The new AML/CFT Regulation, the sixth AML/CFT Directive and the future EU AML/CFT supervisor

On 19 June 2024, the Regulation of the European Parliament and of the Council on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (‘AMLR’) was published in the Official Journal of the European Union. AMLR will enter into force on the twentieth day following its publication and will apply from 10 July 2027. On 19 June 2024 was also published the Directive of the European Parliament and of the Council on the mechanisms to be put in place by the Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849 (‘AMLD6’). AMLD6 shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union. Member States have three years from its entry into force to transpose the AMLD6 in their national legislation.

The existing European anti-money laundering and counter terrorism financing (‘AML/CFT’) legal framework has brought forth substantial achievements, yet experience has shown that further improvements should be introduced to adequately mitigate money laundering and terrorist financing (‘ML/TF’) risks and to effectively detect attempts to misuse the Union’s financial system for criminal purposes.

For this reason, the legislative choice was made to opt for a Regulation instead of a Directive with a view of achieving more harmonisation. Directives are not directly applicable and only provide for minimum rules which Member States are required to implement through national legislation while regulations are directly applicable in Member States. Concretely, this means that the rules contained in the AMLR, the ‘single rulebook’, set forth detailed substantive requirements, which will be directly applicable in the same way in all Member States of the European Union.

The AMLR will particularly provide for EU-wide rules on (i) the scope of obliged entities, (ii) internal policies, controls and procedures of obliged entities, (iii) customer due diligence, (iv) beneficial ownership transparency, (v) reporting obligations, (vi) record-retention and (vii) measures to mitigate risks deriving from anonymous instruments.

Our focus will be on the new regulations that will directly impact the financial sector and/or the national AML/CFT supervisor.

Broading of scope of obliged entities: AMLR expands the scope of obliged entities to include Crypto-Asset Service Providers (‘CASPs’), crowdfunding platforms and other high-risk sectors. Virtual IBANs are for the first time included in the scope of application defined as: “an identifier causing payments to be redirected to a payment account identified by an IBAN different from that identifier1 Moreover, customer and beneficial owner identification requirements have been extended to virtual IBANs.2

This expansion aims to address emerging risks associated with virtual currencies and ensure that AML/CFT rules are applicable to new financial technologies.

Enhanced due diligence obligations (‘EDD’) for specific transactions have been included.  These EDD obligations will need to be performed by CASPs for cross-border correspondent relationships. Secondly, credit and financial institutions will have to conduct EDD measures for business relationships with high net-worth individuals, with a total wealth exceeding EUR 50,000,000, involving the handling of assets under management exceeding EUR 5,000,000. In addition, all obliged entities will have to conduct EDD measures for occasional transactions and business relationships involving high-risk third countries, based on an assessment to be conducted considering the lists drawn up by the Financial Action Task Force (FATF).

Limit and controls on cash payments: An EU-wide maximum limit of EUR 10,000 is set for cash payments. Member States will have the flexibility to impose a lower maximum limit if they deem necessary, based on specific national risks.

Customer due diligence measures:

To ensure that risks of non-implementation or evasion of targeted financial sanctions are appropriately mitigated, obliged entities shall verify whether the customer and/or the beneficial owners are subject to targeted financial sanctions. It should also be noted that, in the context of legal entities, both natural and legal persons that control the legal entity or hold more than 50% of the proprietary rights or majority interest of that legal entity, whether individually or collectively, must also be verified against the targeted financial sanctions lists.3 As is currently the case, the obligations in the context of the targeted financial sanctions are rule-based.

Definition of Beneficial Ownership:

The definition of beneficial ownership has been refined to enhance transparency and prevent illicit financial activities. The updated definition of beneficial owner under the AMLR is more comprehensive and aims to provide a clearer framework in order to identify the individuals who ultimately own or control legal entities and arrangements.

The concept remains largely unchanged, beneficial owners are the natural persons who:

  • have, directly or indirectly, an ownership interest in the corporate entity; or
  • control, directly or indirectly, the corporate or other legal entity, through ownership interest or via other means.

It shall be noted that it has been clarified that control via other means shall be identified independently of, and in parallel to, the existence of an ownership interest or control through ownership interest.

The threshold to determine ownership interest in a corporate entity has been set at 25% or more of the shares or voting rights or other ownership interests in the corporate entity, including rights to a share of profits, other internal resources, or liquidation balance. It has been clarified that all shareholdings at every level of ownership shall be considered. Adopting a risk-based approach, Member States can identify categories of corporate entities exposed to higher ML/TF risks, and propose a lower threshold to the Commission. The lower threshold shall however not be lower than 15%4.

