Internet Explorer 11 (IE11) is not supported. For the best experience please open using Chrome, Firefox, Safari or MS Edge

EU AML Reforms

Our Banking and Financial Services teams reflect on ten important aspects of the incoming EU AML regime and identify what firms should be looking out for.

A game-changing package of EU AML reforms has come into sharper focus following the announcement that provisional political agreement has been reached on key proposals. We reflect on ten important aspects of the incoming regime, providing a run-down of what firms should be looking out for as we await the final texts.


The European Commission put forward its package of AML reforms back in 2021. At the time, a new directive and three new regulations were proposed to strengthen EU AML/CFT laws, achieve greater harmonisation, and create a “common supervisory culture”. The recast Funds Transfer Regulation having left the blocks ahead of the pack last year to tackle traceability of funds and crypto-asset transfers, the three remaining proposals are now nearing the finish line in the EU legislative process. These are:

  • The AML Regulation: A regulation setting out directly applicable AML requirements for the private sector, creating a so-called “single rulebook”;
  • 6ALMD: A directive broadly addressing member state AML/CFT mechanisms, including the operation of competent authorities and financial intelligence units and repealing 4AMLD; and
  • The AMLA Regulation: A regulation establishing the European Anti-Money Laundering Authority (AMLA), a new EU-wide AML supervisor.

With the provisionally-agreed texts still unpublished at the time of writing, we must look to the original proposals and recent EU press releases for signposts of what is to come. Here are ten things you need to know.

1. The supervisory landscape is going to change, but some will feel it more than others

AMLA will preside at the heart of a new integrated EU supervisory system, operating alongside national supervisors. It will play a crucial role when it comes to supervision, enforcement, and the development of technical standards. Importantly, only certain high-risk obliged entities will find themselves directly supervised by AMLA. While all obliged entities will experience the impact of AMLA’s new brief to some degree (not least when it comes to complying with technical standards), directly-supervised entities will feel it most palpably.

The provisional agreement reached last month indicates that AMLA can supervise up to 40 groups and entities in the first selection process. These will include certain types of credit and financial institutions, including most crypto asset service providers. For all other obliged entities, supervision will remain primarily at national level.

Firms may be keen to find out how the dynamic between AMLA and the CBI evolves and how this affects the supervisory experience. While the prospect of Ireland hosting AMLA can’t yet be ruled out, it remains to be seen whether Dublin’s bid can trump rivals such as Frankfurt, Madrid, or Vienna. With AMLA expected to be operational this year, the winner should be unveiled soon.

2. A single AML rulebook is in sight

With the arrival of the AML single rulebook, firms may look forward to clearer, more granular rules when it comes to the mechanics of discharging their AML/CFT obligations. Relevant rules currently housed in 4AMLD will be reformulated as directly applicable provisions under the new AML Regulation, supplemented by future technical standards. While increased clarity and harmonisation of AML measures is likely to be welcomed, some may view the rulebook as a double-edged sword if more prescriptive requirements prove challenging to execute in areas such as beneficial ownership – more on this later.

3. The regulatory reach is expanding

The proposals expand the range of obliged entities to include certain financial and non-financial sector participants. Notable among the new additions are crypto asset service providers (CASPS) and crowdfunding service providers. CASPS must apply CDD measures when carrying out transactions amounting to €1,000 or more.

4. Cash payments to be put in check

An EU-wide maximum limit of €10,000 will be set for cash payments, with member states retaining the discretion to impose a lower maximum. Obliged entities will also be required to identify and verify any person who carries out an occasional transaction in cash between €3,000 and €10,000.

5. A more standardised approach to Customer Due Diligence Measures

The single rulebook provides more detail to obliged entities on the ‘what’ and ‘how’ of the various measures to be applied. For example, the draft AML Regulation provides further detail on customer identification and verification practices, including the conditions under which electronic identification can be used. Standard data sets for the identification of natural and legal persons are expected to follow in the form of technical standards. If the final regime can deliver a more frictionless CDD experience by reducing room for interpretation, increasing certainty and creating a more level playing field across the financial sector, that could go a long way for both customers and obliged entities.

6. Beneficial ownership: 25% threshold to stick but regulatory obligations will ramp up

The treatment of beneficial ownership is one of the most eagerly anticipated and hotly debated areas of the reform package. One indication likely to be welcomed by industry is that the existing 25% beneficial ownership threshold has remained intact, having survived challenge by the European Parliament, who during political trilogues proposed to reduce it to 15% (and as low as 5% in certain higher risk scenarios).

