AML RTS Bundle

AML RTS Bundle: Inherent Risk & AML/CFT Control Readiness

End-to-End Supervisory Alignment under Regulation (EU) 2024/1624

EU AML supervision has fundamentally changed. Supervisory authorities no longer rely on qualitative explanations or internal assessments. They calculate inherent risk themselves and assess control effectiveness based on standardised data.

To respond to this shift, obliged entities must now manage two inseparable regulatory obligations:

  • 151 inherent-risk data points and
  • 70 AML/CFT control data points across seven supervisory categories.

Together, these datasets determine the obliged entity’s supervisory risk score, inspection intensity, and remediation exposure at authorities such as AMLA, BaFin (Germany), FMA (Austria), CSSF (Luxembourg), etc.

Why an AML RTS Bundled Approach Is Now Essential

Many institutions address inherent risk and AML/CFT controls separately. Under the RTS, this separation no longer works.

Supervisors explicitly assess:

  • whether the reported inherent risk is complete, stable and reproducible, and
  • whether the AML/CFT controls are effective and proportionate to that risk.

If inherent risk and controls are not aligned, the result is:

  • elevated supervisory risk classification,
  • findings despite “existing” controls,
  • intensified inspections and follow-up measures.

The RTS Bundle solves this problem end-to-end.

AML RTS Bundle: What It Covers

Inherent Risk Readiness

The inherent-risk component ensures that obliged entities can collect, structure and control all 151 RTS inherent-risk data points, aligned with their actual business model.

Key elements:

  • Pre-configured catalogue of all RTS inherent-risk data points
  • Structuring by customers, products, services, geographies and distribution channels
  • Applicability logic (what must be reported vs. not applicable)
  • Data ownership, traceability and historical consistency
  • Supervisory-ready exports for BaFin, FMA and CSSF

Result: A predictable, defensible inherent-risk profile, identical to the one supervisors calculate.

AML/CFT Control Readiness

The AML/CFT control component enables institutions to demonstrate the effectiveness of their AML/CFT framework across the 70 mandatory control data points.

Controls are structured into the seven supervisory categories:

  1. Governance, Culture & Compliance Function
  2. Internal Controls & Outsourcing
  3. Risk Assessment (BWRA & CRA)
  4. Customer Due Diligence & Monitoring
  5. Transaction Monitoring & Suspicious Activity Reporting
  6. Targeted Financial Sanctions & Funds Transfer Regulation
  7. Group-wide AML/CFT Framework

Key elements:

  • Pre-configured RTS-70 control catalogue
  • Clear control ownership and accountability
  • Evidence repository (policies, logs, approvals, audits)
  • Status tracking (green / amber / red)
  • Inspection-ready documentation and exports

Result: AML/CFT controls that are provably effective, inspection-ready and defensible.

Who the AML RTS Bundle Is Designed For

The bundle is suitable for all obliged entities, including:

  • Credit Institutions (CI)
  • Payment and Electronic Money Institutions (PI / EMI)
  • Investment Firms and Asset Managers (IF / AMC)
  • Crypto-Asset Service Providers (CASP)
  • Other obliged entities (TCSPs, crowdfunding platforms, etc.)

Key users:

  • MLROs / AML Compliance Officers
  • Responsible members of management
  • CROs, COOs and Regulatory Affairs
  • Internal Audit functions

The Strategic Advantage of the AML RTS Bundle

Obliged entities using the RTS Bundle achieve:

  • full alignment between inherent risk and AML/CFT controls,
  • predictable supervisory outcomes,
  • fewer and less severe findings,
  • shorter inspections and lower remediation costs,
  • materially reduced personal exposure for management and MLROs.

Inherent risk becomes steerable.
AML/CFT controls become defensible.
Supervisory outcomes become predictable.

The future of AML

AML/CFT compliance is no longer about documentation quality.

It is about:

  • data completeness,
  • control effectiveness, and
  • supervisory alignment.

The RTS Bundle provides a single, coherent solution covering both inherent risk and AML/CFT controls — exactly as supervisors assess them.

Institutions that manage both dimensions together gain control over their supervisory position.
Those that treat them separately will remain in reactive mode.