AMLA & AMLR: Your Guide to the EU's New Anti-Money Laundering Framework

Our approach

Helping banks, payments firms and cross-border groups navigate the EU's most significant AML regulatory reform in a decade.

The EU AML package – AMLR, AMLA and AMLD6 – will reshape how firms manage financial crime obligations across the European Union. For any firm with a meaningful EU footprint, or whose operations have touchpoints in the EU, the practical question is not whether this affects you. It is whether you understand where the pressure points are, and what your plan is between now and the July 2027 AMLR implementation deadline.

Too many firms are caught between two unhelpful positions: waiting for full regulatory clarity before doing anything, or launching costly financial crime framework (re)design work before the detail is settled. Neither is credible when your board or a regulator asks what has been done so far and what next steps look like. The better route is more balanced – test what is already clear, record what is still moving, and keep the issue visible in governance.

The new AMLR framework will not just change the rules. For cross-border groups, it will also expose how consistently those rules have been applied across jurisdictions. Dealing with the internal differences that have built up over time may prove more challenging, politically and operationally, than absorbing the new requirements themselves.

On this page you'll find practical information and guidance about the EU's new AML framework, including what is changing, what it means for cross-border operations and compliance functions, a full implementation timeline, links to resources, and how BeyondFS can support you.

Our Latest Briefing Note

AMLA and AMLR: What Cross-Border Financial Services Firms Need to Know

Download our 12-page briefing note today

We've compiled our most practical information about the EU's new AML framework.

Download now

Expert support on AMLA & AMLR readiness

If you need support preparing for AMLR – from initial scoping and gap analysis to cross-border harmonisation and board-ready position papers – we can help.

Our clients turn to us instead of the 'big 4' because of our deep expertise in delivering financial crime change programmes. Get in touch today to find out more.

Contact us to speak with our experts

Matt Neill

Partner at BeyondFS

Matt has over ten years’ consultancy experience helping financial services clients navigate the ever-changing client onboarding and CLM landscape, building a strategic function that sets them apart from others.

matt.neill@beyondfs.co.uk

Clarinda Woodword

Director at BeyondFS

Clarinda is a financial crime compliance specialist with over 13 years’ experience advising firms across the financial services sector, with a focus on Payments, EMIs and FinTechs. She’s led numerous s166 reviews, AML audits and Advisory engagements, and often acts as a trusted advisor for FCA-authorised firms requiring financial crime compliance framework uplift.

clarinda.woodford@beyondfs.co.uk

Adrian Barnett

Director at BeyondFS

Adrian brings over 20 years’ experience as an in-house lawyer and compliance professional, with senior roles in Big-4 consulting and major global banks. He specialises in financial crime risk, particularly AML/KYC, Sanctions, and failure to prevent offences. adrian.barnett@beyondfs.co.uk

Jonathan Kohler

Associate Director at BeyondFS

With over 14 years of experience in programme management and frontline operations across the insurance and technology industries, Jonathan has a deep understanding of how data and technology can transform operational performance.

jonathan.kohler@beyondfs.co.uk

WATCH OUR LATEST ONLINE BRIEFING

AMLR and AMLA Live Briefing

In this live briefing, Adrian Barnett and Jonathan Kohler cut through the complexity to give you a practical, current market update on AMLR and AMLA as of June 2026.

Watch the webinar

What is AMLA / AMLR?

The Regulatory Change Firms Cannot Afford to Ignore

By July 2027, the EU anti-money laundering framework will change in a way that goes beyond a routine legislative update. The newest AML package from the EU introduces three interconnected instruments:

The AMLR (the Regulation), which sits at the centre;
AMLA (the Authority), which gives it supervisory force; and
The Sixth Anti-Money Laundering Directive (AMLD6), which handles the elements requiring national transposition.

Together, from 2027, they will reshape how firms and National Authorities manage AML/CFT obligations across the European Union.

For cross-border firms with an EU footprint, the practical question is: do you understand how this new landscape affects your business, where the likely pressure points are, and what your plan is between now and July 2027? If the answer is no, that isn't a problem to solve by waiting for more legal clarity – it's a signal that ownership and oversight of the issue need to be established now.

