Official Journal

of the European Union

EN

L series

19.6.2024

2024/1624

REGULATION (EU) 2024/1624 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

of 31 May 2024

on the prevention of the use of the financial system for the purposes of money laundering or

terrorist financing

(Text with EEA relevance)

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national parliaments,

Having regard to the opinion of the European Central Bank (¹),

Having regard to the opinion of the European Economic and Social Committee (²),

Acting in accordance with the ordinary legislative procedure (³),

Whereas:

(1)

Directive (EU) 2015/849 of the European Parliament and of the Council (⁴) constitutes the main legal instrument for

the prevention of the use of the Union’s financial system for the purposes of money laundering and terrorist

financing. That Directive sets out a comprehensive legal framework, which Directive (EU) 2018/843 of the European

Parliament and the Council (⁵) further strengthened by addressing emerging money laundering and terrorist

financing risks and increasing transparency of beneficial ownership. Notwithstanding the achievements under that

legal framework, experience has shown that further improvements should be introduced to adequately mitigate

money laundering and terrorist financing risks and to effectively detect criminal attempts to misuse the Union’s

financial system for criminal purposes.

(2)

The main challenge identified in respect of the application of the provisions of Directive (EU) 2015/849 that lay

down obligations for obliged entities, is the lack of direct applicability of the rules set out in those provisions and

a fragmented approach along national lines. Although those rules have existed and evolved over three decades, they

are still implemented in a manner not fully consistent with the requirements of an integrated internal market.

Therefore, it is necessary that rules on matters currently covered in Directive (EU) 2015/849 which could be directly

applicable by the obliged entities concerned are addressed in a Regulation in order to achieve the desired uniformity

of application.

(¹)

(²)

(³)

OJ C 210, 25.5.2022, p. 5.

OJ C 152, 6.4.2022, p. 89.

Position of the European Parliament of 24 April 2024 (not yet published in the Official Journal) and decision of the Council of

30 May 2024.

Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the

financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the

European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and

Commission Directive 2006/70/EC (OJ L 141, 5.6.2015, p. 73).

Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the

prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending

Directives 2009/138/EC and 2013/36/EU (OJ L 156, 19.6.2018, p. 43).

(⁴)

(⁵)

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

1/111

EN

OJ L, 19.6.2024

This new instrument is part of a comprehensive package that aims to strengthen the Union’s framework for

(3)

anti-money laundering and countering the financing of terrorism (‘AML/CFT’). Together, this Regulation, Directive

(EU) 2024/1640 of the European Parliament and of the Council (⁶) and Regulations (EU) 2023/1113 (⁷) and (EU)

2024/1620 (⁸) of the European Parliament and of the Council will form the legal framework governing the AML/CFT

requirements to be met by obliged entities and underpinning the Union’s AML/CFT institutional framework,

including the establishment of an Authority for anti-money laundering and countering the financing of terrorism

(AMLA).

(4)

Money laundering and terrorist financing are frequently carried out in an international context. Measures adopted at

Union level, without taking into account international coordination and cooperation, would have very limited effect.

The measures adopted by the Union in that field should therefore be compatible with, and at least as stringent as,

actions undertaken at international level. Union action should continue to take particular account of the Financial

Action Task Force (FATF) Recommendations and instruments of other international bodies active in the fight against

money laundering and terrorist financing. With a view to reinforcing the efficacy of the fight against money

laundering and terrorist financing, the relevant Union legal acts should, where appropriate, be aligned with the

International Standards on Combating Money Laundering and the Financing of Terrorism and Proliferation adopted

by the FATF in February 2012 (the ‘revised FATF Recommendations’) and the subsequent amendments to such

standards.

(5)

Since the adoption of Directive (EU) 2015/849, recent developments in the Union’s criminal law framework have

contributed to strengthening the prevention of and fight against money laundering, its predicate offences and

terrorist financing. Directive (EU) 2018/1673 of the European Parliament and of the Council (⁹) has led to

a common understanding of the money laundering crime and its predicate offences. Directive (EU) 2017/1371 of

the European Parliament and of the Council (¹⁰) defined financial crimes affecting the Union’s financial interest,

which should also be considered predicate offences to money laundering. Directive (EU) 2017/541 of the European

Parliament and of the Council (¹¹) has achieved a common understanding of the crime of terrorist financing. As

those concepts are now clarified in Union criminal law, it is no longer necessary for the Union’s AML/CFT rules to

define money laundering, its predicate offences or terrorist financing. Instead, the Union’s AML/CFT framework

should be fully coherent with the Union’s criminal law framework.

(6)

Harmonisation in the relevant area of criminal law enables a strong and coherent approach at Union level to the

prevention of and fight against money laundering and its predicate offences, including corruption. At the same time,

such an approach ensures that Member States that have adopted a broader approach to the definition of criminal

activities which constitute predicate offences for money laundering can continue to apply such an approach. For that

reason, in line with Directive (EU) 2018/1673, any kind of punishable involvement in the commission of a predicate

offence for money laundering as criminalised in accordance with national law should also be considered as

a criminal activity for the purposes of that Directive and of this Regulation.

(7)

Technology keeps evolving, offering opportunities to the private sector to develop new products and systems to

exchange funds or value. While this is a positive phenomenon, it can generate new money laundering and terrorist

financing risks, as criminals continuously manage to find ways to exploit vulnerabilities in order to hide and move

illicit funds around the world. Crypto-asset service providers and crowdfunding platforms are exposed to the misuse

of new channels for the movement of illicit money and are well placed to detect such movement and mitigate risks.

The scope of Union legislation should therefore be expanded to cover such entities, in line with FATF standards in

(⁶)

Directive (EU) 2024/1640 of the European Parliament and of the Council of 31 May 2024 on the mechanisms to be put in place by

the Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing,

amending Directive (EU) 2019/1937, and amending and repealing Directive (EU) 2015/849 (OJ L, 2024/1640, 19.6.2024,

ELI: http://data.europa.eu/eli/dir/2024/1640/oj).

Regulation (EU) 2023/1113 of the European Parliament and of the Council of 31 May 2023 on information accompanying transfers

of funds and certain crypto-assets and amending Directive (EU) 2015/849 (OJ L 150, 9.6.2023, p. 1).

Regulation (EU) 2024/1620 of the European Parliament and of the Council of 31 May 2024 establishing the Authority for

Anti-Money Laundering and Countering the Financing of Terrorism and amending Regulations (EU) No 1093/2010, (EU)

No 1094/2010 and (EU) No 1095/2010 (OJ L, 2024/1620, 19.6.2024, http://data.europa.eu/eli/reg/2024/1620/oj).

Directive (EU) 2018/1673 of the European Parliament and of the Council of 23 October 2018 on combating money laundering by

criminal law (OJ L 284, 12.11.2018, p. 22).

(⁷)

(⁸)

(⁹)

10

(

)

Directive (EU) 2017/1371 of the European Parliament and of the Council of 5 July 2017 on the fight against fraud to the Union’s

financial interests by means of criminal law (OJ L 198, 28.7.2017, p. 29).

Directive (EU) 2017/541 of the European Parliament and of the Council of 15 March 2017 on combating terrorism and replacing

Council Framework Decision 2002/475/JHA and amending Council Decision 2005/671/JHA (OJ L 88, 31.3.2017, p. 6).

11

)

2/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

relation to crypto-assets. At the same time, advances in innovation, such as the development of the metaverse,

provide new avenues for the perpetration of crimes and for the laundering of their proceeds. It is therefore

important to exercise vigilance as regards the risks associated with the provision of innovative products or services,

whether at Union or national level or at the level of obliged entities.

(8)

(9)

The institutions and persons covered by this Regulation play a crucial role as gatekeepers of the Union’s financial

system and should therefore take all necessary measures to implement the requirements of this Regulation with

a view to preventing criminals from laundering the proceeds of their illegal activities or from financing terrorism.

Measures should also be put in place to mitigate any risk of non-implementation or evasion of targeted financial

sanctions.

The definition of an insurance intermediary under Directive (EU) 2016/97 of the European Parliament and of the

Council (¹²) covers a broad range of natural or legal persons that take up or pursue the activity of insurance

distribution. Some insurance intermediaries take up insurance distribution activities under the full responsibility of

insurance undertakings or intermediaries and carry out activities subject to their policies and procedures. Where

those intermediaries do not collect premia or amounts intended for the customer, the policy holder or the

beneficiary of the insurance policy, they are not in a position to conduct meaningful due diligence or to detect and

report suspicious transactions. In view of that limited role and of the fact that full application of AML/CFT

requirements is ensured by the insurance undertakings or intermediaries under whose responsibility they provide

services, intermediaries that do not handle funds as defined in Article 4, point (25), of Directive (EU) 2015/2366 of

the European Parliament and of the Council (¹³) should not be considered obliged entities for the purposes of this

Regulation.

(10) Holding companies that carry out mixed activities and have at least one subsidiary that is an obliged entity should

themselves be included as obliged entities in the scope of this Regulation. To ensure consistent supervision by

financial supervisors, in cases where the subsidiaries of a mixed activity holding company include at least one credit

institution or financial institution, the holding company itself should also qualify as a financial institution.

(11) Financial transactions can also take place within the same group as a way of managing group finances. However,

such transactions are not undertaken vis-à-vis customers and do not require the application of AML/CFT measures.

In order to ensure legal certainty, it is necessary to recognise that this Regulation does not apply to financial activities

or other financial services which are provided by members of a group to other members of that group.

(12) Independent legal professionals should be subject to this Regulation when participating in financial or corporate

transactions, including when providing tax advice, because there is risk of the services provided by those legal

professionals being misused for the purpose of laundering the proceeds of criminal activity or for the purpose of

terrorist financing. There should, however, be exemptions from any obligation to report information obtained

before, during or after judicial proceedings, or in the course of ascertaining the legal position of a client, as such

information is covered by legal privilege. Therefore, legal advice should remain subject to the obligation of

professional secrecy, except where the legal professional is taking part in money laundering or terrorist financing,

the legal advice is provided for the purposes of money laundering or terrorist financing, or where the legal

professional knows that the client is seeking legal advice for the purposes of money laundering or terrorist financing.

Such knowledge and purpose can be inferred from objective factual circumstances. As legal advice might already be

sought at the stage of perpetrating the proceeds-generating criminal activity, it is important that cases excluded from

legal privilege extend to situations where legal advice is provided in the context of the predicate offences. Legal

advice sought in relation to ongoing judicial proceedings should not be deemed to constitute legal advice for the

purposes of money laundering or terrorist financing.

(13) In order to ensure respect for the rights guaranteed by the Charter of Fundamental Rights of the European Union

(the ‘Charter’), in the case of auditors, external accountants and tax advisors who, in some Member States, are

entitled to defend or represent a client in the context of judicial proceedings or to ascertain a client’s legal position,

the information they obtain in the performance of those tasks should not be subject to reporting obligations.

12

(

)

Directive (EU) 2016/97 of the European Parliament and of the Council of 20 January 2016 on insurance distribution (OJ L 26,

2.2.2016, p. 19).

Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal

market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing

Directive 2007/64/EC (OJ L 337, 23.12.2015, p. 35).

13

(

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

3/111

EN

OJ L, 19.6.2024

However, the same exceptions that apply to notaries and lawyers should also apply to those professionals where they

act in the exercise of the right of defence or when they ascertain the legal position of a client.

