Grace from the EBA

On 6 March 2025, the European Banking Authority (EBA) launched a consultation process for four Regulatory Technical Standards (RTS) that will be part of the EBA’s response to the European Commission’s Call for Advice on the new mandates for the Anti-Money Laundering Authority (AMLA). The European Commission asked the EBA to prepare these RTS to support the AMLA operations quickly and efficiently. 

The four draft RTS focus on the following aspects:

• Draft RTS on the assessment of the inherent and residual risk profile of obliged entities under Article 40(2) of the sixth Anti-Money Laundering Directive (AMLD6). The EBA proposes a harmonized methodology for assessing obliged entities’ inherent risk, the quality of controls and residual risk, to be applied by all national AML/CFT supervisors to ensure comparable outcomes across the EU.
• Draft RTS on the risk assessment for the purpose of selection of credit institutions, financial institutions and groups of credit and financial institutions for direct supervision under Article 12(7) of the Anti-Money Laundering Authority Regulation (AMLA-R) The EBA proposes that the AMLA first determines which institutions are eligible for direct supervision based on their cross-border activities. Then, the AMLA would consider the outcomes of the risk assessment methodology and the risk profiles of those institutions.
• Draft RTS under Article 28(1) of the Anti-Money Laundering Regulation (AMLR) on Customer Due Diligence (CDD). In this standard, the EBA sets out the extent and quality of information that institutions must obtain as part of their CDD process.
• Draft RTS under Article 53(10) of the AMLD6 on pecuniary sanctions, administrative measures and periodic penalty payments. For the purpose of ensuring a level playing field for assessment of AML/CFT breaches across the EU, the EBA identifies indicators and criteria to be taken into account for the determination of the level of fines or taking administrative measures.

What immediately stands out is the EBA’s position on the application of CDD measures in relation to obliged entities’ existing customer base. The date of application of the AMLR is 10 July 2027 and the AMLR itself does not provide for a transitional regime after this period.

In the consultation document, the EBA notes that the AMLR could be read as suggesting that obliged entities must meet all requirements and that this would mean that obliged entities would have to apply the new CDD standards to all existing customers by this date.

The EBA now acknowledges that this may not be possible in relation to existing clients and therefore proposes to clarify that obliged entities apply a risk-based approach. More specifically, it proposes that as of 10 July 2027 the new CDD requirements must be applied to new customers, but that for existing customers a five-year grace period is granted.

This will be a welcome alleviation for obliged entities, which already have to work hard to identify gaps, update policies, procedures and controls, revise governance arrangements, adjust and enhance tooling, systems and data quality prior to the AMLR’s date of application in July 2027.

The consultation period for the draft RTS runs until 6 June 2025. The KPMG AMLA Office will provide KPMG clients and relations with our latest insights, to support them with their responses to the consultation and the preparation to become AMLA ready. Stay tuned for further KPMG insights on this important EBA consultation package.

If you would like to learn more about the developments in the AML/CFT domain, their potential impact on your organization, or what you can do to prepare and start now, we would be pleased to assist you.