Alibaba and AUS Merchant Services Pay $600M to U.S. Regulators

Image shows alibaba group logo together with icons of usd coins on the left and the u S Doj logo on the right | complycube

On 1st July, 2026, Alibaba and AUS Merchant Services Inc. agreed to pay the U.S. Department of Justice (DOJ) a $600 million settlement after allegations that they did not stop over 80,000 unlawful product sales between 2016 and 2024. Both companies entered into a non-prosecution agreement and accepted responsibility for strengthening their compliance programs.

Undetected Illegal Transactions

Alibaba Group Holding Limited is a China-based marketplace that connects U.S. consumers to international sellers, and AUS, formerly known as Alipay, operates as the primary payment processor for their platform. The alleged illicit transactions amounted to over $200 million, which U.S. watchdogs uncovered across more than 40 undercover investigations.

Heading reads alibaba and aus pay whopping 0m for selling illicit products | complycube

The items sold on Alibaba included illegal pharmaceuticals, controlled substances, and regulated chemicals. Under the Federal Food, Drug, and Cosmetic Act (FDCA) and other federal laws, the sale of these products is prohibited.

The DOJ accused Alibaba and AUS, noting that their Anti-Money Laundering (AML) controls were weak and unable to fully prevent merchants from engaging in illegal activity. Moreover, despite multiple employees raising concerns about deficiencies in the company’s identity verification and AML framework, Alibaba failed to act on them.

Financial Crime in the Marketplace and Payments Industry

The rise of criminal activity in the marketplace and payments industry poses a huge risk to consumers, businesses, and financial systems. The global eCommerce market is projected to exceed $3.88 trillion in 2026, accounting for 56% of global sales. With this, almost 3.2% of annual eCommerce revenue is lost to payment fraud globally.

3.2% of total annual eCommerce revenue is lost to payment fraud globally.

Despite the scale and convenience of these digital marketplaces, a portion of this revenue still leaks into criminal activity. Alibaba is one of the biggest marketplaces in the world, generating over $148 billion at the end of its fiscal year in March 2026. At the outset, this is a large sum, however, it still highlights the small fraction of the vast marketplace economy.

Without active compliance, criminals use eCommerce sites to carry on and profit from illicit activity.

The risks are not limited to just Alibaba or AUS. According to the 2026 Global eCommerce Payments & Fraud Report, 45% of merchants say real-time payment fraud is a significant form of fraud attack. Additionally, 80% identify technological infrastructure as one of their biggest fraud challenge. This case was not only an eCommerce moderation challenge but also a failure in payments and AML controls, highlighting the dangers of fragmented monitoring.

Tysen Duva, the Assistant Attorney General of the Justice Department’s Criminal Division, notes, “Without active compliance, criminals use eCommerce sites to carry on and profit from illicit activity.” In this Alibaba and AUS case alone, over four enforcement bodies, including the Federal Deposit Insurance Corporation (FDIC) and the Internal Revenue Service Criminal Investigation (IRS-CI), were involved. Authorities are now treating platform-enabled illegal activity as a multi-agency issue, highlighting how quickly marketplace compliance failures can escalate into a coordinated federal matter. 

What Should Have Happened Instead?

Despite multiple warnings from internal employees, Alibaba and AUS had deep failures in their compliance infrastructure. From eCommerce moderation to identity verification and transaction monitoring, both firms failed to detect high-risk activity at every layer. 

The penalty spoke for itself: Alibaba paid a criminal monetary penalty of $125 million and forfeited $200 million, while AUS agreed to pay a criminal monetary penalty of $85 million and forfeit $190 million. A strong prevention framework could have prevented these costly consequences:

1. Risk-tiered merchant onboarding

Segment merchants by geography, product category, and transaction behavior. Ensure increased scrutiny of higher-risk merchants through beneficial ownership checks, source-of-funds verification, and more. You can learn more here: The Risk-Based Approach in AML.

2. Product risk review

Review products on an ongoing basis. Listings that include controlled or restricted items must automatically trigger re-screening, manual investigations, and senior management approval before products are listed again.

3. Sanctions and watchlist screening

Perform AML screening on merchants and associated parties against sanctions, watchlist, Politically Exposed Persons (PEPs), and adverse media data sources. Run it on an ongoing basis to detect new risks. You can learn more here: Global Sanctions Check Guide.

4. Ongoing monitoring

Ensure that risk scoring, alert generation, and case management run continuously throughout the entire customer lifecycle. This ensures that any merchant who displays suspicious patterns after onboarding will be identified early. 

5. Control testing and internal audit

Continually review and test if existing controls can actually catch sophisticated prohibited listings, suspicious merchant behavior, and payment anomalies. All compliance decisions must be logged clearly and timely.

Marketplaces and payment processors alike must demonstrate end-to-end accountability from onboarding through post-sale monitoring. A layered friction model can make off-platform migration harder and easier to catch before dirty money moves. The cost of non-compliance cannot be overlooked, stay ahead, or risk million-dollar penalties and trust erosion.

Fortify your fraud prevention and identity verification solutions with complycube | complycube

Find out more AML news in ComplyCube’s Trust Edition newsletter. We explore the latest in developments across identity verification and AML globally. 

Table of Contents

More posts

Illustration representing merrill lynchs sec fine featuring the merrill lynch bull logo a us flag money icon and compliance check symbols on a light blue background | complycube

Merrill Lynch Fined $7.5M Over AML Failures

Merrill Lynch was fined US$7.5M by the SEC over AML reporting failures, adding to a wider history of regulatory penalties across SAR filings, trade reporting, derivatives reporting, governance gaps, and investor protection issues....
Cryptocubed the september crypto newsletter | complycube

CryptoCubed June Newsletter: Binance MiCA Failures and FinCEN Stablecoin Rule

In June, we cover new global regulatory requirements for crypto firms. We cover the Binance MiCA license challenges, FinCEN's latest stablecoin rule, the infamous Southeast Asian fraud network, Hong Kong's warning on AI, and more!...
Illustration of a u S Bank account application showing approve review and reject outcomes for cip requirements customer identification program requirements and cip compliance | complycube

How CIP Requirements Impact U.S. Banks

Explore what CIP requirements mean for banks, why basic data matching is no longer enough, and how risk-based identity verification helps prove trust, detect fraud, handle exceptions, and retain audit-ready evidence for audits....