(14) Directive (EU) 2018/843 was the first legal instrument to address the risks of money laundering and terrorist

financing posed by crypto-assets in the Union. It extended the scope of the AML/CFT framework to two types of

crypto-asset service providers: providers engaged in exchange services between virtual currencies and fiat currencies,

and custodian wallet providers. Due to rapid technological developments and the advancement in FATF standards, it

is necessary to review that approach. A first step to complete and update the Union legal framework has been

achieved with Regulation (EU) 2023/1114 of the European Parliament and of the Council (¹⁴), which set

requirements for crypto-asset service providers wishing to apply for an authorisation to provide their services in the

internal market. It also introduced a definition of crypto-assets and crypto-asset service providers encompassing

a broader range of activities. In addition, Regulation (EU) 2023/1113 has extended traceability requirements to

transfers of crypto-assets carried out by crypto-asset service providers covered by Regulation (EU) 2023/1114, and

amended Directive (EU) 2015/849 to require Member States to make those crypto-asset service providers obliged

entities. Those crypto-asset service providers should also be covered by this Regulation, to mitigate any risk of

misuse of crypto-assets for money laundering or terrorist financing purposes.

(15) The creation of markets in unique and non-fungible crypto-assets is still recent and has not resulted in legislation

regulating their functioning. The evolution of those markets is being monitored and it is important that it does not

result in new money laundering and terrorist financing risks that would not be properly mitigated. By 30 December

2024, the Commission is to submit a report to the European Parliament and to the Council on the latest

developments with respect to crypto-assets, including an assessment of the development of markets in unique and

non-fungible crypto-assets, the appropriate regulatory treatment of such crypto-assets, including an assessment of

necessity and feasibility of regulating providers of services related to unique and non-fungible crypto-assets. If

appropriate, the Commission is to accompany that report with a legislative proposal.

(16) Crowdfunding platforms’ vulnerabilities to money laundering and terrorist financing risks are horizontal and affect

the internal market as a whole. To date, diverging approaches have emerged across Member States as to the

management of those risks. While Regulation (EU) 2020/1503 of the European Parliament and of the Council (¹⁵)

harmonises the regulatory approach for business investment and lending-based crowdfunding platforms across the

Union and introduces several safeguards to deal with potential money laundering and terrorist financing risks, such

as due diligence of crowdfunding platforms in respect of project owners and within authorisation procedures, the

lack of a harmonised legal framework with robust AML/CFT obligations for crowdfunding platforms creates gaps

and weakens the Union’s AML/CFT safeguards. It is therefore necessary to ensure that all crowdfunding platforms,

including those already licensed under Regulation (EU) 2020/1503, are subject to Union AML/CFT legislation.

(17) Crowdfunding intermediaries, which operate a digital platform in order to match or facilitate the matching of

funders with projects owners such as associations or individuals that seek funding, are exposed to money laundering

and terrorist financing risks. Undertakings that are not licensed under Regulation (EU) 2020/1503 are currently left

either unregulated or are subject to diverging regulatory approaches across Member States, including in relation to

rules and procedures to tackle money laundering and terrorist financing risks. Such intermediaries should therefore

be subject to the obligations of this Regulation, in particular to avoid the diversion of funds as defined in Article 4,

point (25), of Directive (EU) 2015/2366 or crypto-assets raised for illicit purposes by criminals. In order to mitigate

such risks, those obligations apply to a wide range of projects, including, inter alia, educational or cultural projects

and the collection of those funds or crypto-assets to support more general causes, for example in the humanitarian

field, or to organise or celebrate a family or social event.

(18) Directive (EU) 2015/849 set out to mitigate the money laundering and terrorist financing risks posed by large cash

payments by including persons trading in goods among obliged entities where they make or receive payments in

cash above EUR 10 000, whilst allowing Member States to introduce stricter measures. Such an approach has shown

14

(

)

Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and

amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937 (OJ L 150,

9.6.2023, p. 40).

Regulation (EU) 2020/1503 of the European Parliament and of the Council of 7 October 2020 on European crowdfunding service

providers for business, and amending Regulation (EU) 2017/1129 and Directive (EU) 2019/1937 (OJ L 347, 20.10.2020, p. 1).

15

(

4/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

to be ineffective in light of the poor understanding and application of AML/CFT requirements, lack of supervision

and limited number of suspicious transactions reported to the Financial Intelligence Unit (FIU). In order to

adequately mitigate risks deriving from the misuse of large cash sums, a Union-wide limit to large cash payments

above EUR 10 000 should be laid down. As a consequence, persons trading in goods no longer need to be subject to

AML/CFT obligations, with the exception of persons trading in precious metals, precious stones, other high value

goods and cultural goods.

(19) Some categories of persons trading in goods are particularly exposed to money laundering and terrorist financing

risks due to the high value of the often small, transportable goods they deal with. For that reason, persons dealing in

precious metals and precious stones and other high value goods should be subject to AML/CFT requirements where

such trading is either a regular or a principal professional activity.

(20) Motor vehicles, watercraft and aircraft in the higher market segments are vulnerable to risks of misuse for money

laundering and terrorist financing given their high value and transportability. Therefore, persons trading in such

goods should be subject to AML/CFT requirements. The transportable nature of those goods is particularly attractive

for the purposes of money laundering and terrorist financing given the ease with which such goods can be moved

across or outside Union borders, and the fact that access to information on such goods where registered in third

countries might not be easily accessible to competent authorities. To mitigate risks that Union high-value goods may

be misused for criminal purposes and to ensure visibility on the ownership of such goods, it is necessary to require

persons trading in high-value goods to report transactions concerning the sale of motor vehicles, watercraft and

aircraft. Credit institutions and financial institutions provide services that are essential for the conclusion of the sale

or transfer of ownership of such goods, and should also be required to report those transactions to the FIU. While

goods intended solely for the pursuit of commercial activities should not be subject to such disclosure, sales for

private, non-commercial use should not be limited to instances where the customer is a natural person, but should

also relate to sales to legal entities and arrangements, in particular where they are set up to administer the wealth of

their beneficial owner.

(21) Investment migration operators are private companies, bodies or persons acting or interacting directly with the

national authorities competent for granting rights of residence on behalf of third-country nationals or providing

intermediary services to third-country nationals seeking to obtain residence rights in a Member State in exchange for

any kind of investment, including capital transfers, purchase or renting of property, investment in government

bonds, investment in corporate entities, donation or endowment of an activity contributing to the public good and

contributions to the state budget. Investor residence schemes present risks and vulnerabilities in relation to money

laundering, corruption and tax evasion. Such risks are exacerbated by the cross-border rights associated with

residence in a Member State. Therefore, it is necessary that investment migration operators are subject to AML/CFT

obligations. This Regulation should not apply to investor citizenship schemes, which result in the acquisition of

nationality in exchange for such investment, as such schemes must be considered as undermining the fundamental

status of Union citizenship and sincere cooperation among Member States.

(22) While creditors for mortgage and consumer credits are typically credit institutions or financial institutions, there are

consumer and mortgage credit intermediaries that do not qualify as credit institutions or financial institutions and

have not been subject to AML/CFT requirements at Union level, but have been subject to such obligations in certain

Member States due to their exposure to money laundering and terrorist financing risks. Depending on their business

model, such consumer and mortgage credit intermediaries can be exposed to significant money laundering and

terrorist financing risks. It is important to ensure that entities carrying out similar activities that are exposed to such

risks are covered by AML/CFT requirements, regardless of whether they qualify as credit institutions or financial

institutions. Therefore, it is appropriate to include consumer and mortgage credit intermediaries that are not credit

institutions or financial institutions but that are, as a result of their activities, exposed to money laundering and

terrorist financing risks. In many cases, however, the credit intermediary is acting on behalf of the credit institution

or financial institution that grants and processes the loan. In those cases, AML/CFT requirements should not apply to

consumer and mortgage credit intermediaries, but only to the credit institutions or financial institutions.

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

5/111

EN

OJ L, 19.6.2024

(23) To ensure a consistent approach, it is necessary to clarify which entities in the investment sector are subject to

AML/CFT requirements. Although collective investment undertakings already fall within the scope of Directive (EU)

2015/849, it is necessary to align the relevant terminology with the current Union investment fund legislation,

namely Directives 2009/65/EC (¹⁶) and 2011/61/EU (¹⁷) of the European Parliament and of the Council. Because

funds might be constituted without legal personality, the inclusion of their managers in the scope of this Regulation

is also necessary. AML/CFT requirements should apply regardless of the form in which units or shares in a fund are

made available for purchase in the Union, including where units or shares are directly or indirectly offered to

investors established in the Union or placed with such investors at the initiative of the manager or on behalf of the

manager. As both funds and fund managers fall within the scope of AML/CFT requirements, it is appropriate to

clarify that a duplication of efforts should be avoided. To that end, the AML/CFT measures taken at the level of the

fund and at the level of its manager should not be the same, but should reflect the allocation of tasks between the

fund and its manager.

(24) The activities of professional football clubs and football agents are exposed to risks of money laundering and its

predicate offences due to several factors inherent to the football sector, such as the global popularity of football, the

considerable sums, cash flows and financial interests involved, the prevalence of cross-border transactions, and the

sometimes opaque ownership structures. All those factors expose football to possible abuse by criminals to

legitimise illicit funds and thus make the sport vulnerable to money laundering and its predicate offences. Key areas

of risk include, for example, transactions with investors and sponsors, including advertisers, and the transfer of

players. Professional football clubs and football agents should therefore put in place robust anti-money laundering

measures, including carrying out customer due diligence on investors, sponsors, including advertisers, and other

partners and counterparties with whom they transact. In order to avoid any disproportionate burden on smaller

clubs that are less exposed to risks of criminal misuse, Member States should be able to, on the basis of a proven

lower risk of money laundering, its predicate crimes and terrorist financing, exempt certain professional football

clubs from the requirements of this Regulation, whether in full or in part.

(25) The activities of professional football clubs competing in the highest divisions of their national football leagues make

them more exposed to higher risks of money laundering and its predicate offences compared to football clubs

participating in lower divisions. For example, top-tier football clubs engage in more substantial financial

transactions, such as high-value transfers of players and sponsorship deals, might have more complex corporate

structures with multiple layers of ownership, and are more likely to engage in cross-border transactions. Those

factors make such top-tier clubs more attractive for criminals and provide more opportunities to conceal illicit funds.

Therefore, Member States should only be able to exempt professional football clubs participating in the highest

division in cases of proven low risk and provided that such clubs have a turnover for each of the previous 2 years of

less than EUR 5 000 000 or the equivalent in national currency. Nonetheless, the risk of money laundering is not

determined solely by the division in which a football club competes. Lower-division clubs can also be exposed to

significant risks of money laundering and its predicate offences. Member States should therefore only be able to

exempt from the requirements of this Regulation football clubs in lower divisions that are associated with a proven

low risk of money laundering, its predicate offences or terrorist financing.

(26) This Regulation harmonises the measures to be put in place to prevent money laundering, its predicate offences and

terrorist financing at Union level. At the same time, in line with the risk-based approach, Member States should be

able to impose additional requirements in limited cases where they are confronted with specific risks. To ensure that

such risks are adequately mitigated, obliged entities that have their head office located in another Member State

should apply such additional requirements, whether they operate in that other Member State through freedom of

establishment or under the freedom to provide services, provided they have an infrastructure in that other Member

State. Furthermore, in order to clarify the relationship between those internal market freedoms, it is important to

clarify what activities amount to an establishment.

