After having reached a provisional agreement on the tasks, powers and structure of the new Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA) in December 2023, the final text of Regulation (EU) 2024/1620 establishing the Authority was published in the EU’s Official Journal of 19 June 2024. On 22 February 2024, the European Parliament and the Council selected Frankfurt am Main, Germany, as the seat of the new EU body.

The AMLA Regulation is part of a comprehensive overhaul of the EU’s anti-money laundering rules and a centrepiece of the Commission’s proposals for this reform tabled in July 2021 (→ eucrim 3/2021, 153-154). The new authority is designed to overcome the existing deficiencies in the quality and effectiveness of AML/CFT supervision in the EU and contribute to better convergence of high supervisory standards. It will also be responsible for contributing to the implementation of the newly created harmonised AML/CFT rules through the Single Rulebook (→ separate news item).

AMLA’s tasks:

AMLA’s tasks are basically twofold: AML/CFT supervision and support of the Member States’ Financial Intelligence Units (FIUs).

Supervisory tasks include direct and indirect supervisory competences. Direct supervision is limited to selected obliged entities in the financial sector that are exposed to high risk of money laundering and terrorism financing. In addition, the AMLA will be responsible for ensuring supervisory convergence and creating a common supervisory culture, and it will have a coordination and convergence role in the non-financial sector.

Concerning its support function, the AMLA will facilitate cooperation, information exchange and identification of best practices among FIUs. It will also have several tasks in setting technical and methodical standards.

Size of the Authority

It is envisaged that the AMLA will reach over 430 staff members over a horizon of four years. Of these, over 200 staff members will work on direct supervision of certain obliged entities. They will work in joint supervisory teams that will include staff of the relevant national supervisors of these entities.

The supervisory system

The Regulation establishes an integrated AML/CFT supervisory system. This means that national supervisors (and FIUs) will remain in place as key elements of the EU’s AML/CFT enforcement system but will closely work together with the AMLA. The AMLA will ensure the effective and consistent functioning of the system. It will only replace national supervisors for a limited number of cross-border financial sector entities in the highest risk category (see above). Apart from this, the AMLA primarily fulfils coordination and supporting functions. In order to effectively implement these functions, the supervisory authorities must, at the request of the AMLA, provide the Authority with all information concerning obliged entities that remain directly supervised at national level and they must provide information on specificities of their respective national legal framework.

In cooperation with the supervisory authorities, the AMLA will develop and maintain an up-to-date and harmonised AML/CFT supervisory methodology detailing the risk-based approach to supervision of obliged entities in the Union. That methodology will comprise guidelines, recommendations, opinions and other measures and instruments as appropriate, including in particular regulatory and implementing technical standards.

The integrated supervisory system includes several forms of mutual assistance. If, for instance, a supervisory authority faces specific challenges vis-à-vis an enhanced ML/TF risk or due to a lack of resources, it can seek assistance from the staff of the Authority, the staff of one or more supervisory authorities, or a combination thereof. Mutual assistance also includes exchange and secondments of personnel, training activities and exchanges of best practices.

An important tool within the supervisory system will be a central database established and kept up by the AMLA that collects a number of AML/CFT-related information, e.g., on supervisory actions and measures, statistics, assessments of ML/FT risks etc. Information from the database will be made available to any supervisory authority and non-AML/CFT authority on a “need-to-know basis”.

Direct supervision by the AMLA

With the objective of ensuring more effective and less fragmented protection of the Union’s financial framework, a limited number of the riskiest obliged entities operating in the financial sector will be directly supervised by the AMLA. Direct supervision can be triggered in three ways:

• The AMLA itself selects credit institutions and financial institutions being active in at least six Member States and having been qualified, on the basis of a harmonised (yet to be developed) methodology, as having a high ML/TF risk profile. The list will be reviewed periodically every three years. The first selection process will be carried out in 2027, with the selected entities transferred to EU-level supervision as of 2028. In this first phase, the AMLA will not supervise more than 40 entities.
• The AMLA can request a Commission decision to place a financial sector obliged entity under its direct supervision for a limited period of time, irrespective of the objective criteria under the methodology described above. This request can be made, for instance, if an entity is systematically failing to meet the AML/CFT requirements or if a national supervisor is unable to implement recommendations made by the AMLA against the entity.
• A national financial supervisor can request the transfer of supervision to the AMLA in exceptional circumstances. In this case, it is for the AMLA to decide on the necessity of the transfer and assume direct supervision of the obliged entity, e.g., if the integrity of the AML/CFT system so require.

