One Rulebook for Europe: Inside the EU’s New AML Regulation

When the EU’s new Anti-Money Laundering Regulation (AMLR) takes full effect on July 10, 2027, Europe’s fragmented AML landscape will begin to disappear. It’s going to replace the familiar patchwork of AML directives with a single rulebook that applies directly across all Member States. For the first time, banks, fintechs, crypto firms, and many other obliged entities will operate under the same AML/CFT framework across the entire EU.

This is a major shift in the EU’s anti-money laundering approach in decades. The point of the new regulation isn’t the new rules; what really matters is the change in mindset. We’re seeing a move away from different national interpretations towards true harmonization across Europe.

From directives to a single rulebook 

The Anti-Money Laundering Regulation (AMLR), formally Regulation (EU) 2024/1624, harmonises AML/CFT rules for the private sector across the Member States. It replaces a lot of existing EU AML directives, including the former AMLD4 and AMLD5, with a single, consistent legal framework. 

Until now, EU AML rules have been implemented through directives, which countries have translated into national law. CDD and EDD practices were inconsistently enforced and supervised, and regimes and thresholds were divergent across jurisdictions. Conversely, AMLR applies uniformly across the EU from the moment they take effect, which helps eliminate local discrepancies and fragmented compliance requirements—in essence, this is the EU’s attempt to close all those gaps. Among other things, it’s meant to improve the traceability of financial flows and increase transparency around ownership and control structures.

Under the new regime, a broader range of entities will have to comply with AML/CFT obligations, including:

• Banks and other financial institutions
• Payment and e-money institutions
• Credit intermediaries
• Crypto-asset service providers (CASPs) are defined under the EU’s MiCA regime
• Trust & company service providers
• Dealers in high-value goods
• Certain gambling service providers and professional football clubs in specified contexts
• Non-financial mixed holding companies with subsidiaries that are obliged entities

Most notable changes under AMLR

Among the changes that AMLR introduced, there are a few key differences that are important and should be considered by the entities that need to comply with the new regulation.

AMLR strengthens CDD requirements across the board by clarifying when CDD must be conducted and with what identity information. It also brings about some changes within the verification procedures and EDD triggers (such as clients or transactions that are potentially high-risk). For certain industries, including crypto providers, AMLR will have specific thresholds and verification obligations that will replace varied national practices. 

The AMLR enhances transparency in beneficial ownership by clarifying definitions and documentation requirements. It mandates a detailed analysis of ownership and control from obliged entities, ensuring identification of actual owners. Entities must map out their legal structures and maintain well-documented records for audits. There are also new rules regarding trusts, foundations, and complex arrangements.

To tackle the misuse of cash, AMLR is putting a €10,000 limit on cash payments for goods and services in all Member States. Each country can set a lower limit if it wants to. Moreover, there will be stricter customer due diligence for transactions that get close to this limit, which will help keep a better track of large cash movements. 

Another important development concerns reporting and internal controls. Obliged entities will need to reliably submit Suspicious Activity Reports, improve reporting timelines, and enhance interactions with Financial Intelligence Units. On top of those, the staff involved in AML compliance will have to be properly assessed and trained. 

These responsibilities will be further supported by the future technical standards and supervisory expectations set out by AMLA. 

AMLR and AMLA: When stronger supervision enters the picture

The AMLR is just one part of a broader EU strategy to combat money laundering and terrorist financing. A key component of it is the establishment of the Anti-Money Laundering Authority (AMLA). AMLA has already started coordinating AML/CFT supervision throughout the EU in 2025, and will keep overseeing high-risk entities that pose systemic threats. 

It’s supposed to push the EU toward a more centralized, data-driven model for AML oversight, helping ensure supervisory standards are more consistent across Member States.

Practical implications of the new AMLR

Given that these changes will come in by July 2027, it's crucial for teams to start planning early, conduct gap analyses, and invest in the necessary technology upgrades.

They will need to adopt harmonized documentation and onboarding standards, which means a more uniform approach across the board. Greater emphasis will be placed on identifying beneficial owners and control structures. This also involves redesigning CDD and EDD processes to align with new EU rules. Compliance teams must upgrade their risk assessment systems to include proper audit trails and foster stronger collaboration with Financial Intelligence Units (FIUs), as well as engage in cross-border anti-money laundering activities.

For organizations operating across multiple EU markets, AMLR will likely require rethinking compliance processes that were originally designed around national regulatory differences.

Regulatory Technical Standards (RTS): What’s on consultation now

The AMLA is currently working on a set of Regulatory Technical Standards (RTS) that will help clarify how the main provisions of this regulation should be applied in real life. These standards are in the drafting stage now and will be open for public consultation in 2026, which means there’s still a chance the final version could change before it's officially adopted. 

🧾Draft on customer due diligence (Article 28(1) AMLR) specifies how the AMLR’s high-level CDD requirements translate into detailed obligations that all obliged entities must follow. 

The final standard will include key elements to aid compliance, detailing the information and documentation needed for standard, simplified, and enhanced customer due diligence. It will establish standards for verifying the identities of individuals, legal entities, and beneficial owners and address risk-sensitive ongoing monitoring. Additionally, criteria for using electronic identification and digital onboarding tools in the CDD process will be provided.

It’s open for consultation until May 8, 2026. AMLA published the draft in February 2026, building on earlier work by the European Banking Authority. 

🧾Draft on business relationships & occasional and linked transactions: (Article 19(9) AMLR) defines the criteria for distinguishing when a customer engagement transitions into a business relationship, which would then make customer due diligence necessary. 

It will guide in distinguishing business relationships from occasional transactions and recognizing linked transactions that might evade CDD requirements. While the AMLA draft doesn't propose lower CDD thresholds now, there's still a possibility for them to be added later. 

The consultation is open until May 8, 2026, and this draft impacts all obligated entities across both financial and non-financial sectors. These proposals will be further discussed at a public hearing on March 24, 2026. 

🧾Draft on enforcement: Sanctions and supervisory response harmonizes how supervisors across the EU assess breaches of AML/CFT obligations and determines appropriate sanctions or corrective measures. 

The text will establish severity categories for breaches, common indicators for supervisors, and clarify the application of sanctions and penalties. It will also outline expectations for documentation, timeliness, and breach mitigation measures. 

Currently, a consultation on the draft is open until May 8, 2026, and AMLA encourages feedback, especially from the non-financial sectors, which have historically been less involved in previous EBA consultations. 

Consultation timeline and next steps

After the consultation periods, the AMLA will review feedback and submit the final RTS drafts to the European Commission by July 2026. After these standards are adopted, they will be applicable under the AML Regulation. It’s important for businesses to start integrating them into their compliance programs before they come into effect on July 10, 2027.

Delaying taking note of the changes until the last minute could make implementation risky. It's a good idea for compliance teams to start aligning AMLR expectations with their existing systems and governance frameworks now.

With a focus on clearer beneficial ownership transparency and consistent customer due diligence and reporting standards, the AMLR is set to change the compliance game for the next decade. To thrive in the compliance landscape that will emerge after 2027, preparation is key.