The European Union has launched its most ambitious anti-money laundering (AML) reform to date. The “AML Package 2024–2026” introduces a new EU Anti-Money Laundering Authority (AMLA), a directly applicable Anti-Money Laundering Regulation (AMLR), and an updated Transfer of Funds Regulation (TFR). Together, these measures aim to unify the fragmented regulatory landscape across the EU and strengthen financial integrity across borders.
For compliance officers, risk managers, and governance specialists, the AML Package will bring both opportunities and challenges. Here’s what you need to know.
What is the AML Package 2024–2026?
The AML Package represents a major shift away from the directive-based approach of the past, which allowed uneven national implementation. Instead, it combines a single rulebook (AMLR) with a central authority (AMLA) and enhanced payment transparency (TFR).- Why it was introduced: Inconsistent enforcement across member states led to regulatory arbitrage and weaknesses exploited by money launderers.
- Main objectives Ensure uniform rules, improve supervision, and address new risks like crypto-assets.
- Timeline: The package is being rolled out between 2024 and 2026, with staggered implementation dates.
AMLA will be headquartered in Frankfurt, Germany and is expected to become operational in mid-2025.
- Supervisory powers: Direct oversight of the riskiest cross-border financial institutions.
- Coordination role:: Ensures consistent application of AML rules across EU member states.
- Enforcement tools: Can impose administrative penalties for severe breaches.
Unlike directives, AMLR will be directly applicable across all EU member states, reducing divergences in local law.
Key provisions include:
Key provisions include:
- Harmonised rules for Customer Due Diligence (CDD)
- Clearer requirements for Ultimate Beneficial Ownership (UBO) registers
- Unified sanctions framework
The revised Transfer of Funds Regulation" extends the “travel rule” to crypto-asset transfers, requiring crypto-asset service providers (CASPs) to include detailed sender/receiver information in all transactions.
- Scope: Applies to both fiat and crypto transfers within and outside the EU.
- Objective:: Strengthen traceability and reduce risks linked to anonymous wallets.
- Impact: Payment institutions and crypto platforms must adapt monitoring tools.
What the AML Package Means for Financial Institutions
For banks, insurers, and investment firms, the AML Package is not just a regulatory update — it represents a fundamental change in how compliance will be supervised and enforced across the EU. Institutions can no longer rely on varying national interpretations of AML rules. Instead, AMLR will impose harmonised customer due diligence (CDD), KYC, and UBO requirements, all monitored under the direct oversight of AMLA.
This means that internal systems and reporting tools will need significant upgrades. Transaction monitoring software, suspicious activity reporting processes, and customer onboarding solutions must be adapted to meet the stricter and more uniform requirements. Institutions that delay these changes may struggle to satisfy AMLA’s new supervisory standards once enforcement begins.
Beyond technology, the AML Package places increased emphasis on governance and accountability. Boards of directors and senior management will be expected to take a more active role in compliance oversight, ensuring that AML responsibilities are not confined to operational teams but embedded at the strategic level. This shift aligns with the EU’s broader push for a stronger compliance culture.
At the same time, the reforms open the door for RegTech innovation. Automated monitoring, AI-driven KYC checks, and integrated compliance dashboards can help financial institutions not only meet regulatory expectations but also reduce the cost and complexity of ongoing compliance. Those that embrace RegTech early may even turn compliance into a competitive advantage, positioning themselves as trusted and resilient players in the financial market.
Impact on Cross-Border Consistency and Enforcement
One of the most significant changes introduced by the AML Package is the elimination of regulatory fragmentation across EU member states. In the past, financial institutions faced uneven AML rules depending on where they operated, often leading to forum shopping, where criminals exploited the weakest national frameworks. With AMLA at the center, supervision will now be consistent across borders, reducing loopholes and ensuring a level playing field.
Institutions operating in multiple EU countries will especially benefit from clearer, uniform obligations, although compliance scrutiny will be far stricter.