Records shall be kept of the actions taken to identify the beneficial owner. In case no beneficial owner(s) could be determined, a statement must accompany this, justifying why it was not possible to determine the beneficial owner(s).

The requirement to provide the details of all natural persons who hold the position of senior managing officials is no longer conceived as the identification of a beneficial owner but as an alternative fall-back option5.

Furthermore, stricter requirements have been provided for the reporting of discrepancies with information contained in beneficial ownership registers. Obliged entities shall report any discrepancies they find between the information available in the beneficial owner register and the information they are obliged to collect under the AMLR. The discrepancies shall be reported without undue delay and, in any case, within 14 calendar days of their detection. When reporting such discrepancies, obliged entities shall accompany their reports with information they have obtained indicating the discrepancy and whom they consider to be the beneficial owners and, where applicable, the nominee shareholders and nominee directors.

Rules Central registers of beneficial ownership information (‘Central Registers’):

AMLD6 provides for enhanced rules regarding beneficial ownership information and their recording in Central Registers. It is foreseen that ‘beneficial ownership information of legal entities and legal arrangements, information on nominee arrangements and information on foreign legal entities and foreign legal arrangements’ are recorded in those Central Registers.

To ensure the accuracy of data included in the Central Registers, Central Registers shall ‘verify, within a reasonable time following submission of beneficial ownership information and on a regular basis thereafter, that the information submitted is adequate, accurate and up-to-date’. In cases of inconsistencies or inaccuracies detected, Central Registers shall ‘withhold or suspend the proof of registration in the Central Register, until the failures have been corrected’. Furthermore, the data shall be screened against designations in relation to targeted financial sanctions.

Centralised automated mechanisms:

Pursuant to AMLD6, the centralised automated mechanisms (in Luxembourg, currently the central register of bank accounts, CRBA) shall include information on bank accounts (including virtual IBANs) and payment accounts, securities accounts, crypto-asset accounts and safe deposit boxes, and those centralised automated mechanisms shall be interconnected at EU level, to enable Financial Intelligence Units ‘to obtain swiftly cross-border information on the identity of holders of bank accounts and payment accounts, securities accounts, crypto-asset accounts and safe deposit boxes in other Member States, which would reinforce their ability to effectively carry out financial analysis and cooperate with their counterparts from other Member States’.

The future EU AML/CFT supervisor

On 19 June 2024, the Regulation of the European Parliament and of the Council establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism and amending Regulations (EU) No 1093/2010, (EU) 1094/2010, (EU) 1095/2010 (‘AMLAR’) was published in the Official Journal of the European Union. AMLAR will enter into force on the twentieth day following its publication and will apply from 1 July 2025. The Anti-Money Laundering Authority (‘AMLA’) shall start direct supervision of selected obliged entities (‘SOEs’) in 2028.

As was announced on 22 February 2024, the seat of will AMLA be located in Frankfurt am Main (Germany).


Legal status, structure and general objectives of AMLA

AMLA will be a Union body with legal personality and ‘shall be accountable to the European Parliament and to the Council for the implementation’ of AMLAR.

AMLA’s structure shall be composed of a General Board (divided in two compositions: Supervisory and FIU), an Executive Board, a Chair, an Executive Director and an Administrative Board of Review.

In accordance with Article 1 paragraph 3 of AMLAR, AMLA’s objective will be ‘to protect the public interest, the stability and the integrity of the Union’s financial system and the good functioning of the internal market’.

To that end, AMLA shall:

i. Prevent the use of the Union’s financial system for the purpose of ML/TF,

ii. Contribute to identify and assess risks and threats of ML/TF, both across the internal market and those originating from outside the Union,

iii. Ensure high-quality AML/CFT supervision,

iv. Contribute to supervisory convergence in AML/CFT across the internal market,

v. Contribute to the harmonisation of practices in the detection of suspicious flows of monies or activities by Financial Intelligence Units (‘FIUs’), and

vi. Support and coordinate the exchange of information between FIUs and between FIUs other competent authorities.

With regard to supervision, AMLA will have a dual role: 1) it shall supervise directly a pre-defined number of SOEs, which shall be selected among the obliged entities (‘OEs’) as defined under the AMLR and 2) it shall act as indirect supervisor for the non-selected obliged entities (‘NSOEs’) and more generally as AML/CFT supervisor for the whole financial sector (e.g. by monitoring developments across the internal market in relation to ML/TF, by collecting and analysing information provided by national authorities, etc., as provided for by Article 5 of AMLAR).