(27) Consistent with the case law of the Court of Justice of the European Union, unless specifically set out in sectorial

legislation an establishment does not need to take the form of a subsidiary, branch or agency, but can consist of an

office managed by an obliged entity’s own staff or by a person who is independent but authorised to act on

a permanent basis for the obliged entity. According to that definition, which requires the actual pursuit of an

16

(

)

Directive 2009/65/EC of the European Parliament and of the Council of 13 July 2009 on the coordination of laws, regulations and

administrative provisions relating to undertakings for collective investment in transferable securities (UCITS) (OJ L 302, 17.11.2009,

p. 32).

Directive 2011/61/EU of the European Parliament and of the Council of 8 June 2011 on Alternative Investment Fund Managers and

amending Directives 2003/41/EC and 2009/65/EC and Regulations (EC) No 1060/2009 and (EU) No 1095/2010 (OJ L 174,

1.7.2011, p. 1).

17

(

6/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

economic activity at the place of establishment of the provider, a mere letter-box does not constitute an

establishment. Equally, offices or other infrastructure used for supporting activities, such as mere back-office

operations, IT-hubs or data centres operated by obliged entities, do not constitute an establishment. Conversely,

activities such as the provision of crypto-asset services through ATMs constitute an establishment having regard to

the limited physical equipment needed for operators that mainly service their customers through the internet, as is

the case for crypto-asset service providers.

(28) It is important that AML/CFT requirements apply in a proportionate manner and that the imposition of any

requirement is proportionate to the role that obliged entities are able to play in the prevention of money laundering

and terrorist financing. To that end, it should be possible for Member States, in line with the risk-based approach of

this Regulation, to exempt certain operators from AML/CFT requirements where the activities they perform present

low money laundering and terrorist financing risks and where the activities are limited in nature. To ensure

transparent and consistent application of such exemptions across the Union, a mechanism should be put in place

allowing the Commission to verify the necessity of the exemptions to be granted. The Commission should also

publish such exemptions on a yearly basis in the Official Journal of the European Union.

(29) A consistent set of rules on internal systems and controls that applies to all obliged entities operating in the internal

market will strengthen AML/CFT compliance and make supervision more effective. In order to ensure adequate

mitigation of money laundering and terrorist financing risks, as well as of risks of non-implementation or evasion of

targeted financial sanctions, obliged entities should have in place an internal control framework consisting of risk–

based policies, procedures and controls and a clear division of responsibilities throughout the organisation. In line

with the risk-based approach of this Regulation, those policies, procedures and controls should be proportionate to

the nature of the business, including its risks and complexity, and the size of the obliged entity and respond to the

risks of money laundering and terrorist financing that the entity faces, including, for crypto-asset service providers,

transactions with self-hosted wallets.

(30) An appropriate risk-based approach requires obliged entities to identify the inherent risks of money laundering and

terrorist financing as well as the risks of non-implementation or evasion of targeted financial sanctions that they face

by virtue of their business in order to mitigate them effectively and to ensure that their policies, procedures and

internal controls are appropriate to address those inherent risks. In doing so, obliged entities should take into

account the characteristics of their customers, the products, services or transactions offered, including, for

crypto-asset service providers, transactions with self-hosted addresses, the countries or geographical areas concerned

and the distribution channels used. In light of the evolving nature of risks, such risk assessment should be regularly

updated.

(31) With a view to supporting a consistent and effective approach to the identification of risks affecting their businesses

by obliged entities, AMLA should issue guidelines on minimum requirements for the content of the business-wide

risk assessment and additional sources of information to be taken into account. Those sources could include

information from international standard setters in the field of AML/CFT, such as FATF mutual evaluation reports,

and other credible and reliable sources providing information on typologies, emerging risks and criminal activity,

including corruption, such as reports from civil society organisations, media and academia.

(32) It is appropriate to take account of the characteristics and needs of smaller obliged entities, and to ensure treatment

which is appropriate to their specific needs, and the nature of the business. That might include exempting certain

obliged entities from performing a risk assessment where the risks involved in the sector in which the entity operates

are well understood.

(33) The FATF has developed standards for jurisdictions to identify and assess the risks of potential non-implementation

or evasion of the targeted financial sanctions related to proliferation financing, and to take action to mitigate those

risks. Those new standards introduced by the FATF do not substitute nor undermine the existing strict requirements

for countries to implement targeted financial sanctions to comply with the relevant United Nations Security Council

(‘UNSC’) resolutions relating to the prevention, suppression and disruption of proliferation of weapons of mass

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

7/111

EN

OJ L, 19.6.2024

destruction and its financing. Those existing obligations, as implemented at Union level by Council Decisions

2010/413/CFSP (¹⁸) and (CFSP) 2016/849 (¹⁹) as well as by Council Regulations (EU) No 267/2012 (²⁰) and

(EU) 2017/1509 (²¹), remain binding on all natural and legal persons within the Union. Given the specific risks of

non-implementation and evasion of targeted financial sanctions to which the Union is exposed, it is appropriate to

expand the assessment of risks to encompass all targeted financial sanctions adopted at Union level. The

risk-sensitive nature of AML/CFT measures related to targeted financial sanctions does not remove the rule-based

obligation incumbent upon all natural or legal persons in the Union to freeze and not make funds or other assets

available, directly or indirectly, to designated persons or entities.

(34) In order to ensure that risks of non-implementation or evasion of targeted financial sanctions are appropriately

mitigated, it is important to set out measures that obliged entities are required to implement, including measures to

check their customer base against the lists of persons or entities designated under targeted financial sanctions. The

requirements incumbent upon obliged entities under this Regulation do not remove the rule-based obligation to

freeze and not make funds and other assets available, directly or indirectly, to individuals or entities subject to

targeted financial sanctions that apply to all natural or legal persons in the Union. In addition, the requirements of

this Regulation are not intended to replace obligations regarding the screening of customers for the implementation

of targeted financial sanctions under other Union legal acts or under national law.

(35) In order to reflect the latest developments at international level, a requirement is to be introduced by this Regulation

to identify, understand, manage and mitigate risks of potential non-implementation or evasion of targeted financial

sanctions at obliged entity level.

(36) Listing or designations of individuals or entities by the UNSC or the UN Sanctions Committee are integrated into

Union law by means of decisions and regulations adopted under Article 29 of the Treaty on European Union (TEU)

and Article 215 of the Treaty on the Functioning of the European Union (TFEU) respectively that impose targeted

financial sanctions on such individuals and entities. The process for adoption of such acts at Union level requires

verification of compliance of any designation or listing with fundamental rights granted under the Charter. Between

the moment of publication by the UN and the moment of entry into application of the Union acts transposing the

UN listings or designations, in order to enable the effective application of targeted financial sanctions, obliged

entities should keep records of the funds or other assets they hold for customers listed or designated under UN

financial sanctions, or customers owned or controlled by listed or designated individuals or entities, of any attempted

transaction and of transactions carried out for the customer, such as for the fulfilment of basic needs of the

customer.

(37) In assessing whether a customer who is a legal entity is owned or controlled by individuals designated under targeted

financial sanctions, obliged entities should take into account the Council Guidelines on implementation and

evaluation of restrictive measures (sanctions) in the framework of the Union common foreign and security policy

and the Best Practices for the effective implementation of restrictive measures.

(38) It is important that obliged entities take all measures at the level of their management to implement internal policies,

procedures and controls and to implement AML/CFT requirements. While a member of the management body

should be identified as being responsible for implementing the obliged entity’s internal policies, procedures and

controls, the responsibility for compliance with AML/CFT requirements should rest ultimately with the management

body of the entity. That attribution of responsibility should be without prejudice to national provisions on joint civil

or criminal liability of management bodies. Tasks pertaining to the day-to-day implementation of the obliged entity’s

AML/CFT internal policies, procedures and controls should be entrusted to the compliance officer.

18

(

)

Council Decision 2010/413/CFSP of 26 July 2010 concerning restrictive measures against Iran and repealing Common Position

2007/140/CFSP (OJ L 195, 27.7.2010, p. 39).

Council Decision (CFSP) 2016/849 of 27 May 2016 concerning restrictive measures against the Democratic People’s Republic of

Korea and repealing Decision 2013/183/CFSP (OJ L 141, 28.5.2016, p. 79).

Council Regulation (EU) No 267/2012 of 23 March 2012 concerning restrictive measures against Iran and repealing Regulation (EU)

No 961/2010 (OJ L 88, 24.3.2012, p. 1).

Council Regulation (EU) 2017/1509 of 30 August 2017 concerning restrictive measures against the Democratic People’s Republic

of Korea and repealing Regulation (EC) No 329/2007 (OJ L 224, 31.8.2017, p. 1).

19

20

21

8/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

(39) It should be possible for each Member State to lay down in its national law that an obliged entity subject to

prudential rules requiring the appointment of a compliance officer or of a head of the internal audit function can

entrust those persons with the functions and responsibilities of AML/CFT compliance officer and internal audit

function for AML/CFT purposes. In cases of higher risks, or where justified by the size of the obliged entity, it should

be possible for the responsibilities of compliance controls and of the day-to-day operation of the obliged entity’s

AML/CFT policies and procedures to be entrusted to two different persons.

(40) For effective implementation of AML/CFT measures, it is also vital that the employees of obliged entities, as well as

their agents and distributors, who have a role in that implementation understand the requirements and the internal

policies, procedures and controls in place in the entity. Obliged entities should put in place measures, including

training programmes, to this effect. Where necessary, obliged entities should provide basic training on AML/CFT

measures to all those who have a role in implementing such measures. That includes not only the employees of

obliged entities but also their agents and distributors.

(41) Individuals entrusted with tasks related to an obliged entity’s compliance with AML/CFT requirements should

undergo assessment of their skills, knowledge, expertise, integrity and conduct. Performance by employees of tasks

related to the obliged entity’s compliance with the AML/CFT framework in relation to customers with whom they

have a close private or professional relationship can lead to conflicts of interests and undermine the integrity of the

system. Such relations might exist at the time of the establishment of the business relationship but can also arise

thereafter. Therefore, obliged entities should have in place processes to manage and address conflicts of interests.

Those processes should ensure that employees are prevented from performing any tasks related to the obliged

entity’s compliance with the AML/CFT framework in relation to such customers.

(42) Situations might occur where individuals who would qualify as obliged entities provide their services in-house to

businesses whose activities do not fall within the scope of this Regulation. As those businesses do not act as

gatekeepers of the Union’s financial system, it is important to clarify that such employees, for example in-house

lawyers, are not covered by the requirements of this Regulation. Similarly, individuals carrying out activities that fall

within the scope of this Regulation should not be considered obliged entities in their own right where those activities

are carried out in the context of their employment with an obliged entity, for example in the case of lawyers or

accountants employed with a legal or accounting firm.

(43) The consistent implementation of group-wide AML/CFT policies and procedures is key to the robust and effective

management of money laundering and terrorist financing risks within a group. To that end, group-wide policies,

procedures and controls should be adopted and implemented by the parent undertaking. Entities within a group

should be required to exchange information where such sharing is relevant for preventing money laundering and

terrorist financing. Information sharing should be subject to sufficient guarantees in terms of confidentiality, data

protection and use of information. AMLA should have the task of drawing up draft regulatory standards specifying

the minimum requirements of group-wide procedures and policies, including minimum standards for information

sharing within a group and the criteria for identifying parent undertakings for groups whose head office is located

outside of the Union.

