The European Union’s (EU) anti-money laundering (AML) and counter-financing of terrorism (CFT) framework is arguably undergoing its most significant overhaul in more than a decade. The headline isn’t simply institutional change; it’s a shift toward more consistent rules, more coordinated supervision, and greater expectations around data quality and evidencing risk-based decisions.
This transformation is driven by two pillars of the EU’s AML package:
Together, these instruments move the EU away from a fragmented, directive‑led model that required multiple national transpositions, each slightly different, and toward a more unified regime designed to work across borders.
AMLA, based in Frankfurt, Germany, is the EU’s first central AML/CFT supervisor. Its mandate is broad: support consistent application of AML/CFT rules, coordinate and reinforce the work of Financial Intelligence Units (FIUs), develop technical standards, and address gaps created by previously divergent national approaches.
A defining feature is direct supervision of a limited number of cross‑border financial groups. The EU expects 40 firms to fall under this regime, with selection based on factors including cross‑border activity (operations in at least six Member States), and inherent risk exposure to financial crime. Direct supervision is expected to start in January 2028.
Whether part of the “40” or not, for organizations operating across multiple EU Member States, AMLA will aim to reduce the regulatory “patchwork” that has caused some complicated cross‑border compliance issues, while also raising expectations on how risk assessments are evidenced, reviewed, and documented by businesses.
It marks the EU’s move toward a supervisory environment where consistency is the baseline, and where institutions demonstrate that their risk assessments and controls are justified, traceable, and operationally sound across the jurisdictions they operate in.
The AMLR, which will apply from 10 July 2027, has the potential to be transformative because it replaces the traditional directive‑based approach with a Regulation, meaning obligations would apply uniformly across the EU without national interpretation.
At a core level, the AMLR sets out:
The AMLR pushes organizations toward documented, consistent, and defensible AML processes. It will attempt to reduce ambiguity while increasing accountability. For example, firms will need to demonstrate how they reached conclusions, what evidence supported these conclusions, and how consistently those methods work across borders.
Beneficial ownership (BO) continues to be one of the most challenging components of AML compliance. Data from the EU registers is important, but it is not a single source of truth for organizations. Criminals can, for example, obscure ownership through shell companies, nominees, or layering to distance themselves from assets, making BO identification a multi‑source, multi‑step process.
Ownership (shareholding or voting rights) may be more straightforward, but control, i.e. who influences decisions or ultimately benefits from a business, is harder to evidence, particularly in complex or opaque structures. Cross‑border BO analysis can also be uneven due to differences in access rules, data formats, and register usability across Member States.
Public access to EU BO registers ended after a Court of Justice (CJEU) ruling invalidated open access. BO access has since shifted to a “legitimate interest” model, meaning journalists, civil society, and other groups need to demonstrate they qualify to have access. This has led to fragmented, country‑by‑country application processes and additional operational hurdles.
The EU’s AMLD6 (Directive (EU) 2024/1640) now governs how Member States implement access rules, verification mechanisms, and oversight of national registers, which sits alongside the AMLR’s private‑sector obligations.
If one issue determines whether BO transparency succeeds in practice, it’s data usability, which is a subject widely debated.
DT4C is an EU‑wide alliance of leading compliance data and technology providers, including Moody’s, working together to promote interoperable, high‑quality beneficial ownership data and more effective AML/CFT frameworks. In a paper shared in December 2025, the DT4C stressed that BO information should be structured, machine‑readable, and consistently formatted across Member States. It also said that over‑reliance on visual organigrams—often uploaded as images—created ambiguity and requires manual re‑keying, which increases error risk and slows workflows.
The alliance proposes improvements including:
These enhancements would be aimed at supporting compliance teams, as AMLA and the AMLR aren’t about policy. They’re about how quickly and reliably firms can trace ownership and control, analyze risk, and document decisions across jurisdictions.
3 moves that could make a difference
How Moody’s can help: turning change into action
As AML requirements tighten and supervision becomes more joined‑up, the same compliance pain points could surface. From fragmented data to inconsistent entity resolution to manual workflows to difficulty evidencing decisions.
Moody’s data, analytics, and workflow solutions can help:
Bring fragmented data together
Support teams in assembling a clearer ownership and control picture by connecting register data with additional sources, reducing dependence on any one dataset.
Make BO data usable across workflows
Help organizations handle structured BO data—identifiers, consistent fields, machine‑readable formats—so it moves smoothly through CDD and monitoring.
Promote more consistent, risk‑based workflows
As AMLR harmonizes expectations, methods that standardize how risk signals are captured and documented could add stability and clarity across multi‑country operations.
Strengthen evidence trails for supervisory engagement
Clearer auditability and report—what was checked, found, and concluded—which could be helpful under future AMLA supervision.
The EU’s AML framework is entering a new phase, with AMLA taking shape and AMLR setting a more consistent standard across member states.
Register for our upcoming Moody’s webinar to explore what these changes mean in practice for banks, including supervisory expectations, governance considerations, and the transition period ahead.
Please get in touch for more information, we would love to hear from you.
*Disclaimer: This content is for informational purposes only and does not constitute legal, financial, compliance or other professional advice. Please consult with a qualified professional for specific legal, financial, compliance, or other professional advice. For more terms and conditions pertaining to Moody’s products and services, refer to the disclaimer on Moody’s website.
Sources: