New EU AML rulebook raises the bar for compliance

AML

The EU’s Anti-Money Laundering Regulation (AMLR) is reshaping compliance expectations across the bloc, and financial institutions that treat the 10 July 2027 application date as a distant deadline risk being caught out.

According to compliance specialist Muinmos, the AMLR should be seen as a production go-live date, with mapping, design and remediation work needing to start now.

Muinmos recently put together a practical guide to the AMLR and what you need to know about it. 

The AMLR, formally Regulation (EU) 2024/1624, is the principal substantive rulebook for the private sector under the EU’s new AML/CFT package. It governs business-wide risk assessments, customer due diligence, beneficial-ownership analysis, ongoing monitoring, politically exposed persons, targeted financial sanctions and suspicious-transaction reporting.

It sits alongside the Sixth Anti-Money Laundering Directive, the regulation establishing AMLA and the recast Transfer of Funds Regulation.

The EU enacted the measure to fix four connected problems: fragmentation caused by 27 national transpositions, rules that were insufficiently operational, evolving risks from crypto-assets and sanctions evasion, and weaknesses in supervision and cross-border cooperation. Rather than replacing national references in existing policies, the regulation demands that institutions demonstrate a detailed EU-wide rulebook is embedded in customer data, risk decisions, monitoring, governance and audit trails.

Among the most significant practical changes is a more prescriptive customer due diligence baseline, with AMLA mandated to develop a detailed CDD regulatory technical standard. Beneficial-ownership analysis becomes more explicit, with ownership and control assessed in parallel, a 25% ownership threshold and material register discrepancies reportable within 14 calendar days.

The regulation also sets outer limits for customer-data refresh, at no more than one year for higher-risk customers and five years for others, while embedding sanctions circumvention risk directly into the AML framework. A special enhanced due diligence regime applies to certain wealth-management relationships involving assets under management of at least €5m and customers with total assets of at least €50m.

AMLA, the Frankfurt-based authority, will act as rule-maker, direct supervisor of up to 40 high-risk cross-border institutions from 2028, driver of supervisory convergence and coordinator of national financial intelligence units. Most firms will remain under national supervision, but AMLA’s standards will shape supervisory expectations across the EU.

Muinmos recommends a three-stage programme: map the regulation into a control and data matrix, design a target operating model with controlled assumptions for pending Level 2 rules, and remediate the existing customer book against the target data model. Institutions should not wait for final technical standards, provided assumptions are documented and frameworks remain configurable.

The firms best prepared for July 2027 will be those able to show, decision by decision, that the AMLR is embedded in their data, workflows and evidence.

Read the full Muinmos post here. 

Read the daily RegTech news

Copyright © 2026 RegTech Analyst

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.