EBA ¦ Report on Supervisory Convergence 2024

Supervisory Convergence 2024: What AML/CFT Practitioners Need to Know

The European Banking Authority’s 2024 supervisory convergence review shows that EU supervisors continued to tighten and align prudential, resolution and digital-finance oversight while increasing focus on anti‑money laundering and countering the financing of terrorism (AML/CFT). For practitioners and compliance teams this matters: supervisory convergence reduces opportunities for regulatory arbitrage, concentrates supervisory scrutiny on common weaknesses, and creates practical expectations that banks, asset managers, fintechs and crypto‑asset firms must meet. This article extracts the AML/CFT implications from the EBA’s report and sets out what firms and compliance officers should prioritise now.

Stronger, more coordinated supervisory focus on AML/CFT

The EBA continued to push supervisory convergence across the EU using multiple tools: thematic programmes (the European Supervisory Examination Programme, ESEP), targeted monitoring of supervisory colleges, peer reviews, Q&As and implementation reviews of AML/CFT supervision. In 2024 the EBA reported improved functioning of AML/CFT colleges, stronger cooperation between prudential and AML/CFT supervisors, and clearer expectations that AML/CFT must be integrated in broader supervisory assessments. These developments signal an enforcement environment where inconsistent local practice is less likely to be tolerated and where cross‑border coordination is routine.

Why this matters for firms

1. AML/CFT supervision is becoming more aligned across jurisdictions: firms operating cross‑border should expect more similar supervisory questions and higher probability of coordinated follow‑up across host and home authorities.
2. Joint attention by prudential and AML/CFT supervisors increases the chance that AML/CFT weaknesses will affect broader supervisory outcomes (e.g., tax integrity and dividend arbitrage schemes).
3. AMLA’s upcoming role (from end‑2025) means firms should expect centralised coordination of colleges and more systematic peer‑level scrutiny.

Bastian Schwind-Wagner_Follow "The EBA’s 2024 supervisory convergence work underscores that AML/CFT is now tightly integrated with prudential and digital‑asset supervision, requiring firms to strengthen data, governance and cross‑border coordination. Compliance teams must prioritise robust MIS, documented oversight of automated controls, and clear, testable playbooks for college interactions and crypto‑asset activity."

Key AML/CFT findings and supervisory trends to act on

1. Colleges are working better — but strategic coordination can still be weak

   The EBA found AML/CFT colleges improved organisation, pre‑meeting information sharing and lead supervisor engagement. However, colleges often fell short of identifying cross‑cutting issues requiring coordinated action. For firms, this means supervisors are better placed to spot systemic patterns but may not always agree on coordinated supervisory remedies unless they push for it.

   Takeaway for compliance teams: prepare consistent, high‑quality information packages for college processes (risk assessments, CDD frameworks, STR trends, transaction‑monitoring results). If your institution is a lead or key participant in a college, proactively surface cross‑border risk patterns and proposed coordinated mitigants.

2. AML/CFT implementation reviews show progress — but enforcement and consistency vary

   EBA implementation reviews documented marked improvements in risk‑based supervision, standalone AML/CFT units and supervisory cooperation. Gaps remain in consistent application of expectations and in sanctions/enforcement effectiveness in some jurisdictions.

   Takeaway for compliance teams: don’t rely on local supervisory forbearance. Ensure internal policies and controls meet EU‑wide standards, document risk‑based supervisory justifications, and be prepared to demonstrate remediation and enforcement logic — especially where regulators may demand stronger corrective action.

3. Digital finance, crypto and e‑money tokens are high AML/CFT focus areas

   The EBA’s work on MiCA, issuance of e‑money tokens (EMTs) and asset‑referencing tokens (ARTs), plus supervisory coordination following major crypto enforcement developments, shows AML/CFT risks in crypto are being actively monitored. The EBA organised workshops linking payment services, AML/CFT and crypto supervision and clarified how AML/CFT rules apply to EMTs issued by regulated electronic money institutions.

