.svg)
The EU is set to reshape Europe’s anti-money laundering (AML) landscape by introducing a central authority and a harmonised rulebook, shifting supervision from national discretion to coordinated EU oversight and increasing operational and compliance expectations across institutions.
This overhaul aims to prevent any repeat of incidents such as the Danske Bank scandal, which exposed weaknesses in Europe’s AML framework.
The Anti-Money Laundering Authority Regulation (AMLAR) and the Anti-Money Laundering Regulation (AMLR), both adopted in 2024, will replace the fragmented, directive-based framework with a directly applicable single rulebook. This enables supervisors to enforce consistent standards across jurisdictions and reduces the possibility of “forum shopping.”
The single rulebook will harmonise requirements such as customer due diligence and internal procedures, and together with the establishment of a dedicated EU AML authority (AMLA) will require financial institutions to prepare for significant operational and compliance changes.
Financial institutions face a critical timeline: 2026 will bring extensive consultations on implementing standards; July 10, 2027 is the application date for most AMLR provisions; and 2028 will see AMLA begin direct supervision of high-risk institutions, making early engagement a strategic compliance priority.
Secondary legislation and guidelines
Although the AMLR applies from July 2027, dozens of technical standards and guidelines must be developed during 2026 to operationalise the regulation. How firms implement enhanced customer due diligence, beneficial ownership checks and cross-border reporting will define supervisory exposure.
On June 6, 2025, the European Banking Authority (EBA) launched a consultation on four draft regulatory technical standards (RTS) covering customer due diligence procedures, beneficial ownership verification, risk assessment methodologies and cross-border information sharing.
Further consultations expected during 2026 include standards for information exchange between financial intelligence units, cross-border reporting triggers and risk-profiling methodology that will determine supervision intensity. This risk classification will influence which institutions fall under AMLA's direct supervision from 2028.
These standards must be submitted to the European Commission by July 10, 2026. Financial institutions should monitor consultations closely and engage through industry associations or direct submissions, particularly on proportionality for smaller institutions and cross-border coordination mechanisms.
The Anti-Money Laundering Authority
Established by the AMLAR, AMLA is a new, decentralised EU agency based in Frankfurt that coordinates with national authorities to ensure consistent application of EU rules. The authority aims to reach full operational capacity by 2028, when it will directly supervise approximately 40 of the EU's highest-risk financial institutions.
On July 1, 2025, the authority published its work programme, revealing its initial priorities and approach. It has begun with crypto-asset service providers (CASPs), developing supervisory methodologies and coordination mechanisms with national authorities ahead of assuming direct supervision powers in 2028.
Firms operating under the Markets in Crypto-Assets (MiCA) regulation may face additional scrutiny during this transitional period.
Operational implications for financial institutions
The AMLR introduces material operational changes. Enhanced customer due diligence will require more extensive beneficial ownership verification, with firms obligated to access centralised registers across the EU.
In addition, transaction monitoring systems will need updates to accommodate harmonised reporting requirements and new risk indicators.
Cross-border groups face particular complexity, needing consistent policies across EU subsidiaries while preparing for potential AMLA oversight. Supervisors will increasingly assess not just policy existence but evidence of effective implementation and risk management.
In 2026, financial institutions should prioritise monitoring and responding to consultations on technical standards, conducting gap analysis comparing current policies against AMLR requirements and planning the technology and resource investments needed to be compliant by July 2027.
The 2026 consultation period represents a significant opportunity for firms to influence the practical application of the EU’s AML framework. Early engagement will help manage compliance costs and prepare for AMLA's coordinated supervision.
