AMLA Work Programme 2025 – Part 2

MandateShort descriptionLegal deadlineState of play by the end of 2025
Art. 9(4) AMLR GL on internal policies, procedures and controlsElements that OEs need to take into account when deciding on the extent of their internal policies, procedures and controls and on the organization of the compliance function.July 10th, 2026Drafting process initiated in AMLA Working Group on Obligations.
Art. 17(3) AMLR RTS on measures in third countriesRTS on additional measures that Oes should apply in third countries whose law does not permit compliance with the AMLR to ensure that branches and subsidiaries in these third countries effectively handle the risk of money laundering and terrorist financing.July 10th, 2026Drafting process initiated in AMLA Working Group on Obligations.
Art. 20(3) AMLR GL on risk variables and risk factorsGL on risk variables and risk factors to be taken into account by OEs when entering into business relationships or carrying out occasional transactions.July 10th, 2026Drafting process initiated in AMLA Working Group on Risks.
Art. 28(1) AMLR RTS on CDDRTS on information for customer due diligence for the financial sector. The concept RTS is drafted by the EBA and transferred to AMLA in October 2025.July 10th, 2026Elaborating on the draft RTS received from EBA, taking into account the synergy with the part on the non-financial sector.
Art. 28(1) AMLR RTS on CDDRTS on information for customer due diligence for the non-financial sector. The work on this part of the RTS will be transferred from the European Commission to AMLA in September 2025.July 10th, 2026Drafting process in AMLA Working Group on Obligations, taking into account the synergy with the part on the financial sector.

AMLA Work Programme 2025 – Part 2: The Next Priorities

As the European Anti-Money Laundering Authority (AMLA) moves from its start-up phase toward full operational capacity, the Work Programme 2025 enters its second stage: the “Next Priorities.”
Following the prioritised mandates on risk identification and monitoring adopted earlier this year, AMLA is now preparing to launch four additional legal instruments that are central to completing the EU’s Single Rulebook on AML/CFT by July 2026.

These mandates—Articles 9(4), 17(3), 20(3) and 28(1) of the Anti-Money Laundering Regulation (AMLR)—will define how obliged entities across the Union organise compliance, manage cross-border risks, assess risk factors, and perform customer due diligence in a harmonised and proportionate manner.

Article 9(4) AMLR – Guidelines on Internal Policies, Procedures and Controls

The first of AMLA’s next priorities concerns the internal governance architecture of obliged entities (OEs).
The upcoming Guidelines on Internal Policies, Procedures and Controls will specify the key elements institutions must consider when designing and maintaining their AML/CFT compliance frameworks.

They will set minimum standards for:

  • the structure and responsibilities of compliance functions,
  • escalation, approval, and reporting lines,
  • screening and training obligations, and
  • the integration of risk-based approaches into day-to-day operations.

The goal is to ensure that internal control systems are effective, proportionate, and consistent across Member States, reducing fragmentation and strengthening accountability at board level. This mandate will complement the forthcoming Guidelines on Business-Wide Risk Assessments (Art. 10 AMLR) and is expected to serve as a cornerstone for supervisory convergence.

Article 17(3) AMLR – RTS on Measures in Third Countries

AMLA’s second mandate addresses one of the most complex dimensions of financial crime prevention: operations in jurisdictions outside the European Economic Area.
The forthcoming Regulatory Technical Standards on Measures in Third Countries will define the additional controls that OEs must apply where the laws of a third country do not permit full compliance with EU AML/CFT requirements.

These standards will likely include:

  • enhanced governance oversight for non-EU branches and subsidiaries,
  • clear reporting obligations to parent entities and supervisors,
  • requirements for information exchange and data protection, and
  • specific mitigation tools to manage conflicts of law.

By operationalising Article 17(3), AMLA aims to prevent “compliance blind spots” in cross-border corporate structures and ensure that EU groups uphold equivalent standards of integrity wherever they operate.

Article 20(3) AMLR – Guidelines on Risk Variables and Risk Factors

Under Article 20 of the AMLR, obliged entities must assess a range of risk variables before establishing a business relationship or executing an occasional transaction.
The new Guidelines on Risk Variables and Risk Factors will provide a harmonised reference for the assessment of customer, product, geographical, delivery-channel and transactional risk elements.

The Guidelines will:

  • define minimum variable sets to be used in all sectors,
  • distinguish between inherent and residual risk,
  • align with the EU-wide Risk Assessment at Union Level (RAUL), and
  • promote consistency between financial and non-financial supervisors.

This initiative supports AMLA’s overarching objective of fostering a data-driven, proportionate and transparent risk-based approach—ensuring that high-risk areas receive stronger scrutiny while compliance burdens for low-risk activities remain manageable.

Article 28(1) AMLR – RTS on Customer Due Diligence (CDD)

The fourth mandate—Regulatory Technical Standards on Customer Due Diligence (CDD)—represents the bridge between the financial and non-financial sectors.
It will consolidate separate draft standards currently prepared by the European Banking Authority (EBA) for financial institutions and by the European Commission’s Expert Group on the Non-Financial Sector for DNFBPs.

Once transferred to AMLA in late 2025, the unified RTS will:

  • harmonise information requirements for CDD across sectors,
  • clarify the scope of beneficial ownership verification,
  • standardise data retention and documentation formats, and
  • align sector-specific risk indicators with AMLA’s supervisory methodologies.

The objective is to create a consistent baseline for due diligence that eliminates regulatory divergence between banks, crypto-asset service providers, real-estate agents, lawyers, auditors and other non-financial actors.

Implementation Outlook

The four mandates are legally due by July 10th, 2026, but their progress depends on AMLA’s staffing expansion after summer 2025 and on the ongoing institutional dialogue between the European Parliament, the Council and the Commission on regulatory simplification.
Together, these measures will define how AMLA transforms legal texts into practical, risk-based standards that bind all obliged entities under the future AML/CFT framework.

The AMLA Work Programme 2025 – Part 2 signals the transition from preparatory work to regulatory consolidation.
By developing detailed technical standards and guidance on internal controls, third-country safeguards, risk variables, and CDD, AMLA lays the final building blocks of a harmonised and credible European AML/CFT regime—a Single Rulebook designed to ensure both compliance efficiency and financial integrity across the Union.

Source:

AMLA_Work_Programme_July 2025_0Herunterladen

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert