AMLA Work Programme 2026/2027
| AMLR | AMLR Requirements | Deadline |
|---|---|---|
| Article 9 (4) AMLR -Scope of internal policies, procedures and controls | 4. By 10 July 2026, AMLA shall issue guidelines on the elements that obliged entities should take into account, based on the nature of their business, including its risks and complexity, and their size, when deciding on the extent of their internal policies, procedures and controls, in particular as regards the staff allocated to the compliance functions. Those guidelines shall also identify situations where, due to the nature and size of the obliged entity: (i) internal controls are to be organised at the level of the commercial function, of the compliance function and of the audit function; (ii) the independent audit function can be carried out by an external expert. | 10 July 2026 |
| Article 10 (4) AMLR -Business-wide risk assessment | 4. By 10 July 2026, AMLA shall issue guidelines on the minimum requirements for the content of the business-wide risk assessment drawn up by the obliged entity pursuant to paragraph 1, and on the additional sources of information to be taken into account when carrying out the business-wide risk assessment. | 10 July 2026 |
| Article 16 (4) AMLR -Group-wide requirements | 4. By 10 July 2026, AMLA shall develop draft regulatory technical standards and submit them to the Commission for adoption. Those draft regulatory technical standards shall specify the minimum requirements of group-wide policies, procedures and controls, including minimum standards for information sharing within the group, the criteria for identifying the parent undertaking in the cases covered by Article 2(1), point (42)(b), and the conditions under which the provisions of this Article apply to entities that are part of structures which share common ownership, management or compliance control, including networks or partnerships, as well as the criteria for identifying the parent undertaking in the Union in those cases. | 10 July 2026 |
| Article 17 (3) AMLR -Branches and subsidiaries in third countries | 3. By 10 July 2026, AMLA shall develop draft regulatory technical standards and submit them to the Commission for adoption. Those draft regulatory technical standards shall specify the type of additional measures referred to in paragraph 2 of this Article, including the minimum action to be taken by obliged entities where the law of a third country does not permit the implementation of the measures required under Article 16 and the additional supervisory actions required in such cases. | 10 July 2026 |
| Article 18 (8) AMLR -Outsourcing | 8. By 10 July 2027, AMLA shall issue guidelines addressed to obliged entities on: (a) the establishment of outsourcing relationships, including any subsequent outsourcing relationship, in accordance with this Article, their governance and procedures for monitoring the implementation of functions by the service provider and in particular those functions that are to be regarded as critical; (b) the roles and responsibility of the obliged entity and the service provider within an outsourcing agreement; (c) supervisory approaches to outsourcing as well as supervisory expectations regarding the outsourcing of critical functions. | 10 July 2027 |
| Article 19 (9) AMLR - Application of customer due diligence measures | 9. By 10 July 2026, AMLA shall develop draft regulatory technical standards and submit them to the Commission for adoption. Those draft regulatory technical standards shall specify: (a) the obliged entities, sectors or transactions that are associated with higher money laundering and terrorist financing risk and to which a value lower than the value set out in paragraph 1, point (b), applies; (b) the related occasional transaction values; (c) the criteria to be taken into account for identifying occasional transactions and business relationships; (d) the criteria to identify linked transactions. When developing the draft regulatory technical standards referred to in the first subparagraph, AMLA shall take due account of the inherent levels of risks of the business models of the different types of obliged entities and of the risk assessment at Union level conducted by the Commission pursuant to Article 7 of Directive (EU) 2024/1640. | 10 July 2026 |
| Article 20 (3) AMLR -Customer due diligence measures | 3. By 10 July 2026, AMLA shall issue guidelines on the risk variables and risk factors to be taken into account by obliged entities when entering into business relationships or carrying out occasional transactions. | 10 July 2026 |
| Article 21 (4) AMLR -Inability to comply with the requirement to apply customer due diligence measures | 4. By 10 July 2027, AMLA shall issue joint guidelines with the European Banking Authority on the measures that may be taken by credit institutions and financial institutions to ensure compliance with AML/CFT rules when implementing the requirements of Directive 2014/92/EU, including in relation to business relationships that are most affected by de-risking practices. | 10 July 2027 |
| Article 26 (5) AMLR -Ongoing monitoring of the business relationship and monitoring of transactions performed by customer | 5. By 10 July 2026, AMLA shall issue guidelines on ongoing monitoring of a business relationship and on the monitoring of the transactions carried out in the context of such relationship. | 10 July 2026 |
| Article 28 (1) AMLR -Regulatory technical standards on the information necessary for the performance of customer due diligence | 1. By 10 July 2027, AMLA shall issue guidelines defining the money laundering and terrorist financing risks, trends and methods involving any geographical area outside the Union to which obliged entities are exposed. AMLA shall take into account, in particular, the risk factors listed in Annex III. Where situations of higher risk are identified, the guidelines shall include enhanced due diligence measures that obliged entities shall consider applying to mitigate such risks. | 10 July 2027 |
| Article 32 (1) AMLR - Guidelines on money laundering and terrorist financing risks, trends and methods | 1. By 10 July 2027, AMLA shall issue guidelines defining the money laundering and terrorist financing risks, trends and methods involving any geographical area outside the Union to which obliged entities are exposed. AMLA shall take into account, in particular, the risk factors listed in Annex III. Where situations of higher risk are identified, the guidelines shall include enhanced due diligence measures that obliged entities shall consider applying to mitigate such risks. | 10 July 2027 |
| Article 34 (5) AMLR -Scope of application of enhanced due diligence measures | 5. By 10 July 2027, AMLA shall issue guidelines on the measures to be taken by credit institutions, financial institutions and trust or company service providers to establish whether a customer holds total assets with a value of at least EUR 50 000 000, or the equivalent in national or foreign currency, in financial, investable or real estate assets and how to determine that value | 10 July 2027 |
| Article 37 (3) AMLR -Specific enhanced due diligence measures for cross-border correspondent relationships for crypto-asset service providers | 3. By 10 July 2027, AMLA shall issue guidelines to specify the criteria and elements that crypto-asset service providers shall take into account for conducting the assessment referred to in paragraph 1 and the risk mitigating measures referred to in paragraph 2, including the minimum action to be taken by crypto-asset service providers upon identification that the respondent entity is not registered or licensed. | 10 July 2027 |
| Article 38 (2) AMLR -Specific measures for individual third-country respondent institutions | 2. AMLA shall issue a recommendation addressed to credit institutions and financial institutions where there are concerns that respondent institutions in third countries fall into any of the following situations: (a) they are in serious, repeated or systematic breach of AML/CFT requirements; (b) they have weaknesses in their internal policies, procedures and controls that are likely to result in serious, repeated or systematic breaches of AML/CFT requirements; (c) they have in place internal policies, procedures and controls that are not commensurate with the risks of money laundering, its predicate offences and terrorist financing to which the third-country respondent institution is exposed. | N/A |
| Article 40 (2) AMLR -Measures to mitigate risks in relation to transactions with a self-hosted address | 2. By 10 July 2027, AMLA shall issue guidelines to specify the mitigating measures referred to in paragraph 1, including: (a) the criteria and means for identification and verification of the identity of the originator or beneficiary of a transfer made from or to a self-hosted address, including through reliance on third parties, taking into account the latest technological developments; (b) criteria and means for the verification of whether or not the self-hosted address is owned or controlled by a customer. | 10 July 2027 |
| Article 42 (2) AMLR -Specific provisions regarding politically exposed persons | 2. By 10 July 2027, AMLA shall issue guidelines on the following matters: (a) the criteria for the identification of persons known to be close associates; (b) the level of risk associated with a particular category of politically exposed person, family member or person known to be a close associate, including guidance on how such risks are to be assessed where the person is no longer entrusted with a prominent public function for the purposes of Article 45 | 10 July 2027 |
| Article 50 AMLR -Guidelines on reliance on other obliged entities | By 10 July 2027, AMLA shall issue guidelines addressed to obliged entities on: (a) the conditions which are acceptable for obliged entities to rely on information collected by another obliged entity, including in the case of remote customer due diligence; (b) the roles and responsibility of the obliged entities involved in a situation of a reliance on another obliged entity; (c) supervisory approaches to reliance on other obliged entities. | 10 July 2027 |
| Article 69 (3) AMLR -Reporting of suspicions | 3. By 10 July 2026, AMLA shall develop draft implementing technical standards and submit them to the Commission for adoption. Those draft implementing technical standards shall specify the format to be used for the reporting of suspicions pursuant to paragraph 1, point (a), and for the provision of transaction records pursuant to paragraph 1, point (b). | 10 July 2026 |
| Article 69 (5) AMLR -Reporting of suspicions | 5. By 10 July 2027, AMLA shall issue guidelines on indicators of suspicious activity or behaviours. Those guidelines shall be periodically updated. | 10 July 2027 |
| Article 81 (1) AMLR -Cooperation between FIUs and the EPPO | 1. By 10 July 2026, AMLA shall, in consultation with the EPPO, develop draft implementing technical standards and submit them to the Commission for adoption. Those draft implementing technical standards shall specify the format to be used by FIUs for reporting information to the EPPO. | 10 July 2026, |