Stone said it initially found the company was non-compliant in 2014 after a desk-based review.
"We worked with them to achieve an acceptable standard of compliance and they agreed that they would maintain it."
But since then the company had not only failed to maintain an ongoing level of compliance but it had allowed it to deteriorate which Stone said was unacceptable.
"Due to the diverse nature of products and services offered by CSDL, it's vital that they assess their risks and put a robust AML/CFT programme in place.
"This is usually driven by a competent compliance officer however, the compliance officer at CSDL did not have the depth of understanding of AML/CFT requirements and did not ensure on-going compliance."
Stone said it required the company to take immediate action to rectify all areas where it was non-compliant with its AML/CFT obligations and would continue to monitor CSDL and consider further enforcement action if it engaged in conduct that did not comply.
CSDL's chief executive and compliance officer Jerome Concison said the company had hired external consultants to work with it in reviewing its AML/CFT compliance programme, including our documentation and implementation.
''We will work with our supervisor, the DIA, on a timetable for rectification. Obviously the focus is on getting things correct,'' he said.
It was ''disappointed'' that it found itself in a position where its supervisor considered it had allowed its compliance standards to deteriorate. The company accepted without question that a full review of its compliance program was required, and likely some remedial work will be necessary.
With external consultants it would ensure that all staff, especially senior management, were fully aware of requirements.
''The risks within the business will be a focus to ensure that ongoing compliance is sustained,'' said Concison.
Since the AML law came into force on June 30, 2013 the DIA has issued 30 formal warnings.
It issues a formal warning when it has reasonable grounds to believe an entity has "engaged in conduct that constitutes a civil liability act".
If an entity does not comply the DIA can take further civil or criminal action. Penalties for a civil case are up to $200k for an individual and up to $2 million for a corporate.
For a criminal case they range from imprisonment for up to two years or a fine of up to $300k for an individual or a fine of up to $5 million for a corporate.
Two money remitters have so far been prosecuted under the AML/CFT Act.
Ping An Finance was pinged for $5.29 million plus costs and an injunction was placed on its director stopping them from providing financial services.
Qian DuoDuo received a penalty of $356,000 plus costs.
Since the AML/CFT Act came into force on 30 June 2013, the Department has issued 30 formal warnings, either for failure to meet particular risk assessments or AML/CFT programme obligations or for failing to submit an annual AML/CFT report.