Collaborating toward a more effective AML/CFT regulation

Management summary

The European Union’s evolving AML/CFT framework, as reflected in the recent draft Regulatory Technical Standards under AMLR, AMLD6 and AMLAR, has triggered critical responses from across the financial and non-financial sectors. While broad support exists for harmonization, respondents consistently highlight concerns around proportionality, operational feasibility, and sector-specific applicability.

Key concerns focus on the draft’s prescriptive materiality thresholds (RTS under Article 12 AMLAR), with many warnings that the thresholds are too rigid and insufficiently risk-based, potentially disadvantaging smaller or low-risk institutions. Data collection and reporting standards (RTS under Article 40 AMLD6) are criticized for excessive granularity and unclear definitions, risking duplicative regulation and undue burden.

Sanctions frameworks (RTS under Article 53 AMLD6) are welcomed but respondents seek greater legal certainty and clearer criteria to avoid fragmented application and compliance risks. Customer due diligence (RTS under Article 28 AMLR) proposals are considered overly stringent, risking the exclusion of vulnerable or underserved populations from financial services and imposing disproportionate obligations for smaller obliged entities.

Across the four RTS, the sector calls for recalibration: sector-specific thresholds, clear definitions, risk-based approaches, and practical implementation timelines. Without significant revision, the current draft risks undermining both the effectiveness and legitimacy of the EU’s AML/CFT regime. Through this consultation process, respondents advocate for practical implementation to help ensure that operational considerations remain at the forefront of regulatory decisions.

https://www.eba.europa.eu/publications-and-media/press-releases/eba-consults-new-rules-related-anti-money-laundering-and-countering-financing-terrorism-package

Regulatory Technical Standards

Risk assessment for the purpose of selection for direct supervision

Draft RTS on the risk assessment for the purpose of selection of credit institutions, financial institutions and groups of credit and financial institutions for direct supervision under Article 12(7) of the AMLAR

The responses of the draft RTS triggers broad concerns among respondents regarding their proportionality, applicability, and sectoral relevance. The financial sector, including banks, insurers, asset managers, fintechs, and industry associations, challenges the uniformity and rigidity of the proposed materiality thresholds. Respondents argue that the thresholds are set too low and do not account for the diversity of business models, customer profiles, and risk typologies, especially disadvantaging smaller or lower-risk institutions and those with high-value and low-volume activity.

Key criticisms focus on methodological ambiguities, particularly the definitions of “customer” and “transaction,” the interplay of cumulative versus alternative thresholds, and the determination of group perimeters. These ambiguities are seen as obstacles to consistent, effective, and legitimate implementation of the RTS.

Across sectors, there is a strong call for recalibration—specifically, sector-specific thresholds, nuanced methodologies, and the integration of qualitative factors. The consensus is that harmonization and risk-based oversight are necessary, but only if underpinned by proportionality and definitional clarity. 

Inherent and residual risk profile of obliged entities

Draft RTS on the assessment of the inherent and residual risk profile of obliged entities under Article 40(2) of the AMLD6

While its harmonization goals have received support, there are significant concerns regarding the operational challenges and associated costs. Respondents, ranging from banks and insurers to payment institutions, asset managers, and non-financial entities, warn that the extensive and granular data requirements are excessive, particularly for smaller or lower-risk firms and do not adequately consider the principle of risk-based proportionality.

Sectoral feedback emphasizes the challenges of unclear definitions, risks of duplicative regulation, and impractical implementation timelines. Banks have concerns about the costs and regulatory overlap, while insurers and asset managers highlight the need for sectoral adaptation, particularly for low-risk products. Payments and crypto-asset providers point out the limited applicability and technical infeasibility of certain indicators. Non-financial entities, such as legal professionals and non-profit organizations, caution against a “one-size-fits-all” approach and raise concerns about unintended consequences, including de-risking and confidentiality breaches.

The majority of respondents advocate for simplification, harmonized definitions, and sectoral tailoring of requirements, as well as the prioritization of genuinely risk-relevant indicators and adequate transition periods. Without significant revision, the RTS risk imposing unsustainable burdens on stakeholders while offering only limited benefits in terms of risk mitigation.

Pecuniary sanctions, administrative measures and periodic penalty payments

Draft RTS under Article 53(10) on the AMLD6 on pecuniary sanctions, administrative measures and periodic penalty payments.

The reactions to the draft RTS state a “constructively critical” overall response throughout the EU. Respondents support harmonized enforcement and clearly defined sanctions, but express strong reservations about the vagueness and discretionary leeway in the proposed rules.

Respondents seek transparent, objective, and proportionate regulatory criteria that provide legal certainty and protect compliance professionals from personal liability. They argue that the proposed open-ended terms threaten to fragment the level playing field and undermine predictability. Supervisory authorities echo the need for precise legal bases, due process, and respect for national legal traditions, while non-financial stakeholders, especially legal professionals and NGOs, have concerns about the importance of flexibility and national adaptation to safeguard sectoral diversity and fundamental human rights. 

Respondents ask for more precise definitions and risk-based methodologies, along with procedural safeguards and proportionality in sanctions. The prevailing message is that, while harmonization is more than welcomed, the current draft’s lack of clarity and excessive discretionary powers risk weakening the compliance culture and legal certainty important for effective AML/CFT enforcement.

Customer due diligence

Draft RTS under Article 28(1) of the AMLR on Customer Due Diligence

The draft RTS for Customer Due Diligence (CDD) under Article 28(1) AMLR has triggered widespread criticism from across the financial and non-financial sectors. The prevailing sentiment among banks, insurers, payment institutions, and supervisory authorities is that the current proposals are prescriptive, insufficiently risk-based, and ultimately disconnected from practical customer risk realities.

Banks and banking associations are critical of the requirements that CDD obligations for lower-risk clients are nearly as stringent as those for standard due diligence. This undermines the principle of proportionality and introduces unnecessary operational complexity, especially for low-risk products and client types. Insurance providers point out that periodic updates are impractical and unnecessary for low-risk products due to the reduced client interaction and the low risks of the client and the product.

Payment service providers echo these concerns, warning that highly prescriptive requirements may exclude vulnerable or underserved populations from financial services. They warn of the risk of unintended financial exclusion when documentation requirements cannot be met by for example: elderly individuals, rural residents without a city or street address, people facing housing insecurity, those with disabilities or experiencing digital exclusion, as well as refugees and stateless persons. They are also concerned that the requirements to provide detailed information about the ultimate beneficiaries of funds held in pooled accounts can be highly complex. These obligations are frequently viewed as disproportionate, as they may demand more effort and resources than is realistically possible, particularly in cases where it is challenging to ascertain the specific details of the parties involved.

In summary, this situation underscores worries that such regulations can be overly burdensome and difficult to implement for obliged entities.

Regulatory bodies and coordinating authorities express the need for support of data standards and join in emphasizing the need for proportionality, sectoral flexibility, and operational feasibility. There is consensus that clear definitions of terms and high data quality are important, but should6 be accompanied by pragmatic, risk-sensitive implementation that avoids duplication of data and supports innovation.

Collectively, the sector calls for a recalibration of the draft RTS to ensure that requirements are risk-based, proportionate, and tailored to the operational realities of diverse business models. This includes explicit recognition of sector-specific risk profiles and greater flexibility for low-risk scenarios.