The European Union’s new AML package, which consists of Regulation (EU) 2024/1620 (AMLAR), Regulation (EU) 2024/1624 (AMLR), and Directive (EU) 2024/1640 (AMLD), marks the most far-reaching reform of Europe’s anti-money laundering rules to date. Its impact will be felt across a wide spectrum of financial institutions, including banks, investment firms, insurers, payment institutions, crypto-asset service providers (CASPs), and a wide range of other obliged entities which now face a single, harmonised rulebook and a new supervisory authority (the Frankfurt-based AMLA).
With implementation deadlines fast approaching, institutions need a clear plan to adapt. Here’s what a practical, very high-level roadmap under the new framework could look like.
Step 1: Understand the new landscape
Unlike previous directives that allowed Member States significant flexibility, the new AML Regulation applies directly across the EU, ensuring uniform standards for all obliged entities. This harmonisation aims to eliminate loopholes that criminals exploit through regulatory fragmentation.
The creation of the Anti-Money Laundering Authority (AMLA) is equally transformative. AMLA will directly supervise certain high-risk institutions and coordinate national authorities, ensuring more consistent enforcement across the bloc. For cross-border players, this means preparing for EU-level scrutiny in addition to local oversight.
Step 2: Reassess customer due diligence and risk models
The rules significantly raise the bar for customer due diligence (CDD) and risk assessment:
- Obliged entities must strengthen their risk-based approach frameworks, with clearer criteria for enhanced due diligence.
- Beneficial ownership checks will need to be deeper and more systematic.
- Ongoing monitoring must be integrated into business processes, not treated as a one-off check at onboarding.
For insurers, this may mean closer scrutiny of complex products. For CASPs, greater transparency around wallet ownership. For investment firms, better governance of client suitability checks. Across all sectors, technology will be important, as manual approaches seem to be less viable.
Step 3: Embrace real-time monitoring
With instant payments becoming standard in the EU, real-time transaction monitoring is now a regulatory expectation. Traditional post-event checks are simply too slow when illicit funds can move across borders in seconds.
Obliged entities should invest in monitoring systems capable of detecting anomalies on the spot, supported by AI and advanced analytics. But regulators will very likely expect explainability: decisions made by algorithms must be auditable and defensible. For smaller firms, this may mean relying on vendor solutions or shared utilities, provided governance is strong.
Step 4: Prepare for AMLA’s supervision
For the first time, a single EU authority will play a central role in AML/CFT supervision. AMLA will directly oversee selected high-risk obliged entities and coordinate national competent authorities to ensure consistent application of the rules.
This means obliged entities should expect more benchmarking across peers, as AMLA’s SupTech tools will allow it to compare performance and spot outliers. Governance and accountability will be under the microscope, and boards must be able to demonstrate ownership of AML risks and compliance strategies.
Step 5: Plan ahead for 2026 and beyond
The AML package sets milestones extending into 2026, when AMLA will be fully operational and the harmonised rulebook fully applied. For obliged entities, 2025 should be treated as a transition year: an opportunity to strengthen systems, test new models, and embed cultural change before enforcement intensifies.
Those who act early will not only reduce regulatory risk but also gain strategic advantages. Strong AML/CFT frameworks enhance trust with clients, investors, and regulators, and create operational efficiencies that reduce long-term costs.
Conclusion
The new EU AML framework is a watershed moment for all obliged entities. Harmonised rules, tougher due diligence requirements, real-time monitoring expectations, and the creation of AMLA signal a step-change in Europe’s approach to financial crime.
For obliged entities, the roadmap is clear: understand the new landscape, reassess risk and CDD, embrace technology for real-time monitoring, prepare for EU-level supervision, and plan ahead for full implementation. Those who see compliance not only as an obligation but also as a strategic opportunity will be best placed to thrive in the new era of financial integrity.
Leave a Reply