AMLAR—short for the Authority for Anti-Money Laundering and Countering the Financing of Terrorism and Amending Regulations—serves as the legislative foundation for the European Union’s new Anti-Money Laundering Authority (AMLA).
Established under Regulation (EU) 2024/1620, AMLAR is designed to unify and strengthen the EU’s approach to combating money laundering and terrorist financing.
Approximately 1% of the EU’s GDP is linked to suspicious financial activity. Historically, fragmented national laws and enforcement have created exploitable loopholes. AMLAR aims to address these challenges by introducing a single EU rulebook for anti-money laundering (AML) and countering the financing of terrorism (CFT) to enhance cross-border cooperation. It also amends existing regulations to close legal gaps that might previously have been exploited to commit financial crime.
AMLA, headquartered in Frankfurt, Germany, will begin formal operations in summer 2025. As the central supervisory body, AMLA will coordinate and support national AML/CFT supervisors and Financial Intelligence Units (FIUs) to try and ensure consistency across jurisdictions.
From January 2028, AMLA will directly supervise selected high-risk financial institutions. AMLA will also lead joint analyses of cross-border cases and promote best practices through structured peer reviews and ongoing training initiatives.
While AMLA won’t replace national authorities, it will play a critical role in harmonizing supervision and strengthening the EU’s collective AML/CFT framework.
While the direct supervision of AMLA will be on 40 selected entities with a systemic risk, the expectation is that the standards these 40 banks operate to will set a benchmark for other institutions. Other obliged entities, outside the 40, who will continue to be supervised by national authorities, are likely to experience an increase in expectations around AML/CFT due to the indirect impact and role of AMLA in Europe.
The AMLAR framework, alongside the Sixth Anti-Money Laundering Directive (AMLD6) and the Anti-Money Laundering Regulation (AMLR), introduces several significant changes. These changes include an expanded scope of obligated entities, such as football clubs and crypto-asset service providers. EU-wide, member states are required to transpose AMLD6 into national law by July 2027, while AMLR will apply directly from the same date.
The AMLAR framework imposes stricter requirements for customer due diligence and beneficial ownership verification. It also mandates the reporting of discrepancies between internal records and official company registers and introduces more rigorous rules for outsourcing and suspicious activity reporting.
Article 26 of AMLAR introduces the concept of perpetual KYC (pKYC). It mandates that the period between customer information updates must not exceed one year for high-risk customers and five years for low-risk customers, however in addition to these regular updates, ongoing monitoring is required at higher frequencies based on several factors. These factors include:
These dynamic risk factors, which must be monitored, make the requirements for continuous due diligence measures more of an imperative.
Under the EU’s new AML/CFT framework, sectors such as professional football and crypto services face enhanced compliance obligations. For example, football clubs must implement robust identity verification processes, monitor financial transactions—including player transfers—and report any suspicious activity to their national FIUs.
To meet European AML and CFT requirements, companies can begin by conducting comprehensive gap analyses to assess their current compliance processes and procedures. They can consider updating internal policies, operational procedures, and staff training programs to align with the new regulations.
Investing in advanced RegTech solutions is another enabler supporting due diligence, real-time monitoring, and automated reporting.
Finally, organizations should consider fostering a culture of compliance and transparency, supported by clear audit trails and proactive risk management activities.
The EU’s AML/CFT framework encourages the adoption of advanced technologies to enhance compliance and detection capabilities. AI-driven transaction monitoring, automated due diligence, and secure data-sharing platforms are expected to play a central role. These tools can help in the early detection of suspicious activity for example; they can also help build comprehensive risk profiles during onboarding; and help organizations remain agile in the face of evolving regulatory expectations.
AI also has the ability to significantly reduce the amount of time dedicated to assessing risk alerts that can be generated through monitoring. Mechanisms can be used to automate alert evaluation and solve inefficiencies in screening and name-matching processes.
However, it’s worth noting that the use of AI will only serve to increase the importance of data governance in risk management and compliance activity, as it relies heavily on data quality.
At Moody’s, we support organizations in transforming their KYC, KYB, and AML programs through a combination of digital workflows, integrated datasets, and advanced analytics. We are also invested in helping customers develop a "golden source" of data through a cascade approach that relies on primary and secondary sources to detect potential discrepancies.
Our solutions are designed to automate compliance processes; support data governance; reduce operational risks and improve overall efficiency—empowering organizations to stay ahead in their risk, compliance, and anti-financial crime programs.
To find out more about how Moody's can support your AML/CFT compliance program, please get in touch. We are here to help you navigate the evolving regulatory and compliance landscape with greater confidence.