The fight against money laundering and the financing of terrorism (AML/CFT) remains a principal priority for the EU, especially as financial crimes grow more sophisticated and globally interconnected. The existing framework for AML/CFT within the EU primarily relies on AML Directives and FATF Recommendations being transposed individually by member states, leading to varying degrees of enforcement and effectiveness. As a consequence of such disparity, it has increasingly posed challenges to the integrity of the financial systems across the bloc, prompting the need for a more unified regulatory approach.
In response to these challenges, the EU Commission has proposed a legislative package which rests on four legal acts: A Regulation establishing an EU AML/CFT Authority; a new Regulation on AML/CFT (AMLR); a Directive on AML/CFT (AMLD6) and; a recast of the 2015 Regulation on Transfer of Funds (TFR). These four acts constitute an ambitious set of measures to modernise the EU AML/CFT regime as they establish a robust and future-proof enforcement system, which will contribute to improved detection of money laundering and terrorism financing in the Union.
As AMLR and AMLD6 already entered into force earlier this July and will be applicable from 2027, understanding the implications of the proposed legislative package is crucial for participants in the crypto-asset ecosystem. The EU is signalling a move towards stringent oversight, which could bring about significant operational changes for crypto-asset service providers, emphasising the importance of transparency, compliance, and regulatory collaboration.
The trajectory of Anti-Money Laundering and Counter-Terrorism Financing (AML/CFT) legislation within the EU represents a dynamic response to the evolving demands of global finance and security concerns. Beginning with the First Anti-Money Laundering Directive in 1991, which primarily focused on drug-related money laundering, the EU’s legal framework has expanded significantly to include a broader spectrum of crimes and preventative measures. The initial directives laid the groundwork for due diligence and reporting obligations for financial institutions. As the financial landscape grew more complex, subsequent amendments extended these requirements. The Second and Third Directives, introduced in 2001 and 2005, respectively, broadened the scope of covered entities and included provisions for identifying and reporting suspicious transactions.
A significant leap in AML/CFT legislation came with the Fourth Anti-Money Laundering Directive in 2015, which enhanced the measures for due diligence, including explicit requirements for assessing the risks associated with politically exposed persons (PEPs) and high-risk countries. Following closely, the Fifth Directive, implemented in 2018, marked a crucial evolution by addressing the transparency of financial transactions and extending the scope to virtual assets, thus recognising the emerging threats posed by crypto-assets.
As crypto-assets gained prominence, the EU recognised the need for a more robust framework to address the unique challenges these digital assets present. Crypto-assets, with their inherent pseudonymity and cross-border fluidity, require a different approach by competent authorities and persons subject to AML legislation. Moreover, while innovative, the decentralised nature of blockchain technology potentially poses a challenge to the traditional approaches to financial oversight and traceability – although it can also be seen as a boon due to its public traceability. As new crypto-related products and services emerge, they often outpace existing regulatory measures, resulting in blockchain technology and crypto-assets being consistently within the crosshairs of EU regulators.
As mentioned at the beginning of the article, the current framework takes the form of Directives that require transposition into national law by each Member State. The consequence of such an approach is that it often leads to delays in implementation and divergence in national rules, resulting in fragmented approaches across the EU. In addition, the current regime is not detailed or granular enough, so there is insufficient convergence or a central coordination body at the EU level.
These gaps have cumulatively been remedied by the reform and are addressed relying upon the evidence collected from recognised sources, including technical advice from the European Banking Authority (EBA) and questionnaires from Member States. Following the evidence collected, the Commission has identified three key problems: 1) Lack of clear and consistent rules; 2) Inconsistent supervision across the internal market; and 3) Insufficient coordination and exchange of information among Financial Intelligence Units (FIUs).
To address the identified problems, the Commission has opted for an option to ensure a greater level of harmonisation in the rules that apply to entities subject to AML/CFT obligations and the powers and obligations of supervisors and FIUs. Introducing a consistent and more granular approach to the rules at the EU level through the introduction of the Anti-Money Laundering Regulation (AMLR) and the Sixth Anti-Money Laundering Directive (6AMLD) would allow removing the current fragmentation of both as regards AML/CFT obligations for obliged entities, and the activities of competent authorities. It is anticipated that obliged entities that are active cross-border will bring about a level playing field regarding AML/CFT rules and involve savings in implementation costs. Moreover, greater detection and deterrence of money laundering and terrorism financing will be highly promoted through the establishment of the Anti-Money Laundering Authority (AMLA) and a recast of the 2015 Regulation on Transfer of Funds.
The new AML Regulation is a key component of a comprehensive legislative package that seeks to overhaul the existing AML/CFT framework within the EU, aligning it more closely with the latest FATF international standards, especially concerning the treatment of crypto-assets. The new Regulation introduces several significant changes and enhancements designed to strengthen the EU’s defences against financial crimes.
Obliged entities are required to implement AML/CFT measures, including carrying out customer due diligence on clients and, in case of suspicions, to report these suspicions to FIUs. As of now, almost all financial institutions are obliged entities with evident examples of banks, life insurance companies and payment service providers, as well as various types of non-financial entities and operators, including lawyers, accountants and certain types of crypto-asset service providers such as Electronic Money Issuers (EMIs). Under the new proposed legislative package, specifically the Anti-Money Laundering Regulation, there will be several additions to the list of obliged entities; most notable is the addition of all types and categories of crypto-asset service providers (CASPs) which will form part of the list and will become entities that are subject to EU AML/CFT rules. This expansion will align EU legislation with the relevant FATF standards and subject CASPs to the same requirements as those imposed on banks and other types of financial institutions. For example, under the new regulation, CASPs must take all measures at the level of their management to implement internal policies, controls, and procedures, including the appointment of a dedicated compliance manager, and also ensure that responsible staff are appropriately trained.
With respect to Customer Due Diligence (CDD), while most provisions are carried over from existing EU AML/CFT legislation, several clarifications are introduced with additional details regarding the enhanced CDD process. Firstly, the fundamental objective of CDD is clarified upon establishing CDD as an essential tool for obtaining sufficient knowledge of customers, enabling obliged entities to determine the money laundering and terrorist financing risks of business relationships or occasional transactions and to decide the corresponding mitigating measures which they need to apply, such as reporting to the FIUs. Secondly, more specific and detailed provisions are laid down on the identification of the customer and on the verification of the customer’s identity, with an evident example of the conditions for the use of electronic identification means being clarified and now taking the form as set out by Regulation (EU) No 910/2014, which lays down the conditions under which Member States recognise electronic identification means of natural and legal persons falling under a notified electronic identification scheme of another Member State.
Furthermore, the proposed AML Regulation includes provisions on beneficial ownership information and the reporting obligations in line with those in the current EU AML/CFT legislation, though enhanced with the additions of the requirement for all corporate and other legal entities to obtain and hold adequate, accurate and current beneficial ownership information, rules to identify the beneficial owner(s) of corporate and other legal entities, as well as, a harmonised approach to the identification of beneficial ownership. The proposed Regulation further includes disclosure requirements for nominee shareholders and nominee directors and introduces the obligations to register their beneficial ownership in the Union for non-EU legal entities that enter into a business relationship with an EU-obliged entity.
Finally, with respect to the reporting of suspicious transactions to FIUs, clearer rules are provided on how transactions are to be identified with enhanced functioning of the FIU’s analytical activities and cooperation. Obliged entities shall report to the FIU all suspicious transactions, including attempted transactions, and respond to a request for information by the FIU within five days, allowing for this deadline to be shortened in justified and urgent case scenarios. Suspicion is based on the characteristics of the customer, the size and nature of the transaction or activity, the link between several transactions or activities and any other circumstances known to the obliged entity, including the consistency of the transaction or activity with the risk profile of the client.
The second step towards a harmonised legislative framework within the EU is exemplified by the establishment of the Anti-Money Laundering Authority, which will serve as the central pillar in the newly integrated system of national AML/CFT supervisory authorities, facilitating greater supervisory convergence and fostering a common supervisory culture.
The main responsibilities of AMLA will include the direct oversight of certain high-risk financial entities that operate across multiple member states and offer substantial support and coordination for the EU’s FIUs. In addition, AMLA is empowered and required to produce regulatory technical standards on the standard datasets for identifying natural and legal persons; these standards will include specific simplified CDD measures that obliged entities may implement in case of lower-risk situations. Finally, AMLA will develop guidelines on money laundering and terrorist financing risks, trends and methods, which do not have a country-specific dimension but rather stem from geographical areas outside the Union, It will advise obliged entities accordingly on the opportunity to implement measures to mitigate them.
With a projected staff of over 430 members, AMLA is poised to begin its role in ensuring stringent compliance and oversight. More than 200 of these members will be dedicated specifically to the direct supervision of entities deemed to have a high risk of ML and TF, with the selection based on a rigorous assessment of risk profiles and cross-border activity. For example, financial sector-obliged entities like CASPs that are active in at least six Member States and have a high residual risk profile will be selected for ongoing direct supervision by the Authority. The list will be thoroughly reviewed periodically every three years.
Through direct supervision and decision-making towards some of the riskiest cross-border financial sector-obliged entities, the Authority will contribute directly to preventing money laundering and terrorism financing offences in the Union. The establishment of direct European supervision of those entities that bear a high ML/FT risk will close these loopholes, in particular for cross-border supervision. At the same time, it will coordinate national supervisory authorities and assist them in increasing their effectiveness in enforcing the single rulebook and ensuring homogenous and high-quality supervisory standards, approaches, and risk assessments.
Building on the foundational changes introduced by the new AML Regulation and the establishment of the AML Authority (AMLA), the Sixth Anti-Money Laundering Directive (AMLD6) further enhances the EU’s legal framework against money laundering and terrorist financing by supplementing the existing AMLD5 and repealing the AMLD4. AMLD6 serves as a critical complement to the broader regulatory enhancements, refining the criminal law aspects of AML/CFT measures across Member States and aligning them more closely with international standards, including those set by the FATF. A Directive is an appropriate instrument for the reconduction, with amendments, of the provisions in the current AML Directive which are not suitable to be directly applicable in the form of a Regulation, in particular with regard to the powers and tasks of competent authorities and the establishment and access to beneficial ownership and bank account registers.
The Sixth AML Directive specifies a comprehensive list of predicate offences, including cybercrime and environmental crime. This broad scope is designed to tackle the evolving nature of crime in the digital age and the increasing recognition of environmental damage as a conduit for financial crime. By establishing clear and uniform definitions across the EU, AMLD6 ensures a cohesive approach that complements the regulatory standards enforced by AMLA and the measures detailed in the AML regulation.
Consistent with the earlier discussions on the need for enhanced cooperation under AMLA, AMLD6 facilitates improved information sharing and joint efforts in anti-money laundering investigations across the EU. The directive mandates stronger connections between national FIUs and harmonises the methods by which information is exchanged, thereby enhancing the efficacy of cross-border collaborations initiated under AMLA’s oversight.
New provisions on FIUs concern clarifications on the financial analysis function of FIUs and on their operational independence, their resources and their security, a list of minimum categories of information to which FIUs must have access, provisions on information exchange between FIUs and other competent authorities, including an obligation for the provision of feedback on how the information was used, clarifications on the powers of FIUs to suspend transactions, which must be done within 48 hours of receiving a Suspicious Transaction Report or Suspicious Activity Report (STR/SAR) and extension of such powers to suspend the use of bank accounts in justified circumstances. Further details on the modalities of exchanges of information between FIUs are laid down; such exchanges must be done using the network FIU.net, and any exceptions to information which can be exchanged must be notified to the commission by member states.
Reflecting the seriousness with which the EU views financial crimes, AMLD6 imposes more severe penalties for money laundering offences, including minimum prison sentences. It also introduces provisions that hold corporate leaders accountable for laundering activities conducted within their organisations, thereby emphasising the regulatory focus on corporate responsibility and ethical governance previously emphasised by the new AML Regulation.
The directive addresses the complexity of prosecuting cross-border money laundering by simplifying the dual criminality requirements. This adjustment ensures that offences involving money laundering actions across multiple Member States can be more easily prosecuted, enhancing the legal consistency across the EU and supporting the unified supervisory role envisioned for AMLA.
Moreover, the directive extends its coverage beyond the financial sector to include legal professionals, accountants, and other non-financial businesses. This broad application highlights the comprehensive approach taken by the EU to prevent money laundering across all potential avenues, aligning with the expansive regulatory changes discussed earlier as part of the legislative proposal.
A new section, which concerns Self-Regulated Bodies (SRBs), has been added. Where a member state confers AML/CFT supervision of certain obliged entities to an SRB, there must be oversight of the SRB by a public authority, with the aim of ensuring that the SRB carries out its tasks to the highest standards. The oversight body must have adequate powers, including the power to obtain information, and will publish an annual report on its activity and on the supervisory activities of the SRBs under its oversight.
New provisions also include the addition of references to AMLA and an obligation on other bodies to cooperate with it. Existing provisions to ensure good cooperation with prudential supervisors of financial institutions are enhanced with additional specifications and resolution authorities, as well as authorities in charge of the supervision of credit institutions for cooperation with the PAD and PSD2. Financial supervisors and FIUs will report annually to AMLA on their cooperation with those authorities. Provisions in relation to cooperation with auditors have been added, and AMLA will issue guidelines.
To conclude, the EU’s more aggressive stance on combating money laundering and terrorism financing through its comprehensive regulatory framework marks a pivotal step in stamping up such efforts. The proposed legislative package consists of provisions that seemingly complement each other, although it remains to be seen whether they will be more effective in addressing the evident underlying issues. The AML Regulation aims to create a harmonised set of rules that apply uniformly across the EU, reducing regulatory fragmentation and enhancing legal certainty for businesses and financial institutions. The AMLD6 is introduced to implement the amendments necessary, which are not suitable to be directly applicable in the form of a Regulation specifying the powers of the competent authorities. Finally, AMLA will coordinate, assist and ensure high-quality supervisory standards, providing the participants with the necessary guidelines to adhere to.
---