08 July 2026
EP ¦ Hearing with Bruna Szego, Chair of the AMLA
AMLA’s first test: turning EU anti-money laundering reform into real supervision
The European Union’s new Anti-Money Laundering Authority, AMLA, is moving from design to practice. The hearing with its Chair, Bruna Szego, comes at a critical moment. The authority must show that it can do more than publish rules and coordinate institutions. It must prove that it can identify the right entities for direct supervision, support meaningful cooperation between national authorities, and make the new EU framework work in day-to-day financial crime prevention.
That is a demanding task. AMLA is being asked to build a common European approach to anti-money laundering and countering the financing of terrorism while working within a system that still relies heavily on national supervisors, national financial intelligence units, and separate sectoral authorities. The result is a framework with strong ambitions, but also several points where coordination, data quality and operational capacity may decide whether the reform succeeds.
Selecting the first directly supervised entities
One of the earliest and most important tests for AMLA will be the selection of the first entities it will directly supervise. The process is expected to begin by 1 July 2027 and be completed within six months, with direct supervision starting in 2028. The first wave will likely cover around 40 entities or groups, with at least one selected entity from each Member State.
The formal entry criteria are clear enough. A credit institution, financial institution or financial group must operate in at least six Member States, including its home state, either through establishments or by providing services across borders. Once an entity is eligible, AMLA will assess its inherent and residual money laundering and terrorist financing risk. High residual risk is the key threshold for selection.
But the practical question is whether the methodology can produce comparable results across the Union. National supervisors have not all assessed risk in the same way in the past. That means AMLA may receive data shaped by different inspection cultures, different enforcement histories and different levels of supervisory intensity. An institution that has been closely examined may appear riskier simply because weaknesses have been identified and recorded. Another, supervised less intensively, may look cleaner on paper without necessarily being safer.
This is not a minor technical issue. It goes to the heart of whether the first list of directly supervised entities will be seen as credible. AMLA will need to show that it can recognise differences in national data quality, check the reliability of information received from national supervisors and avoid letting incomplete or uneven information distort the final ranking.
Cross-border size is not always the same as cross-border risk
AMLA’s selection model is built around cross-border presence. That makes sense, because direct supervision should focus on entities whose activities have a clear European dimension. Yet size and reach do not automatically equal risk.
The proposed thresholds for services provided without establishment, including customer numbers and transaction values, are intended to capture material cross-border business. They are practical indicators, and they should help exclude firms that only make a nominal notification. Still, they may not catch every risky business model. A firm could operate in several countries with relatively low volumes but high-risk products or customer segments. Another could exceed the thresholds through large amounts of standardised, lower-risk activity.
This issue is especially important for digital business models, including crypto-asset service providers (CASPs), payment institutions (PIs) and electronic money institutions (EMIs). Their customers, infrastructure and transaction flows can be spread across jurisdictions in ways that make the real risk footprint harder to pin down. AMLA will need to look beyond formal location and authorisation and focus on where the risk actually sits.
The same challenge exists at group level. A weighted risk score is meant to stop lower-risk entities from masking a risky group structure. That is sensible. But the method will only work if the weights reflect reality. A small subsidiary or business line may carry serious AML/CFT risk even if it does not represent much of the group’s balance sheet or customer base.
Crypto-asset supervision after MiCAR
The hearing comes just after another major shift: the end of the transitional period under MiCAR on 1 July 2026. Crypto-asset service providers now need proper authorisation under the new EU regime, or they must stop offering services in the Union. That should reduce the fragmentation that previously allowed firms to move between national registration systems and lighter entry requirements.
But MiCAR does not create a single European supervisor for crypto-assets. Most authorisation and day-to-day supervision remain national. ESMA and the EBA have specific roles, while AML/CFT supervision remains split between national authorities and AMLA. Financial intelligence units (FIUs) also continue to play their separate role. The result is a patchwork of responsibilities across authorisation, prudential oversight, market conduct and anti-money laundering supervision.
That makes the boundary between the different authorities especially important. A MiCAR authorisation is not the same thing as a clean bill of health from an AML/CFT perspective. A firm can meet authorisation requirements and still present serious money laundering or terrorist financing risks. The opposite is also true: AML/CFT concerns may be relevant to authorisation or withdrawal decisions even where another authority holds the formal power to decide.
The end of grandfathering may also expose unresolved risks. Firms whose applications fail may continue trying to operate through appeals, by moving activity to other Member States, by relying on reverse solicitation, or by shifting users into self-hosted wallets and partnerships that blur who is actually providing the regulated service. In a digital market, these tactics are difficult to monitor. AMLA’s role will be to support cooperation and escalation, but not to replace market supervision by the authorities that hold the formal powers.
