A New Era for European AML Compliance
On July 1, 2025, the European Union officially established the Anti-Money Laundering Authority, known as AMLA, headquartered in Frankfurt. This is not an incremental regulatory update. It is the most fundamental restructuring of European AML supervision since the first Anti-Money Laundering Directive in 1991.
For decades, European AML regulation operated through directives: Brussels set the rules, and each member state transposed them into national law. The result was a patchwork of 27 different implementations, with varying definitions, thresholds, supervisory approaches, and enforcement intensity. A compliance program that satisfied German regulators might fall short of Dutch expectations. A suspicious transaction report in France followed different procedures than one in Italy. The same client might be classified as high-risk in one member state and standard-risk in another. Cross-border compliance was an exercise in navigating inconsistency.
AMLA changes this architecture completely. Combined with the Anti-Money Laundering Regulation (AMLR), which replaces directives with directly applicable rules, Europe is moving to a unified compliance framework with centralized supervision. The implications for every obliged entity in Europe—and every non-European firm with European clients, counterparties, or investments—are profound and far-reaching.
If your business operates in, or has investors from, the European Union, this affects you. Here is what you need to know, what is changing, and what you need to do to prepare.
Part 1: What AMLA Actually Is
Structure and Mandate
AMLA is an independent EU agency with a dual mandate: direct supervision of the highest-risk cross-border financial entities, and coordination and oversight of national supervisors across all member states. This dual structure is deliberately designed to address both the highest-risk entities directly and to lift supervisory standards across the entire EU.
Direct supervision means AMLA will directly oversee a select group of obliged entities deemed to present the highest cross-border money laundering risk. The initial selection criteria focus on financial institutions operating in multiple member states with significant transaction volumes and cross-border exposure. The number of directly supervised entities is expected to start at approximately 40 and expand over time as AMLA builds its supervisory capacity and refines its selection methodology through practical experience.
For directly supervised entities, the implications are immediate and significant. AMLA will conduct on-site inspections using its own supervisory teams, perform off-site monitoring through regular data collection and analysis, and has the authority to take enforcement actions including substantial fines. The supervisory relationship is direct—there is no national supervisor acting as an intermediary, and there is no possibility of exploiting differences between national supervisory approaches. This means a single, consistent supervisory standard applied by a team with deep cross-border expertise and a pan-European perspective.
Indirect supervision means AMLA will coordinate and oversee national Financial Intelligence Units (FIUs) and national AML supervisors. While national supervisors retain day-to-day supervision of most obliged entities, AMLA sets the standards they must follow. AMLA develops regulatory technical standards and guidelines that define what good supervision looks like. It conducts peer reviews of national supervisors to assess whether they are meeting those standards. And it can intervene when national supervision is deemed inadequate—a powerful tool that creates accountability for national supervisors that did not previously exist.
AMLA's additional functions extend beyond direct and indirect supervision. The authority develops regulatory technical standards and guidelines that set the benchmark for compliance expectations across the EU. It mediates disputes between national supervisors when cross-border issues create jurisdictional conflicts. It coordinates joint analysis of cross-border suspicious transactions through enhanced FIU cooperation, addressing a long-standing weakness in the European system where suspicious transactions crossing borders would fall between national jurisdictional cracks. And it maintains and manages the EU's AML/CFT database, creating a centralized information resource that supports both supervisory and investigative functions.
The overall effect is a supervisory architecture that combines centralized standard-setting with decentralized day-to-day supervision, bridged by coordination mechanisms that did not previously exist. For the first time, Europe has a single authority responsible for ensuring that AML supervision works effectively across the entire single market.
The Single Rulebook: AMLR
AMLA does not operate in isolation. It enforces the Anti-Money Laundering Regulation (AMLR), which replaces the directive-based framework with directly applicable rules. If AMLA is the supervisor, AMLR is the rulebook it supervises against.
The shift from directive to regulation is significant in EU legal terms and has major practical consequences. Directives require national transposition, which inevitably introduces variation as each member state's legislative process adds, modifies, or interprets provisions differently. A directive that says "member states shall ensure that obliged entities conduct customer due diligence" becomes 27 different national provisions with 27 different levels of specificity. Regulations apply directly and uniformly across all member states without transposition. When AMLR takes full effect, the same rules—the same words, the same definitions, the same thresholds—will apply in Lisbon, Berlin, Amsterdam, and Dublin.
