The establishment of the European Anti-Money Laundering and Countering the Financing of Terrorism Authority (AMLA) marks a historic turning point in the EU’s approach to combating financial crime. The previous patchwork of national regulators with uncoordinated practices is giving way to a centralised authority with direct supervisory powers and robust sanctioning mechanisms. For obliged entities — financial institutions, crypto-asset companies, lawyers, accountants, and many others — this represents a radical transformation of the regulatory landscape. This article is for informational purposes only and does not replace individual legal advice.
Why AMLA Was Created and What It Changes
The impetus for creating AMLA stemmed from a series of scandals that shook confidence in the effectiveness of the existing AML (Anti-Money Laundering) system in the EU. Cases such as those involving Danske Bank in Denmark, Malta, and Latvia demonstrated how disparities in supervisory capacity and compliance standards among Member States create systemic vulnerabilities that flows of criminal money can easily exploit.
The reform is being implemented through the so-called new AML/CFT (Anti-Money Laundering / Countering the Financing of Terrorism) package, which comprises several legislative instruments: the AMLA Regulation establishing the Authority itself; the new AML Regulation (AMLR), which introduces uniform rules directly applicable in all Member States and supersedes the provisions of earlier directives; and the Sixth AML Directive (AMLD6), which governs the mechanisms that Member States must put in place.
AMLA’s seat is in Frankfurt. The Authority directly supervises a specific group of the highest-risk financial institutions, and also coordinates and ensures consistency in the work of national supervisory bodies for all others.
Who Is Subject to Direct AMLA Supervision
AMLA directly supervises selected financial institutions on the basis of criteria that take into account the cross-border nature of their operations and their assessed level of risk. In the first generation of direct supervision, AMLA covers:
Selected credit institutions, payment institutions, and electronic money institutions that are present in at least six EU Member States and have been assessed as high-risk.
Crypto-asset service providers (CASPs) licensed under the MiCA Regulation (The EU’s Markets in Crypto-Assets, Regulation (EU) 2023/1114) that are present in at least four Member States.
Entities selected by AMLA’s own Management Board on the basis of specific risk indicators.
For directly supervised entities, AMLA may conduct inspections, request information, impose interim measures, and levy pecuniary fines directly — without the involvement of a national regulator.
What Changes for Nationally Supervised Entities
Institutions that do not fall under direct AMLA supervision remain subject to the jurisdiction of national supervisory authorities. However, AMLA has powers to:
Adopt Binding Technical Standards and guidelines that harmonise supervisory practices across the EU. This means that national regulators can no longer apply entirely divergent standards with regard to policies, procedures, and risk assessments.
Resolve disputes between national supervisory authorities, which is particularly relevant for financial groups with cross-border presence.
Conduct periodic stress-testing exercises and peer review processes to assess the effectiveness of national supervisory authorities.
In extreme situations, AMLA may assume direct supervision over institutions that a national authority has failed to supervise adequately.
New Substantive Requirements under the AML Regulation
In parallel with the establishment of AMLA, the new AML Regulation harmonises substantive AML/CFT obligations at EU level, eliminates divergences between national implementations, and introduces new rules:
Expanded scope of obliged entities — the new framework broadens the list of obliged entities, explicitly including a wider circle of crypto-asset companies under MiCA, professional football clubs in transactions with agents and players above certain thresholds, and entities in the luxury goods sector.
Risk assessments — requirements for self-risk assessments become more uniform and detailed. Entities must document the factors affecting their risk level: geographic risk, customer risk, product risk, and delivery channel risk.
Enhanced due diligence — new standards for enhanced due diligence in high-risk situations become uniform across the EU. This applies in particular to business relationships with politically exposed persons (PEPs) and customers from jurisdictions under heightened international scrutiny.
Right of access to UBO registers — information on ultimate beneficial owners (UBOs) must be available in harmonised registers across all Member States. There is an obligation to cross-verify UBO data.
Sanctioning Policy: New Standards
AMLA has direct powers to impose administrative measures and sanctions on entities under its direct supervision. For the most serious infringements by directly supervised credit and financial institutions, sanctions of up to 10% of total annual turnover or up to EUR 10 million are provided — whichever is the greater amount; lower maximum amounts apply to other categories of obliged entities. For less serious infringements, lower fines apply, but so does public disclosure of the sanction, which carries reputational risk.
An important new development is the harmonisation of the sanctioning framework at EU level. National regulators can no longer apply dramatically different fine amounts for the same infringements, which was previously one of the factors that directed criminal actors towards jurisdictions with lenient penalty policies.
Preparing Obliged Entities: Priority Steps
For entities that already have AML/CFT programmes in place, the priorities in preparing for the new framework are as follows:
Reviewing the relevance and accuracy of self-risk assessments in light of the new EU standards. The assessment must be documented, up to date, and proportionate to the complexity of the business.
Reviewing Know Your Customer (KYC) and due diligence procedures, with particular attention to practices that were compliant with the previous national minimum but may not meet the new EU standards.
Reviewing UBO verification procedures — ensuring compliance with the newly established standards for identifying and verifying ultimate beneficial owners.
Enhancing systems for reporting suspicious transactions to Financial Intelligence Units (FIUs).
Training employees, particularly those in frontline client-facing roles and compliance functions.
Frequently Asked Questions (Q&A)
Does AMLA also affect entities outside the financial sector, such as lawyers or accountants? Yes. The new AML Regulation continues to cover the so-called “confidential professions” — lawyers, accountants, notaries, and others who provide certain financial or corporate services. Substantive obligations for these entities are being harmonised, but AMLA’s direct supervision is directed primarily at financial institutions. Supervision of professional associations remains predominantly at the national level.
What does it mean to be on AMLA’s list of directly supervised entities? It means that AMLA — not the national regulator — conducts inspections, requests documentation, and may impose sanctions directly. For such entities, a direct interface with AMLA’s processes is essential, along with the potential engagement of specialised EU-level compliance expertise.
When does AMLA’s direct supervision of the first group of institutions begin? Under the applicable legislation and the envisaged timetable, AMLA is to assume direct supervision of the first group of institutions in the near term. The specific dates and the list of first-wave entities should be monitored on the official websites of AMLA and the European Commission, as the details are subject to change.
How does AMLA coordinate with FATF recommendations? AMLA is designed to be consistent with FATF (Financial Action Task Force) standards, which constitute the primary international framework for AML/CFT. AMLA’s technical standards will incorporate FATF recommendations with EU-specific additions, particularly as regards procedural and institutional matters.
Conclusion
AMLA is not merely a new agency — it symbolises the EU’s transition to a significantly more centralised and consistent approach to combating financial crime. For obliged entities, this means a higher compliance threshold, less tolerance for divergent practices, and direct exposure to EU-level sanctions. An early start in adapting brings an advantage: companies that proactively strengthen their AML/CFT programmes before the new standards become mandatory will avoid costly reactive corrections.
If you require an analysis of your AML/CFT programme’s compliance with the new requirements or preparation for a potential AMLA supervisory review, schedule a consultation with our team specialising in financial crime regulation.
Sources: – https://www.consilium.europa.eu/sr/policies/aml-cft/ – https://ec.europa.eu/info/publications/2021-anti-money-laundering-package_en – https://www.europarl.europa.eu/news/en/press-room/20240313IPR19702/new-anti-money-laundering-authority-to-be-set-up-in-frankfurt – https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R1620 – https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32023R1114