The package contains significant shifts regarding the applicable anti-money laundering (AML) and countering the financing of terrorism (CFT) framework.

The AML/CFT package constitutes “the Commission’s commitment to protect EU citizens and the EU’s financial system from money laundering and terrorist financing. The aim of this package is to improve the detection of suspicious transactions and activities, and to close loopholes used by criminals to launder illicit proceeds or finance terrorist activities through the financial system”. 

The European AML/CFT package encompasses four legislative proposals, which are fully consistent with one another:

  • A Regulation establishing an EU AML/CFT Authority in the form of a decentralized EU regulatory agency;
  • A new Regulation, containing directly applicable AML/CFT rules, including a revised EU list of entities subject to AML/CFT rules and a revised policy on third countries whose AML/CFT approach pose a threat to the EU’s financial system;
  • A sixth AML Directive, replacing the existing EU AML/CFT Directive (Directive 2015/849 as amended) and containing provisions not appropriate for a Regulation and requiring national transposition, e.g., rules concerning national supervisors and Financial Intelligence Units in Member States;
  • A recast of Regulation 2015/847 on Transfers of Funds.

Each of these proposed legislations is briefly discussed below.

The first legislative proposal entails the creation of a new EU authority in charge of AML/CFT which is at the core of the new AML/CFT package and will take the form of a decentralized EU regulatory agency. Consequently, this will result in a shift in AML/CFT supervision in the EU, with the competences of the European Banking Authority being removed and transferred to the AMLA, and will, on the other hand, contribute to cooperation between national Financial Intelligence Units (FIUs).

In particular, the AMLA’s main functions consist in:

  • Establishing a single integrated system of AML/CFT supervision across the EU, based on common supervisory methods and convergence of high supervisory standards. To that end, it is to be noted that the AMLA is not intended to replace national authorities, but rather to coordinate them and make sure that the European framework is applied in a consistent way;
  • Directly supervising some of the riskiest cross-border financial institutions that operate in a large number of Member States or require immediate action to address imminent risks (g. credit institutions and financial institutions). In the context of direct supervision, the AMLA will, inter alia, be entitled to carry out supervisory reviews and assessments at individual entity and group-wide basis, and to develop and maintain up-to-date a system in order to assess the risks and vulnerabilities of the selected obliged entities.
  • Monitoring and coordinating national supervisors responsible for other financial entities, as well as coordinating supervisors of non-financial entities;
  • Supporting cooperation among national Financial Intelligence Units and facilitating coordination and joint analyses between them, to better detect illicit financial flows of a cross-border nature.

In general, the powers of the AMLA will include the power to adopt regulatory technical standards and implementing technical standards where this is provided for in the applicable AML/CFT legislation. In addition to the previous powers and with regard to obliged entities, AML/CFT supervisors and FIUs, the AMLA will also have the power to adopt guidelines or recommendations.

With respect to the direct supervision on the selected obliged entities, the AMLA shall have strict powers going from adopting binding decisions to administrative measures and pecuniary sanctions. In the context of indirect supervision, on the other hand, with respect to financial and non-financial supervisory authorities, the AMLA shall have the powers to issue requests to act and instructions relating to the exercise of their own supervisory powers.

In terms of organization and governance, the Commission proposed that the AMLA be composed of two collegial governing bodies, namely (i) an Executive Board of five independent full-time members and the Chair of the Authority and (ii) of a General Board composed of representatives of Member States. The Executive Board will be the governing body of the AMLA. It will take all decisions towards individual obliged entities or individual supervisory authorities if the AMLA is carrying out its direct or indirect supervisory functions. The General Board will adopt all regulatory instruments, draft technical implementation standards, guidelines and recommendations. The General Board will also be able to meet in a specific “supervisory composition” and provide its opinion on any decision about directly supervised obliged entities prepared by a Joint Supervisory Team before the adoption of the final decision by the Executive Board.

The AMLA would be established as of 1 January 2023, while it would only start its activity of direct supervision from early 2026. Starting from 1 July 2025, the AMLA would make its first selection of obliged entities, which will be subject to an update every three years.

The second legislative proposal is a new Regulation on AML/CFT. The envisaged legislation will transform all AML/CFT rules that apply to the private sector to a Regulation, whereas the organization of the institutional AML/CFT system at national level continue to be regulated by a Directive.

The new Regulation on AML/CFT will be directly appliable and will contribute to a greater level of harmonization in the application of AML/CFT rules across the EU. This piece of legislation does not only transfer the current AML regime into a new Regulation; it also brings changes and novelties:

  • The list of entities obliged to prevent money laundering and terrorist financing is expanded to include crypto-asset service providers and other sectors, such as crowdfunding platforms and investment migration operators;
  • Internal policies, controls, and procedures for risk management are clarified, in particular customs due diligence (CDD) measures are detailed;
  • The approach to tackle third countries whose AML/CFT policy pose a threat to the Union’s financial market is revised, in order to apply enhanced CDD measures in a more harmonized way;
  • The definition of “politically exposed person” is clarified;
  • Beneficial ownership requirements are streamlined to ensure an adequate level of transparency across the Union, and new requirements are introduced in relation to nominees and foreign entities to mitigate risks that criminals hide behind intermediate levels;
  • Requirements for the processing of personal data are made more consistent with EU data protection rules;
  • Measures against the misuse of bearer instruments are strengthened;
  • An EU-wide maximum cap for large cash transactions (€10,000) is introduced.

The proposal for a sixth AML Directive will replace the existing AML/CFT Directive (EU) 2015/849 and contains provisions which require transposition into national law, allowing the Member States some flexibility in this area. The proposal for a sixth Directive on AML/CFT provides for several changes of substance in order to bring a greater level of convergence in the practices of national supervisors and Financial Intelligence Units in Member States and in relation to cooperation among competent authorities. It furthermore contains rules concerning the set-up and access to beneficial ownership, bank account and real estate registers, the identification of money laundering and terrorist financing risks at Union and Member States level and measures applicable to sectors exposed to money laundering and terrorist financing at national level.

Currently, only certain categories of crypto-asset service providers are falling within the scope of the EU AML/CFT rules. The revision of Regulation 2015/847/EU will extend these rules to the entire crypto sector, obliging all service providers to conduct due diligence on their customers. This implies that full information about the sender and beneficiary of such transfers (e.g. Bitcoin) will have to be included by crypto-asset service providers with all transfers of virtual assets, just as payment service providers currently do for wire transfers (i.e. sender’s name, sender’s account number, sender’s address, official personal document number, customer identification number, date and place of birth). The rationale is the same as for the original Regulation on funds, namely to identity those who send and receive crypto-assets for AML/CFT purposes, identify possible suspicious transactions and if necessary block them.  Another novelty that the recast contains is a prohibition on anonymous crypto asset wallets.