Since March, more than 20 banks have been fined for violations related to "Customer Due Diligence."

Since the beginning of the year, China’s banking industry has been going through a regulatory storm targeting the compliance of “customer due diligence.” The intensity of the crackdown and the severity of the penalties are unprecedented. According to statistics compiled by a reporter from the Daily Economic News, as of March 26, more than 20 banks and their branches had already received regulatory fines that month for anti–money laundering violations such as “failing to conduct customer due diligence in accordance with regulations.” The single fine amounts range from 114,000 yuan to 41.746 million yuan.

Everyday Economic News media image library, photo by Han Yang

With banks being punished frequently for reasons including “customer due diligence,” the timing closely aligns with the newly revised “Measures for the Administration of Customer Due Diligence Conducted by Financial Institutions and the Preservation of Customer Identity Information and Transaction Records,” which will officially take effect on January 1, 2026. Regulators are taking a “zero tolerance” stance, reiterating to the entire industry the seriousness of the first line of defense for anti–money laundering.

Why have such penalties emerged in a concentrated burst in March? The reporter’s investigation found that this is not that regulators suddenly tightened their standards. Instead, after the revised Anti–Money Laundering Law of the People’s Republic of China and supporting new regulations were implemented, there has been a fundamental shift in enforcement standards and in how illegal and noncompliant conduct is determined. This is also an inevitable response following the regulatory logic’s transition from a “amount threshold” approach to a “risk-tiering” approach.

Many banks were fined

The reporter noted that since March, in the administrative penalty information disclosure tables published by local branches of the People’s Bank of China, the number of times the category “failing to conduct customer due diligence in accordance with regulations” appears has increased significantly.

From the timeline, the wave of penalties began to build at the start of March. On March 2, CMB (China Merchants Bank) Guizhou Branch was warned and fined 875,000 yuan by the People’s Bank of China Guizhou Provincial Branch for three violations, including failing to conduct customer due diligence in accordance with regulations. The same day, Kaoyang County Rural Credit Cooperatives were fined 650,000 yuan for similar reasons. The next day, Agricultural Bank of China Hegang Branch was fined 250,500 yuan by the People’s Bank of China Hegang Municipal Branch for a single customer due diligence violation. On March 5, Shandong Zhangdian Rural Commercial Bank and Pingxiang Rural Commercial Bank were both “listed” on the same day, receiving fines of 802,000 yuan and 994,300 yuan, respectively, due to the accumulation of multiple violations.

By mid-March, both the frequency and the amount of the fines increased. On March 11, CITIC Bank Zhoushan Branch and Bank of Communications Zhenjiang Branch each received fines of 961,000 yuan and 906,000 yuan, respectively.

March 16 was a “peak day” for penalties that month: Luzhou Bank was heavily fined 41.746 million yuan for multiple anti–money laundering violations, while eight related responsible persons were also held accountable. Meanwhile, Guangfa Bank Luoyang Branch and Postal Savings Bank of China Kizilsu Kirghiz Autonomous Prefecture Branch were also fined 861,600 yuan and 341,000 yuan, respectively.

The next day, Jiangsu Xinghua Rural Commercial Bank and Agricultural Bank of China Shuanghe Bingtuan Branch received fines of 990,000 yuan and 276,000 yuan, respectively. On March 25, Hengfeng Bank Zibo? Branch was warned and fined 265,500 yuan.

Looking at the fined institutions, there are state-owned big bank branches such as Agricultural Bank of China Laiwu Branch and Hegang Branch, Bank of Communications Weihai Branch, Zhenjiang Branch, and Shandong Provincial Branch. There are also joint-stock banks such as CMB Guizhou Branch and Hengfeng Bank Zibo? Branch; city commercial banks such as Changsha Bank Xiangtan Branch; and many rural financial institutions, including Shandong Zhangdian Rural Commercial Bank, Hunan Chengbu Rural Commercial Bank, Guizhou Zunyi Huichuan Rural Commercial Bank, Kaoyang County Rural Credit Cooperatives, as well as multiple township banks such as Guiyang Xiaoh E Technology? Township and Village? Bank, Lingchuan Shentong Township and Village? Bank, and Chongqing Beibei Chuzhou Rural? Bank, among others.

