The EU’s New AML/CFT Framework: A Complete Guide
Download nowIn 2021, the European Union (EU) reviewed its framework for anti-money laundering and combating the financing of terrorism (AML/CFT) in response to a series of high-profile scandals that made global headlines. At the same time, Europol discovered that 1 percent of the EU’s GDP was linked to “suspicious financial activity,” and that all money laundering cases had a cross-border component.
As a result, the EU released a new package of legislation to fight money laundering more effectively, including establishing a supranational authority for AML/CFT, a new AML/CFT Directive, a single AML/CFT rulebook, and an updated transfer of funds regulation to cover virtual assets service providers. Our Guide to the European Union’s New AML/CFT Framework explores each of these proposals in depth.
The Objectives of EU’s New AML/CFT Package
The legislative package was introduced to meet the following six objectives:
- Ensure the effective implementation of AML/CFT framework.
- Establish one AML/CFT rulebook across the region.
- Elevate supervision to the EU level.
- Enhance support and cooperation between financial intelligence units (FIUs).
- Improve information exchange and the enforcement of EU criminal law.
- Make the international dimensions of the EU AML/CFT framework more robust.
The Four Pieces of Legislation in the EU’s New AML/CFT Framework
1. The Regulation Establishing the European Anti-Money Laundering Authority (AMLAR)
One of the four regulations implemented to improve the EU’s AML/CFT efforts is the "regulation establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism" (AMLAR). This regulation creates a supranational AML/CFT supervisor, known as the Anti-Money Laundering Authority (AMLA). The primary objective of AMLA is to promote cooperation among relevant authorities and mitigate risks within the EU's financial system.
For firms engaged in activities in Europe, the establishment of AMLA carries significant implications. Anticipated to be fully operational by the end of 2025, the AMLA will directly supervise “selected obliged entities” with cross-border operations and provide oversight in emergency situations. Financial institutions meeting specific criteria, such as being classified as high-risk in multiple member states, may come under AMLA’s direct supervision.
In light of these regulatory developments, firms should closely monitor the evolving EU AML/CFT framework. While national supervisors will oversee most entities, those under AMLA’s direct supervision should expect heightened scrutiny. It’s also crucial to note that direct supervision does not automatically imply misconduct but signals a potential exposure to money laundering and terrorist financing risks within the internal market.
2. A New AML/CFT Directive
The “new” 6th Money Laundering Directive (New 6AMLD) repeals previous directives. It introduces significant changes to harmonize rules for obliged entities and enhance coordination among supervisory bodies and financial intelligence units (FIUs). Key changes include:
- National risk assessments (NRA): EU member states are required to conduct NRAs every four years, and obligated entities must have access to the results.
- FIU frameworks: Member states must develop a domestic FIU joint-analysis framework to help obligated entities submit suspicious activity reports (SAR) more easily.
- Regulatory supervisors: Member states must establish a public body to oversee domestic self-regulatory bodies. The EU will also introduce a risk categorization tool to harmonize supervisory approaches.
- Beneficial ownership: The new 6AMLD offers guidance on the kind of information that should be held in EU beneficial ownership registers.
- Asset registers: EU member states must create cross-border asset registers that contain information on bank accounts, safes, and real estate.
- Whistleblower protections: Member states must implement enhanced protections for whistleblowers. This includes strengthening personal data protection and judicial protection.
- Personal data: The new 6AMLD clarifies the legal basis for processing personal data to prevent financial crimes such as money laundering and terrorism financing.
Firms must adapt to these changes by implementing comprehensive compliance measures, adhering to reporting obligations, and ensuring the accuracy of beneficial ownership information. The directive reinforces the EU’s commitment to robust AML/CFT measures and standardized practices across member states.
3. A Single AML/CFT Rulebook
In addition to establishing the AMLA, the AMLAR created a single EU rulebook to apply current directives consistently,, preventing regulatory divergence and arbitrage. The new rulebook expands the scope of firms required to follow certain regulations, including mortgage and consumer credit intermediaries, fund managers, crowdfunding platforms, and investment migration operators.
The AMLAR prohibits anonymity in financial transactions and cash transactions over €10,000. The regulation also provides detailed requirements for politically exposed persons (PEPs)and third countries. To comply with these new rules, firms must set up monitoring systems to detect atypical transactions, apply a risk-based approach to outsourcing arrangements, and have training programs in place for AML/CFT compliance.
