EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
Recent Searches
Europe’s long‑promised overhaul of anti‑money laundering supervision is moving from blueprint to reality. With the Anti‑Money Laundering Authority (AMLA) now operational and consulting on detailed technical standards, the message to banks, fund managers and other obliged entities is becoming unmistakable: the transition period is shrinking and regulatory tolerance for late compliance will be thin. In this context of the regulatory overhaul, AMLA’s public consultations (which cover customer due diligence, sanctions, supervisory cooperation and the definition of business relationships) are the final building blocks of a single EU AML rulebook that will start affecting entities even before its formal application date in 2027. This is already visible in practice, with the CSSF and CAA aligning their questionnaire with AMLA’s expectations and the AED reporting that it has rejected nearly 90% of submitted AML questionnaires.
What AMLA is consulting on and why it matters
Established under Regulation (EU) 2024/1620 and headquartered in Frankfurt, AMLA started operating in mid‑2025. Since last year, EBA and AMLA have launched multiple consultations on draft regulatory and implementing technical standards (RTS and ITS) which make part of the EU’s wider AML Package adopted in May 2024 which also includes the directly applicable AML Regulation (AMLR) and the Sixth AML Directive (AMLD6). Together, they aim to replace a patchwork of national rules with a harmonized regime enforced through both national supervisors and AMLA’s own direct oversight of selected high‑risk institutions.
While the AMLR will apply from 10 July 2027 onwards, AMLA’s standards and supervisory expectations are being shaped now and firms should use the transition period wisely in order to avoid hurdles once the regulation is fully applicable. The recent consultations have focused on three main areas:
- Customer due diligence (CDD): The draft RTS specify in granular detail how firms must identify and verify customers, beneficial owners and powers of representation, narrowing room for national interpretation
- Pecuniary sanctions and penalties: AMLA is setting principles for how breaches will be sanctioned across the EU, signaling a tougher and more consistent enforcement culture
- Business relationships and thresholds: The draft RTS provide new criteria for distinguishing a business relationship from occasional transactions, as well as for identifying linked transactions
These consultations are particularly significant because they provide a concrete view of how the new EU AML framework will operate in practice: rather than introducing new policy concepts, they translate the AMLR into detailed supervisory expectations and practical requirements that will drive how institutions operate and are assessed. For financial institutions, this marks a shift from high‑level preparation to operational implementation, including the revision of CDD processes, transaction structuring and governance aspects.
Timeline: a narrowing window
Although 2027 dominates industry planning calendars, the effective timeline is more compressed. By the time the AMLR applies, firms are expected to have redesigned policies, systems and governance.
Expected timeline
Key recommendations for institutions
- Start implementation before the rules are finalized: AMLA’s consultations may still evolve, but their direction is clear. Waiting for final RTS risks leaving insufficient time for systems and data changes
- Revisit enterprise‑wide risk assessments: The new framework demands more standardized, documented and defensible risk methodologies, aligned with EU‑level expectations rather than local supervisory habits
- Invest in data and technology: Harmonized CDD, transaction monitoring and reporting standards will expose legacy data weaknesses, particularly for cross‑border groups
- Prepare for tougher supervision: Consistent sanctioning principles and AMLA‑led oversight mean enforcement outcomes are likely to become faster, more transparent and stricter
How EY can help
For many institutions, the challenge is less understanding what AMLA expects than how to operate it at scale. For many institutions, the primary challenge is not merely understanding AMLA’s requirements but effectively implementing them at scale: this is where EY Luxembourg support plays a decisive role: our Forensics & FinCrime team helps you by:
- Converting consultation feedback into actionable plans, aligning draft RTS and ITS with existing frameworks, and pinpointing early changes for prompt implementation
- Redesigning target operating models to incorporate governance structures, compliance roles, and escalation processes that align with AMLA supervision
- Facilitating data and systems transformation, spanning from KYC enhancements to recalibrating transaction monitoring and regulatory reporting
- Conducting supervisory readiness programs, including mock inspections and strategic remediation planning
- Embedding automation and AI-enabled solutions across AML processes, including advanced analytics for transaction monitoring, AI-supported KYC/CDD and workflow automation to improve effectiveness, scalability and supervisory traceability
Summary
Europe’s long‑promised overhaul of anti‑money laundering supervision is moving from blueprint to reality. With the Anti‑Money Laundering Authority (AMLA) now operational and consulting on detailed technical standards, the message to banks, fund managers and other obliged entities is becoming unmistakable: the transition period is shrinking and regulatory tolerance for late compliance will be thin.
Related articles