Frequently combined with other violations

After reviewing these penalty notices, the reporter from the Daily Economic News found that “failing to conduct customer due diligence in accordance with regulations” rarely appears by itself as an isolated cause. It is often “bundled” together with other violations.

The most typical combined violations are “failing to report suspicious transactions in accordance with regulations” and “conducting transactions or providing services with customers whose identities are unknown.” For example, the penalty notice for Luzhou Bank clearly lists multiple behaviors, including “failing to fulfill the obligation to identify customers’ identities in accordance with regulations,” “failing to submit reports on large-sum transactions or suspicious transactions in accordance with regulations,” and “conducting transactions with customers whose identities are unknown.” The违规 conduct of Kaoyang County Rural Credit Cooperatives also includes “providing services and conducting transactions for customers whose identities are unknown” and “failing to report suspicious transactions in accordance with regulations.”

This means that banks do not only fail in the customer onboarding stage; there are also serious gaps in the subsequent stages of ongoing monitoring and risk reporting, which effectively exposes accounts to the risk of illegal activities such as money laundering.

In addition, such violations often coexist with weaknesses in basic management. In most penalty notices, “violating financial statistics administration regulations” and “violating account administration regulations” are high-frequency accompanying items. This reflects that some institutions, especially certain grassroots outlets or mid- to small-sized banks, have systematic weaknesses across multiple foundational links in internal control management. Treating customer due diligence as a formality may be just a snapshot of a broader picture—an overall lack of compliance culture and lax internal management.

Thus, it is evident that “failing to conduct customer due diligence in accordance with regulations” is usually the starting point of a systemic risk control loophole, which may spread backward along a clear chain of logic toward the back end.

“The starting point of the violation chain is the formalization of customer identity verification; the middle segment is the absence of ongoing due diligence; and the end segment is the failure of risk reporting and disposition.” A senior professional from a city commercial bank in the western region analyzed for the reporter that the violation combinations shown in the penalty notices have a clear logical chain: weak scrutiny of account opening and approval (violating account administration regulations) is the first step; inability to effectively identify customers’ true identities and backgrounds (failing to conduct customer due diligence in accordance with regulations) is the core failure point; this then leads to an inability to effectively monitor and report abnormal flows of funds (failing to report suspicious transactions); and ultimately may result in the account becoming an illegal funds conduit (transactions with customers whose identities are unknown). Regulatory penalties precisely hit multiple nodes along this risk transmission path, reflecting the principle of “the punishment fitting the offense.”

Build a stronger risk identification system

Why do penalties related to “failing to conduct customer due diligence in accordance with regulations” appear in such concentrated waves? The most direct policy background is that the revised “Measures for the Administration of Customer Due Diligence Conducted by Financial Institutions and the Preservation of Customer Identity Information and Transaction Records” (hereinafter referred to as the “new Measures”), which will officially take effect on January 1, 2026.

The new Measures are designed to be implemented in conjunction with the revised Anti–Money Laundering Law effective on January 1, 2025. They explicitly replace the “customer identity verification” practice used for many years with “customer due diligence.” Behind this terminology shift is a profound change in regulatory thinking—from static “checking identity documents” to dynamic “understanding your customer” (KYC) whole-process management.

Compared with the old rules, one of the most notable changes in the new Measures is the deletion of the mandatory unified requirement that “for personal cash deposits/withdrawals exceeding 50,000 yuan, the source or purpose of funds must be registered.” This was previously misunderstood by part of the public as regulatory “loosening.” However, in fact, the regulatory logic has undergone a fundamental shift: moving from the former fixed-amount “one-size-fits-all” management approach to “tiered and categorized” management based on customer and transaction risks.

The new rules require financial institutions to establish dynamic risk assessment profiles for every customer. For customers assessed as low risk (such as ordinary depositors with stable income sources and regular transaction patterns), simplified measures may be used when conducting business. Conversely, for “high-risk” situations where transaction behavior is abnormal as detected through systematic monitoring and is seriously inconsistent with the customer’s identity or historical patterns, banks must, in accordance with law, initiate “enhanced due diligence,” deeply verify the source and destination of funds, and may impose reasonable restrictions on customers’ transaction methods and volumes. They may even refuse to conduct business or terminate business relationships when the risk exceeds management capacity.

Industry analysts believe that the concentrated penalties in March can be viewed as a “stress test” and “targeted calibration” by regulators after the new rules took effect. It sends a clear signal to the market: abolishing the 50,000-yuan registration requirement does not mean that banks can relax—or even abandon—the responsibility to conduct customer due diligence. On the contrary, banks need to invest more resources to build a more intelligent and precise risk identification and monitoring system in order to achieve the regulatory goal of “effectively intercepting illegal capital flows while not adding unnecessary trouble to law-abiding citizens.”

Compliance capability becomes a core competitive strength

This round of regulatory storms has sounded an alarm for the banking industry, especially the large number of small and mid-sized banks. Failure to maintain the customer due diligence line not only leads to economic penalties and reputational damage; it may also cause institutions to be passively drawn into illegal criminal activities such as money laundering and fraud, jeopardizing their own stable operations.

In terms of the types of institutions penalized, rural commercial banks, rural credit cooperatives, and township banks account for a relatively high proportion. This exposes their common shortcomings in areas such as compliance investment, technology systems, and professional talent. Compared with nationwide banks, smaller banks often face tighter cost constraints and invest insufficiently in building anti–money laundering monitoring systems and in developing big-data risk control models. They rely more on manual reviews and experience-based judgment, leaving them less capable of dealing with complex and covert illegal capital activities. At the same time, training for grassroots employees’ compliance awareness and professional capability may also be insufficient.

Even state-owned large banks have not been immune to issues at some grassroots branches. This reflects that even when systems are well developed at the head-office level, “attenuation” may occur during the transmission and execution of policies down to frontline outlets. Ensuring that unified compliance standards are implemented without compromise at every service endpoint across the country is a long-term governance challenge for large banking institutions.

With regulatory rules being upgraded and enforcement intensity increasing, the banking industry urgently needs to shift from “passively responding to inspections” to “actively building risk control systems.”

“For our bank institutions, anti–money laundering compliance has increasingly transformed from a ‘cost item’ that merely passively meets regulatory requirements into a ‘core competitive strength’ that concerns the bank’s survival and development.” A senior banking industry insider said. Banks must re-examine the positioning of “customer due diligence.” On the retail side, by optimizing due diligence processes to balance anti–money laundering compliance and the availability of financial services, banks can avoid increasing financial exclusion due to overly strict risk controls. On the corporate side, they need to establish standardized procedures for beneficial ownership identification, using cross-validation of business registry data and credit data rather than relying simply on customers’ statements.

For rural financial institutions, they urgently need to explore a compliance model of “looking out for each other.” Given that a single township bank or rural commercial bank may struggle to bear the high costs of technological investment and talent, industry insiders suggest that provincial rural credit cooperatives or primary initiator banks should establish shared anti–money laundering service centers. These centers would provide centralized services to institutions within their jurisdiction, such as customer risk rating, suspicious transaction monitoring, and due diligence training, thereby reducing compliance costs for each individual institution.

It is especially important to note that banks should establish a “regulatory sandbox” mindset and proactively conduct compliance self-assessments. Since the revised Anti–Money Laundering Law has raised the maximum fine limit to 10 million yuan and allows a “dual-punishment system” (punishing both the institution and the responsible individuals), banks must build a preemptive compliance assessment mechanism. They should conduct risk screening for existing customers and conduct special audits for business lines with high risk, rather than waiting until after regulatory penalties to carry out passive rectification.