(44) In order to ensure effective application of AML/CFT requirements where several obliged entities are directly or

indirectly linked with each other and constitute, or are a part of, a group of entities, it is necessary to consider the

broadest possible definition of a group. For that purpose, obliged entities should follow applicable accounting rules

which allow structures with various types of economic links to be considered as groups. While a traditional group

includes a parent undertaking and its subsidiaries, other types of group structures are equally relevant, for example

group structures of several parent entities owning a single subsidiary, which have been referred to as entities

permanently affiliated to a central body in Article 10 of Regulation (EU) No 575/2013 of the European Parliament

and of the Council (²²), or financial institutions which are members of the same institutional protection scheme

referred to in Article 113(7) of that Regulation. Those structures are all groups according to accounting rules and

should therefore be considered as groups for the purposes of this Regulation.

22

(

)

Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit

institutions and investment firms and amending Regulation (EU) No 648/2012 (OJ L 176, 27.6.2013, p. 1).

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

9/111

EN

OJ L, 19.6.2024

(45) In addition to groups, other structures exist, such as networks or partnerships, in which obliged entities might share

common ownership, management and compliance controls. To ensure a level playing field across the sectors whilst

avoiding overburdening those sectors, AMLA should identify those situations where similar group-wide policies are

to apply to those structures, taking into account the principle of proportionality.

(46) There are circumstances where branches and subsidiaries of obliged entities are located in third countries where the

minimum AML/CFT requirements, including data protection obligations, are less strict than the Union AML/CFT

framework. In such situations, and in order to fully prevent the use of the Union’s financial system for the purposes

of money laundering and terrorist financing and to ensure the highest standard of protection for personal data of

Union citizens, those branches and subsidiaries should comply with AML/CFT requirements laid down at Union

level. Where the law of a third country does not permit compliance with those requirements, for example because of

limitations to the group’s ability to access, process or exchange information due to an insufficient level of data

protection or banking secrecy law in that third country, obliged entities should take additional measures to ensure

that branches and subsidiaries located in that country effectively handle the risks. AMLA should be tasked with

developing draft regulatory technical standards specifying the type of such additional measures, taking into account

the principle of proportionality.

(47) Obliged entities might outsource tasks relating to the performance of certain AML/CFT requirements to a service

provider. In the case of outsourcing relationships on a contractual basis between obliged entities and service

providers not covered by AML/CFT requirements, any AML/CFT obligations upon those service providers arise only

from the contract between the parties and not from this Regulation. Therefore, the responsibility for complying with

AML/CFT requirements should remain entirely with the obliged entity. The obliged entity should in particular ensure

that, where a service provider is involved for the purposes of remote customer identification, the risk-based

approach is respected. Processes or arrangements that contribute to the performance of a requirement under this

Regulation, but where the performance of the requirement itself is not carried out by a service provider, such as the

use or acquisition of third-party software or the access to databases or screening services by the obliged entity, are

not considered to be outsourcing.

(48) The possibility to outsource tasks to a service provider allows obliged entities to decide on how to allocate their

resources to comply with this Regulation, but does not relieve them of their obligation to understand whether the

measures they undertake, including those outsourced to service providers, mitigate the money laundering and

terrorist financing risks identified, and whether such measures are appropriate. In order to ensure that such

understanding is in place, the final decisions on measures that have a bearing on the implementation of policies,

procedures and controls should always rest with the obliged entity.

(49) The notification of outsourcing arrangements to the supervisor does not imply an acceptance of the outsourcing

arrangement. The information contained in that notification, in particular where critical functions are outsourced or

where the obliged entity systematically outsources its functions, might however be taken into consideration by

supervisors when assessing the obliged entity’s systems and controls, and when determining the residual risk profile

or in preparation for inspections.

(50) In order for outsourcing relationships to function efficiently, further clarity is needed around the conditions

according to which outsourcing takes place. AMLA should have the task of developing guidelines on the conditions

under which outsourcing can take place, as well as the roles and responsibilities of the respective parties. To ensure

that consistent oversight of outsourcing practices is ensured throughout the Union, the guidelines should also

provide clarity on how supervisors are to take into account such practices and verify compliance with AML/CFT

requirements when obliged entities resort to those practices.

(51) Customer due diligence requirements are essential to ensure that obliged entities identify, verify and monitor their

business relationships with their clients, in relation to the money laundering and terrorist financing risks that they

pose. Accurate identification and verification of data of prospective and existing customers are essential for

understanding the risks of money laundering and terrorist financing associated with clients, whether they are natural

or legal persons. Obliged entities should also understand on whose behalf or for the benefit of whom a transaction is

carried out, for example in situations where credit institutions or financial institutions provide accounts to legal

professionals for the purposes of receiving or holding their client’s funds as defined in Article 4, point (25), of

Directive (EU) 2015/2366. In the context of customer due diligence, the person for the benefit of whom

10/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

a transaction or activity is carried out does not refer to the recipient or beneficiary of a transaction carried out by the

obliged entity for their customer.

(52) It is necessary to achieve a uniform and high standard of customer due diligence in the Union, relying on

harmonised requirements for the identification of customers and verification of their identity, and reducing national

divergences to allow for a level playing field across the internal market and for a consistent application of provisions

throughout the Union. At the same time, it is essential that obliged entities apply customer due diligence measures in

a risk-based manner. The risk-based approach is not an unduly permissive option for obliged entities. It involves the

use of evidence-based decision-making in order to target more effectively the risks of money laundering and terrorist

financing facing the Union and those operating within it.

(53) Civil society organisations that conduct charitable or humanitarian work in third countries contribute to the Union’s

goals of achieving peace, stability, democracy and prosperity. Credit institutions and financial institutions play an

important role in ensuring that such organisations can continue to conduct their work, by providing access to the

financial system and important financial services that allow development and humanitarian funding to be

channelled to developing or conflict areas. While obliged entities should be aware that activities conducted in certain

jurisdictions expose them to a higher risk of money laundering or terrorist financing, the operation of civil society

organisations in those jurisdictions should not, alone, result in the refusal to provide financial services or

termination of such services, as the risk-based approach requires a holistic assessment of risks posed by individual

business relationships, and the application of adequate measures to mitigate the specific risks. While credit

institutions and financial institutions remain free to decide with whom they engage in contractual relationships, they

should also be mindful of their central role in the functioning of the international financial system, and in enabling

the movement of funds as defined in Article 4, point (25), of Directive (EU) 2015/2366 or of crypto-assets, for the

important development and humanitarian goals that civil society organisations pursue. Such institutions should

therefore make use of the flexibility allowed by the risk-based approach to mitigate the risks associated with business

relationships in a proportionate manner. Under no circumstances should AML/CFT reasons be invoked to justify

commercial decisions as regards prospective or existing clients.

(54) Obliged entities should identify and take reasonable measures to verify the identity of the beneficial owner using

reliable documents and sources of information. The consultation of central registers of beneficial ownership

information (‘central registers’) allows obliged entities to ensure consistency with information obtained through the

verification process and should not be the obliged entity’s primary source for verification. Where obliged entities

identify discrepancies between information held in the central registers and the information they obtain from the

customer or other reliable sources in the course of customer due diligence, they should report those discrepancies to

the entity in charge of the relevant central register so that measures can be taken to resolve inconsistencies. That

process contributes to the quality and reliability of information held in those registers, as part of a multi-pronged

approach towards ensuring that information contained in central registers is accurate, adequate and up-to-date. In

low-risk situations and where the beneficial owners are known to the obliged entity, it should be possible for obliged

entities to allow the customer to report discrepancies where minor differences are identified that consist of errors of

a typographical or similar technical nature.

(55) The risks posed by foreign legal entities and foreign legal arrangements need to be adequately mitigated. Where

a legal entity created outside the Union or an express trust or similar legal arrangement administered outside the

Union, or whose trustee or person in an equivalent position resides or is established outside the Union, is about to

enter into a business relationship with an obliged entity, the registration of the beneficial ownership information in

the central register of a Member State should be a precondition for entering into the business relationship. However,

for legal entities created outside the Union, the requirement should only apply in the case of medium-high or high

risks of money laundering, its predicate offences or terrorist financing associated with the category of foreign legal

entity, the sector in which the foreign legal entity operates, or in the case of medium-high or high risks of money

laundering, its predicate offences or terrorist financing associated with the sector in which the obliged entity

operates. The registration of the beneficial ownership information should also be a precondition for the

continuation of a business relationship with a legal entity created outside the Union in a situation where that

relationship becomes associated with such medium-high or high risks after its establishment.

(56) The process of establishing a business relationship or carrying out the steps necessary to conduct an occasional

transaction is triggered when the customer expresses an interest in acquiring a product or receiving a service from an

obliged entity. The services offered by real estate agents include helping customers to find a property to purchase,

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

11/111

EN

OJ L, 19.6.2024

sell, rent or lease. Such services start to be relevant for AML/CFT purposes where there is a clear indication that the

parties are willing to proceed with the purchase, sale, rental or lease or with taking the necessary preparatory steps.

That could be, for instance, the moment when an offer for the purchase or rental of the property is made and

accepted by the parties. Prior to that moment, it would not be necessary to conduct due diligence on any prospective

customer. Similarly, it would not be proportionate to conduct customer due diligence on persons that have not yet

expressed an interest in going forward with the purchase or rental of a specific property.

(57) Real estate transactions are exposed to money laundering and terrorist financing risks. In order to mitigate those

risks, real estate operators intermediating the buying, selling and letting of immovable property should be subject to

the requirements of this Regulation, regardless of their designation or principal business or profession, including

property developers when and to the extent that they intermediate in the buying, selling and letting of immovable

property.

(58) The anonymity associated with certain electronic money products exposes them to money laundering and terrorist

financing risks. There are however significant differences across the sector, and not all electronic money products

bear the same level of risk. For example, certain low value electronic money products, such as prepaid gift cards or

prepaid vouchers, might present low risks of money laundering or terrorist financing. In order to ensure that the

requirements imposed on the sector are commensurate with its risk and do not effectively hamper its operation, it

should be possible, in certain proven low-risk circumstances and under strict risk-mitigating conditions, to exempt

those products from certain customer due diligence measures, such as the identification and verification of the

customer and of the beneficial owner, but not from the monitoring of transactions or of business relationships. It

should only be possible for supervisors to grant such an exemption upon verification of the proven low risk having

regard to relevant risk factors to be defined by AMLA and in a way that effectively mitigates any risk of money

laundering or terrorist financing and that precludes circumvention of AML/CFT rules. In any case, any exemption

should be conditional on strict limits regarding the maximum value of the product, its exclusive use to purchase

goods or services, and provided that the amount stored cannot be exchanged for other value.

(59) Obliged entities should not be required to apply due diligence measures on customers carrying out occasional or

linked transactions below a certain value, unless there is suspicion of money laundering or terrorist financing.

Whereas the EUR 10 000, or the equivalent in national currency, threshold applies to most occasional transactions,

obliged entities which operate in sectors or carry out transactions that present a higher risk of money laundering and

terrorist financing should be required to apply customer due diligence measures for transactions with lower

thresholds. To identify the sectors or transactions as well as the adequate thresholds for those sectors or transactions,

AMLA should develop dedicated draft regulatory technical standards.