What is changing?

What Is Changing with AMLA / AMLR

AMLA is the EU’s new centralised AML/CFT supervisory body. As of 1 January 2026, all AML/CFT mandates previously held by the EBA transferred to AMLA. Its remit includes direct supervision of around 40 higher-risk firms, coordination of national supervisory approaches, and the development of binding technical standards.

AMLR is a directly applicable EU regulation replacing the current directive-based framework. Unlike directives, which required national transposition and produced significant variation, AMLR applies uniformly across all Member States from 10 July 2027.

AMLD6 sits alongside the AMLR, and continues the theme of European consistency. While the AMLR supersedes elements of the AMLD6, matters relating to member state infrastructure have been retained: the powers and organisation of national supervisory authorities, beneficial ownership registers and FIU cooperation. Note that AMLD6 replaces entirely AMLD4 and AMLD5 – so it is a defining piece of EU legislation.

Confusion can also arise because Directive 2018/1673 was previously referred to as the ‘sixth AMLD’. This remains in force as criminal law and is not repealed by the 2024 package. However, what we refer to as AMLD6 in this Briefing is Directive 2024/1640.

Don’t dismiss this as irrelevant if you’re UK-based. If you have EU entities, AMLR applies to them, and the need for group consistency may also affect your wider framework.

Why AMLA / AMLR matters

Why This Matters for Cross-Border Firms

The consistency challenge

For firms operating across several EU jurisdictions, dealing with the internal differences that have built up over time may prove more challenging, politically and operationally, than absorbing the new requirements themselves. Many firms still operate AML frameworks that function quite differently from one jurisdiction to another, shaped by years of responding to local supervisory expectations.

As the European framework becomes more harmonised, the pressure moves in the opposite direction: towards reducing those internal differences. Which local variations still serve a real purpose? Which can be removed? Which exist mainly because they were built around a particular supervisory relationship? Those discussions are often difficult because they cut across local ownership, second-line judgement and operational practicality.

Consistency is the outcome AMLA is seeking. The question is whether it will prove achievable in practice for the many firms that will remain under the direct supervision of their home regulator, rather than being part of the roughly 40 directly supervised by AMLA itself.

Harmonisation is not the same as simplification

It would be a mistake to assume a single rulebook automatically makes compliance simpler. Technical standards exist to remove ambiguity, but ambiguity is also where firms exercise judgement within a risk-based approach. If early standards are detailed and prescriptive, firms used to more principles-based supervisory styles – including many UK-authorised firms with EU operations – may experience a tightening of expectations rather than a relaxation.

It is also worth noting how AMLA itself is likely to shape these standards. AMLA is building quickly and recruiting heavily and is anticipated to be fully operational by 2028. However, there is a finite pool of deep AML regulatory expertise in Europe, and much of it will come from existing national authorities. Early standards may therefore reflect established EU supervisory approaches in tone and structure, which is worth bearing in mind when reading draft RTS and ITS as they emerge.

The opportunity to consolidate

Even with the caveat that harmonisation is not the same as simplification, there is a meaningful internal opportunity for cross-border groups, but one which requires careful consideration and strategic planning. A single rulebook provides the mandate many groups have lacked to consolidate fragmented AML operating models. Firms that use this moment to streamline their operating model, rationalise policies and align control standards across their EU footprint will come out of the transition with a more defensible, more efficient framework. Those that treat it purely as a compliance exercise risk embedding the same inconsistencies under a new label.

AMLA matters even outside direct supervision

If your firm is likely to fall within AMLA's directly supervised population – broadly, those operating across six or more EU Member States with 20,000 or more customers – this should already be on your agenda, and you should be mobilising now rather than waiting for full clarity.

If you are likely to sit outside that group, a proportionate approach still makes sense. All firms in relevant EU Member States will need to produce data for AMLA’s risk-based supervisory approach. Any changes needed to find and report that data sit with the firm, regardless of size.

Timeline

The AMLA/AMLR Implementation Timeline

The timeline below sets out key milestones from Q4 2025 through Q4 2027, together with the final RTS, ITS and guideline texts due across each quarter.

