New Simplified Due Diligence under Art. 33 AMLR
With Regulation (EU) 2024/1624 (AMLR), the European Union has redefined simplified due diligence (SDD). Article 33 AMLR no longer treats SDD as a soft risk-based option. It establishes a controlled, conditional and reversible framework that is tightly linked to documented low risk, internal governance, and ongoing monitoring.
For obliged entities, Article 33 AMLR transforms SDD from a procedural shortcut into a legally testable risk calibration mechanism.
From Discretion to Structured Derogation
Under previous AMLD regimes, simplified due diligence was often interpreted as reduced compliance intensity for low-risk customers. Article 33 AMLR narrows this discretion.
SDD may only be applied where, taking into account the risk factors set out in Annex II and Annex III AMLR, the business relationship or transaction presents a low degree of risk.
This means:
- Low risk must be demonstrable.
- The assessment must be documented.
- The decision must be auditable.
- The simplification must remain proportionate.
No documented low-risk scenario equals no SDD.
The 5 Permitted Simplified Measures under Article 33(1)
Article 33 AMLR defines an exhaustive but expandable list of permissible simplifications.
Deferred Identity Verification (Maximum 60 Days)
Obliged entities may verify the identity of the customer and beneficial owner after the establishment of the business relationship, provided that:
- The identified lower risk justifies postponement.
- Verification is completed no later than 60 days after relationship establishment.
This is not an exemption from identification. It is a time-limited deferral.
Reduced Frequency of Customer Updates
Customer identification updates may occur less frequently than under standard CDD.
However:
- Ongoing monitoring under Article 26 AMLR remains mandatory.
- Update frequency must remain proportionate to risk.
- Event-driven triggers override reduced intervals.
Reduced Information on Purpose and Intended Nature
Obliged entities may reduce the amount of information collected regarding the purpose and intended nature of the relationship.
The purpose may be inferred from:
- The type of product,
- The nature of transactions,
- The structure of the relationship.
This is an evidentiary reduction, not an elimination of understanding.
Reduced Transaction Monitoring Intensity
The frequency or degree of transaction scrutiny may be reduced. However, Article 33 explicitly requires sufficient monitoring to detect unusual or suspicious transactions. SDD never removes the obligation to identify anomalies.
Additional Measures Identified by AMLA
Under Article 28 AMLR, AMLA may define further harmonised SDD measures via regulatory technical standards. This introduces future EU-level standardisation of simplification tools.
Proportionality and Monitoring Safeguard
All simplified measures must be proportionate to:
- The nature and size of the business, and
- The specific lower-risk elements identified.
Crucially, SDD cannot reduce monitoring below the threshold necessary to detect suspicious activity. This establishes a non-negotiable compliance floor.
Governance Requirement – Internal Procedures
Article 33(2) AMLR requires obliged entities to:
- Define specific simplified verification measures in internal procedures,
- Specify which customer types qualify for SDD,
- Document decisions based on additional lower-risk factors.
Supervisors will expect predefined SDD logic embedded in internal control systems.
Ad hoc simplification is incompatible with Article 33 AMLR.
Risk Management Controls During Deferred Verification
If identity verification is postponed, Article 33(3) AMLR requires risk management safeguards, including:
- Transaction amount limits,
- Volume restrictions,
- Limitation of transaction types,
- Monitoring aligned with expected norms.
In practice, this requires technical gating mechanisms in onboarding systems. Deferred verification without transaction controls creates supervisory exposure.
Continuous Eligibility Test
Article 33(4) AMLR requires obliged entities to regularly verify whether the conditions for SDD continue to exist. Low risk is not permanent.
If monitoring results contradict the low-risk assumption, SDD must cease.
This links directly to:
- Ongoing monitoring under Article 26 AMLR,
- Dynamic risk reclassification logic.
Mandatory Prohibition of SDD
Article 33(5) AMLR prohibits simplified due diligence where:
- There are doubts about the veracity of identification information.
- Lower-risk factors are no longer present.
- Monitoring excludes a low-risk scenario.
- There is suspicion of money laundering or terrorist financing.
- There is suspicion of sanctions evasion.
Once any of these conditions arise, SDD must stop immediately. There is no residual discretion.
Operational Impact for Obliged Entities
Article 33 AMLR requires institutions to redesign SDD logic across:
- Risk assessment frameworks,
- Customer segmentation models,
- Transaction monitoring calibration,
- Escalation workflows,
- Documentation systems.
Supervisors will test:
- Whether low risk was objectively justified,
- Whether SDD measures are predefined and proportionate,
- Whether monitoring remains effective,
- Whether automatic exit triggers are implemented,
- Whether deferred verification is capped at 60 days,
- Whether SDD reversals are documented.
The compliance risk does not lie in applying SDD, it lies in applying it without structured safeguards.
Key Takeaways
Article 33 AMLR confirms a clear principle:
Simplified due diligence is a controlled regulatory derogation, not a lighter compliance regime.
It is:
- Risk-dependent,
- Time-limited,
- Reversible,
- Governance-embedded,
- Monitoring-protected.
Under the AMLR, simplified due diligence becomes more structured, more measurable, and more auditable than under previous EU AML directives.
Institutions that treat SDD as operational convenience will face supervisory findings. Institutions that embed it as calibrated, documented risk logic will meet the new EU standard.