Regulation on the prevention of the use of the financial system for the purposes of ML/TF (AMLR)

Regulation (EU) 2024/1624 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing

Setting out EU rules that will be directly applicable by Member States including in the areas of customer due diligence and beneficial ownership

Level 1

Entry into force

10 July 2024

10 July 2026

Level 3

Scope of internal policies, procedures and controls

AMLA to issue guidelines on the elements that obliged entities should take into account, based on the nature of their business, including its risks and complexity, and their size, when deciding on the extent of their internal policies, procedures and controls in particular as regards the staff allocated to the compliance functions.

The guidelines must also identify situations where, due to the nature and size of the obliged entity:

  • internal controls are to be organised at the level of the commercial function, of the compliance function and of the audit function;
  • the independent audit function can be carried out by an external expert.

10 July 2026

Level 3

Business-wide risk assessment

AMLA to issue guidelines on the minimum requirements for the content of the business-wide risk assessment drawn up by the obliged entity. The guidelines must also cover additional sources of information to be taken into account when carrying out the business-wide risk assessment.

10 July 2026

Level 2

Group-wide requirements

AMLA to develop draft regulatory technical standards specifying the minimum requirements of group-wide policies, procedures and controls, including minimum standards for information sharing within the group, the criteria for identifying the parent undertaking in the cases covered by Article 2(1), point (42)(b) (groups whose head office is located outside of the Union, where at least two subsidiary undertakings are obliged entities established in the Union), and the conditions under which the provisions of Article 16 apply to entities that are part of structures which share common ownership, management or compliance control, including networks or partnerships, as well as the criteria for identifying the parent undertaking in the Union in those cases.

10 July 2026

Level 2

Branches and subsidiaries in third countries

AMLA to develop draft regulatory technical standards specifying the type of additional measures referred to in Article 17(2), including the minimum action to be taken by obliged entities where the law of a third country does not permit the implementation of measures required under Article 16 and the additional supervisory actions required in such cases.

10 July 2026

Level 2

Application of customer due diligence measures

  • the obliged entities, sectors or transactions that are associated with higher money laundering and terrorist financing risk and to which a value lower than EUR 10,000 (or equivalent) applies;
  • the related occasional transaction values;
  • the criteria to be taken into account for identifying occasional transactions and business relationships;
  • the criteria to identify linked transactions.

10 July 2026

Level 3

Customer due diligence measures

AMLA to issue guidelines on the risk variables and risk factors to be taken into account by obliged entities when entering into business relationships or carrying out occasional transactions.

10 July 2026

Level 3

Ongoing monitoring

AMLA to issue guidelines on ongoing monitoring of a business relationship and on the monitoring of the transactions carried out in the context of such relationship.

10 July 2026

Level 2

Regulatory technical standards on the information necessary for the performance of customer due diligence

AMLA to develop draft regulatory technical standards specifying:

  • the requirements that apply to obliged entities pursuant to Article 20 and the information to be collected for the purpose of performing standard, simplified and enhanced due diligence;
  • the type of simplified due diligence measures which obliged entities may apply in situations of lower risk, including measures applicable to specific categories of obliged entities and products or services, having regard to the results of the risk assessment at Union level conducted by the EU Commission;
  • the risk factors associated with features of electronic money instruments that should be taken into account by supervisors when determining the extent of the exemption under Article 19(7);
  • the reliable and independent sources of information that may be used to verify the identification data of natural or legal persons for the purposes of Article 22(6) and (7);
  • the list of attributes that electronic identification means and relevant qualified trust services must feature in order to fulfil the requirements in the case of standard, simplified and enhanced due diligence.

10 July 2026

Level 2

Penalties

EU Commission to adopt delegated acts defining

  • the categories of breaches that are subject to penalties and the persons liable for such breaches;
  • indicators to classify the level of gravity of breaches that are subject to penalties;
  • the criteria to be taken into account when setting the level of penalties.

10 July 2026

Level 2

Reporting of suspicions

AMLA to develop draft implementing technical standards specifying the format to be used for the reporting of suspicions to the FIU and for the provision of transaction records.

10 July 2026

Level 3

Cooperation between FIUs and the EPPO

AMLA to develop draft implementing technical standards, in consultation with the European Public Prosecutor’s Office (EPPO), specifying the format to be used by FIUs for reporting information to the EPPO.

Level 1

Entry into application

10 July 2027

(With the exception of football agents and football clubs to which the Regulation applies from 10 July 2029.)

10 July 2027

Level 3

Outsourcing

AMLA to issue guidelines to obliged entities on

  • the establishment of outsourcing relationships, including any subsequent outsourcing relationship, their governance and procedures for monitoring the implementation of functions by the service provider and in particular those functions that are to be regarded as critical;
  • the roles and responsibility of the obliged entity and the service provider within an outsourcing agreement;
  • supervisory approaches to outsourcing as well as supervisory expectations regarding the outsourcing of critical functions.

10 July 2027

Level 3

Inability to comply with the requirement to apply customer due diligence measures

AMLA to issue joint guidelines with the EBA on the measures that may be taken by credit institutions and financial institutions to ensure compliance with AML/CFT rules when implementing the requirements of Directive 2014/92/EU including in relation to business relationships that are most affected by de-risking practices.

10 July 2027

Level 3

Guidelines on money laundering and terrorist financing risks, trends and methods

AMLA to issue guidelines defining the money laundering and terrorist financing risks, trends and methods involving any geographical area outside the Union to which obliged entities are exposed. In particular, the guidelines must take into account the risk factors listed in Annex III to the AMLR. Where situations of higher risk are identified, the guidelines must include enhanced due diligence measures that obliged entities must consider applying to mitigate such risks.

10 July 2027

Level 3

Scope of application of enhanced due diligence measures

AMLA to issue guidelines on the measures to be taken by credit institutions, financial institutions and trust or company service providers to establish whether a customer holds total assets with a value of at least EUR50,000,000 (or the equivalent) in financial, investable or real estate assets and how to determine that value.

No specific timeline

Level 2

EU Commission to adopt delegated acts where it identifies additional cases of higher risks referred to in Article 34(1) that affect the Union as a whole and enhance due diligence measures that obliged entities are to apply in those cases, taking into account the notifications by Member States pursuant to Article 34(6).

10 July 2027

Level 3

Specific enhanced due diligence measures for cross-border correspondent relationships for crypto-asset service providers

AMLA to issue guidelines to specify the criteria and elements that crypto-asset service providers must take into account for conducting the assessment and risk mitigating measures referred to in Article 37, including the minimum action to be taken by crypto-asset service providers upon identification that the respondent entity is not registered or licensed.

10 July 2027

Level 3

Measures to mitigate risks in relation to transactions with a self-hosted address

AMLA to issue guidelines to specify the mitigating measures referred to in Article 41(1), including

  • the criteria and means for identification and verification of the identity of the originator or beneficiary of a transfer made from or to a self-hosted address, including through reliance on third parties, taking into account the latest technological developments;
  • criteria and means for the verification of whether or not the self-hosted address is owned or controlled by a customer.

10 July 2027

Level 3

Specific provisions regarding politically exposed persons

AMLA to issue guidelines on

  • the criteria for the identification of persons known to be close associates of politically exposed persons;
  • the level of risk associated with a particular category of politically exposed person, family member or person known to be a close associate, including guidance on how such risks are to be assessed where the person is no longer entrusted with a prominent public function for the purposes of Article 45.

No specific timeline

Level 2

List of prominent public functions

EU Commission may adopt an implementing act, setting out the format for the establishment and communication of the Member States’ list of prominent public functions pursuant to Article 43(1). EU Commission to adopt delegated acts to supplement Article 2(1), point (34) on politically exposed persons where the lists notified by Member States under Article 43(1) identify common additional categories of prominent public functions of relevance for the Union.

