The European Union is now completing a major reform of its anti-money laundering (AML) framework: replacing fragmented national regimes with a consistent pan-European system.

At the centre of this reform is the new Anti-Money-Laundering Authority (AMLA) — an EU-level regulator that from 2026 will directly supervise large banks, payment institutions, and crypto service providers operating across the EU.

For the first time, cross-border financial institutions will face a single AML “rulebook” and a single EU supervisor with powers to impose penalties of up to 10 % of global turnover.

Understanding these changes is essential for any business operating in the European financial sector.

What is AMLA?

AMLA is an independent EU agency, created by Regulation (EU) 2024/1665 and headquartered in Frankfurt.

It was formally established in June 2024 and will begin operational work on 1 July 2025. The agency will start exercising direct supervisory powers from 2026, following a one-year preparatory phase.

AMLA has broad authority to:

— license and supervise systemically important institutions active in at least seven Member States;

— overrule national supervisors in cases of AML/CFT failings;

— resolve cross-border supervisory disputes;

— and impose significant fines — up to 10 % of a group’s global annual turnover.

This penalty level is comparable to the GDPR’s maximum sanctions, but applied to AML violations.

Why has the EU created AMLA?

A series of major AML failures — including the Danske Bank and Wirecard cases — and inconsistencies exposed by the 2022 Luxembourg Business Registers ruling highlighted the need for stronger, centralised AML supervision in Europe.

The European Commission opted for a regulation-first approach with a single EU agency to ensure:

— harmonised AML rules across 27 Member States;

— real-time access to transaction and beneficial ownership data for FIUs;

— more effective enforcement and prevention of “regulatory arbitrage.”

Which firms will be supervised by AMLA?

Initial expectations suggest that 40 to 50 cross-border groups will be included in AMLA’s first wave of direct supervision.

This group is likely to include:

— major pan-European banking groups;

— large e-money and payment institutions;

— key crypto-asset service providers (CASPs) under MiCAR.

Academic experts, such as those from Bocconi University, further expect that future cross-border licence applications (for example, under MiCAR or for e-money passports) will be subject to more detailed reviews under AMLA oversight, providing stronger and more consistent EU-wide licensing outcomes.

Anticipated impact on operations (2025–2026)

The introduction of AMLA supervision will bring material changes for many financial groups:

— Adoption of a single, EU-wide AML “rulebook” for all policies and procedures, including CDD checklists and definitions of PEPs.

— Implementation of new data submission requirements via secure APIs to AMLA.

— Updates to outsourcing and cloud service contracts, ensuring that AMLA has appropriate access and audit rights.

— Closer integration with EU sanctions enforcement mechanisms.

— Requirement to produce “equivalent measures reports” for non-EU branches.

For many firms, this will involve a significant programme of internal change, including IT upgrades, policy revisions, governance updates, and staff training.

Key questions for boards and senior management

— Are any entities within the group likely to be classified as “systemically important” under AMLA criteria?

— Is the group’s AML platform capable of meeting AMLA’s technical and supervisory requirements?

— Do current outsourcing and cloud contracts meet the new audit and data access standards?

— What are the financial and operational implications of potential 10 % global turnover penalties?

Why early preparation with specialist support is essential

Transitioning to AMLA supervision will be a complex process. It will require mapping affected entities, redesigning AML frameworks, upgrading technology platforms, updating governance arrangements, and managing engagement with both national supervisors and the new EU authority.

Any gaps or delays may expose firms to enforcement action — including substantial financial penalties and reputational risks.

The Financial Crime & Regulatory team at ERG provides expert support to clients preparing for these changes, including:

— AMLA readiness assessments;

— development of new, compliant AML frameworks;

— preparation of board-level transition plans;

— support for IT and cloud contract alignment;

— representation during AMLA onboarding and review processes.

With the first phase of AMLA supervision commencing in 2026, the time to prepare is now.

Contact ERG for an initial assessment and transition roadmap.