Contents
RTS AML/CFT Control Readiness
RTS-Compliant AML/CFT Controls, Effective, Defensible and Inspection-Ready
EU AML supervision no longer assesses AML/CFT controls based on policy quality or formal descriptions.
Supervisors now test control effectiveness against standardised AML/CFT control data points.
From 2028 onwards, obliged entities must be able to demonstrate and submit 70 AML/CFT control data points to their National Competent Authority, such as BaFin (Germany), FMA (Austria) or CSSF (Luxembourg). These data points determine whether controls are considered adequate in light of the institution’s inherent risk profile.
Failure to demonstrate effective AML/CFT controls leads directly to:
- adverse supervisory findings,
- remediation orders,
- increased inspection intensity,
- and personal accountability for management and MLROs.
The Problem with Traditional AML/CFT Control Frameworks
Most AML/CFT frameworks are still built around:
- policy documents,
- procedure manuals,
- qualitative self-assessments.
Under the RTS, these are no longer sufficient.
Supervisors expect:
- objective, verifiable control evidence,
- consistency between inherent-risk data and controls,
- demonstrable operation of controls across the entire organisation.
The challenge is not having AML/CFT controls – it is proving that they work.
Our AML/CFT Control Readiness Service
RTS AML/CFT Control Readiness & Supervisory Defence
Our consulting service enables obliged entities to demonstrate all 70 AML/CFT control data points across the seven supervisory control categories, exactly as NCAs will assess them.
What the service delivers
- Sector-specific calibration (CI, PI, EMI, CASP, IF, AMC, etc.)
- Determination of applicable AML/CFT control data points
- Structuring of controls into the seven mandatory categories:
- Governance, Culture & Compliance Function
- Internal Controls & Outsourcing
- Risk Assessment
- Customer Due Diligence & Monitoring
- Transaction Monitoring & Suspicious Activity Reporting
- Targeted Financial Sanctions & Funds Transfer Regulation
- Group-wide AML/CFT Framework
- Evidence and effectiveness testing of each control
- Identification of “paper controls” vs. effective controls
- Board-ready remediation and supervisory defence plan
The result
- Fewer and less severe supervisory findings
- Predictable inspection outcomes
- Defensible management oversight
- Reduced personal exposure for MLROs and management
The AML/CFT Controls Product: RTS-70 Control Evidence Platform
What the product is
A dedicated governance and evidence platform that allows institutions to manage, evidence and defend the 70 AML/CFT control data points on an ongoing basis.
It does not replace AML systems.
It complements them at supervisory level.
Key features
- Pre-configured catalogue of all 70 AML/CFT control data points
- Structuring by the seven AML/CFT control categories
- Assignment of control ownership and responsibilities
- Evidence repository (policies, logs, approvals, audit results)
- Continuous alignment check with inherent-risk data
- Management and audit dashboards
- Supervisory-ready exports for BaFin, FMA and CSSF
Why institutions choose this product
- AML/CFT control reporting is recurring, not one-off
- Supervisory scrutiny will increase under AMLA
- Evidence must be current, traceable and inspection-proof
Who This Is For
This service and product are designed for:
- Credit Institutions (CI)
- Payment Institutions (PI)
- Electronic Money Institutions (EMI)
- Investment Firms (IF)
- Asset Management Companies (AMC)
- Crypto-Asset Service Providers (CASP)
- Other obliged entities under Article 3 AMLR
Typical users:
- AML Compliance Officers / MLROs
- Heads of Financial Crime
- Responsible members of management
- Internal Audit and Regulatory Affairs functions
Why This Creates a Decisive Advantage
Obliged entities using this service and product:
- align AML/CFT controls directly with RTS inherent-risk data,
- identify weaknesses before supervisors do,
- shorten inspections and remediation cycles,
- protect management and MLROs from personal liability.
AML/CFT controls move from formal compliance to defensible supervisory effectiveness.
The future of AML/CFT
AML/CFT controls are no longer judged by intention or documentation quality.
They are judged by demonstrable effectiveness.
Institutions that can evidence their 70 AML/CFT control data points:
- control supervisory outcomes,
- reduce regulatory risk,
- and maintain strategic freedom.
Those that cannot will face recurring findings and escalating supervisory pressure.