The next two years will not unfold evenly. Activity is heavily concentrated in 2026 – particularly Q2 and Q3 – when most substantive RTS, ITS and guidelines enter consultation or land as final texts. By mid-2027, the pace slows and the focus shifts from rule-making to implementation. Reading the timeline this way helps firms plan resourcing, rather than treating every quarter as equally demanding.

Three types of event drive what firms should be doing at each stage:

Milestones (dated obligations) are fixed points. The 10 July 2027 implementation deadline is the hard stop.

Consultation launches are where the direction of travel becomes hard to change. In our experience, underlying policy intent rarely shifts between consultation and final publication.

Final texts published make expectations concrete, triggering a gap analysis, and an update to the position paper. The heavy Q2 and Q4 2026 clusters will be the pinch points – firms should plan capacity accordingly.

A note on existing EBA standards. The timeline below covers AMLA's forward work plan only. A separate body of EBA Guidelines and RTS – including the ML/TF Risk Factors Guidelines, Remote Onboarding Guidelines, Travel Rule Guidelines, De-risking Guidelines and Supervision RBA Guidelines – remains in force today and will continue to apply until AMLA issues equivalent replacement standards. Firms should not treat these as superseded in the interim. Some will be directly replaced by items in this timeline (for example, the Risk Factors Guidelines will effectively be superseded by the AMLR 10(4), 20(3) and 26(5) guidance bundle); others will likely be refreshed later in AMLA's workplan beyond the period shown here.

Implementation Timeline

For the full timeline, download our briefing note PDF.

Quarter	Key milestones	Consultations launched	Final drafts due
Q4 2025			RTS: AMLA-R 12(7) Supervisory Risk Assessment (identifying the Top 40) AMLD 40(2) FS Assessment methodology for Top 40 – Financial Sector
Q1 2026	1 Jan 2026 Transfer of all AML/CFT mandates and functions from the EBA to AMLA completed 4 Feb 2026 AMLA 2026–28 Single Programming Document (SPD) published	ITS: AMLA-R 15(3) Supervisory coordination for Competent Authorities RTS: AMLD 53(10) Pecuniary Sanctions (NFS edition)
Q2 2026		RTS: AMLR 16(4) Risk Classification (group-wide policies) AMLR 19(9) Business Relationships & Thresholds AMLR 28(1) Customer Due Diligence AMLR 17(3) Risk Scoring Methodology (third-country branches) AMLA-R 11(6) Supervisory Selection Criteria (central DB) AMLD 46(4) FIU Cooperation (home/host supervisors) AMLD 31(3) Beneficial Ownership Registers (STR relevance) ITS: AMLA-R 41(2) Data Submission Standards (EPPO reporting) AMLR 81(1) Reporting Templates (FIU dissemination) AMLD 31(2) BO Register Access (FIU exchange format) GL: AMLR 10(4) Risk-Based Approach (BWRA content) AMLD 53(11) Sanctions Framework (base amounts)	ITS: AMLA-R 15(3) Supervisory coordination for Competent Authorities AMLR 81(1) Reporting Templates AMLD 31(2) BO Register Access RTS: AMLD 53(10) Pecuniary Sanctions AMLR 16(4) Risk Classification AMLR 19(9) Business Relationships & Thresholds AMLR 28(1) Customer Due Diligence AMLA-R 11(6) Supervisory Selection Criteria AMLR 17(3) Risk Scoring Methodology AMLD 46(4) FIU Cooperation
Q3 2026	10 Jul 2026 AMLA must issue guidance to support Obliged Entities in implementing various Articles of AMLR	GL: AMLR 20(3) Customer Risk Assessment AMLR 26(5) Enhanced Due Diligence (ongoing monitoring) ITS: AMLR 69(3) Information Exchange (STR formats) RTS: AMLD 41(2) Record Retention (central contact points) AMLD 40(2) NFS Non-Financial Scope	—
Q4 2026		RTS: AMLD 50(13) Supervisory Powers (NFS colleges) AMLD 49(14) Supervisory Cooperation (FS colleges)	ITS: AMLA-R 41(2) Data Submission Standards AMLR 69(3) Information Exchange GL: AMLD 53(11) Sanctions Framework AMLR 10(4) Risk-Based Approach AMLR 20(3) Customer Risk Assessment AMLR 26(5) Enhanced Due Diligence RTS: AMLD 31(3) Beneficial Ownership Registers AMLD 41(2) Record Retention AMLD 40(2) NFS Non-Financial Scope
Q1 2027		GL: AMLR 9(4) Internal Controls	RTS: AMLD 50(13) Supervisory Powers AMLD 49(14) Supervisory Cooperation
Q2 2027		—	GL: AMLR 9(4) Internal Controls
Q3 2027	10 Jul 2027 AMLR implementation deadline for all EU Member States AMLA must issue further guidance to support Obliged Entities in implementing various Articles of AMLR	—	—
Q4 2027	10 Oct 2027 Member States must provide AMLA with a list of the types of legal entities existing under national law with beneficial owners	—	—