(60) There are specific situations where, for the purposes of customer due diligence, the customer is not limited to the

person transacting with the obliged entity. That is the case, for example, where only one notary is involved in a real

estate transaction. In such cases, in order to ensure that adequate checks are carried out on the transaction to detect

possible cases of money laundering, its predicate offences or terrorist financing, obliged entities should consider

both the buyer and the seller as customers and apply customer due diligence measures on both parties. This

Regulation should provide a list of such situations where the customer is not, or is not limited to, the direct customer

of the obliged entity. Such a list should complement the understanding of who the customer is in typical situations

and should not be understood as encompassing an exhaustive interpretation of the term. Similarly, a business

relationship should not always require a contractual relationship or other formal engagement as long as the services

are provided repeatedly or over a period of time so as to entail an element of duration. Where national law precludes

obliged entities that are public officials from entering into contractual relationships with customers, such national

law should not be construed as prohibiting obliged entities from treating a series of transactions as a business

relationship for the purposes of AML/CFT.

(61) The introduction of a Union-wide limit to large cash payments mitigates the risks associated with the use of such

payments. However, obliged entities that carry out transactions in cash below that limit remain vulnerable to risks of

money laundering and terrorist financing as they provide a point of entry into the Union’s financial system.

Therefore, it is necessary to require the application of customer due diligence measures to mitigate the risks of

misuse of cash. To ensure that the measures are proportionate with the risks posed by transactions of a value lower

than EUR 10 000, such measures should be limited to the identification and verification of the customer and the

beneficial owner when carrying out occasional transactions in cash of at least EUR 3 000. That limitation does not

12/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

relieve the obliged entity from applying all customer due diligence measures whenever there is a suspicion of money

laundering or terrorist financing, or from reporting suspicious transactions to the FIU.

(62) Some business models are based on the obliged entity having a business relationship with a merchant for offering

payment initiation services through which the merchant gets paid for the provision of goods or services, and not

with the merchant’s customer, who authorises the payment initiation service to initiate a single or one-off

transaction to the merchant. In such a business model, the obliged entity’s customer for the purpose of AML/CFT

rules is the merchant, and not the merchant’s customer. Therefore, with respect to payment initiation services,

customer due diligence measures should be applied by the obliged entity vis-a-vis the merchant. In relation to other

financial services that fall within the scope of this Regulation, including where provided by the same operator, the

determination of the customer should be done having regard to the services provided.

(63) Gambling activities vary in nature, geographical scope and associated risks. In order to ensure a proportionate and

risk-based application of this Regulation, it should be possible for Member States to identify gambling services

associated with low money laundering and terrorist financing risks, such as State or private lotteries or

State-administered gambling activities, and to decide not to apply all or some of the requirements of this Regulation

to them. Given the potential cross-border effects of national exceptions, it is necessary to ensure a consistent

application of a strict risk-based approach across the Union. To that end, the Commission should be enabled to

approve Member States’ decisions, or to reject them where the exception is not justified by a proven low risk. In any

case, no exception should be granted in relation to activities associated with higher risks. This is the case for activities

such as casinos, online gambling and sport betting, but is not the case where online gambling activities are

administered by the State, whether through direct provision of those services or through regulation of the way in

which those gambling services are organised, operated and administered. In light of the risks for public health or of

criminal activities that can be associated with gambling, national measures regulating the organisation, operation

and administration of gambling, where genuinely pursuing goals of public policy, public security or public health,

can contribute to reducing the risks associated with that activity.

(64) The EUR 2 000, or the equivalent in national currency, threshold applicable to providers of gambling services is met

regardless of whether the customer carries out a single transaction of at least that amount or several smaller

transactions which add up to that amount. To that effect, providers of gambling services should be able to attribute

transactions to a given customer even if they have not yet verified the customer’s identity, to be in a position to

determine whether and when that threshold has been met. Thus, providers of gambling services should have systems

in place that allow attribution and monitoring of transactions prior to the application of the requirement to conduct

customer due diligence. In the case of casinos or other physical gambling premises, it can be impractical to check the

customer’s identity upon each transaction. In such cases, it should be possible to identify the customer and verify the

customer’s identity upon entry into the gambling premises, provided that systems are in place to attribute

transactions carried out at the gambling premises, including the purchase or exchange of gambling chips, to that

customer.

(65) Directive (EU) 2015/849, despite having harmonised the rules of Member States in the area of customer

identification obligations to a certain degree, did not lay down detailed rules in relation to the procedures to be

followed by obliged entities. In view of the crucial importance of that aspect in the prevention of money laundering

and terrorist financing, it is appropriate, in accordance with the risk-based approach, to introduce more specific and

detailed provisions on the identification of the customer and on the verification of the customer’s identity, whether

in relation to natural or legal persons, legal arrangements such as trusts, or entities having legal capacity under

national law.

(66) Technological developments and progress in digitalisation enable a secure remote or electronic identification and

verification of prospective and existing customers and can facilitate the remote performance of customer due

diligence. The identification solutions as set out in Regulation (EU) No 910/2014 of the European Parliament and of

the Council (²³) enable secure and trusted means of customer identification and verification for both prospective and

existing customers and can facilitate the remote performance of customer due diligence. The electronic identification

as set out in that Regulation should be taken into account and accepted by obliged entities for the customer

identification process. The use of such means of identification can reduce, where appropriate risk mitigation

measures are in place, the risk level to standard or even low. Where such electronic identification is not available to

23

(

)

Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust

services for electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ L 257, 28.8.2014, p. 73).

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

13/111

EN

OJ L, 19.6.2024

a customer, for example due to the nature of their residence status in a given Member State or their residence in

a third country, verification should take place through relevant qualified trust services.

(67) To ensure that the AML/CFT framework prevents illicit funds from entering the financial system, obliged entities

should carry out customer due diligence before entering into business relationships with prospective clients, in line

with the risk-based approach. Nevertheless, in order not to unnecessarily delay the normal conduct of business,

obliged entities should be able to collect the information from the prospective customer during the establishment of

a business relationship. Credit institutions and financial institutions should be able to obtain the necessary

information from the prospective customers once the relationship is established, provided that transactions are not

initiated until the customer due diligence process is successfully completed.

(68) The customer due diligence process is not limited to the identification and verification of the customer’s identity.

Before entering into business relationships or carrying out occasional transactions, obliged entities should also assess

the purpose and nature of a business relationship or occasional transaction. Pre-contractual or other information

about the proposed product or service that is communicated to the prospective customer can contribute to the

understanding of that purpose. Obliged entities should always be able to assess the purpose and nature of

a prospective business relationship or occasional transaction in an unambiguous manner. Where the offered service

or product enables customers to carry out various types of transactions or activities, obliged entities should obtain

sufficient information on the intention of the customer regarding the use to be made of that relationship.

(69) To ensure the effectiveness of the AML/CFT framework, obliged entities should regularly review the information

obtained from their customers, in accordance with the risk-based approach. Business relationships are likely to

evolve as the customer’s circumstances and the activities they conduct through the business relationship change over

time. In order to maintain a comprehensive understanding of the customer risk profile and conduct meaningful

scrutiny of transactions, obliged entities should regularly review the information obtained from their customers, in

accordance with the risk-based approach. Such reviews should be done on a periodic basis but should also be

triggered by changes in relevant circumstances of the customer, when facts and information point towards

a potential change in the risk profile or identification details of the customer. To that end, the obliged entity should

consider the need to review the customer file in response to material changes, such as a change in the jurisdictions

transacted with, in the value or volume of transactions, upon requests for new products or services that are

significantly different in terms of risk, or following changes in beneficial ownership.

(70) In the context of repeated clients for whom customer due diligence measures have recently been conducted, it should

be possible for customer due diligence measures to be fulfilled by obtaining a confirmation from the customer that

the information and documents held in the records have not changed. Such a method facilitates the application of

AML/CFT obligations in situations where the obliged entity is confident that the information pertaining to the

customer has not changed, as it is incumbent on obliged entities to ensure that they take adequate customer due

diligence measures. In all cases, the confirmation received from the customer, and any changes to the information

held on the customer, should be recorded.

(71) Obliged entities might provide more than one product or service in the context of a business relationship. In those

circumstances, the requirement to update information, data and documents at regular intervals is not intended to

target the individual product or service, but the business relationship in its entirety. It is for the obliged entities to

assess, across the range of products or services provided, when the relevant circumstances of the customer change,

or when other conditions triggering the updating of the customer due diligence are met, and to proceed to review

the customer file in relation to the entirety of the business relationship.

(72) Obliged entities should also set up a monitoring system to detect transactions that might raise money laundering or

terrorist financing suspicions. To ensure the effectiveness of the transaction monitoring, obliged entities’ monitoring

activity should in principle cover all services and products offered to customers and all transactions which are

carried out on behalf of the customer or offered to the customer by the obliged entity. However, not all transactions

need to be scrutinised individually. The intensity of the monitoring should respect the risk-based approach and be

designed around precise and relevant criteria, taking account, in particular, of the characteristics of the customer and

the risk level associated with them, the products and services offered, and the countries or geographical areas

14/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

concerned. AMLA should develop guidelines to ensure that the intensity of the monitoring of business relationships

and of transactions is adequate and proportionate to the level of risk.

(73) Terminating the business relationship where customer due diligence measures cannot be complied with reduces the

obliged entity’s exposure to risks posed by possible changes in the customer’s profile. However, there might be

situations where the termination should not be pursued due to public interest goals. This is the case, for example, in

relation to life insurance contracts, where obliged entities should, where necessary, as an alternative to termination

take measures to freeze the business relationship including by prohibiting any further services to that customer and

withholding the payout to beneficiaries, until customer due diligence measures can be complied with. Additionally,

certain products and services require the obliged entity to continue holding or receiving the customer’s funds as

defined in Article 4, point (25), of Directive (EU) 2015/2366, for example in the context of lending, payment

accounts or the taking of deposits. That should however not be treated as an impediment to the requirement to

terminate the business relationship, which can be achieved by ensuring that no transactions or activities are carried

out for the customer.

(74) In order to ensure consistent application of this Regulation, AMLA should have the task of drawing up draft

regulatory technical standards on customer due diligence. Those regulatory technical standards should set out the

minimum set of information to be obtained by obliged entities in order to enter into new business relationships with

customers or assess ongoing ones, according to the level of risk associated with each customer. Furthermore, the

draft regulatory technical standards should provide sufficient clarity to allow market players to develop secure,

accessible and innovative means of verifying customers’ identity and performing customer due diligence, including

remotely, while respecting the principle of technology neutrality. Those specific tasks are in line with the role and

responsibilities of AMLA as provided in Regulation (EU) 2024/1620.

