AMLA: EU AML Authority Compliance Obligations 2026
The EU Anti-Money Laundering Authority (AMLA) reshapes AML compliance from 2026. What obliged entities must do to prepare for Regulation 2024/1624.
Summarize this article with
ChatGPT
Claude
Perplexity
Gemini
GrokEurope's anti-money laundering architecture just got its most significant overhaul in decades. The creation of the Anti-Money Laundering Authority โ AMLA โ marks a shift from a patchwork of national supervisors to a centralized EU-level enforcer with real teeth. For compliance officers, legal teams, and obliged entities across the financial sector, the clock to July 2027 is already ticking.
What Is AMLA and Why It Matters for AML Compliance
AMLA โ the Anti-Money Laundering Authority โ is a new EU agency established by Regulation (EU) 2024/1620 and headquartered at the Messeturm building in Frankfurt am Main, Germany. It became operational on 1 July 2025, though its most consequential powers kick in over the following two years.
AMLA sits at the centre of a three-part EU AML Package:
- Regulation (EU) 2024/1620 โ the founding AMLA regulation, defining the authority's structure, governance, and supervisory powers.
- Regulation (EU) 2024/1624 (the AMLR) โ a directly applicable AML rulebook setting uniform obligations for obliged entities across all EU member states, replacing the previous directive-based approach.
- Directive (EU) 2024/1640 (AMLD6) โ a directive requiring national transposition by July 2027, covering institutional supervision, Financial Intelligence Unit (FIU) cooperation, and access to beneficial ownership registers.
The significance here is structural. Under the old framework, AML rules were set at EU level via directives but implemented differently across 27 member states. AMLA changes this by introducing a single, directly applicable rulebook โ the AMLR โ that obliged entities must follow without waiting for each country to translate it into national law. Before AMLA's creation, the European Banking Authority (EBA) held the main EU-level AML coordination mandate; those mandates transferred to AMLA on 1 January 2026.
The AMLA website confirms that the authority is already issuing binding technical standards and regulatory guidance that will shape compliance practice well before its direct supervision powers begin.
Which Entities Fall Under AMLA's Direct Supervision
The headline figure โ 40 directly supervised entities โ captures a narrow but systemically critical slice of the EU's financial sector. AMLA will directly supervise a maximum of 40 cross-border obliged entities that operate in six or more EU member states. The selection process runs in July 2027, with direct supervision starting 1 January 2028.
Who qualifies? Primarily large banking groups with significant cross-border EU presence, and crypto-asset service providers (CASPs) authorised under MiCA operating at scale across multiple member states.
| Entity Type | Current Supervisor | AMLA Direct Oversight |
|---|---|---|
| Large cross-border banking groups (6+ EU states) | National competent authorities (NCAs) | Yes, from January 2028 (if selected) |
| CASPs under MiCA (6+ EU states) | NCAs / ESMA | Yes, from January 2028 (if selected) |
| Mid-size domestic banks | NCAs | No โ NCAs retain supervision |
| Payment institutions | NCAs | No โ NCAs retain supervision |
| Insurance companies | NCAs | No โ NCAs retain supervision |
| Law firms, accountants, notaries | NCAs / professional bodies | No โ NCAs retain supervision |
| Crowdfunding platforms | NCAs | No โ NCAs retain supervision |
| Real estate agents | NCAs | No โ NCAs retain supervision |
The critical takeaway: most obliged entities will never interact directly with AMLA as a supervisor. The authority's broader impact comes through the binding technical standards it issues and through its role coordinating national supervisors โ raising the floor of enforcement quality across the EU.
Timeline: Key Dates from 2025 to 2028
| Date | Event | Impact for Obliged Entities |
|---|---|---|
| 1 July 2025 | AMLA becomes operational | AMLA begins issuing guidelines and technical standards |
| 1 January 2026 | EBA's AML mandates transfer to AMLA | AMLA becomes the primary EU-level AML standard-setter |
| July 2027 | AMLA selects 40 directly supervised entities | Affected institutions receive formal notification |
| 10 July 2027 | AMLR (Regulation 2024/1624) applies | All obliged entities in the EU must comply โ no national legislation needed |
| July 2027 | AMLD6 transposition deadline | EU member states must have updated national AML laws |
| 1 January 2028 | AMLA direct supervision begins | Selected entities move from NCA to AMLA oversight |
For most compliance teams, the operative deadline is 10 July 2027 โ the date the AMLR becomes fully enforceable. That gives organisations just over a year from today to close any gaps between their current practices and the AMLR's requirements.
