In July 2024, the Anti-Money Laundering Regulation (AMLR), the new Anti-Money Laundering Directive (AMLD) and the Regulation establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA-R) entered into force.1 The agreement, publication and entry into force of these European instruments are a highlight in a legislative process that started on 20 July 2021, when the European Commission presented its ambitious reforming plans coined as the ‘EU AML package’.
The AMLR and AMLD jointly introduce a harmonized European Single Rulebook in preventing money laundering, countering the financing of terrorism, and ensuring compliance with EU targeted financial sanctions. The AMLA-R introduces a new European layer of supervision. The European Anti-Money Laundering Authority’s key responsibilities include the direct supervision of selected (financial or crypto) institutions, the indirect supervision of other financial institutions and obliged entities and the support and coordination of financial intelligence units (FIUs).
Some key changes to material requirements of the new EU framework are:
Various changes to Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) requirements
Changes include that additional information be obtained (nationality, occupation) and the application of EDD in case of the provision of bespoke wealth management services to certain high-net-worth individuals.
Beneficial ownership
Agreed threshold for ownership interest to “25% or more”. In case of multiple layers of ownership, ownership must be calculated by multiplying the ownership interests held by the intermediate entities in the chain of entities in which the beneficial owner holds shares or voting rights, and by adding together the results from those various chains. Both ownership interest and control must be assessed.
Expanded scope of PEPs
Siblings of certain PEPs will be classified as family PEPs and will be subject to EDD. Heads of local and regional authorities, including groupings of municipalities and metropolitan regions, with at least 50,000 inhabitants, will qualify as PEPs.
Outsourcing
Notification requirement to the supervisor for all outsourcing arrangements prior to start. Restrictions to outsourcing of certain activities, e.g., proposal and approval of policies, controls and procedures and decision on risk profile of customer. No restrictions to outsourcing of ongoing monitoring.
Targeted Financial Sanctions
Obliged entities are expected to use their AML controls for ensuring compliance with EU targeted financial sanctions and preventing sanctions evasion.
1 Regulation (EU) 2024/1624 of the European Parliament and of the Council of 31 May 2024 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing; Directive (EU) 2024/1640 of the European Parliament and of the Council of 31 May 2024 on the mechanisms to be put in place by Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing; Regulation (EU) 2024/1620 of the European Parliament and of the Council of 31 May 2024 establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism.
Regulatory Waves in the coming years
In addition to the two Regulations and Directive, many more supplementing and detailed requirements as well as guidance and further interpretations are expected in the next few years. Such measures include delegated acts, regulatory technical standards, implementing technical standards, guidelines, opinions and other reports.
The AMLR, AMLD and AMLA-R include nearly 100 relevant due dates that together will form a regulatory tsunami coming to EU Member States, banks, other financial institutions and obliged entities, as well as to supervisors and FIUs in the coming years. Figure 1 presents these due dates and shows three ‘peaks’, taking place on 10 July 2026, 10 July 2027 and 10 July 2029.
Figure 1. Overview relevant due dates included in the AMLR, AMLD and AMLA-R
Figure 2 shows that the relevant due dates relate to different actions, varying from due dates for a Member State notification to the adoption of Delegated Acts. As shown in the table below, most of the relevant due dates relate to the issuance of AMLA guidelines (20), followed by Member State notifications (15) and the issuance of draft Regulatory Technical Standards (RTS) (13). The reference to ‘Other’ contains a variety of measures/actions, including the issuance of opinions or recommendations by AMLA and the publication of reports by the Commission.
Figure 2. Overview type of regulatory actions included in the AMLR, AMLD and AMLA-R
The Wave of Regulatory and Implementing Technical Standards
The texts of the AMLR, AMLD and AMLA-R will be supplemented by so-called regulatory and implementing technical standards. Regulatory technical standards (RTS) are aimed at further developing, specifying or determining the conditions for consistent harmonization of the rules included in the main legislative act. Implementing technical standards (ITS) are aimed at implementing harmonized requirements for certain provisions included in the main legislative act. In brief, AMLA is tasked with preparing draft regulatory and technical standards that are eventually adopted by the Commission by means of a delegated act or implementing act.
In total, the AMLR, AMLD and AMLA-R provide for the issuance of 19 RTS/ITS. As shown in Figure 3, the largest wave of technical standards can be expected by 10 July 2026. On this date, a total of 14 draft technical standards (RTS/ITS) should be issued, being 74% of the total announced.
Figure 3. RTS/ITS due dates
Six of the RTS/ITS are (directly) relevant to banks, financial institutions and other obliged entities; the other technical standards are mainly relevant to supervisors and FIUs. A first example of an RTS of direct relevance to obliged entities is the draft RTS on minimum requirements of group-wide policies. A second example is the draft RTS on Customer Due Diligence, which includes – inter alia – details about the types of simplified due diligence and the reliable and independent sources of information that may be used to verify the identification data. An example of an ITS relevant to supervisors and FIU is the draft ITS regarding the format to be used by FIUs for the dissemination of information to the European Public Prosecutor’s Office (EPPO).
The Wave of Guidelines
Looking specifically at guidelines, the AMLR, AMLD and AMLA-R include references to a total of 20 guidelines. Of this total, 9 guidelines (45%) are directly relevant to all obliged entities within scope of the EU’s AML framework, with an additional 4 guidelines (20%) directed at specific obliged entities (predominantly banks, other financial institutions and crypto-assets service providers). Guidelines are also to be issued for FIUs, as well as supervisors and other competent authorities. Refer to Figure 4 for all details.
Figure 4. AMLA Guidelines and target audiences
Guidelines must be issued by the AMLA, and in some instances in cooperation with the European Banking Authority (EBA) and the EPPO.
Relevant guidelines for banks, financial institutions and other obliged entities concern – among others – the application of the risk assessment (minimum requirements and sources of information), risk variables and factors in the application of CDD, the application of EDD measures in the case of PEPs and high-net-worth individuals, outsourcing, and ongoing monitoring.
The largest wave of guidelines is expected by 10 July 2027, the due date for a total of 9 guidelines. Interestingly, the due date of these guidelines is the same as the formal date of application of the AMLR and the implementation deadline of the AMLD.
To surf the Waves and be prepared
The entry into force of the AMLR, AMLD and AMLA-R requires action, not in the future but now. The forthcoming regulatory waves – with peaks expected in July 2026 and 2027 – demonstrate the importance for banks, other financial institutions and obliged entities to start the preparations in order to be fully compliant by 10 July 2027.
KPMG Netherlands is on top of the regulatory developments in the anti-money laundering domain. With our regulatory expertise and rich experience in the market, we can offer you a wide array of services varying from assisting you in updating or validating updates to your internal risk management and policy framework, training, advising you on the translation of legal obligations into internal requirements as well as use of screening and monitoring tooling, and the provision of managed services.
If you would like to learn more about the developments in the AML domain, their potential impact on your organization, or what you can do to prepare and start now, we would be pleased to assist you!
Featured
Contact us
Evelyn Bell
Director, Forensic
KPMG in the Netherlands
Melissa van den Broek
Senior Manager, Forensic
KPMG in the Netherlands
Yael de Vries
Consultant, Forensic
KPMG in the Netherlands
We will keep you informed by email.
Enter your preferences here.