(75) The harmonisation of customer due diligence measures will contribute to achieving consistent, and consistently

effective, understanding of the risks associated with an existing or prospective customer regardless of where the

business relationship is opened in the Union. That harmonisation should also ensure that the information obtained

in the performance of customer due diligence is not used by obliged entities to pursue de-risking practices which

might result in circumventing other legal obligations, in particular those laid down in Directive 2014/92/EU of the

European Parliament and of the Council (²⁴) or Directive (EU) 2015/2366, without achieving the Union’s objectives

in the prevention of money laundering and terrorist financing. To enable the proper supervision of compliance with

the customer due diligence obligations, it is important that obliged entities keep record of the actions undertaken

and the information obtained during the customer due diligence process, irrespective of whether a new business

relationship is established with them and of whether they have submitted a suspicious transaction report upon

refusing to establish a business relationship. Where the obliged entity takes a decision to not enter into a business

relationship with a prospective customer, or to terminate an existing business relationship, to refuse to carry out an

occasional transaction, or to apply alternative measures to terminating a business relationship, the customer due

diligence records should include the grounds for such a decision. That will enable supervisory authorities to assess

whether obliged entities have appropriately calibrated their customer due diligence practices and how the entity’s

risk exposure evolves, as well as help to build statistical evidence on the application of customer due diligence rules

by obliged entities throughout the Union.

(76) The approach for the review of existing customers in the current AML/CFT framework is already risk-based.

However, given the higher risk of money laundering, its predicate offences and terrorist financing associated with

certain intermediary structures, that approach might not allow for the timely detection and assessment of risks. It is

therefore important to ensure that clearly specified categories of existing customers are also monitored on a regular

basis.

(77) Risk itself is variable in nature, and the variables, on their own or in combination, can increase or decrease the

potential risk posed, thus having an impact on the appropriate level of preventive measures, such as customer due

diligence measures.

24

(

)

Directive 2014/92/EU of the European Parliament and of the Council of 23 July 2014 on the comparability of fees related to

payment accounts, payment account switching and access to payment accounts with basic features (OJ L 257, 28.8.2014, p. 214).

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

15/111

EN

OJ L, 19.6.2024

(78) In low risk situations, obliged entities should be able to apply simplified due diligence measures. That does not

equate to an exemption or absence of customer due diligence measures. It rather consists of a simplified or reduced

set of scrutiny measures, which should however address all components of the standard due diligence procedure. In

line with the risk-based approach, obliged entities should nevertheless be able to reduce the frequency or intensity of

their customer or transaction scrutiny, or rely on adequate assumptions with regard to the purpose of the business

relationship or use of simple products. The regulatory technical standards on customer due diligence should set out

the specific simplified measures that obliged entities are able to implement in the case of lower risk situations

identified in the risk assessment at Union level conducted by the Commission. When developing draft regulatory

technical standards, AMLA should have due regard to preserving social and financial inclusion.

(79) It should be recognised that certain situations present a greater risk of money laundering or terrorist financing.

Although the identity and business profile of all customers should be established with the regular application of

customer due diligence measures, there are cases in which particularly rigorous customer identification and

verification procedures are required. Therefore, it is necessary to lay down detailed rules on such enhanced due

diligence measures, including specific enhanced due diligence measures for cross-border correspondent relation-

ships.

(80) Cross-border correspondent relationships with a third country’s respondent institution are characterised by their

on-going, repetitive nature. Moreover, not all cross-border correspondent banking services present the same level of

money laundering and terrorist financing risks. Therefore, the intensity of the enhanced due diligence measures

should be determined by application of the principles of the risk-based approach. However, the risk-based approach

should not be applied when interacting with a third country’s respondent institutions that have no physical presence

where they are created, or with unregistered and unlicensed entities providing crypto-asset services. Given the high

risk of money laundering and terrorist financing inherent in shell institutions, credit institutions and financial

institutions should refrain from entertaining any correspondent relationship with such shell institutions, as well as

with counterparts in third countries that allow their accounts to be used by shell institutions. To avoid misuse of the

Union’s financial system to provide unregulated services, crypto-assets service providers should also ensure that their

accounts are not used by nested exchanges and should have in place policies and procedures to detect any such

attempt.

(81) In the context of the performance of their oversight function, supervisors might identify situations where breaches

of AML/CFT requirements by third-country respondent institutions, or weaknesses in their implementation of the

AML/CFT requirements, cause risks to the Union’s financial system. In order to mitigate those risks, it should be

possible for AMLA to address recommendations to credit institutions and financial institutions in the Union in order

to inform them of its views regarding the deficiencies of those third-country respondent institutions. Those

recommendations should be issued where AMLA and financial supervisors in the Union agree that the breaches and

weaknesses in place in the third-country respondent institutions are likely to affect the risk exposure of

correspondent relationships by credit institutions and financial institutions in the Union, and provided that the

third-country respondent institution and its supervisor have had the opportunity to provide their views. In order to

preserve the good functioning of the Union’s financial system, credit institutions and financial institutions should

take adequate measures in response to recommendations by AMLA, including by abstaining from entering into or

continuing a correspondent relationship unless they can put in place sufficient mitigating measures to address the

risks posed by the correspondent relationship.

(82) In the context of enhanced due diligence measures, obtaining approval from senior management for establishing

business relationships does not need to imply, in all cases, obtaining approval from the board of directors. It should

be possible for such approval to be granted by someone with sufficient knowledge of the entity’s money laundering

and terrorist financing risk exposure and of sufficient seniority to take decisions affecting its risk exposure.

(83) In order to protect the proper functioning of the Union’s financial system from money laundering and terrorist

financing, the Commission should be empowered to adopt delegated acts to identify third countries whose

shortcomings in their national AML/CFT regimes represent a threat to the integrity of the Union’s internal market.

The changing nature of money laundering and terrorist financing threats from outside the Union, facilitated by

a constant evolution of technology and of the means at the disposal of criminals, requires that quick and continuous

adaptations of the legal framework as regards third countries be made in order to address efficiently existing risks

and prevent new ones from arising. The Commission should take into account, as a baseline for its assessment,

information from international organisations and standard setters in the field of AML/CFT, such as FATF public

statements, mutual evaluation or detailed assessment reports or published follow-up reports, and adapt its

16/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

assessments to the changes therein, where appropriate. The Commission should act within 20 days of ascertaining

shortcomings in a third country’s AML/CFT regime that pose a threat to the integrity of the Union’s internal market.

(84) Third countries which are ‘subject to a call for action’ by the relevant international standard-setter, namely the FATF,

present significant strategic deficiencies of a persistent nature in their legal and institutional AML/CFT frameworks

and their implementation which are likely to pose a high risk to the Union’s financial system. The persistent nature

of those significant strategic deficiencies, reflective of the lack of commitment or continued failure by the third

country to tackle them, signal a heightened level of threat emanating from those third countries, which requires an

effective, consistent and harmonised mitigating response at Union level. Therefore, obliged entities should be

required to apply the whole set of available enhanced due diligence measures to occasional transactions and business

relationships involving those high-risk third countries to manage and mitigate the underlying risks. Furthermore, the

high level of risk justifies the application of additional specific countermeasures, whether at the level of obliged

entities or by the Member States. Such an approach would avoid divergence in the determination of the relevant

countermeasures, which would expose the entirety of Union’s financial system to risks. Where Member States

identify specific risks that are not mitigated, they should be able to apply additional countermeasures, in which case

they should notify the Commission thereof. Where the Commission considers that those risks are of relevance for

the internal market, it should be able to update the relevant delegated act to include the necessary additional

countermeasures to mitigate those risks. Where the Commission considers that those countermeasures are not

necessary and undermine the proper functioning of the Union’s internal market, it should be empowered to decide

that the Member State put an end to the specific countermeasure. Prior to triggering the procedure for that decision,

the Commission should provide an opportunity to the Member State concerned to submit its views on the

consideration of the Commission. Given its technical expertise, AMLA can provide useful input to the Commission

in identifying the appropriate countermeasures.

(85) Compliance weaknesses in both the legal and institutional AML/CFT framework and its implementation in third

countries which are subject to ‘increased monitoring’ by the FATF are susceptible to be exploited by criminals. This is

likely to represent a risk for the Union’s financial system, and that risk needs to be managed and mitigated. The

commitment of those third countries to address identified weaknesses, while not eliminating the risk, justifies

a mitigating response less severe than that applicable to high-risk third countries. Where such third countries

commit to address identified weaknesses, obliged entities should apply enhanced due diligence measures to

occasional transactions and business relationships when dealing with natural persons or legal entities established in

those third countries that are tailored to the specific weaknesses identified in each third country. Such granular

identification of the enhanced due diligence measures to be applied would, in line with the risk-based approach, also

ensure that the measures are proportionate to the level of risk. To ensure such consistent and proportionate

approach, the Commission should be able to identify which specific enhanced due diligence measures are required in

order to mitigate country-specific risks. Given AMLA’s technical expertise, it can provide useful input to the

Commission to identify the appropriate enhanced due diligence measures.

(86) Countries that are not publicly identified as subject to calls for actions or increased monitoring by the FATF might

still pose a specific and serious threat to the integrity of the Union’s financial system, which could be due either to

compliance weaknesses or to significant strategic deficiencies of a persistent nature in their AML/CFT regime. To

mitigate those specific risks, that cannot be mitigated through measures applicable to countries with strategic

deficiencies or countries with compliance weaknesses, it should be possible for the Commission to take action in

exceptional circumstances by identifying such third countries, based on a clear set of criteria and with the support of

AMLA. According to the level of risk posed to the Union’s financial system, the Commission should require the

application either of all enhanced due diligence measures and country-specific countermeasures, in relation to

high-risk third countries, or of country-specific enhanced due diligence measures, in relation to third countries with

compliance weaknesses.

(87) In order to ensure a consistent identification of third countries that pose a specific and serious threat to the Union’s

financial system, while not being publicly identified as subject to calls for actions or increased monitoring by the

FATF, the Commission should be able to set out, by means of an implementing act, the methodology for the

identification in exceptional circumstances of such third countries. That methodology should include in particular

how the criteria are to be assessed and the process for the interaction with such third countries and for the

involvement of Member States and AMLA in the preparatory stages of such identification.

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

17/111

EN

OJ L, 19.6.2024

(88) Considering that there could be changes to the AML/CFT frameworks of third countries identified under this

Regulation, or in their implementation, for example as result of the country’s commitment to address the identified

weaknesses or of the adoption of relevant AML/CFT measures to tackle them, which could change the nature and

level of the risks emanating from them, the Commission should regularly review the identification of those specific

enhanced due diligence measures in order to ensure that they remain proportionate and adequate.

(89) Potential external threats to the Union’s financial system do not only emanate from third countries, but can also

emerge in relation to specific customer risk factors or products, services, transactions or delivery channels which are

observed in relation to a specific geographical area outside the Union. There is therefore a need to identify money

laundering and terrorist financing trends, risks and methods to which Union’s obliged entities might be exposed.

AMLA is best placed to detect any emerging money laundering and terrorist financing typologies from outside the

Union, in order to monitor their evolution with a view to providing guidance to the Union’s obliged entities on the

need to apply enhanced due diligence measures aimed at mitigating such risks.

(90) Relationships with individuals who hold or who have held important public functions, within the Union or

internationally, and in particular individuals from countries where corruption is widespread, could expose the

financial sector to significant reputational and legal risks. The international effort to combat corruption also justifies

the need to pay particular attention to such persons and to apply appropriate enhanced due diligence measures with

respect to persons who are or who have been entrusted with prominent public functions and with respect to senior

figures in international organisations. Therefore, it is necessary to specify measures which obliged entities should

apply with respect to transactions or business relationships with politically exposed persons. To facilitate the

risk-based approach, AMLA should be tasked with issuing guidelines on assessing the level of risks associated with

a particular category of politically exposed persons, their family members or persons known to be close associates.