Ready to automate your checks?
Free pilot with your own documents. Results in 48h.
Request a free pilotCore Obligations Under the AMLR for All Obliged Entities
The AMLR applies from 10 July 2027 across all EU member states without requiring any national transposition. This is a deliberate design choice: the EU wanted to eliminate the inconsistencies that arose when different countries implemented AML directives differently.
Beneficial Ownership Identification
"For the first time, the AMLR sets a uniform beneficial ownership threshold of 25% or more across the EU โ replacing the previous 'more than 25%' wording and closing a longstanding loophole." Source: Regulation (EU) 2024/1624, Article 62
The shift from "more than 25%" to "25% or more" is subtle in wording but significant in practice. It means a person holding exactly a 25% stake must now be identified as a beneficial owner, where previously they could have fallen below the threshold in some national implementations.
Unified KYC Due Diligence
The AMLR standardises three tiers of customer due diligence across the EU:
- Standard due diligence (SDD): The default โ verify identity, understand business relationship, assess risk.
- Enhanced due diligence (EDD): Required for higher-risk customers, PEPs, cross-border correspondent banking, and high-risk jurisdictions. The AMLR specifies mandatory EDD measures rather than leaving them to member state discretion.
- Simplified due diligence (SiDD): Permitted only for specifically listed low-risk scenarios defined in the regulation โ not a general carve-out.
Cash Payment Controls
The AMLR introduces an EU-wide cap of โฌ10,000 on professional cash payments. Crucially, customer identity verification is required for any cash transaction of โฌ3,000 or more. Member states can set lower limits โ and several already have โ but none can exceed โฌ10,000.
This matters particularly for businesses in sectors like luxury goods, art, and real estate, where large cash transactions have historically been a money laundering vector.
FIU Response Requirements
Obliged entities must respond to information requests from Financial Intelligence Units within 5 working days. The AMLR harmonises this deadline across the EU, replacing varying national timelines that previously complicated cross-border investigations.
AMLA vs FCA: What Changes for UK-Based Firms
UK firms are not directly subject to AMLA. Post-Brexit, the UK operates its own AML framework โ primarily the Money Laundering Regulations 2017 (MLR 2017) and the Proceeds of Crime Act 2002 (POCA 2002), supervised by the FCA, HMRC, and sector-specific bodies.
However, the AMLA framework is directly relevant to UK firms in several situations:
- UK firms with EU subsidiaries or branches must comply with the AMLR in those EU operations from July 2027.
- UK banks with significant EU correspondent banking relationships will interact with AMLR-compliant counterparties, and their due diligence standards will be assessed against the AMLR benchmark by their EU correspondents.
- CASPs with MiCA authorisation in any EU member state will fall within the AMLR scope for those operations.
The FCA has indicated it will monitor AMLA's technical standards and enforcement approach โ as it did with EBA guidelines โ for potential alignment in UK guidance. UK firms should treat EU-facing operations as requiring full AMLR compliance by July 2027, even where direct UK regulatory obligations differ. Early preparation avoids the scenario where EU-facing teams are scrambling to retrofit compliance policies in mid-2027.
For a detailed breakdown of the UK transposition picture, see our AMLD6 compliance guide for obliged entities.
Expanded Scope: New Obliged Entities Under AMLR
One of the AMLR's most consequential changes is the expansion of who counts as an "obliged entity." The traditional list โ banks, insurers, money service businesses, lawyers, accountants, real estate agents โ has grown significantly.
New categories of obliged entities under the AMLR include:
- Crypto-asset service providers (CASPs) authorised under MiCA โ now fully integrated into the EU AML framework rather than treated as a separate vertical
- Crowdfunding platforms regulated under EU crowdfunding regulation
- Professional football clubs and agents โ addressing well-documented money laundering risks in transfer markets
- Dealers in luxury goods, including precious metals, gemstones, jewellery, and high-value watches
- Mortgage credit intermediaries not already covered as credit institutions
"The AMLR's expansion to professional football and luxury goods dealers reflects years of FATF recommendations and EU threat assessments identifying these sectors as persistent AML vulnerabilities." Source: Regulation (EU) 2024/1624, Recitals and Article 3
If your sector has been added to the obliged entity list, the AMLR's full due diligence and reporting requirements apply from 10 July 2027 โ including beneficial ownership identification, risk-based customer due diligence, and suspicious transaction reporting. Sector bodies and trade associations in these newly caught industries should be mobilising now.
