EU to create new anti-money laundering authority


On 19 June 2024, the Regulation (EU) 2024/1620 of the European Parliament and of the Council of 31 May2024 establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism Authority (AMLA) was published in the Official Journal. AMLA will coordinate EU efforts to combat money laundering (ML) and terrorist financing (TF), and the threats these criminal activities pose to the integrity of the EU’s economy and security. The AMLA has been established under the new European anti-money laundering (AML) and counter-financing terrorism (CFT) legislative package, and regulations and amendments that are being made to existing AML and CFT EU legislation.

The AMLA, a new monitoring, investigative and supervisory EU authority that is different from AML and CFT national authorities in place in member states, has been given the following powers and attributions:

A. Harmonisation of AML and CFT practices on EU territory with a focus on group-wide entities through the monitoring and collecting of information on threats, vulnerabilities and risks related to ML and FT.

As part of this role, the AMLA will implement a harmonised approach to strengthen the EU’s existing AML/CFT preventive framework reducing the differences between the national legislation and supervisory practices of EU member states.

Regarding harmonising the practices of financial intelligence units (FIUs) in detecting suspicious cross-border flows of money or illegal activities, the AMLA will do the following:

  • request data and analysis from the FIUs;
  • collect information and statistics on the tasks and activities of the FIUs;
  • obtain and process information and data required for the coordination of joint analysis (including keeping a central database of information collected from the AML and CFT national authorities, which will be available to all AML and CFT national authorities on a need-to-know and confidential basis);
  • develop and provide FIUs with IT and artificial intelligence services and tools for secure information sharing, including;
  • provide all the necessary tools and operational support required for performing joint analyses; and
  • strive for greater efficiency and cooperation between the FIUs, including adopting harmonised templates for reporting and exchanging information and carrying out joint analyses with the FIUs.

The AMLA will establish and maintain an updated database that will include the following:

  • a list of all supervisory authorities;
  • statistical information on the type and number of supervised obliged entities and basic risk information about the risk profile;
  • administrative measures and pecuniary sanctions taken in the course of supervision of individual obliged entities;
  • any advice or opinion provided to other national authorities in relation to authorisation procedures, withdrawal of authorisation procedures, and assessments of shareholders or members of the management bodies of individual obliged entities; and
  • results from supervisory inspections of files concerning politically exposed persons, their family members and their associates.

In connection with group-wide entities and Selected Obliged Entities (as defined under point C below), the AMLA will do the following:

  • ensure group-wide compliance with the applicable requirements, including any other legally binding EU acts that impose AML/CFT-related obligations on financial institutions;
  • carry out supervisory reviews and assessments in order to determine whether the arrangements, strategies, processes and mechanisms put in place are adequate to mitigate risks related to ML and TF; and
  • participate in group-wide supervision with a focus on the colleges of supervisors, including where a specific Selected Obliged Entity is part of a group that has headquarters, subsidiaries or branches outside the EU.

B. Collaboration, assistance and supervision over AML and CFT national authorities in relation to AML and CFT.

In line with the duty to cooperate in good faith and exchange information, the AMLA will require AML and CFT national authorities to submit any information or document, including written or oral explanations necessary for the performance of its functions, including statistical information and information concerning internal processes or arrangements.

Pursuant to its supervisory powers mentioned above, AMLA will have the rights and powers:

  • to require the reinforcement of arrangements, processes, mechanisms and strategies;
  • to require a plan to restore compliance with supervisory requirements pursuant to EU acts and national legislation on AML and CFT and to set a deadline for its implementation, including improvements to the scope and deadline of that plan; and
  • to require the application of specific policies or treatment regarding individuals, clients, transactions, activities or delivery channels.

Considering the paragraph above, the AMLA will take over some of the responsibilities and powers of AML and CFT national authorities under current EU law unless otherwise provided for by the EU regulation on the establishment of the AMLA. Moreover, the AMLA has the power to instruct the AML and CFT national authorities to make use of their powers, under and in accordance with the conditions set out in national law, except where the EU regulation does not confer such powers on the AMLA.

C. Direct supervision of Selected Obliged Entities.

High-risk profile credit institutions, financial institutions, including groups of credit or financial institutions (otherwise known as Selected Obliged Entities), will be under the direct supervision of the AMLA.