(91) Risks associated with persons who are or who have been entrusted with prominent public functions are not limited

to the national level but can also exist at regional or municipal levels. This is particularly true at the local level for

densely populated areas, such as cities, which alongside the regional level often manage significant public funds and

access to critical services or permits, with a resulting risk of corruption and associated money laundering. Therefore,

it is necessary to include in the category of persons who are or who have been entrusted with prominent public

functions the heads of regional and local authorities, including groupings of municipalities and metropolitan

regions, with at least 50 000 inhabitants. At the same time, it should be acknowledged that the geography and

administrative organisation of Member States vary significantly, and Member States should be able, where

appropriate, to set a lower threshold to cover the relevant local authorities on the basis of risk. Where Member

States decide to set lower thresholds, they should communicate those lower thresholds to the Commission.

(92) Members of the administrative, management or supervisory bodies of enterprises controlled by the state or by

regional or local authorities can also be exposed to risks of corruption and associated money laundering. Given the

size of the budget of such enterprises and the funds under management, such risks are particularly acute in relation

to senior executive members in enterprises controlled by the state. Risks can also arise in relation to enterprises of

a significant size controlled by regional and local authorities. As a result, the senior executives in enterprises

controlled by regional or local authorities should be considered as politically exposed persons where those

enterprises qualify as medium-sized or large undertakings or groups as defined in Article 3 of Directive 2013/34/EU

of the European Parliament and of the Council (²⁵). However, recognising the geographical and administrative

organisational differences, and the powers and responsibilities associated with those enterprises and their senior

executives, Member States should be able to choose to set a lower annual turnover threshold on the basis of risk. In

such a case, Member States should notify the Commission of that decision.

(93) In order to identify politically exposed persons in the Union, lists should be issued by Member States indicating the

specific functions which, in accordance with national laws, regulations and administrative provisions, qualify as

prominent public functions. Member States should request each international organisation accredited on their

territories to issue and keep up-to-date a list of prominent public functions at that international organisation. The

Commission should be tasked with compiling and issuing a list, which should be valid across the Union, as regards

persons entrusted with prominent public functions in Union institutions or bodies. In order to ensure a harmonised

25

(

)

Directive 2013/34/EU of the European Parliament and of the Council of 26 June 2013 on the annual financial statements,

consolidated financial statements and related reports of certain types of undertakings, amending Directive 2006/43/EC of the

European Parliament and of the Council and repealing Council Directives 78/660/EEC and 83/349/EEC (OJ L 182, 29.6.2013,

p. 19).

18/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

approach to the identification and notification of prominent public functions, the Commission should be able to set

out, by means of an implementing act, the format to be used for Member States’ notifications, and should be

empowered to adopt delegated acts supplementing the categories of prominent public functions identified by this

Regulation, where they are common across Member States.

(94) Where customers are no longer entrusted with a prominent public function, they can still pose a higher risk, for

example because of the informal influence they could still exercise, or because their previous and current functions

are linked. It is essential that obliged entities take into consideration those continuing risks and apply one or more

enhanced due diligence measures until such time that the individuals are deemed to pose no further risk, and in any

case for not less than 12 months following the time when they cease to be entrusted with a prominent public

function.

(95) Insurance companies often do not have client relationships with beneficiaries of the insurance policies. However,

they should be able to identify cases of higher risk, such as when the proceeds of the policy benefit a politically

exposed person. To determine whether this is the case, the insurance policy should include reasonable measures to

identify the beneficiary, as if that person were a new client. It should be possible for such measures to be taken at the

time of the payout or at the time of the assignment of the policy, but not later.

(96) Close private and professional relationships might be abused for money laundering and terrorist financing purposes.

For that reason, measures concerning politically exposed persons should also apply to their family members and

persons known to be close associates. Properly identifying family members and persons known to be close associates

might depend on the socio-economic and cultural structure of the country of the politically exposed person. Against

that background, AMLA should have the task of issuing guidelines on the criteria to use to identify persons who

should be considered as close associates.

(97) Relationships with family members which might be abused by politically exposed persons do not only cover those

with parents and descendants but can also include those with siblings. This is particularly the case for categories of

politically exposed persons who hold senior central government posts. In recognition, however, of differing

socio-economic and cultural structures in existence at national level, which might influence the potential for abuse

of sibling relationships, Member States should be able to apply a broader scope for the designation of siblings as

family members of politically exposed persons to adequately mitigate the risks of abuse of those relationships.

Where Member States decide to apply a broader scope, they should communicate the details of that broader scope to

the Commission.

(98) The requirements relating to politically exposed persons, their family members and persons known to be close

associates are of a preventive and not criminal nature, and should not be interpreted as implying that politically

exposed persons, their family members or close associates are involved in criminal activity. Refusing a business

relationship with a person simply on the basis of a determination that they are a politically exposed person or

a family member or a person known to be a close associate of a politically exposed person is contrary to the letter

and spirit of this Regulation.

(99) Given the vulnerability of residency-by-investment schemes to money laundering, tax crimes, corruption and the

evasion of targeted financial sanctions, as well as the potential associated significant security threats for the Union as

a whole, it is appropriate that obliged entities carry out, as a minimum, specific enhanced due diligence with respect

to customers who are third-country nationals who are in the process of applying for residence rights in a Member

State within the framework of those schemes.

(100) The provision of personalised asset management services to individuals with a high level of wealth might expose

credit institutions, financial institutions and trust or company service providers to specific risks including those

arising from the complex and often personalised nature of such services. It is therefore necessary to specify a set of

enhanced due diligence measures that should be applied, as a minimum, where such business relationships are

deemed to pose a high risk of money laundering, its predicate offences or terrorist financing. The determination that

a customer holds assets with a value of at least EUR 50 000 000, or the equivalent in national or foreign currency,

takes into account financial and investable assets including cash and cash equivalents, whether held as deposits or in

savings products, as well as investments such as stocks, bonds and mutual funds, even when they are held under

long-term agreements with that obliged entity. Furthermore, the value of the customer’s real estate assets, excluding

his or her private residence, should be taken into account. For the purposes of making that determination, credit

institutions, financial institutions and trust or company service providers need not carry out or request a precise

calculation of the customer’s total wealth. Rather, such entities should take measures to establish whether a customer

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

19/111

EN

OJ L, 19.6.2024

holds assets with a value of at least EUR 50 000 000, or the equivalent in national or foreign currency, in financial,

investable or real estate assets.

(101) In order to avoid repeated customer identification procedures, it is appropriate, subject to suitable safeguards, to

allow obliged entities to rely on the customer information collected by other obliged entities. Where an obliged

entity relies on another obliged entity, the ultimate responsibility for customer due diligence should remain with the

obliged entity which chooses to rely on the customer due diligence performed by another obliged entity. The obliged

entity relied upon should also retain its own responsibility for compliance with AML/CFT requirements, including

the requirement to report suspicious transactions and retain records.

(102) The introduction of harmonised AML/CFT requirements across the Union, including with regard to group-wide

policies and procedures, information exchange and reliance allows obliged entities operating within a group to

leverage to the maximum the systems in place within that group in situations concerning the same customers. Those

rules permit not only consistent and efficient implementation of AML/CFT rules across the group but also benefit

from economies of scale at group level, for example by making it possible for obliged entities within the group to

rely on the outcomes of processes adopted by other obliged entities within the group to comply with their customer

identification and verification requirements.

(103) In order for reliance on measures carried out by a third-party to function efficiently, further clarity is needed around

the conditions according to which such reliance takes place. AMLA should have the task of developing guidelines on

the conditions under which third-party reliance can take place, as well as the roles and responsibilities of the

respective parties. To ensure that consistent oversight of reliance is ensured throughout the Union, those guidelines

should also provide clarity on how supervisors should take into account such practices and verify compliance with

AML/CFT requirements where obliged entities resort to those practices.

(104) The concept of beneficial ownership was introduced to increase transparency of complex corporate structures. The

need to access accurate, up-to-date and adequate information on the beneficial owner is a key factor in tracing

criminals who might otherwise be able to hide their identity behind such opaque structures. Member States are

currently required to ensure that corporate and other legal entities, as well as express trusts and other similar legal

arrangements, obtain and hold adequate, accurate and up-to-date information on their beneficial ownership.

However, the degree of transparency imposed by Member States varies. The rules are subject to divergent

interpretations, and that results in different methods to identify beneficial owners of a given legal entity or legal

arrangement. This is due, inter alia, to inconsistent methods of calculating indirect ownership of a legal entity or legal

arrangement, and differences between the legal systems of the Member States. This hampers the transparency that

was intended to be achieved. It is therefore necessary to clarify the rules to achieve a consistent definition of

beneficial owner and its application across the internal market.

(105) The application of the rules for identifying the beneficial ownership of legal entities, as well as of legal arrangements,

can give rise to implementation questions when relevant stakeholders are confronted with concrete cases, especially

in instances of complex corporate structures, where the criteria of ownership interest and control coexist, or for the

purposes of determining indirect ownership or control. In order to support the application of those rules by legal

entities, trustees or persons holding an equivalent position in similar legal arrangements and obliged entities, and

consistent with the harmonisation goal of this Regulation, it should be possible for the Commission to adopt

guidelines setting out how rules to identify the beneficial owners in different scenarios are to be applied, including

through the use of case examples.

(106) A meaningful identification of the beneficial owners requires a determination of whether control is exercised via

other means. The determination of the existence of an ownership interest or of control through an ownership

interest is necessary but not sufficient and it does not exclude the need for checks to determine the beneficial owners.

The test as to whether any natural person exercises control via other means is not a subsequent test to be performed

only where it is not possible to determine an ownership interest. The two tests, namely that of existence of an

ownership interest or control through an ownership interest and that of control via other means, should be

performed in parallel.

20/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

(107) An ownership of 25 % or more of the shares or voting rights or other ownership interest in general establishes the

beneficial ownership of a corporate entity. Ownership interest should encompass both control rights and rights that

are significant in terms of receiving a benefit, such as a right to a share of profits or other internal resources or

liquidation balance. There might, however, be situations where the risk of certain categories of corporate entities

being misused for money laundering or terrorist financing purposes is higher, for example due to the specific higher

risk sectors in which those corporate entities operate. In such situations, enhanced transparency measures are

necessary to dissuade criminals from setting up or infiltrating those entities, either through direct or indirect

ownership or control. In order to ensure that the Union is able to adequately mitigate such varying levels of risk, it is

necessary to empower the Commission to identify those categories of corporate entities that should be subject to

lower beneficial transparency thresholds. To that end, Member States should inform the Commission where they

identify categories of corporate entities that are exposed to higher money laundering and terrorist financing risks. In

those notifications, it should be possible for Member States to indicate a lower ownership threshold that they

consider would mitigate those risks. Such identification should be ongoing and should rely on the results of the risk

assessment at Union level and of the national risk assessment as well as on relevant analyses and reports produced

by AMLA, Europol or other Union bodies that have a role in the prevention, investigation and prosecution of money

laundering and terrorist financing. That lower threshold should be of a sufficiently low level to mitigate the higher

risks that corporate entities be misused for criminal purposes. To that end, that lower threshold should in general

not be set at more than 15 % of the shares or voting rights or other ownership interest. However, there might be

cases in which, on the basis of a risk-sensitive assessment, a higher threshold would be more proportionate to

address the identified risks. In those cases, it should be possible for the Commission to set the threshold between

15 % and 25 % of the ownership interest.

