Why Estonia is five years ahead of the EU’s 2027 AML deadline

AMLR

Most professionals in financial crime compliance come up through law enforcement, audit or legal backgrounds. Siiri Graabi took a different route entirely, arriving via the European Council after more than a decade as an Estonian diplomat. Her time in Brussels placed her in the room as EU sanctions packages were being negotiated and drafted.

According to Salv, she now serves as sanctions and counter-terrorism financing officer at Coop Bank in Estonia, giving her a rare dual perspective. She understands why sanctions are shaped the way they are, moulded by political urgency, diplomatic compromise and midnight deadlines, and she knows first-hand what it takes to implement and enforce them inside a bank.

In a recent episode of Salv’s Follow the Money podcast, Siiri joined host Dr Nicola Harding to discuss her career, Estonia’s Salv-powered model of cross-institution intelligence sharing, and what the rest of Europe must grasp before the AMLR Article 75 and PSR Article 83 deadlines land in 2027.

Estonia’s banks have been exchanging financial crime intelligence through Salv Bridge for more than five years. What began as an informal working group within the Estonian Banking Association, with banks comparing notes on sanctions hits and flagging fraud over messaging apps, has evolved into a real-time, structured, encrypted and legally grounded system with a full audit trail.

Siiri chairs the association’s sanctions working group, which convenes banks, supervisors and regulators monthly to align on implementation, share evasion patterns and work through new regulatory demands. That group laid the foundations for the Salv Bridge network.

One use case she outlined shows the system’s speed. A sanctions screening alert flags a potential name match, and Siiri sends a request to another Estonian bank covering date of birth, citizenship and residence.

The answer returns within minutes, and the payment is released or blocked with a documented rationale. There are no SWIFT messages, no waiting on emails, no chasing colleagues by phone.

Fraud cases operate identically: when a bank spots a defrauded client whose funds have moved elsewhere, an instant message allows the receiving institution to freeze the account. Millions of euros have been recovered through these joint investigations, including funds routed through virtual IBANs, which typically drain out of Europe within hours.

On the 2027 deadline, Siiri was frank that the timeline is already tight. Coop Bank sanctions and counter-terrorism financing officer Siiri Grabbi said, “You need the passionate crime fighters to build it.

There needs to be somebody who provides the platform who has the mission to do something. Is there a legal ground in place in the country, or do they wait for the regulations to kick in? Are the politicians ready? How do they interpret GDPR? It’s so easy to say GDPR doesn’t allow [sharing], but not all data [falls under] GDPR.”

The obstacles she identifies are not chiefly technical, but rather legal uncertainty, internal policy alignment, infrastructure readiness and a willingness to begin before everything is resolved. Estonia did not wait for perfect answers; it started, learned and expanded.

She also tackled the most common misconception. Coop Bank sanctions and counter-terrorism financing officer Siiri Grabbi said, “That we all want to get the other banks’ clients to ourselves.

But it’s not the case. I don’t want a criminal to become my client. I just want to receive the information and intelligence to know if my doubts are correct.” In her view, the competitive instinct holding institutions back is misplaced, as intelligence sharing stops bad money moving rather than handing customers to rivals.

Her advice to compliance officers elsewhere in the EU begins with a mindset shift: sharing compresses investigation time, produces fuller reports and builds the audit trail supervisors increasingly expect.

Her message to public authorities is equally direct: stop treating the private sector as an adversary, involve industry earlier in drafting rules and lead by example. Asked what Estonia got right, she said, “We started straight away.”

Read the full Salv post here. 

Read the daily RegTech news

Copyright © 2026 RegTech Analyst

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.