Insights Blog

Last week, the European Commission published a package of legislative measures designed to progress some of the key pillars of its May 2020 AML/CFT Action Plan.


A new EU-level Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA) is to be established.  Initial set-up will take place at the start of 2023, and AMLA is expected to be fully resourced by the end of 2025.  It will start direct supervision of selected obliged entities in 2026, and will coordinate with national supervisors regarding the supervision of other entities.

Who will be subject to direct AMLA supervision?

A selection process will be carried out every three years (the first process will take place in January 2025). Credit institutions with a presence in at least 7 Member States, and financial institutions with a presence in at least 10 Member States, will be classified in accordance with their risk profile.  Those with the highest inherent risk profiles will be directly supervised by AMLA. In exceptional circumstances, AMLA will also be allowed to assume direct AML/CFT supervision of other obliged entities.


The existing EU AML/CFT framework, set out in the amended Fourth Money Laundering Directive (MLD4) will be recast into a directly effective regulation.  This will remove the need for all EU AML/CFT rules to be transposed into the laws of each Member State, thereby reducing the risk of regulatory divergence.  

The single rulebook will be more granular than MLD4, and will be supplemented by technical standards from AMLA. Notably, the list of obliged entities will be expanded and will include, among others, all crypto-asset service providers, together with all crowdfunding service providers that are outside the scope of the EU Crowdfunding Regulation. The beneficial ownership framework will become more detailed, and there will be new disclosure requirements for nominee shareholders and directors.

While MLD4 requires Member States to set up registers/mechanisms to enable information about bank accounts and their owners to be accessed (that requirement has not yet been transposed into Irish law), the Commission is also proposing the establishment of a cross-border system to enable financial intelligence units (FIUs) access information from other Member States.

The new rulebook is expected to apply from the end of 2025.


The scope of the 2015 EU Regulation on transfers of funds will be extended to cover transfers of crypto-assets. As a result, full information about the sender and beneficiary of those transfers will have to be included by crypto-asset service providers with all transfers of virtual assets, just as payment service providers do for wire transfers at the moment.


A new AML/CFT directive will replace MLD4 and contain only provisions where domestic transposing legislation is strictly necessary, such as rules on national supervisors and FIUs.


The proposals are now the subject of public consultations which will run until 21 September 2021.  The feedback to those consultations will be provided by the Commission to the European Parliament and the EU Council when each institution begins its review of the proposals. At the same time, the Commission is also exploring (via consultation) how public-private partnerships in Member States could form part of the AML/CFT framework.

We will be publishing more detailed analysis of the different elements of the new AML/CFT package over the coming weeks.  In the meantime, if you have any questions, please contact our market-leading Financial Regulation Group.