Institutions operating in multiple EU countries will especially benefit from clearer, uniform obligations, although compliance scrutiny will be far stricter.
Key Provisions vs. Previous AML Directives (Directly Applicable Regulation)
To understand the significance of AMLR, it helps to compare it with earlier AML directives:| Aspect | AMLD4–AMLD6 (Directives) | AMLR (Regulation) |
|---|---|---|
| Legal nature | Requires transposition into national law. | Directly applicable across all EU member states. |
| Implementation | Divergent interpretations and timelines between countries. | Uniform rules and deadlines; single EU rulebook. |
| Supervision | Primarily by national competent authorities. | National authorities plus AMLA’s direct and coordinating oversight. |
| Sanctions | Varied sanction levels and approaches across member states. | Harmonised sanctions framework with clearer, predictable penalties. |
| Focus areas | KYC, CDD, UBO registers; AMLD6 pushed partial harmonisation. | Consolidated rulebook: CDD, UBO, sanctions, reporting, cross-border consistency. |
| Operational impact | Multi-jurisdiction policy variations; higher risk of gaps in groups. | Standardised group policies, easier cross-border controls, stricter oversight. |
This shift means financial institutions can no longer rely on national variances. The AMLR will create one consistent AML framework, with fewer grey areas for interpretation.
Harmonisation of Sanctions & Penalties Across Member States
Previously, financial penalties for AML breaches differed dramatically from one EU country to another. For example, a compliance failure in one jurisdiction might lead to only modest fines, while in another it could result in heavy sanctions. This uneven enforcement weakened deterrence and encouraged regulatory arbitrage. The AMLR introduces a harmonised sanctions regime, ensuring that penalties are consistent, predictable, and proportionate across all member states. This will raise the cost of non-compliance significantly, but it also brings more clarity for firms operating in multiple jurisdictions.Scope: Traceability of Transactions and the “Travel Rule” Obligations
The revised TFR extends the so-called “travel rule”—previously applied only to traditional payment transfers—to crypto-asset transfers. This means that every transaction, whether fiat or crypto, must include detailed sender and receiver information, ensuring full traceability of funds across borders. Anonymous crypto wallets, once a major vulnerability, will effectively be outlawed within the EU framework.This development also intersects with the Markets in Crypto-Assets Regulation (MiCA), which sets licensing and prudential requirements for crypto-asset service providers. Together, MiCA and the TFR will reshape the compliance landscape for digital assets, making transparency and monitoring essential for any institution involved in crypto transactions.
How to Prepare: Compliance Checklist
1) Conduct a Comprehensive Gap Analysis
The first step for financial institutions is to carry out a thorough gap analysis between their current AML frameworks and the upcoming AMLR requirements. This allows compliance teams to identify weaknesses early and build a roadmap for closing them before the new rules become fully enforceable in 2026.
2) Review and Strengthen KYC/CDD Policies
Under AMLR, customer due diligence (CDD) and know-your-customer (KYC) processes will be applied consistently across all EU member states. Firms must ensure that onboarding procedures, beneficial ownership checks, and risk assessments align with the new harmonised standards. Updating these policies now will prevent costly remediation later.3) Upgrade Systems and Reporting Tools
AMLA’s supervisory role will demand more timely and accurate reporting. Financial institutions should assess whether their transaction monitoring systems, suspicious activity reporting workflows, and UBO databases can handle stricter requirements. Investing in scalable technology will reduce compliance pressure once enforcement begins.4) Train Staff and Engage Senior Management
The AML Package makes it clear that compliance accountability extends to the boardroom. Senior managers and directors must be properly briefed on their responsibilities, while operational staff should receive regular, role-specific training. Building awareness at every level strengthens a firm’s compliance culture.5) Leverage RegTech for Efficiency
Finally, adopting RegTech solutions can help institutions automate repetitive tasks, reduce false positives in transaction monitoring, and maintain clear audit trails. By integrating smart technologies, firms can transform compliance from a burden into a strategic advantage, staying ahead of regulatory scrutiny while controlling costs.