A European FIU system without a European FIU
AMLA’s role in the financial intelligence unit network may prove just as important as its direct supervision powers. The Union still has no European FIU. Each Member State keeps its own unit, with its own legal framework, resources and tools. AMLA is meant to support cooperation, organise joint analyses, mediate when cooperation fails, develop FIU.net and help turn fragmented national intelligence into useful cross-border insight.
That sounds straightforward in principle. In practice, it is a demanding coordination job.
Joint analyses will be central. AMLA can initiate them or help organise them when several FIUs are looking at related cases. That is valuable because suspicious activity often spans jurisdictions, and no single national unit sees the full picture. Yet participation still depends on the FIUs involved. They may refuse access to data, and AMLA cannot simply compel them. Even where a refusal must be explained, that does not guarantee that the necessary intelligence will be shared quickly enough.
The quality of exchange matters as much as the existence of exchange. Standardised templates for information sharing should help, and AMLA is working on them. So far, so good. But standardising the form does not automatically standardise the substance. If one FIU has poor data access, limited analytical tools or slow internal processes, then the usefulness of the exchange will remain limited.
Peer reviews may be one way to improve this. AMLA will assess FIU resources, independence, tools and cooperation practices. That could help identify weak points across the network. The challenge is that AMLA cannot replace a national FIU. It can support and review, but it cannot run the system alone.
Supervisory convergence will define the value of the new framework
The new AML/CFT Single Rulebook should reduce legal fragmentation. That is a major step forward. But common rules do not automatically create common supervisory outcomes. Two national supervisors can read the same rule and still respond very differently in terms of inspection frequency, remediation deadlines, enforcement measures and tolerance for repeat deficiencies.
This is where AMLA’s convergence role becomes crucial. If the majority of obliged entities remain under national supervision, then the success of the whole framework will depend on whether AMLA can identify weak supervision and push for more consistent outcomes. That means looking not only at risk classifications, but also at how inspections are carried out, how quickly findings are addressed, how often sanctions are used and whether supervisors have enough staff and technical capability.
There is also a timing issue. AMLA plans a full assessment cycle for financial supervisors that may last seven years. That is a long time in a field where risks can change quickly. New payment products, remote onboarding methods, sanctions evasion tactics and crypto-asset models can emerge far faster than a seven-year review cycle. AMLA will therefore need to combine formal reviews with more agile thematic work if it wants to stay ahead of new threats.
Transparency will matter too. If assessments are too heavily anonymised or delayed, it will be difficult for the European Parliament (EP) and the public to see where real problems have been found. Confidentiality has its place, especially in supervisory cooperation. But it should not become a shield against accountability.
Simplification should not become deregulation
AMLA also enters the scene at a time when the EU is talking more seriously about simplification and competitiveness. That creates a useful, but delicate, policy question. How can the system reduce unnecessary burden without weakening the fight against financial crime?
The new framework may bring real simplification by replacing divergent national rules with directly applicable EU standards. That should help groups operating across several Member States. It may reduce duplicated reporting, conflicting guidance and local technical add-ons. But simplification will only be real if national supervisors stop layering extra requirements on top of the common rulebook without a clear risk-based reason.
There is another risk as well: if the framework is designed badly, institutions may respond by de-risking too aggressively. That would mean avoiding customers or sectors because they are difficult to assess rather than because they are truly high risk. AMLA will need to keep proportionality practical, not just theoretical. Lower-risk relationships should not be subject to unnecessary controls, but high-risk activity still needs robust scrutiny.
The key question is whether AMLA’s standards improve targeting. If they help firms and supervisors focus their effort on the real risks, then simplification and effectiveness can go hand in hand. If they merely shift costs around, the reform will have missed the point.
What Bruna Szego will be judged on
The hearing gives Members of the European Parliament a chance to test whether AMLA is ready for the job ahead. The central issues are not abstract. They are about data quality, risk measurement, cross-border coordination, technical capacity and the practical meaning of consistency.
AMLA has a strong mandate. It also has a difficult one. It must build trust with national authorities, prove that its methods are reliable, and show that the new system can work across banking, payments, crypto-assets, financial intelligence and supervisory convergence. The first selection of directly supervised entities, the handling of crypto-asset risks after MiCAR, and the launch of FIU cooperation tools will all be early signs of whether the authority can turn legal design into real impact.
If AMLA gets these first steps right, it could become one of the most important pillars of Europe’s financial crime defences. If it does not, the EU may end up with common rules on paper, but uneven enforcement in practice.
Dive deeper
- European Parliament Think Tank ¦ Hearing with Bruna Szego, Chair of the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA) ¦ Link