Source: AMLA Single Programming Document 2026–28, Annex XI Planning on RTS/ITS/GL. Consultation-phase entries reflect AMLA’s planned consultation start quarters; final drafts show when the final text is expected to be published.

Plain English labels are BeyondFS interpretations of the subject matter of each standard and are provided as a navigational aid, not a substitute for the full title.

Frequently asked questions

FAQs: AI in FinCrime

AMLR is EU law and does not apply directly to UK-regulated entities. However, if your group has legal entities authorised in EU Member States, AMLR applies to those entities from 10 July 2027. The practical implication for UK-based groups is that group-wide policies, governance frameworks and operating models may need to accommodate two different regulatory regimes. If your EU entities are required to implement tighter or more prescriptive standards under AMLR, that creates pressure for a coherent group response – not just a local fix. UK firms with no EU presence can reasonably monitor at a distance, but any firm with EU operations should have a clear internal position on scope and impact now.
The critical difference is legal form. Previous EU AML requirements were delivered through Directives, which each Member State had to transpose into national law. That transposition process introduced significant variation – different interpretations, different timelines, different supervisory expectations from one jurisdiction to the next. AMLR is a Regulation, which means it applies directly and uniformly across all EU Member States from the date of application, without national transposition. There is no opportunity for local interpretation to shape the core requirements. That is a structural change in how EU AML rules work, not just an update to what they say.
Yes. The threshold for AMLA's direct supervision is broadly those operating across six or more EU Member States with 20,000 or more customers – but AMLR applies to a much wider population regardless of whether a firm falls within that group. All firms in scope will need to comply with the regulation's substantive requirements: CDD standards, business-wide risk assessment obligations, internal control frameworks, documentation and policy requirements. National supervisors will apply the same rulebook. Additionally, all firms in relevant EU Member States will need to produce data to support AMLA's risk-based supervisory approach, regardless of size. The question of direct supervision affects who your regulator is, not whether the rules apply to you.
Yes – and there is more that can be tested now than many firms assume. Several parts of AMLR are already explicit enough to assess without waiting for further technical standards: mandatory review cycle maxima for customer and business-wide risk assessments, business-day timelines for key processes, required content for business-wide risk assessments, defined internal roles and responsibilities, and minimum policy requirements. These are set out plainly in the regulation text and should not be assumed to soften with later guidance. The more important reason to act now is governance. Every MLRO or Head of Financial Crime should already have a clear view of what AMLR means for their organisation – what is in scope, what is already testable, and what is being deliberately held pending further standards. That documented position is what boards and regulators will ask for, and it is much easier to produce calmly now than under pressure later.

Expert support on AMLA & AMLR readiness

If you need support preparing for AMLR – from initial scoping and gap analysis to cross-border harmonisation and board-ready position papers – we can help.

Our clients turn to us instead of the 'big 4' because of our deep expertise in delivering financial crime change programmes. Get in touch today to find out more.

Contact us to speak with our experts

Matt Neill

Partner at BeyondFS

matt.neill@beyondfs.co.uk

Clarinda Woodword

Director at BeyondFS

clarinda.woodford@beyondfs.co.uk

Adrian Barnett

Director at BeyondFS

Jonathan Kohler

Associate Director at BeyondFS

jonathan.kohler@beyondfs.co.uk

AMLA & AMLR: Your Guide to the EU's New AML Framework

Contents