Direct supervision is carried out by Joint Supervisory Teams (JSTs) led by a staff member of the AMLA (“JST coordinator”) and including staff of the relevant national supervisors. AMLA’s powers in the context of direct supervision include the following:

• The AMLA can require internal documents and all necessary information from selected obliged entities, natural persons employed by it, legal persons belonging to it and third parties to whom the selected obliged entities have outsourced operational functions or activities.
• The AMLA can conduct all necessary investigations, i.e., require the submission of documents; examine the books and records of the persons concerned; obtain access to internal audit reports, and any software, databases, IT tools or other electronic means of recording information; obtain access to documents and information relating to decision-making processes, including those developed by algorithms or other digital processes; obtain written or oral explanations from any person referred to above; interview any other person who consents to being interviewed for the purpose of collecting information relating to the subject matter of an investigation.
• The AMLA can conduct all necessary on-site inspections at the business premises of the natural and legal persons concerned; it is also empowered to apply for judicial authorisation if the national law of the Member State concerned so requires.

If the selected obliged entity is found to be in breach of the Union AML/CFT rules, the AMLA has sufficient and demonstrable indications that the selected obliged entity is likely to breach them, or the AMLA determines that the internal policies, procedures and controls in place in the selected obliged entity are not commensurate to the risks of money laundering, its predicate offences or terrorist financing to which the selected obliged entity is exposed, the AMLA can take various administrative measures. These measures include:

• Ordering obliged entities to comply and to implement specific corrective measures;
• Restricting or limiting the business, operations or network of institutions comprising the selected obliged entity;
• Requiring changes in the governance structure (including removal of member of the management body).

In addition to these administrative measures, the AMLA can impose pecuniary sanctions for serious, repeated or systematic breach of directly applicable requirements of the AML/CFT legal framework by the selected obliged entities. The Regulation lays down the basic amount of the pecuniary sanctions taking into account the nature of the requirements that have been breached. For example, basic amounts can be up to €2 million or 1% of the annual turnover (whichever is higher) for serious, repeated or systematic breaches of one or more requirements related to customer due diligence, group-wide policies, procedures and controls or reporting obligations that have been identified in two or more Member States where a selected obliged entity operates. Adjustments to the basic amount will be made in consideration of aggravating or mitigating circumstances.

The Executive Board of the AMLA (see below) can also adopt periodic penalty payments if an obliged entity fails to comply with certain administrative measures or a person fails to cooperate. The Regulation further details the publication of administrative measures, pecuniary sanctions and periodic penalty payments, the enforcement of pecuniary sanctions and periodic penalty payments, and procedural rules for taking supervisory measures and imposing pecuniary sanctions and periodic penalty payments.

The CJEU will have unlimited jurisdiction to review decisions of the Authority imposing a pecuniary sanction or a periodic penalty payment. It may annul, or reduce or increase the amount of, the pecuniary sanction or periodic penalty payment imposed.

Indirect supervision

For non-selected obliged entities in the financial sector, the AML/CFT supervision remains primarily at national level, i.e., direct supervision is exercised by competent national authorities in their full responsibility and accountability. However, the Union legislator entrusted the AMLA with various indirect supervisory powers to ensure consistency and high quality of supervisory actions across the Union. These powers include:

• The AMLA will perform periodic assessments of some or all of the activities of one, several, or all financial supervisors, as well as of their tools and resources. These “assessments of the state of supervisory convergence” will be carried out in cycles on the basis of a uniform (yet to be developed) method that allows for a consistent assessment of, and comparison between, the financial supervisors reviewed. The AMLA can adopt follow-up measures in the form of guidelines and recommendations, including individual recommendations addressed to financial supervisors as a result of the assessment. Financial supervisors “shall make every effort to comply with the specific follow-up measures addressed to them”.
• The AMLA will also be able to settle disagreements between financial supervisors concerning the measures taken against a non-selected obliged entity. The AMLA can adopt binding decisions requiring supervisors to take specific action or to refrain from certain action if an agreement failed during a conciliation phase.
• If there are indications of serious, repeated or systematic breaches of AML/CFT requirements by a non-selected obliged entity, the AMLA can request the local financial supervisor to take specific measures, including the imposition of financial sanctions or other coercive measures. The local supervisor must comply with any request addressed to it and must inform the AMLA at the latest within 10 working days of the day of the notification of such request, of the steps it has taken or intends to take to comply with that request. If the supervisor fails to react adequately, the AMLA may request the Commission to grant transfer of supervision to it for a limited period of time (see also above).
• The AMLA can investigate systematic failures of supervision if financial supervisors do not or improperly apply the Union’s AML/CFT law. In this scenario, the AMLA can issue a recommendation to a supervisor, setting out the action necessary to comply with Union law. If the supervisor does not comply with the recommendation within one month, the Commission can issue a formal opinion requiring the supervisor to comply.

