The EU’s new AML/CFT Framework

Free Sanctions Screening Guide

Download our free Sanctions Screening Guide and learn how to set up an Effective Sanctions Screening Process in your organization. 

Download Now


A series of recent money laundering scandals, including the Russian Laundromat and Danske Bank, have sparked international concern and calls for greater due diligence. 

The European Commission has been conducting risk assessments to identify and address the threat of cross-border money laundering and terrorist funding, and as a result, the European Union has adopted robust legislation to respond to these challenges at an international level, including a new package consisting of 4 pieces of legislation: 

  • A regulation to establish a supranational authority for Anti-Money Laundering and Countering the Financing of Terrorism; 
  • A proposal for a new 6AMLD directive to be implemented across domestic AML/CFT Frameworks;
  • The development of a single AML/CFT rulebook provides greater clarity to obliged entities.
  • An updated transfer of fund regulation to bring crypto-asset service providers into scope. 

While these regulations are still in draft format, when approved, they will represent the largest overhaul of AML/CFT regulations in the EU’s history. Financial institutions, including cryptocurrency exchanges and blockchains, need to familiarize themselves with these proposals in order to prepare for the inevitable impact on their operations and clients. 

1. The Regulation Establishing The Authority for Anti-Money Laundering and Countering the Financing of Terrorism and Amending Regulations (AMLAR) 

The first piece of legislation sees the creation of AMLA (Anti-Money Laundering Authority), possibly by as soon as 2023. AMLA will take over the administration of the AML/CFT database managed by the European Central Bank and assume a supporting function within the Financial Intelligence Units operated by Europol. AMLA will be entitled to carry out immediate inspections and order administrative action at financial institutions. They will also be able to impose sanctions and significant penalties in response to breaches. 

This move will address the inconsistencies in companies’ varied approaches to cross-border money laundering incidents and create supervisory benchmarks and standards among member states in terms of quality, effectiveness and resourcing. 

AMLA will directly supervise large and complex cross-border financial institutions that are classified as high-risk in one or more member states and five or more countries of operation; as well as credit institutions with local branches/subsidiaries that have been classed as high-risk in at least four or more member states where the entity has been under supervision for significant regulatory breaches. 

Following detailed assessments, AMLA will pick its first set of selected obligated entities in July 2025. These entities will be supervised for three years. 

Firms operating in Europe should follow these developments closely, especially if they are supervised by AMLA and considered at risk for AML/CFT exposure. They should carefully assess who they are doing business with and implement controls and reviews to manage those relationships as much as possible. 

2. Mechanisms To Be Put In Place By the Member States For the Prevention of the Use of the Financial System For the Purposes of Money Laundering/Terrorist Financing

The second piece of legislation is sometimes referred to as the “New 6AMLD” and introduces changes that seek to align practices for supervisors and FIUs. The directive includes a number of amendments and changes to the 6th anti-money laundering directive put forward by the European Commission, including: 

  • The introduction of a National Risk Assessment, which is carried out every four years; 
  • The development of a framework for joint analysis and provision of greater clarity to obliged entities on Suspicious Activity Reports; 
  • The clarification of the power of FIUs and Supervisors;
  • Greater clarification of the powers of beneficial ownership registers and their ability to ensure that information is accurate and sufficient; 
  • Creating a cross-border interconnected register of bank accounts, real estate and safes;
  • Introduction of greater whistleblower protection;
  • Insight and clarification into the legal basis for the processing of personal information. 

This directive will introduce far more complex and intensive requirements for firms conducting customer and employee verification due diligence, including the establishment of UBOs. Firms must ensure that they adopt the proper vetting processes when onboarding leadership and beneficial owners, which will likely require new HR policies. Staff must receive ongoing training to ensure that they are able to meet their new responsibilities and remain up-to-date with the guidance issued by AMLA. Firms operating in the EU must identify local supervisory contacts to remain compliant. 

3. The Regulation On The Prevention Of The Use Of The Financial System For The Purposes of Money Laundering or Terrorist Financing

The third directive (or AMLR regulation) deals with the obliged private sector entities and the creation of a single EU rulebook in order to prevent regulatory divergence. The regulation will expand and limit the scope of which firms should be subject to regulation as obliged entities; it extends to crowdfunding and investment migration operators acting on behalf of non-EU nationals and crypto-asset providers. Crowding platforms will require a licensed or otherwise authorized partner to execute transactions, while the definition of what qualifies as a crypto-asset service provider has been expanded considerably, as was the definition of what constitutes a crypto-asset. 

AMLA will also produce technical, regulatory standards in the coming years, including standards related to internal policies, controls, procedures, SAR common reporting templates, the RBA to PEPs, guidelines on ML trends and outsourcing. 

Financial institutions will have to review their policies to ensure they are updated to reflect these changes and put the necessary governance controls, vetting and ongoing training as per the directive. The directive will also likely impact the nature of the information collected as part of the customer due diligence process, including beneficial ownership, PEPs, customers from high-risk countries etc. 

4. The Regulation On Information Accompanying Transfer of Funds and Certain Crypto-Assets 

The fourth piece of the new package is the transfer of funds regulation which has been updated to bring into scope Crypto Asset Service Providers (CASPs) and deal more effectively with cross-border fund and asset transfers and manage risks for crypto-asset holders and the financial sector. It introduced the FATF’s travel rule, which requires specific information to accompany wire transfers and extended it to the transfer of crypto assets.

Under the TFR portion, information collected by CASPs includes the originator’s name, account number, address, personal document number, identification number/date and place of birth, as well as the name of the beneficiary and their account number. 

Procedures to detect missing or incomplete information must be put into place by firms, as should procedures to assess and request such information, and records must be kept for five years. These procedures should also cover the submission of SARs or STRs when missing or incomplete information triggers investigations that, in turn, create a reasonable basis for the suspicion of money laundering or financial crime. Fines may be issued to non-compliant firms. 

Under the TFR, CASPs must review and determine what new additional transfer controls need to be developed, which technology would be required, and which monitoring/reporting requirements need to be added to their existing AML/CTF frameworks. 

Conclusion

The EU is clearly and aggressively moving towards a unified approach and structured framework to anti-money laundering, as these reforms clearly show. Member states and non-member states alike should ensure that their AML programs are reflective of and aligned with this approach to sustain their economic relationships with the European Union. Failure to prepare could disrupt relationships and operations; a proactive approach is the key to avoiding delays and avoiding fines, and penalties when regulations come into effect.

Subscribe to our Newsletter

Subscribe to our Newsletter right now and never miss again any new Articles, Guides and more useful content for your AML and Sanctions compliance.

More from our Blog

Sanctions on Iran’s Morality Police

🖤The death of 22-year-old Mahsa Amini’s at the hands of Iran’s morality police leads to additional Iranian sanctions. 🇺🇸The U.S. government on Thursday imposed #sanctions on Iran’s