However, it should be noted that in other material ways, the new rules could “up the ante” on firms’ beneficial ownership obligations, for example:

  • The original text of the AML Regulation allows member states to decide that a percentage lower than 25% may be an indication of ownership or control.
  • The concept of control is given additional prominence as an integral element of beneficial ownership, with further clarity provided on the meaning of “control by other means”. Firms will need to ensure their assessments of beneficial ownership properly incorporate the concepts of both ownership and control as defined under the new rules.
  • Regarding the treatment of layered ownership structures, the Commission’s original proposal indicated that beneficial ownership should be assessed “on every level of ownership”. This met opposition from industry who argued it departed from the established practice of multiplying through the layers of ownership. The Council’s recent press release confirmed that “related rules applicable to multi-layered ownership and control structures are also clarified to make sure hiding behind multiple layers of ownership of companies won’t work anymore”. Firms will need to await the final text before the extent of these requirements will be known.
  • Information submitted to the central register of beneficial ownership will need to be verified.
  • Real estate registers will need to be accessible to competent authorities through a single access point. Registration of beneficial ownership is required for all foreign entities that own real estate with retroactivity until 1 January 2014.

7. The application of enhanced due diligence (EDD) will be expanded

The requirement to complete EDD measures will be reinforced and expanded under the new rules, to include the following situations:

  • Cross-border correspondence relationships for CASPs;
  • Business relationships with certain high net-worth individuals involving the handling of a large amount of assets; and
  • Occasional transactions and business relationships involving high-risk third countries, based on an assessment by the Commission linked to FATF listings.

8. Clearer requirements for internal policies and procedures

The original text of the proposed AML Regulation clarifies requirements on the internal policies, controls and procedures that form the building blocks of obliged entities’ AML/CFT frameworks, with special provision for groups and branches/subsidiaries in third countries. AMLA is also tasked with preparing guidelines on considerations for firms when deciding on the extent of their internal policies, controls and procedures. Detailed requirements are included to ensure the effectiveness of compliance functions, which must be provided with adequate resources, including staff and technology. This could provide important food for thought for firms should the new rules increase the workload of second line control functions.

9. Financial sanctions considerations to be aware of

The draft proposals incorporate financial sanctions considerations into the AML/CFT regulatory regime, which arise for example in the context of firms’ risk assessment obligations and the scope of internal policies, controls and procedures. It’s also understood that entities or arrangements associated with sanctioned persons or entities will need to be flagged in the context of beneficial ownership registers. Noting concerns expressed by industry about the prospect of parallel sanctions supervisory systems, the incorporation of sanctions provisions represents a further watch item for the final texts.

10. More rules on reliance and outsourcing

The original text of the AML Regulation clarifies the conditions under which reliance and outsourcing can (and cannot) be carried out on a risk-based approach. The rules detail not only the conditions for reliance, but also the required processes and timelines to be followed, including in relation to group reliance arrangements. It will be important for firms to familiarise themselves with the final rules and consider them alongside existing regulatory obligations on delegation and outsourcing.

Next steps

While the developments above represent important signposts for the incoming regime, the publication of the provisionally agreed texts should provide a clearer indication of the direction of travel on key areas, as well as the timelines involved. The AML Regulation, as originally drafted, provided for the application of its requirements three years after its entry into force. Similarly, the draft 6AMLD proposal required transposition into national law three years after the date of entry into force.

Once approved formally by the Parliament and the Council, the final texts will be published in the Official Journal. Firms will need to review these carefully and start thinking about how their AML/CFT (and sanctions) frameworks will need to adapt. Equally, Irish transposing regulations (in respect of 6AMLD), and any future technical standards and guidelines will all require prompt and detailed review. New obliged entities and large or complex institutions in particular may find the wheels turning on their implementation plans sooner rather than later.

How we can help

Across our financial services sector practice, we have deep specialist knowledge of not just the legal issues, but also of the industry issues affecting the sector. We are uniquely well-positioned to guide our clients through the challenging times ahead, so please don't hesitate to contact a member of our FS Sector team to discuss these or any other legal or regulatory topics of concern.

For more information, please contact a member of our Banking or Financial Services teams.

The content of this article is provided for information purposes only and does not constitute legal or other advice.

Share this: