On 19 June 2024, the EU published a landmark legislative package aimed at intensifying its fight against money laundering (AML) and countering the financing of terrorism (CFT). At the core of these reforms is the establishment of the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (the “AMLA”), along with a suite of regulations and directives broadening AML/CFT obligations across the Union. These changes mark a significant shift in how financial crimes are addressed, as they seek to harmonize and consolidate anti-money laundering measures across all Member States.
Key objectives and structure
The legislative package comprises four key components:
- Regulation (EU) 2024/1620 of the European Parliament and of the Council of 31 May 2024 establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism and amending Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010 (the “AMLAR”)
This regulation lays the foundation for the AMLA, which will become operational by July 2025. The AMLA is set to play a pivotal role in developing regulatory standards, coordinating national Financial Intelligence Units (FIUs), and directly supervising high-risk financial entities operating across multiple Member States.
- Regulation (EU) 2024/1624 of the European Parliament and of the Council of 31 May 2024 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (the “AMLR”)
This regulation, effective from July 2027, focuses on preventing money laundering and terrorist financing by introducing enhanced due diligence obligations and Know Your Customer (KYC) procedures for a broader range of sectors, including crypto-asset service providers and high-value luxury goods dealers.
- Directive (EU) 2024/1640 of the European Parliament and of the Council of 31 May 2024 on the mechanisms to be put in place by Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Directive(EU) 2019/1937, and amending and repealing Directive (EU) 2015/849 (the “AMLD 6”)
To be transposed into national law by July 2027, this directive ensures that Member States establish comprehensive AML/CFT frameworks. It updates previous EU directives and introduces mechanisms for improved national supervision and enforcement.
- Directive (EU) 2024/1654 of the European Parliament and of the Council of 31 May 2024 amending Directive (EU) 2019/1153 as regards access by competent authorities to centralised bank account registries through the interconnection system and technical measures to facilitate the use of transaction records
This directive aims to improve authorities’ access to centralized bank account registries across the EU. By 2029, this system will enable the efficient sharing of data across Member States, enhancing transparency in financial transactions.
Together, these regulations and directives introduce a more unified approach to AML/CFT compliance across the EU, moving away from fragmented national laws. While these requirements are substantial, the phased implementation allows businesses to adapt and align their operations with the updated rules.
Establishing a new Authority: the AMLA
The creation of the AMLA represents a significant step in the EU’s AML/CFT strategy. Based in Frankfurt, the AMLA will develop the technical standards underpinning the new regulations and supervise high-risk institutions across the EU. It will collaborate closely with national supervisory bodies and play a direct role in overseeing institutions deemed to present significant risk.
Key roles of the AMLA include:
- Direct supervision: AMLA will assess credit and financial institutions operating in six or more Member States. High-risk institutions may fall under its direct supervision or be jointly overseen with national authorities.
- Imposing penalties: AMLA has the authority to issue binding decisions and impose fines or sanctions for non-compliance, which will be subject to review by the Court of Justice of the European Union.
- Coordinating national FIUs: By harmonizing efforts across Member States, the AMLA will improve intelligence sharing and operational cooperation at the EU level.
AMLA’s monetary penalties will be subject to review by the Court of Justice of the European Union. The authority is expected to be fully operational by 31 December 2025, as outlined by the European Commission.
Addressing gaps in the previous framework
The new package tackles the issues that plagued the prior AML/CFT framework. Harmonization is a core focus, as previous reliance on national-level transposition of EU directives led to inconsistent implementations and ineffective supervision. The AMLR, which will apply from 10 July 2027 (except for football agents and professional football clubs in some transactions, to whom it will apply from 10 July 2029), introduces a range of new obligations:
- Periodic employee assessments: Regular evaluations of employees responsible for AML and CFT compliance.
- Group-wide AML measures: Parent institutions must implement group-wide AML and CFT measures, including subsidiaries that operate in third-party countries, with certain exceptions. The regulatory technical standards, to be drafted by the AMLA no later than 10 July 2026, will provide the details.
- Due diligence and KYC procedures: Standardized requirements for due diligence in cash transactions and Know Your Customer (KYC) procedures.
- Countermeasures against high-risk countries: EU entities will be required to limit business dealings with individuals or entities from high-risk countries.
- Special obligations: Prohibitions on relationships with shell institutions and extra duties for crypto-asset service providers.
- Information sharing: A legal framework will facilitate information exchange between obliged institutions regarding customer due diligence.
- Document retention period: Additional rules will govern document retention related to AML and CFT processes.
- Cooperation with FIU: Obliged institutions must cooperate with the Financial Intelligence Unit (FIU) and report suspicious activities.
- Transaction suspension: Transactions suspected of involving criminal proceeds or terrorism financing must be reported to the FIU and cannot proceed without its clearance.
Another notable change introduced by the AMLR is the expansion of the types of businesses that fall under the definition of “obliged entities”. New entrants include, for example, crypto-asset service providers and crowdfunding platforms, and entities dealing in luxury goods such as jewellery, watches, luxury vehicles, and professional football clubs when involved in high-value transactions.
These additions reflect the evolving nature of financial crimes, where non-traditional sectors are increasingly exploited for money laundering and terrorist financing.
Strengthened beneficial ownership rules
The AMLR introduces stricter rules on beneficial ownership to combat the use of complex corporate structures for illicit purposes. Companies are required to disclose their beneficial owners and register this information in centralized databases. This transparency makes it easier for authorities to trace ownership structures across the EU, a significant improvement over previous rules, which allowed companies to obscure ownership through complex layers.
Enhanced due diligence and internal compliance
Another pivotal aspect of the AMLR involves the introduction of enhanced due diligence requirements. Professionals, such as lawyers and notaries, must conduct due diligence not only on their clients but also on other parties in transactions. Furthermore, the AMLR mandates the appointment of an AML/CFT compliance manager within each obliged entity. This compliance manager, typically a board member, will oversee compliance with AML/CFT requirements, supported by an AML compliance officer responsible for day-to-day implementation of AML/CFT policies.
Centralized databases and information sharing
To facilitate information sharing and improve cooperation between Member States, the new AMLD 6 call for the creation of centralized databases. These will house information on beneficial owners, bank account holders, and, significantly, crypto-asset accounts. By 2029, the Bank Account Interconnection System (BARIS) shall be operational, allowing FIUs and supervisory authorities across the EU to access these databases efficiently.
Furthermore, Member States must guarantee that competent authorities have instant, cost-free access to information for identifying real estate properties and their beneficial owners, as well as data needed for analysing real estate transactions. This access will be facilitated through a single access point in each Member State, allowing authorities to retrieve information electronically in a digital format, with the data being machine-readable whenever feasible.
Challenges and the path forward
While the new AML/CFT package is a significant step forward in unifying the EU’s approach to financial crime, its successful implementation hinges on the coordination between national authorities and AMLA. Member States are required to establish robust mechanisms for supervision and information exchange, with particular emphasis on the timely transposition of the directives into national law.
Moreover, certain provisions, such as the direct supervision of high-risk entities by AMLA, mark a radical shift in how AML/CFT compliance is enforced across the Union. This new model introduces the possibility of penalties for non-compliance at an EU-wide level, bypassing national enforcement mechanisms in high-risk situations.