10 July 2027

Level 3

Guidelines on reliance on other obliged entities

AMLA to issue guidelines addressed to obliged entities on

  • the conditions which are acceptable for obliged entities to rely on information collected by another obliged entity, including in the case of remote customer due diligence;
  • the roles and responsibility of the obliged entities involved in a situation of a reliance on another obliged entity;
  • supervisory approaches to reliance on other obliged entities.

10 July 2027

Level 3

Reporting of suspicions

AMLA to issue guidelines on indicators of suspicious activity of behaviours.

No specific timeline

Level 2

Identification of beneficial owners for legal entities similar to express trust

EU Commission may adopt an implementing act listing types of legal entities governed by the law of Member States which should be subject to the requirements of Article 57.

No specific timeline

Level 2

Identification of beneficial owners for express trusts and similar legal arrangements

EU Commission may adopt an implementing act listing types of legal arrangements governed by the law of Member States which should be subject to the same beneficial ownership transparency requirements as express trusts.

Level 1

Full entry into application

10 July 2029

10 July 2029

Milestone

Beneficial ownership through ownership interest

EU Commission to assess whether the risks associated with categories of corporate entities that are exposed to higher money laundering and terrorist financing risks are relevant for the internal market and, where it concludes that a lower threshold is appropriate to mitigate those risks, and to adopt delegated acts by identifying:

  • the categories of corporate entities that are associated with higher money laundering and terrorist financing risks and for which a lower threshold shall apply;
  • the related thresholds.

No specific timeline

Level 2

Identification of third countries with significant strategic deficiencies in their national AML/CFT regimes

EU Commission to adopt delegated acts where:

  • significant strategic deficiencies in the legal and institutional AML/CFT framework of the third country have been identified;
  • significant strategic deficiencies in the effectiveness of the third country’s AML/CFT system in addressing money laundering and terrorist financing risks or in its system to assess and mitigate risks of non-implementation or evasion of UN financial sanctions relating to proliferation financing have been identified;
  • the significant strategic deficiencies identified under the previous points are of persistent nature and no measures to mitigate them have been taken or are being taken.

No specific timeline

Level 2

Identification of third countries with compliance weaknesses in their national AML/CFT regimes

EU Commission to adopt delegated acts where:

  • compliance weaknesses in the legal and institutional AML/CFT framework of the third country have been identified;
  • compliance weaknesses in the effectiveness of the third country’s AML/CFT system in addressing money laundering and terrorist financing risks or in its system to assess and mitigate risks of non-implementation or evasion of UN financial sanctions relating to proliferation financing have been identified.

No specific timeline

Level 2

Identification of third countries posing a specific and serious threat to the Union’s financial system

EU Commission to adopt delegated acts identifying third countries where, in exceptional cases, it considers it indispensable to mitigate a specific and serious threat to the Union’s financial system and the proper functioning of the internal market posed by those third countries, and which cannot be mitigated pursuant to Articles 29 and 30. EU Commission may adopt an implementing act, setting out the methodology for the identification of third countries pursuant to Article 31.

10 July 2030

Milestone

Reports

EU Commission to report to the EU Parliament and the Council of the EU assessing the necessity and proportionality of:

  • lowering the 25% threshold for the identification of beneficial ownership of legal entities through ownership interest;
  • extending the scope of high-value goods to include high-value garments and accessories;
  • extending the scope of the threshold-based disclosures under Article 74 to cover the sale of other goods, of introducing harmonised formats for the reporting of those transactions based on the usefulness of those reports for FIUs, and of extending the scope of information collected from persons trading in tree-trade zones;
  • adjusting the limit for large cash payments.

10 July 2032

Milestone

Review

EU Commission to review the application of this Regulation and to submit a report to the EU Parliament and the Council of the EU assessing:

  • the national systems for reporting of suspicions and obstacles and opportunities to establish a single reporting system at Union level
  • the adequacy of the beneficial ownership transparency framework to mitigate risks associated with legal entities and legal arrangements