Key provisions of AMLR include harmonized Customer Due Diligence requirements with consistent definitions of standard, simplified, and enhanced due diligence across all member states. The beneficial ownership threshold is confirmed at 25 percent, with enhanced requirements for verification through independent sources rather than self-declaration alone. A unified definition of Politically Exposed Persons applies across the EU, ending the variations that made cross-border PEP screening inconsistent and sometimes contradictory. Specific provisions address high-risk sectors including real estate, crypto-assets, and professional services—all areas where national approaches have varied significantly.
Cash payment limits are set at a maximum of 10,000 euros for transactions between parties where at least one is acting in a professional capacity. This harmonized threshold replaces the widely varying national limits that ranged from zero in some Nordic countries that had already banned large cash transactions to unlimited in some southern European jurisdictions where cash was still the norm for property transactions.
Third-country policy establishes uniform treatment of investors and transactions from non-EU jurisdictions, including a harmonized high-risk third country list that replaces the varying national lists. This means that a client from a third country will face the same due diligence requirements regardless of which EU member state they engage with—eliminating the regulatory arbitrage that allowed some jurisdictions to compete on the basis of lighter AML requirements.
For businesses, this simplification is genuinely welcome. Instead of tracking 27 national implementations with their varying requirements, interpretations, and supervisory expectations, firms can build compliance programs against a single rulebook. The complexity of cross-border compliance within the EU decreases substantially—though the overall standard of compliance expected increases, because the single standard is set at or above the level of the strictest existing national implementation.
Part 2: Who Is Affected
Directly Supervised Entities
The initial group of directly supervised entities will be selected based on risk criteria including cross-border activity across multiple member states, transaction volume, and risk profile as assessed through quantitative and qualitative indicators. The selection process involves AMLA identifying entities meeting selection criteria, notification to affected entities and their current national supervisors, a transition period during which AMLA assumes supervisory responsibilities, and ongoing supervision including regular reporting requirements, supervisory dialogues, on-site inspections, and enforcement actions.
Directly supervised entities will face the most intensive compliance requirements seen in European AML history. Regular reporting to AMLA will be required in standardized formats with defined frequencies. Participation in supervisory dialogues means ongoing engagement with AMLA supervisors—not just responding to periodic inspections, but maintaining a continuous relationship. Adherence to AMLA-specific supervisory expectations may exceed the minimum requirements of AMLR, as AMLA develops its own supervisory methodology based on observed best practices and emerging risks.
While the initial scope focuses on financial institutions, AMLA's mandate is designed to be expandable. The founding regulation includes mechanisms for expanding the scope of direct supervision to additional entity categories. Real estate sector supervision, fund manager oversight, and legal professional supervision are all plausible future expansions as AMLA establishes its operational capacity and as the political will for broader coverage develops.
Indirectly Supervised Entities
Most obliged entities will remain under national supervision but will be significantly affected by AMLA through several channels that collectively raise the compliance bar across the EU.
AMLA's regulatory technical standards and guidelines will set the benchmark for compliance expectations across the EU. When AMLA publishes guidance on how customer due diligence should be conducted, or what constitutes adequate ongoing monitoring, national supervisors will be expected to apply these standards in their supervisory approach. This creates convergence upward toward the highest prevailing standards across the EU.
AMLA's peer review mechanism assesses the effectiveness of national supervisors. If a national supervisor is found to be underperforming—applying standards below the EU benchmark, under-resourcing supervision, failing to take enforcement action where warranted, or inadequately supervising specific sectors—AMLA can issue recommendations and, in severe cases, intervene directly. This creates sustained upward pressure on supervisory standards across all member states and eliminates the comfortable position that some national supervisors occupied when there was no external accountability for their supervisory performance.
For property funds, real estate firms, and legal professionals, the practical effect is that compliance expectations will converge upward across the EU. If your jurisdiction's supervisor was previously lenient relative to others—perhaps conducting inspections infrequently, accepting minimal documentation, or declining to enforce for minor breaches—expect stricter supervision as AMLA coordination drives convergence toward best practice. If your jurisdiction was already strict, expect your standards to become the baseline for others—and take comfort in the fact that competitors in more lenient jurisdictions will finally face similar scrutiny.
Impact on Specific Sectors
Real estate has been explicitly identified as a high-risk sector in both AMLA's mandate and AMLR's provisions. This is not a surprise—real estate has long been recognized as a preferred vehicle for money laundering due to high transaction values, price opacity, the ability to hold property through complex corporate structures, and the potential for value appreciation that can obscure illicit origins.