It should be noted that AMLA shall also have missions relating to FIUs, as well as to the supervision of the non-financial sector. Those missions are not developed hereunder.


Direct supervision of SOEs

For SOEs, AMLA shall, in accordance with Article 5 paragraph 2 of AMLAR, ensure compliance of SOEs with the requirements applicable to them pursuant to AMLR and to Regulation (EU) 2023/1113 (‘TFR’, please see the dedicated page), carry out supervisory reviews and assessments at the level of individual entities and at group-wide level, participate in group-wide supervision, develop and keep up to date a system to assess the risks and vulnerabilities of the SOEs by means of structured questionnaires and other tools. For SOEs, joint supervisory teams, involving staff from national authorities of the countries where the SOE operates, shall be created.

With regard to, the selection of SOEs, as a preliminary step, AMLA will determine how many SOEs it will directly supervise (that number cannot be lower than 40), in accordance with Article 13 paragraph 2 of AMLAR.

Then, as a first step, AMLA, in collaboration with national financial supervisors, shall carry out an assessment for OEs operating in at least six Member States and classify them according to their risk file as either ‘low’, ‘medium’, ‘substantial’ or ‘high’ risk.

The methodology for classifying the inherent and residual risk profile shall be established separately by AMLA depending on the categories of OEs (credit institutions, collective investment undertakings, etc.). For each category of OEs, the ‘assessment methodology shall be based on the risk factor categories related to customer, products, services, transactions, delivery channels and geographical areas’.

The OEs that have been selected for this assessment and that are classified as high risk (residual) are eligible OEs, i.e. OEs classified as high risk present in at least six Member States.

AMLA will then select for the purposes of direct supervision, among the eligible OEs, considering the following criteria:

  • OEs operating in the highest number of Member States, and if this criterion is not sufficient (for instance, if entities number 39, 40 and 41 all operate in the same number of Member States),
  • OEs that have the relatively highest ratio of transactions with third countries (compared to the total volume of transactions).

It should be noted that where in a Member State no high-risk OE qualifies as a SOE, an additional selection process shall be carried out by AMLA in that Member State, so that in every Member State at least one entity be directly supervised by AMLA.

Indirect supervision by AMLA

In addition to the direct supervision competence of AMLA, AMLA shall also indirectly supervise the whole financial sector for AML/CFT purposes.

To that end, AMLA shall especially:

  • monitor developments across the internal market and assess threats, vulnerabilities and risks in relation to ML/TF,
  • collect and analyse information, from its own supervisory activities and those of the national competent AML/CFT authorities, on weaknesses identified in the application of AML/CFT rules by OEs, the risk exposure of OEs, the sanctions imposed, and the remedial actions taken,
  • develop, in cooperation with national competent AML/CFT authorities, a harmonised AML/CFT supervisory methodology detailing the risk-based approach regarding supervision,
  • coordinate thematic reviews to be carried out by national authorities at European level, if relevant,
  • establish and keep up to date a central database of AML/CFT information, including e.g. statistical information, information about administrative measures and pecuniary sanctions, etc.,
  • facilitate the functioning of the AML/CFT supervisory colleges in the financial sector,
  • contribute, in collaboration with financial supervisors, to the convergence of supervisory practices and the promotion of high supervisory standards in the area of AML/CFT.

Fees for the functioning of AMLA

The fees levied by AMLA will impact SOEs, as well as NSOEs which ‘operate in at least six Member States, including the home Member State, either through establishments or under the freedom to provide services in the Member States other than the Member State where the [OE]‘s head office is established, regardless of whether the activities are carried out through an infrastructure in their territory or remotely’, in accordance with Article 77 paragraph 1 of AMLAR.

Article 77 paragraph 5 of AMLAR allows national authorities to continue to levy fees on the OEs which will have to pay fees to AMLA, including the SOEs, as the national authorities will be involved in the joint supervisory teams.

There will however be coordination between AMLA and national authorities with regards to the level of the fees, in accordance with Article 77 paragraph 4 of AMLAR, indicating that AMLA ‘shall communicate with the relevant financial supervisor before deciding on the final fee level so as to ensure that supervision remains cost-effective and reasonable for all [OEs] in the financial sector.

For further information on AMLA please refer to the following page of the European Commission website: AMLA – European Commission (

1 Article 2 (26) AMLR.

2 Article 22., 3.

3 Article 20 1) (d) AMLR.

4 Article 52 (2) AMLR.

5 Article 22 and 63 (4) AMLR.