4. Amendment of the EU Transfer of Funds Regulation
The fourth piece of the AML/CFT package is the new transfer of funds regulation (TFR), recast as ‘the Regulation on information accompanying transfers of funds and certain
crypto-assets.’ The regulation requires certain information, including Legal Entity Identifiers (LEIs), to accompany wire transfers and crypto-asset transfers. Crypto-asset service providers (CASPs) must also identify and hold originator/payer and beneficiary/payee information and provide it to law enforcement authorities upon request. For non-crypto remitters and CASPs, LEIs should be included where available.
Firms must develop additional controls, technology, monitoring, and reporting requirements to comply with these new regulations. The EU hopes that uniform standards across the EU will yield cost savings.
Penalties for Non-Compliance with the EU’s New AML Regulations
Non-compliance with the EU’s new AML regulations can lead to severe financial and criminal penalties. For instance, in 2022, France’s financial regulator fined an international banking group €1.5 million for failing to monitor transactions and conduct customer due diligence, while the Netherlands’ financial regulator imposed a €2 million fine on an asset management firm for similar due diligence failures. Therefore, it is essential for EU compliance officers to consider various criminal and regulatory risks and understand how the forthcoming changes will impact their organization’s products and services.
Moreover, the new AMLA will have supervisory powers and can impose “pecuniary sanctions” on selected entities for serious, systematic, or repeated breaches of directly applicable requirements. The maximum financial penalty under AMLA can be up to 10 percent of the entity’s previous annual turnover or €10 million. In situations where criminal activity is provable, the AMLA may also refer the case to appropriate national authorities.
Tips for Firms to Become Compliant with EU’s New AML Package
Firms need to be proactive in ensuring compliance with the measures outlined in the new package. Since many of the measures won't be implemented until the mid-2020s, firms can develop a strategy to comply beforehand, avoiding the risk of fines and other penalties.
Firms should consider several key areas in their response to these changes, including
- Technology and automation: Thorough customer risk assessments should consider how to manage any additional checks and processes in an efficient way. This may include onboarding new solutions that enable compliance teams to automate certain measures, and/or enhance the way that data is structured and accessed.
- Governance and oversight: Documenting internal processes and ensuring regulators – both at the national and EU levels – have access to the information they need in a clear and concise way will be critical.
- Executive stakeholder management: Compliance teams will also have to consider how to explain any additional costs, headcount and vendors to executive stakeholders. A proactive approach gives teams time to conduct thorough requests for proposals (RFPs) and cost-benefit analyses to present their recommendations in the most compelling possible way.
Ensure Compliance with Automated AML Solutions
Automated AML solutions will play a crucial role in helping firms comply with evolving regulations in the EU. To ensure firms meet the increasing demands of regulators, avoid penalties, and keep compliance costs down, compliance teams should review their AML/CFT systems and consider implementing advanced technologies with capabilities such as:
- Real-time screening: Automated AML solutions can incorporate databases that regularly update to include sanction lists and politically exposed persons (PEP) data. Real-time screening against these lists ensures firms promptly identify and handle any business relationships or transactions involving sanctioned entities.
- Risk scoring: Advanced algorithms can assign risk scores to customers and transactions based on various parameters, helping teams prioritize high-risk entities for closer scrutiny – such as UBOs and PEPs. These risk scores help firms allocate resources more effectively to focus on areas of greater concern.
- Regulatory reporting: Automated systems simplify the generation of comprehensive reports required for regulatory compliance. They facilitate the timely submission of accurate reports to relevant authorities, reducing the risk of non-compliance penalties.
- Transaction monitoring: In addition to analyzing vast amounts of transaction data in real-time, sophisticated solutions can flag unusual patterns or high-risk activities for further investigation. They help identify and report potentially suspicious transactions promptly, ensuring that firms can meet reporting requirements efficiently.
As the EU’s AML reforms continue to play out into 2024 and beyond, implementing these automated AML solutions can significantly strengthen a firm’s ability to comply with the new framework efficiently and stay proactive in the fight against financial crime. To find out more about this topic, download our Guide to the European Union’s New AML/CFT Framework below.