Specific impacts for the real estate sector include enhanced CDD requirements for transactions above defined thresholds, stricter beneficial ownership verification for entity purchasers with mandatory independent verification, more intensive source of funds requirements for property transactions, enhanced ongoing monitoring for real estate-related business relationships, and potentially increased supervision of real estate agents and developers who were previously subject to lighter oversight.
Fund managers, particularly those managing Alternative Investment Funds, face dual regulatory oversight from AIFMD and AMLR/AMLA. AML compliance must be integrated with fund regulatory requirements, creating a comprehensive compliance framework that addresses both investor protection and financial crime prevention simultaneously. The expectation is that these requirements complement each other rather than creating contradictory obligations.
Legal professionals including lawyers and notaries are covered as obliged entities under AMLR. While national bar associations and law societies retain primary supervisory responsibility in most jurisdictions, AMLA's coordination function will drive convergence in how legal professional AML obligations are supervised across the EU—reducing the significant variations in supervisory intensity that currently exist between member states.
Part 3: What You Need to Do
Immediate Actions (Now through Q3 2026)
The first priority is gap analysis. Compare your current AML compliance program against AMLR requirements systematically, not selectively. Key areas to assess include your CDD procedures—do your processes meet the harmonized AMLR standards, or do they rely on national-specific approaches that may be insufficient under the new framework? Review your beneficial ownership verification—do you verify through independent sources as AMLR requires, or rely on self-declarations? Check whether your risk assessment methodology aligns with AMLR's risk-based approach, including the specific risk factors the regulation identifies. Assess your record-keeping against the standardized retention periods and documentation requirements. And evaluate your reporting processes to ensure your STR procedures align with the enhanced FIU coordination framework.
The second priority is documentation. AMLA supervision, whether direct or indirect, is documentation-intensive. Regulators expect to see not just that you have policies, but that your policies are current, comprehensive, and reflective of actual practice—not aspirational documents that bear no relationship to what happens in reality. Risk assessments must be documented, evidenced with data, and regularly updated. Training records must demonstrate that all relevant staff have received appropriate, role-specific AML training with assessments of comprehension. CDD files must be complete, organized, and retrievable on demand. Decision records must document the basis for risk assessments, due diligence decisions, and any enhanced measures applied, including the reasoning.
The third priority is technology assessment. AMLA expects technology-enabled compliance. The days of purely manual compliance processes being acceptable—even for smaller entities—are ending. Evaluate whether your current systems can support the monitoring, screening, and reporting requirements of the new framework. If you are still relying on spreadsheets, email-based document collection, and manual sanctions checks conducted by individuals searching lists by hand, now is the time to invest in automation. The cost of technology is a fraction of the cost of non-compliance, and the efficiency gains are immediate.
Medium-Term Preparations (Q3 2026 through 2027)
As AMLR enters full application, your compliance program must be fully aligned with the single rulebook. The transition period is not a grace period—it is a preparation period.
Invest in cross-border capability. If your business involves investors or transactions from multiple EU jurisdictions, the single rulebook simplifies compliance but also eliminates excuses for inconsistency. Your KYC process should produce the same quality of outcome regardless of the investor's EU jurisdiction of origin.
Strengthen ongoing monitoring. AMLA's emphasis on risk-based, continuous compliance means that point-in-time onboarding checks are insufficient on their own. Implement event-driven monitoring that responds to changes in client risk profile, sanctions list updates, adverse media developments, and beneficial ownership changes. The technology exists to do this efficiently—the question is whether your organization has deployed it.
Engage with your national supervisor proactively. The transition period will involve uncertainty as national supervisors adapt to AMLA coordination and recalibrate their own expectations. Firms that engage proactively—seeking clarity on expectations, participating in industry consultations, and demonstrating good faith compliance efforts—will be better positioned than those who wait for enforcement actions to clarify the rules.
Build scalability into your compliance infrastructure. If your business is growing, your compliance infrastructure must grow with it. Manual processes that work for 50 clients do not work for 500. The AMLR framework assumes that obliged entities can scale their compliance proportionally to their business volume. Technology-enabled compliance is the only practical way to achieve this without proportionally scaling your compliance headcount.