This selection will be made through periodic assessments which will be established separately for at least the following obliged entities (i) credit institutions, (ii) bureaux de change, (iii) collective investment undertakings, (iv) credit providers other than credit institutions, (v) e-money institutions, (vi) investment firms, (vii) payment institutions, (viii) life insurance undertakings, (ix) life insurance intermediaries, (x) crypto-asset service providers or (xi) other financial institutions. Afterwards, taking into consideration their ML and FT risk, they will be classified as having (i) low; (ii) medium; (iii) substantial; or (iv) high-risk profile. This classification will be done for every jurisdiction they operate in. The AMLA’s draft regulatory technical standards setting out the methodology, including the benchmarks to be used for this risk classification analysis. The risk factor used will be related to customer, products, services, transactions, delivery channels and geographical areas. The AMLA will review the methodology and benchmarks at least every three years.

Each high-risk profile (i) credit institution, (ii) financial institution, and (iii) group of credit and financial institutions will be qualified as a Selected Obliged Entity, and entered onto a list that the AMLA will update every three years. The direct supervision of a Selected Obliged Entity will begin six months after it has appeared on the list.

Regarding direct supervisory powers, the AMLA may conduct all necessary investigations of any Selected Obliged Entity, including any natural or legal person employed by or belonging to that Selected Obliged Entity and established or located in an EU member state. In connection to this, the AMLA will be able to perform the following general investigations:

  • request the submission of documents;
  • examination of books and records;
  • obtaining access to internal audit reports;
  • obtain written or oral explanations; and
  • interview any other consenting person for the purpose of collecting information relating to the subject-matter of an investigation.

The AMLA will also carry out all necessary on-site inspections at the business premises of Selected Obliged Entities in accordance with national law, including authorisation by judicial authorities. These on-site inspections will be conducted only after prior notification to the supervisor in charge of that specific credit and financial institution (i.e. the Financial Supervisor”).

Regarding its supervisory powers vis-à-vis Selected Obliged Entities, the AMLA may also:

  • restrict or limit the business, operations or network of institutions of a Selected Obliged Entity;
  • require the divestment of activities that pose excessive money laundering and terrorism financing risks;
  • require changes in the governance structure;
  • impose specific requirements relating to individual, clients, transactions or activities that pose high risks; and
  • where the Selected Obliged Entity is subject to authorisation, propose that the licence of a Selected Obliged Entity, granted by a national authority, be withdrawn or suspended.

When a Selected Obliged Entity intentionally or negligently breaches certain requirements or does not comply with certain binding decisions, the AMLA may impose fines of up to EUR 10 million (but not exceeding 10% of the total annual turnover in the preceding business year).

D. Indirect supervision of Non-Selected Obliged Entities.

The AMLA will acquire indirect supervision powers over credit institutions, financial institutions, including groups of credit or financial institutions. These institutions and groups under indirect supervision will be known as Non-Selected Obliged Entities.

As a general principle, in exceptional circumstances, the AMLA will have the authority to request the Non-Selected Obliged Entity’s financial supervisors to investigate possible breaches or consider imposing sanctions, if necessary.

However, the AMLA may request that the Commission allow the transfer of the relevant tasks and powers related to indirect supervision of the Non-Selected Obliged Entity from the financial supervisor concerned to the AMLA where the financial supervisor:

  • does not comply with the request to investigate or to consider imposing a sanction; or
  • does not inform the AMLA regarding the steps or measures it intends to apply.

E. Issuance of guidelines and assistance with technical advice for the EU lawmakers.

This attribution is going to be covered by both (i) issuance of methodology, guidelines and recommendations; and (ii) instructing and advising the EU legislative bodies on technical matters regarding AML and CFT by developing draft regulatory technical standards or by issuing opinions to the European parliament, to the Council and to the Commission on all issues related to its area of competence.

The AMLA’s guidelines will be addressed to all AML and CFT national authorities, FIUs, or obliged entities. These guidelines will not be binding. Each AML and CFT national authority is obliged to inform the AMLA if they will not comply or do not intend to comply with a specific guideline. Furthermore, the AMLA may issue recommendations to AML and CFT national authorities and obliged entities. Considering its transparency governance principle, the ALMA will, where appropriate, conduct open public consultations regarding the guidelines and recommendations it intends to issue.       

For more information on the AMLA and AML and CFT policies in a particular EU member state, contact your CMS client partner or these CMS experts: Ana Radnev and Florian Pacalici.