Submit RFP

      The EU’s legislative package on anti-money laundering (AML) and combating terrorist finance (CFT) was adopted in July 2024, creating a new EU AML/CFT regime. Part of this package are the AMLA Regulation (AMLA-R) establishing the new AML Authority (AMLA), the AML Regulation (AMLR) determining the scope and shape of regulation, and the 6th Directive on AML/CFT (AMLD6) setting out mechanisms for Member States to implement.

      These Level 1 instruments set out detailed expectations for AMLA to complete a Single Rulebook harmonising AML/CFT regulation across the EU. In relation to this Single Rulebook, AMLA’s specific duties comprise:

      • Level 2 standards: Drafting 13 regulatory technical standards (RTS) and 6 implementing technical standards (ITS). The drafting of these instruments include conducting open public consultations and submitting final drafts to the Commission for adoption.
      • Level 3 guidelines: Drafting and issuing 20 sets of guidelines.

      The timeline set out in the AML package called for AMLA to finalise all RTS and most ITS by July 2026 , and to issue the bulk of the Guidelines during 2026 or 2027. Following a consultation initiated and concluded by the European Banking Authority (EBA) in 2025, AMLA finalised two RTS at the end of 2025:

      • RTS on the assessment of the risk profiles of OEs, under Article 40(2) of AMLD6;
      • RTS on the selection of OEs for direct supervision by AMLA, under Article 12(7) of AMLA-R.

      In addition, in the first quarter of 2026 AMLA launched four consultations with significant implications for OEs:

      • RTS on customer due diligence, under Article 28(1) AMLR;
      • RTS on criteria for identifying business relationships, occasional and linked transactions and lower thresholds, under article 19(9) AMLR;
      • RTS on classifying breaches, determining pecuniary sanctions, and applying penalties, under Article 53(10) of AMLD6;
      • ITS on inter-agency cooperation for the purposes of direct supervision, under Article 15(3) of AMLA-R.

      The first two consultations are open for responses until 8 May 2026. The consultations for the latter two have already been closed.

      Furthermore, as of April 2026 AMLA has launched two public consultation procedures covering the draft RTS on group‑wide AML/CFT requirements under Articles 16(4) and 17(3) of Regulation (EU) 2024/1624, as well as the draft Guidelines on business‑wide risk assessment under Article 10(4). These consultations seek input from market participants on minimum standards for consolidated risk management across groups, including cross‑border structures and third‑country operations, and on expectations for identifying and managing ML/TF risks at entity level. AMLA has also announced dedicated public hearing events taking place in May 2026 to allow stakeholders to engage directly on the draft instruments.

      What comes next? There are clear signs that the precise timing of the Single Rulebook’s evolution differs from that timetable set out in the Level 1 instruments. AMLA’s recent Single Programming Document (SPD) published in February 2026 sets out revised timelines. It expects AMLA to “deliver 24 of its 40 mandates in 2026”, with priority being given to the standards and guidelines of greatest importance to OEs and Financial Intelligence Units.

      In addition to the consultations already underway, AMLA now plans to launch even more; for OEs, some important standards and guidelines to note include:

      It is clear that the last three quarters of 2026 will be a pivotal period for OEs to monitor. There will be numerous (sometimes brief) consultations on Level 2 standards and Level 3 guidelines. That is a potentially daunting prospect, even for large financial institutions with extensive experience of interpreting and implementing new regulation.

      In our view, it is key for OEs to arm themselves with a good understanding and effective prioritisation. We therefore believe they should respond to the evolution of the Single Rulebook by:

      • Engaging actively with the consultation process, resisting the temptation to ignore the details until standards are finalised.
      • Partnering with peers, industry associations and other bodies to optimise responses and speak with a strong voice.
      • Leveraging the expertise of third parties to take advantage of timely updates, technical advice, targeted training, and best practice solutions.
      • Feeding each update into an iterative process of their gap and impact assessments (see Gap Analysis article)

      At the same time, OEs must continue to comply with national AML/CFT laws and adhere to established EBA guidelines, which remain valid until replaced. Finally, OEs should keep a watching brief on AMLA’s other activities as it prepares for direct supervision of 40 groups of financial and institutions, as well crypto-asset services providers, establishes an approach to EU-wide oversight (indirect supervision), and creates a new risk analysis framework and data infrastructure to effectuate the risk-based supervisory approach.

      2026 will be a critical year for the evolution of the AML/CFT Single Rulebook. Staying on top of this process will be vital to managing the new regime’s arrival efficiently and effectively.

      Our people

      Melissa van den Broek
      Melissa van den Broek

      Senior Manager Forensic Integrity & Compliance

      KPMG in the Netherlands

      Maureen Finglass
      Maureen Finglass

      Partner, Financial Services

      KPMG in Germany

      Timo Purkott
      Timo Purkott

      Partner, Global Fraud & Financial Crime Transformation Lead

      KPMG International