Strategic Positioning (2027 and Beyond)
AMLA is not just a regulatory challenge to be managed defensively. It is an opportunity to differentiate your business from competitors who treat compliance as a cost center rather than a strategic capability.
For fund managers, demonstrating AMLA-ready compliance provides confidence to institutional investors, particularly those with their own regulatory obligations who need assurance that their counterparties meet appropriate standards. A fund that can show a robust, auditable, technology-enabled AML program is more attractive to allocators than one with manual processes, incomplete records, and uncertainty about regulatory compliance.
For real estate professionals, AMLA compliance signals professionalism and trustworthiness to an international client base. International buyers and sellers increasingly expect digital, efficient compliance processes that do not delay transactions. Meeting and exceeding AMLA standards positions your firm as a trusted, modern operator in a market where trust is the foundation of every transaction.
For legal professionals, compliance capability becomes a marketable skill and a competitive differentiator. As AML obligations for lawyers intensify under AMLA coordination, firms with established compliance infrastructure will attract clients who value risk management and regulatory diligence—and those clients tend to be the most sophisticated and the most valuable.
Part 4: The FIU Coordination Revolution
Why FIU Coordination Matters
One of AMLA's most impactful but least discussed functions is coordinating Financial Intelligence Units across the EU. FIUs are the national agencies that receive, analyze, and disseminate suspicious transaction reports. They are the intelligence backbone of the AML system.
Under the previous framework, FIU cooperation was voluntary and inconsistent. A suspicious transaction originating in Portugal, flowing through Luxembourg, and terminating in Germany would require three separate FIUs to coordinate their analysis—and the mechanisms for doing so were slow, cumbersome, and dependent on bilateral relationships between individual agencies. Information sharing was hampered by different data formats, different legal frameworks for sharing, and different levels of analytical capability.
AMLA changes this fundamentally. The authority establishes standardized channels for cross-border FIU cooperation, develops common analytical tools and methodologies, and can require joint analysis of complex cross-border cases. This means that a suspicious pattern involving multiple member states can be identified and analyzed as a single case rather than fragmented across national silos.
For obliged entities, improved FIU coordination has several practical implications. First, the quality of feedback on STR filings is likely to improve, as FIUs with better analytical tools can provide more useful responses. Second, the likelihood that cross-border patterns will be detected increases significantly, meaning that structuring transactions across borders to avoid detection becomes much harder. Third, enforcement actions are more likely to be coordinated across jurisdictions, meaning that a compliance failure detected in one member state may trigger investigations in others.
What This Means for Your STR Filing
Enhanced FIU coordination means your suspicious transaction reports may receive more scrutiny and be analyzed in a broader context than before. This is not a reason to file fewer reports—it is a reason to file better ones.
A well-drafted STR that clearly explains the suspicious indicators, provides relevant context, and identifies connections to other entities or transactions is significantly more useful to FIUs than a vague report that ticks a procedural box. As FIU analytical capabilities improve under AMLA coordination, the quality of your STR filing will increasingly matter—not just the fact that you filed.
Invest in STR quality. Train your compliance team on what makes a useful report. Review your STR templates and procedures. Consider whether your current filing process produces reports that would help an analyst understand the concern and take appropriate action, or whether it produces reports that merely document that a filing was made.
Conclusion: Preparation Is the Only Strategy
AMLA is operational. AMLR is approaching full application. The unified European AML framework is not a proposal, a discussion paper, or a political aspiration. It is happening, and the timeline is fixed and non-negotiable.
The firms that thrive under AMLA will be those that prepare now—not those that wait for enforcement to force compliance. Gap analysis, technology investment, documentation strengthening, and proactive regulatory engagement are not optional activities for forward-thinking firms. They are the minimum requirements for operating in the European market going forward.
The good news is that a unified framework is ultimately simpler than 27 fragmented national regimes. Once the transition is complete, firms operating across the EU will benefit from a single set of rules, a single set of definitions, and a single supervisory standard. The transition requires effort and investment, but the destination is a more predictable, more consistent compliance environment where the rules are clear and apply equally to all participants.
The firms that invest in preparation today will find themselves well-positioned when AMLA's supervision reaches full capacity. Those that delay will find themselves scrambling under pressure, paying premium rates for rush implementation, and explaining to regulators why they were not prepared when the timeline was public and the requirements were clear.
Start your AMLA preparation today. The regulatory clock is already running, and it does not pause for organizations that are not ready.