient organizational controls, inadequate customer due diligence procedures, and a lack of active collaboration in identifying suspicious activity. These shortcomings were in breach of multiple articles of Legislative Decree 231/2007, which transposes the EU’s Fourth and Fifth AML Directives into Italian law.
The investigation was prompted by ongoing supervisory activity that revealed systemic control weaknesses. Specifically, Lemonway was found to have breached obligations under Articles 7, 15 through 20, and 23 through 25 of the AML decree. These articles mandate risk-based procedures, internal control systems, and client verification protocols to prevent the misuse of the financial system for money laundering and terrorist financing. Banca d’Italia also cited failure to adhere to its own regulatory provisions issued in 2019 concerning internal organization and adequate verification measures.
Despite Lemonway having the opportunity to contest the findings, the firm failed to present additional counterarguments or mitigating evidence, leading to the final ruling on May 7, 2025. The penalty reflects both the gravity of the lapses and the importance placed by Italian regulators on rigorous AML compliance for non-bank financial institutions.
This is not Lemonway’s first brush with regulatory headwinds. The fintech has grown rapidly as a white-label payment facilitator for marketplaces, crowdfunding platforms, and online commerce providers, operating across France, Italy, and other European jurisdictions. But with scale has come scrutiny. As Lemonway continues expanding its footprint, national regulators appear increasingly wary of the AML risks posed by PSPs acting as quasi-banking entities without matching the operational rigor of traditional institutions.
Worldline Faces Regulatory Pressure in Belgium While Rumors Swirl in Italy
While Lemonway faces direct financial penalties, another European payments giant is experiencing regulatory discomfort. Worldline, a leading payment processor headquartered in France, is reportedly under close observation by Belgian authorities for potential AML and compliance deficiencies through its Worldline Belgium operations.
Belgium’s Financial Services and Markets Authority (FSMA) and the Ministry of Finance have recently intensified their scrutiny of regulated payment and fintech entities. According to confidential sources familiar with the matter, Worldline Belgium is among the institutions facing detailed inquiries related to the effectiveness of its customer due diligence systems and transaction monitoring frameworks. These investigations are understood to focus on cross-border payment corridors and potential exposure to higher-risk merchant categories.
At the same time, Worldline’s Italian arm, formerly Axepta SpA, is rumored to be struggling with a significant operational backlog in its AML compliance workflows. Market insiders point to delays in onboarding reviews, transaction monitoring alerts, and escalations to senior compliance personnel. While not officially confirmed, the growing backlog has reportedly drawn attention from Italy’s central bank as well, especially after the Lemonway case raised broader concerns about sector-wide vulnerabilities.
These developments come at a delicate time for Worldline. In late 2023 and early 2024, the firm had already been contending with the fallout of share price volatility and leadership reshuffles. Now, regulators appear to be sharpening their focus on the company’s compliance infrastructure as part of a wider reassessment of third-party payment platforms and their role in managing AML obligations.
It is worth noting that Worldline is not alone in facing increased regulatory attention. Across Europe, PSPs and EMIs have been expanding services and onboarding new customers at pace, sometimes faster than internal compliance frameworks can adapt. This has created a fragmented and sometimes fragile compliance landscape, where firms are vulnerable to supervisory action if control gaps emerge.
Systemic Weaknesses in PSP and EMI AML Controls
The Lemonway penalty and the mounting scrutiny on Worldline raise uncomfortable questions about the state of AML compliance across Europe’s payment institutions. Over the past decade, the payment ecosystem has become more complex and layered, with many fintechs and EMIs acting as intermediaries between banks and end-users. While this has fueled innovation and accessibility, it has also introduced considerable AML risk.
Payment institutions and EMIs are subject to EU AML laws such as Directive (EU) 2015/849 (as amended), and their transpositions in local law, such as Italy’s Legislative Decree 231/2007 and Belgium’s Law of 18 September 2017 on the prevention of money laundering. These frameworks impose requirements on firms to conduct risk assessments, verify customer identity, monitor transactions, report suspicious activity, and maintain internal controls. However, the effectiveness of implementation varies widely across firms and jurisdictions.
In recent years, the European Banking Authority (EBA) has repeatedly flagged concerns about inconsistent AML supervision among PSPs and EMIs. In its 2024 thematic review, the EBA found that many firms lacked sufficiently detailed risk assessments, with inadequate resourcing in second-line compliance functions. Some relied heavily on manual processes, while others failed to differentiate between higher and lower-risk customer segments.
A persistent issue across the sector is the challenge of balancing user experience and speed with regulatory requirements. Many PSPs compete on rapid onboarding and seamless payments, which can lead to “AML shortcuts” or automation blind spots. Combined with limited direct oversight (especially for firms operating under passporting regimes), this creates opportunities for financial crime actors to exploit system loopholes.
Moreover, the distributed nature of PSP business models often leads to AML responsibilities being shared across multiple entities or delegated to third-party service providers. This complicates ownership of risk and can result in gaps in monitoring, reporting, or escalation. In cases like Lemonway’s, national regulators are starting to clamp down on firms that treat AML compliance as a box-ticking exercise.
The issue is particularly acute in cross-border contexts. Firms that operate in multiple EU member states often must reconcile differing interpretations of AML laws by national authorities, leading to fragmented internal practices and uncertainty over best-in-class compliance standards. The European Commission has sought to harmonize supervision through the upcoming EU Anti-Money Laundering Authority (AMLA), but implementation remains years away.
Until then, national supervisors are likely to continue individual enforcement actions and targeted inspections. Italy’s Banca d’Italia and Belgium’s FSMA are stepping up efforts, and more high-profile penalties could follow, particularly if large institutions like Worldline do not demonstrate timely remediation of flagged issues.
Conclusion – Growing Regulatory Expectations for Payment Firms
The €100,000 fine imposed on Lemonway is a clear signal that European regulators are no longer willing to tolerate weak AML controls from payment and fintech firms. With Worldline now under pressure in both Belgium and Italy, the spotlight is turning toward broader deficiencies within the sector. While PSPs and EMIs have helped reshape the financial landscape, their role in facilitating legitimate and illicit flows alike has attracted increased scrutiny.
Firms in this space must understand that regulators are raising the bar. AML compliance is not a back-office formality but a critical risk management function that needs strategic investment and continuous improvement. This includes robust internal controls, scalable onboarding procedures, real-time monitoring, and strong escalation channels for suspicious transactions.
As AML enforcement picks up pace across the EU, firms that fail to act may face not just financial penalties, but reputational damage and operational disruption. For Lemonway, the warning is already in black and white. For Worldline, the clock may already be ticking.
Related Links
- Italy’s Legislative Decree No. 231/2007 (Consolidated AML Law)
- Banca d’Italia AML Supervision Rules
- Belgium AML Law of 18 September 2017
- EBA Risk-Based Supervision Guidelines
- EU AML Authority (AMLA) Regulation Proposal
Other FinCrime Central Articles About Payment Service Providers (PSPs)
- Dramatic Worldline Stock Drop Highlights Compliance Risks in the Payment Industry
- AML fines Europe: a costly wake-up call for PSPs and EMis
- Jack Dorsey’s Block Inc. Faces $40 Million Fine Over Alleged Crypto Compliance and AML Failures
- Wise Faces Scrutiny Over AML Controls: A Closer Look at Regulatory Actions
Source: Banca d’Italia
Some of FinCrime Central’s articles may have been enriched or edited with the help of AI tools. It may contain unintentional errors.
Want to promote your brand with us or need some help selecting the right solution or the right advisory firm? Email us at info@fincrimecentral.com; we probably have the right contact for you.
