The EU’s new AMLA watchdog sets up shop in Frankfurt in July. The new agency signals closer supervision and stricter enforcement for companies failing to observe EU AML regulation.
Shutterstock.com/Andrii Yalanskyi
The EU Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA) will open its doors on 1 July 2025.
EU regulation 2024/1620 created the authority with the aim of reducing divergences in national legislation and ensuring supervision of entities posing a high money laundering risk.
Headquartered in Frankfurt, AMLA is set to enhance cooperation among financial intelligence units (FIUs) and ensure the correct and consistent application of EU anti-money laundering (AML) rules.
The European Parliament voted in five members of AMLA’s executive board on 20 March 2025.
Businesses will come under AMLA’s direct or indirect supervision, but either way should prepare for increased scrutiny and a cross-border approach to enforcement.
Indirect supervisory powers
AMLA will have both direct and indirect supervisory responsibilities.
One of its key competences is supporting and coordinating the EU’s network of FIUs. From 1 July 2025, AMLA will oversee FIUs and ensure supervisory convergence across Member States. This will mean facilitating joint analyses of cross-border suspicious transactions and activities and sharing the results of investigations with FIUs and EU agencies such as Europol.
AMLA will host a dedicated IT system to allow FIUs to cooperate and exchange information with each other and with counterparts from third countries. In return, FIUs will delegate one or more of their staff members to AMLA’s Frankfurt office.
From 1 July 2025, AMLA will have indirect supervisory powers over companies in the non-financial sector. The agency will conduct peer reviews of non-financial supervisors to strengthen consistency and effectiveness. AMLA will use these assessments to form the basis for recommendations and follow-up measures.
Direct supervisory powers
AMLA will directly oversee up to 40 financial institutions (FIs) in the EU that pose the highest risk of money laundering. The European Banking Authority (EBA) published draft regulatory technical standards outlining the methodology for determining which entities are in scope of AMLA’s supervision, such as FIs operating in at least six Member States and that pose a high money laundering risk.
The first selection process will begin on 1 July 2027, with the selected entities transferred to AMLA for supervision by 2028. AMLA will review the list every three years.
Whilst AMLA will select just 40 companies in its first phase, this number is expected to grow.
Businesses could also come under direct supervision from the agency via another route. AMLA can request a European Commission decision to place a FI under its supervision for a limited period of time if the company systematically fails to meet AML requirements or if a national supervisor cannot implement recommendations made by AMLA against the business. A national financial supervisor can also request AMLA take a closer look at specific companies for AML failures.
Expect investigations, oversight, and enforcement
AMLA will have the authority to investigate the 40 selected FIs through on- or offsite inspections, by requesting access to information such as internal audits, and by interviewing relevant employees.
AMLA can also impose administrative measures and pecuniary sanctions on FIs under its direct supervision. It may impose penalties when it spots breaches of EU legislation, including AML directives.
The maximum penalty AMLA can impose is up to 10% of the entity’s annual turnover or €10 million (US$10.9 million). The size of the fine will depend on the nature and extent of the breaches and should be effective, proportionate, and dissuasive.
More AML regulation to come for EU businesses
Some aspects of AMLA remain unclear, including the data it will require from supervisory agencies and companies, as well as the criteria for penalties.
However, in the run up to its launch EU businesses should consider the possibility that they will come under AMLA’s direct supervision. These companies will have a single point of oversight, and whilst this is expected to streamline communication and ease the compliance burden, they could face hefty penalties if found to have breached EU AML regulation.
Companies in the EU should also prepare for increased AML requirements under new regulations. The EU AML Regulation (AMLR) and Directive (EU) 2024/1640 come into force on 10 July 2027.
The AMLR provides a set of rules for Member States on money laundering, closing existing discrepancies in national implementation of earlier AML directives. Key provisions of the AMLR include stricter customer due diligence obligations for crypto-asset service providers, a list of services that cannot be outsourced, and a lower beneficial ownership threshold.
Under the new directive, Members States must set up beneficial ownership registers and complete national risk assessments every four years.
Given the two-year wait for these rules to take effect, in-house legal and compliance teams can take this time to identify gaps in compliance programmes and make sure to adequately resource the compliance team to handle the new requirements.