Oversight of the non-financial sector

In the non-financial sector, AMLA’s supervisory powers are less far-reaching:

• In order to strengthen consistency and effectiveness in supervisory outcomes, the AMLA will carry out periodical peer reviews of non-financial supervisors, which will include peer reviews of public authorities overseeing self-regulatory bodies.
• The AMLA can investigate possible breaches or incorrect application of AML/CFT requirements by supervisors in the non-financial sector or public authorities overseeing self-regulatory bodies. If the AMLA establishes that a breach exists, it can address a recommendation to the supervisor or public authority concerned setting out the action necessary to remedy the identified breach. If no appropriate action has been taken within one month, the AMLA can issue a warning to the relevant counterparties of the supervisor or public authority. This power to issue warnings exists alongside the Commission’s power to launch infringement procedures against Member States for not or poorly having implemented Union AML/CFT law.
• Similar to indirect supervision in the financial sector, the AMLA can settle disagreements between non-financial supervisors concerning measures to be taken in relation to an obliged entity in the non-financial sector. By contrast to the financial sector, the AMLA can only issue an “opinion” (not a binding decision) on how to settle the disagreement if the conflict could not be resolved during a conciliation phase.

Support and coordination mechanisms for FIUs

The AMLA is not a “European central FIU”. It rather has a support and coordination role within the network of FIUs. This role consists of the following:

• The AMLA supports and coordinates joint analyses of cross-border suspicious transactions or activities. It cannot force a FIU to participate in a joint analysis, but the FIU concerned must explain the reasons to the AMLA if it refuses. In the course of joint analyses, the staff of the AMLA is authorized to cross-match, on a hit/no-hit basis, the data of the participating FIUs with the information made available by other FIUs and Union bodies, offices and agencies, such as Europol. In the case of a hit, the AMLA shares the information that generated a hit with the FIUs involved and the Union body, office and agency that triggered the hit.
• The FIUs support the AMLA by delegating one or more staff members to AMLA’s central office in Frankfurt.
• Other than joint analyses, the AMLA encourages and facilitates various forms of mutual assistance between FIUs, such as training and staff exchanges.
• The AMLA will manage, host, maintain and keep up-to-date the FIU.net – a decentralized system by which FIUs share information and analyses in an anonymized form. The AMLA ensures that the most advanced and secure technology available is used for FIU.net, subject to a cost-benefit analysis.
• The AMLA will set up a peer review process of the activities of FIUs.

Governance

The AMLA's administrative and management structure comprises:

• A General Board;
• An Executive Board;
• A Chair of the Authority;
• An Executive Director;
• An Administrative Board of Review.

The Executive Director will be responsible for the day-to-day management of the Authority and ensures the functioning of the body, e.g., budget implementation and administration of resources, staff, and procurement.

The Chair will represent the Authority and runs the two collegial bodies: the General Board and the Executive Board.

The General Board has two alternative compositions:

• A supervisory composition with heads of the supervisory authorities of obliged entities in each Member State;
• A FIU composition with heads of FIUs in the Member States.

The General Board in supervisory composition takes all decisions in relation to the AML/CFT supervisory system. It decides on draft regulatory and implementing technical standards, guidelines and similar measures for obliged entities. It also provides its opinion to the Executive Board on draft decision in relation to individual selected obliged entities proposed by the Joint Supervisory Teams.

The General Board in FIU composition adopts acts relevant for FIUs, such as draft regulatory and implementing technical standards, guidelines and similar measures for FIUs.

The Executive Board is composed of the Chair of the Authority and five permanent independent members appointed by the European Parliament and the Council. The Executive Board is in charge of the planning and execution of all tasks of the AMLA (if specific decisions are not expressly allocated to the General Board) and takes all binding decisions towards individual obliged entities or individual supervisory authorities.

The Executive Board also designates a Fundamental Rights Officer who advises the Authority and its staff on compliance with fundamental rights.

Natural and legal persons against whom decision under the direct supervision powers conferred on the AMLA were taken or which concern them directly and individually can request an internal administrative review. For this purpose, the Administrative Board of Review is established which is composed of five independent and suitably qualified persons. If the Board holds the request for review admissible, it can adopt opinions and remit the case for preparation of a new decision to the Executive Board.

Cooperation with other Union bodies, offices and agencies

The AMLA will have to be integrated in the existing security and law enforcement structure both at the Union and national levels. The Regulation provides for the framework in which the AMLA should cooperate in the future. This includes the possibility to conclude agreements or memoranda of understanding with the European Supervisory Authorities (ESAs) and with other national authorities and bodies competent for ensuring compliance with AML/CFT rules.

Conclusion of specific working arrangements or memoranda of understandings is also foreseen with regard to OLAF, Europol, Eurojust and the EPPO. With these bodies close relationships should be established and maintained. The Regulation specifically foresees that results of joint analyses of cross-border cases are reported to the EPPO and OLAF where the results indicate offences/fraud within the remit of the EPPO or OLAF. The AMLA is also enabled to exchange strategic information, such as typologies and risk indicators, with the EPPO, OLAF, Europol, and Eurojust.

External cooperation

The AMLA will also take an active role in external cooperation. Specifically, the Authority is empowered to develop contacts and enter into administrative arrangements with authorities in third countries that have regulatory, supervisory and FIU-related competences.

Timing

After the publication of the Regulation in the Official Journal, the AMLA is established in the course of 2024. The aim is that the Authority can start most of its activities in mid-2025. Full staffing is to be reached in 2027. Direct supervision of certain high-risk financial entities should begin in 2028.