   Takeaway for compliance teams: if you issue, custody or transact crypto‑assets (or work with third‑party CASPs), you must align KYC/CDD, transaction monitoring, sanctions screening and travel rule capabilities to both MiCA and AML/CFT obligations. Early‑stage EMT/ART issuers should expect licensing scrutiny on financial crime controls and will need to show robust, tech‑enabled AML compliance.

4. FinTech business models get targeted monitoring

   EBA thematic monitoring covered AML/CFT colleges for banks and payment/e‑money firms with FinTech‑oriented models. Supervisors looked at automated onboarding, transaction monitoring automation and vulnerabilities to fraud.

   Takeaway for compliance teams: automation is not a substitute for governance. Systems that automate KYC, onboarding or monitoring must have documented rules, exception handling, human oversight and periodic model validation to satisfy supervisors who are scrutinising tech‑driven onboarding and screening.

5. Better data and MIS are expected — for AML/CFT too

   Across prudential, resolution and AML/CFT areas, the EBA emphasised data quality, timeliness and management information systems (MIS). Resolution authorities and supervisors tested institutions on data production in short timeframes; many firms still struggle with automation and extracting consistent data.

   Takeaway for compliance teams: improve data pipelines that feed AML/CFT monitoring and reporting. Supervisors will expect rapid, auditable production of CDD records, transaction histories, STR metrics and remediation status. Invest in data lineage, standardised taxonomies and the ability to extract consolidated risk indicators across entities.

6. Cross‑discipline issues (tax integrity, dividend arbitrage) attract AML/CFT attention

   Peer reviews on tax integrity and dividend/arbitrage schemes reaffirmed supervisors’ expectation that controls should mitigate the use of financial institutions in tax fraud and linked schemes. AML/CFT and prudential supervisors are watching these threats and expect proportionate measures where risk exists.

   Takeaway for compliance teams: expand AML risk assessments to cover tax‑integrity threats where relevant; ensure enhanced due diligence and transactional analytics for client types or products that could be used in such schemes.

Practical next steps for compliance and financial crime teams

• Update enterprise AML risk assessments to reflect supervisory convergence: incorporate cross‑border activity, crypto exposures, automated onboarding processes, and fintech partnerships. Use common taxonomies so that reporting to different supervisors is coherent.
• Strengthen data and MIS for rapid supervisory reporting: ensure automated extraction of transaction histories, CDD records and risk scores; enable speedy response to college enquiries and dry‑run tests.
• Document governance and human oversight for automated controls: pattern‑based onboarding, AML rule engines and modelled monitoring require documented validation, exception handling, escalation matrices and senior‑management attestation.
• Prepare playbooks for cross‑border supervisory engagement: designate leads for college interactions, pre‑package information packets, and maintain an issues log to demonstrate remediation progress.
• Reassess third‑party and crypto‑asset relationships: ensure contractual and operational controls cover AML/CFT risks, that vendors can support timely data requests, and that token‑related products are covered by appropriate KYC and travel‑rule measures.
• Map regulatory expectations in intersection areas: where payment and crypto rules overlap, be ready to explain how AML/CFT protections are maintained during transitions and authorisation changes.

Conclusion

The EBA’s 2024 supervisory convergence work makes clear that AML/CFT is no longer siloed: it is an integral part of prudential and resolution assessments, of digital‑asset licensing and of supervisory colleges’ cross‑border scrutiny. Firms that invest in better data, clearer governance, robust automation oversight and cross‑border readiness will not only reduce operational risk but will be better positioned to respond to coordinated supervisory requests and inspections. For compliance leaders, the priority is practical: turn supervisory expectations into testable controls, measurable KPIs and documented remediation pathways that pass both AML/CFT and prudential scrutiny.

Dive deeper

• EBA ¦ The EBA publishes its 2024 Report on supervisory convergence ¦ Link