Practical Compliance Steps for 2026-2027
With July 2027 as the hard deadline, the compliance runway is shorter than it appears. Here is where to focus effort:
1. Conduct a gap analysis against the AMLR. Map your current KYC policies, beneficial ownership identification processes, and cash transaction controls against the AMLR's specific requirements. Pay particular attention to the 25% or more threshold, EDD mandatory measures, and the standardised SDD/EDD/SiDD framework.
2. Update KYC policies and procedures. The AMLR's due diligence requirements are more prescriptive than most national frameworks. Generic "risk-based" policies that defer to staff judgment need to be replaced with structured procedures aligned to AMLR Articles.
3. Integrate AMLA technical standards as they are issued. AMLA is publishing binding technical standards throughout 2025-2026. Monitor amla.europa.eu and treat these standards as compliance obligations, not guidance.
4. Test document verification at scale. The AMLR's standardised due diligence requirements create pressure on document verification workflows โ particularly for cross-border onboarding across multiple EU jurisdictions. CheckFile supports 3,200+ document types across 32 jurisdictions, enabling obliged entities to manage document verification at scale across the EU โ from KYC onboarding to ongoing monitoring.
5. Review and prepare your EU-facing operations. For firms operating across EU and non-EU jurisdictions, ensure your EU subsidiaries and branches have dedicated implementation plans. See our risk-based approach to AML and customer risk scoring for guidance on structuring tiered due diligence.
For end-to-end compliance workflow guidance, our document compliance guide covers verification processes applicable across the AMLR due diligence tiers.
If your firm operates KYC banking solutions or needs to scale document verification capabilities ahead of July 2027, review CheckFile's pricing and security architecture to understand how automated verification integrates with your compliance stack.
Frequently Asked Questions
Will AMLA directly supervise my firm?
Most firms will not be directly supervised by AMLA. Direct supervision is capped at 40 cross-border entities operating in 6 or more EU member states. The vast majority of obliged entities โ domestic banks, payment institutions, law firms, accountants, real estate agents โ will continue to be supervised by their national competent authority. In the UK, that means the FCA, HMRC, or relevant professional body. AMLA's impact on these firms comes through the binding technical standards it issues, which national supervisors enforce.
When does the AMLR apply?
Regulation (EU) 2024/1624 applies from 10 July 2027 throughout the EU without requiring national legislation. This is a regulation, not a directive โ it is directly applicable. AMLD6 must be transposed by EU member states by July 2027, covering complementary institutional and supervisory matters. Preparation should start now: AMLA is issuing binding technical standards throughout 2025-2026 that will shape how the July 2027 requirements are interpreted and enforced from day one.
Are lawyers and accountants subject to AMLA?
Yes โ legal and accounting professionals remain obliged entities under AMLD6. They will not be directly supervised by AMLA but must comply with the binding technical standards AMLA issues. National supervisors โ for example, the Legal Sector Affinity Group (LSAG) in the UK, or the Barreau and Ordre des experts-comptables in France โ remain responsible for day-to-day oversight. The practical effect is that AMLA sets the standards, and national bodies enforce them.
What is the new EU cash payment limit?
The AMLR sets a โฌ10,000 cap on professional cash payments EU-wide โ the first time this limit has been set uniformly across all member states. Identity verification is required for cash transactions of โฌ3,000 or more. Member states can set lower limits: Germany, for example, previously had no national cap and must now comply with the โฌ10,000 ceiling. This change is particularly significant for luxury goods dealers, art market participants, and real estate professionals who are accustomed to accepting large cash transactions.
How does CheckFile help with AMLA compliance?
CheckFile automates KYC document verification with multi-layer analysis covering structural checks, metadata analysis, and cross-document consistency. Supporting 3,200+ document types across 32 jurisdictions, CheckFile helps obliged entities meet the AMLR's due diligence requirements efficiently โ whether for standard, enhanced, or simplified due diligence tiers. Automated verification reduces manual review time while maintaining the audit trail required for regulatory examination.
This article is provided for informational purposes only and does not constitute legal advice. For your specific situation, consult a qualified legal professional or compliance expert.
Stay informed
Get our compliance insights and practical guides delivered to your inbox.