(108) By their complex nature, multi-layered ownership and control structures make the identification of beneficial owners

more difficult. The concept of ‘ownership or control structure’ is intended to describe the way in which a legal entity

is indirectly owned or controlled, or in which a legal arrangement is indirectly controlled, as a result of the

relationships that exist between legal entities or arrangements across multiple layers. In order to ensure a consistent

approach throughout the internal market, it is necessary to clarify the rules that apply to those situations. For that

purpose, it is necessary to assess simultaneously whether any natural person has a direct or indirect shareholding

with 25 % or more of the shares or voting rights or other ownership interest, and whether any natural person

controls the direct shareholder with 25 % or more of the shares or voting rights or other ownership interest in the

corporate entity. In the case of indirect shareholding, the beneficial owners should be identified by multiplying the

shares in the ownership chain. To that end, all shares directly or indirectly owned by the same natural person should

be added together. That requires the shareholding on every level of ownership to be taken into account. Where 25 %

of the shares or voting rights or other ownership interest in the corporate entity are owned by a shareholder that is

a legal entity other than a corporate entity, the beneficial ownership should be determined having regard to the

specific structure of the shareholder, including whether any natural person exercises control through other means

over a shareholder.

(109) The determination of the beneficial owner of a corporate entity in situations where the shares of the corporate entity

are held in a legal arrangement, or where they are held by a foundation or similar legal entity, might be more difficult

in view of the different nature and identification criteria of beneficial ownership between legal entities and legal

arrangements. It is therefore necessary to set out clear rules to deal with those situations of multi-layered structure.

In such cases, all beneficial owners of the legal arrangement, or of a similar legal entity such as a foundation, should

be the beneficial owners of the corporate entity whose shares are held in the legal arrangement or held by the

foundation.

(110) A common understanding of the concept of control and a more precise definition of the means of control are

necessary to ensure consistent application of the rules across the internal market. Control should be understood as

the effective ability to impose one’s will on the corporate entity’s decision-making on substantive issues. The usual

means of control is a majority share of voting rights. The position of beneficial owner can also be established by

control via other means without having significant, or any, ownership interest. For that reason, in order to ascertain

all individuals that are beneficial owners of a legal entity, control should be identified independently of ownership

interest. Control can generally be exercised by any means, including legal and non-legal means. Those means might

be taken into account for assessing whether control via other means is exercised, depending on the specific situation

of each legal entity.

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

21/111

EN

OJ L, 19.6.2024

(111) Indirect ownership or control might be determined by multiple links in a chain or by multiple individual or

interlinked chains. A link in a chain could be any natural or legal person or a legal arrangement. The relationships

between the links might consist of ownership interest or voting rights or other means of control. In such cases,

where ownership interest and control coexist in the ownership structure, specific and detailed rules on the

identification of the beneficial ownership are needed to support a harmonised approach to the identification of

beneficial owners.

(112) In order to ensure effective transparency, the widest possible range of legal entities and legal arrangements created or

set up in the territory of Member States should be covered by beneficial ownership rules. That includes corporate

entities, which are characterised by the possibility to hold ownership interest in them, as well as other legal entities

and legal arrangements similar to express trusts. Due to differences in the legal systems of Member States, those

broad categories encompass a variety of different organisational structures. Member States should notify to the

Commission a list of the types of legal entities where the beneficial owners are identified in line with the rules for the

identification of beneficial owners for both corporate and other legal entities.

(113) The specific nature of certain legal entities, such as associations, trade unions, political parties or churches, does not

result in a meaningful identification of beneficial owners based on ownership interests or membership. In those

cases, however, it can be the case that the senior managing officials exercise control over the legal entity by other

means. In those cases, such officials should be reported as the beneficial owners.

(114) To ensure the consistent identification of beneficial owners of express trusts and similar legal entities, such as

foundations, or similar legal arrangements, it is necessary to lay down harmonised beneficial ownership rules.

Member States should be required to notify to the Commission a list of the types of legal entities and legal

arrangements similar to express trusts where the beneficial owners are identified according to the identification of

beneficial owners for express trusts and similar legal entities or arrangements. The Commission should be able to

adopt, by means of an implementing act, a list of legal arrangements and legal entities governed by the law of

Member States, which have a structure or function similar to express trusts.

(115) Discretionary trusts allow their trustees discretion on the allocation of the trust assets or benefits derived from them.

As such, no beneficiaries or class of beneficiaries is determined from the outset, but rather a pool of persons from

among which the trustees can choose the beneficiaries, or persons who will become beneficiaries should the trustees

not exercise their discretion. As recognised by the recent revision of FATF standards regarding legal arrangements,

such discretion can be misused and allow for the obfuscation of beneficial owners if a minimum level of

transparency is not imposed for discretionary trusts, as transparency on beneficiaries would only be achieved upon

the exercise of the trustees’ discretion. Therefore, in order to ensure an adequate and consistent transparency for all

types of legal arrangements, it is important that, in the case of discretionary trusts, information is also collected on

the objects of a trustee’s power and on the default takers who would receive the assets or benefits if the trustees fail

to exercise their discretion. There are situations where objects of a power or default takers might not be identified

individually, but as a class. In those cases, information on the class should be collected, as well as information on the

individual persons who are selected from the class.

(116) The characteristics of express trusts and similar legal arrangements in Member States vary. In order to ensure

a harmonised approach, it is appropriate to set out common principles for the identification of such arrangements.

Express trusts are trusts set up at the initiative of the settlor. Trusts set up by law or that do not result from the

explicit intent of the settlor to set them up should be excluded from the scope of this Regulation. Express trusts are

usually set up in the form of a document such as a written deed or written instrument of trust, and usually fulfil

a business or personal need. Legal arrangements similar to express trusts are arrangements without legal personality

which are similar in structure or functions. The determining factor is not the designation of the type of legal

arrangement, but the fulfilment of the basic features of the definition of an express trust, namely the settlor’s

intention to place the assets under the administration and control of a certain person for specified purpose, usually

of a business or personal nature, such as the benefit of the beneficiaries. To ensure the consistent identification of the

beneficial owners of legal arrangements similar to express trusts, Member States should notify to the Commission

a list of the types of legal arrangements similar to express trusts. Such notification should be accompanied by an

assessment justifying the identification of certain legal arrangements as similar to express trusts as well as explaining

why other legal arrangements have been considered to be dissimilar in structure or function from express trusts. In

22/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

performing such assessment, Member States should take into consideration all legal arrangements that are governed

under their law.

(117) In relation to some types of legal entities, such as foundations, express trusts and similar legal arrangements, it is not

possible to identify individual beneficiaries because they have yet to be determined. In such cases, beneficial

ownership information should include instead a description of the class of beneficiaries and its characteristics. As

soon as beneficiaries within the class are designated, they will be beneficial owners. Furthermore, there are specific

types of legal persons and legal arrangements where beneficiaries exist, but where their identification is not

proportionate in respect of the money laundering and terrorist financing risks associated with those legal persons or

legal arrangements. That is the case in relation to regulated products such as pension schemes within the scope of

Directive (EU) 2016/2341 of the European Parliament and of the Council (²⁶), and it could be the case, for example,

in relation to employee financial ownership or participation schemes, or legal entities or legal arrangements with

a non-profit or charitable purpose, provided the risks associated with such legal persons and legal arrangements are

low. In those cases, an identification of the class of beneficiaries should be sufficient.

(118) Pension schemes regulated by Directive (EU) 2016/2341 are regulated products which are subject to stringent

supervisory standards and present low risks of money laundering and terrorist financing. Where such pension

schemes are set up in the form of a legal arrangement, its beneficiaries are employees and workers who rely on those

products, linked to their employment contracts, for the management of their retirement benefits. Due the specific

nature of the retirement benefit, which carries a low risk of money laundering and terrorist financing, it would not

be proportionate to require the identification of each of those beneficiaries, and the identification of the class and its

characteristic should be sufficient to fulfil transparency obligations.

(119) To ensure the consistent identification of beneficial owners of collective investment undertakings, it is necessary to

lay down harmonised beneficial ownership rules. Regardless of whether the collective investment undertakings exist

in the Member State in the form of a legal entity with legal personality, as a legal arrangement without legal

personality, or in any other form, the approach to the identification of the beneficial owner should be consistent

with their purpose and function.

(120) A consistent approach to the beneficial ownership transparency regime also requires ensuring that the same

information is collected on beneficial owners across the internal market. It is appropriate to introduce precise

requirements concerning the information that should be collected in each case. That information includes

a minimum set of personal data regarding the beneficial owner, information on the nature and extent of the

beneficial interest held in the legal entity or legal arrangement, and information on the legal entity or legal

arrangement, necessary to ensure the appropriate identification of the natural person who is the beneficial owner

and the reasons why that natural person has been identified as the beneficial owner.

(121) An effective framework of beneficial ownership transparency requires information to be collected through various

channels. Such a multi-pronged approach includes the information held by the legal entity or trustee of an express

trust or persons holding an equivalent position in a similar legal arrangement themselves, the information obtained

by obliged entities in the context of customer due diligence, and the information held in central registers.

Cross-checking of information among those pillars contributes to ensuring that each pillar holds adequate, accurate

and up-to-date information. To that end, and in order to avoid discrepancies caused by different approaches, it is

important to identify those categories of data that should always be collected in order to ensure the beneficial

ownership information is adequate. That includes basic information on the legal entity and legal arrangement, which

is the precondition allowing the entity or arrangement itself to understand its structure, whether through ownership

or through control.

(122) Where legal entities and legal arrangements are part of a complex structure, clarity on their ownership or control

structure is critical in order to ascertain who their beneficial owners are. To that end, it is important that legal entities

and legal arrangements clearly understand the relationships by which they are indirectly owned or controlled,

including all intermediary steps between the beneficial owners and the legal entity or legal arrangement itself,

whether those relationships are in the form of other legal entities and legal arrangements or of nominee

relationships. Identification of the ownership and control structure allows identification of the ways by which

26

(

)

Directive (EU) 2016/2341 of the European Parliament and of the Council of 14 December 2016 on the activities and supervision of

institutions for occupational retirement provision (IORPs) (OJ L 354, 23.12.2016, p. 37).

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

23/111

EN

OJ L, 19.6.2024

ownership is established or control can be exercised over a legal entity and is therefore essential for a comprehensive

understanding of the position of the beneficial owner. The beneficial owner information should therefore always

include a description of the relationship structure.

(123) Underpinning an effective framework on beneficial ownership transparency is the knowledge by legal entities of the

natural persons who are their beneficial owners. Thus, all legal entities in the Union should obtain and hold

adequate, accurate and up-to-date beneficial ownership information. That information should be retained for 5 years

and the identity of the person responsible for retaining the information should be reported to the central registers.

That retention period is equivalent to the period for retention of information obtained through the application of

AML/CFT requirements, such as customer due diligence measures. In order to ensure the possibility to cross-check

and verify information, for instance through the mechanism of discrepancy reporting, it is justified to ensure that the

relevant data retention periods are aligned.

(124) To ensure that beneficial ownership information is up-to-date, the legal entity should update such information

immediately after any change and should periodically verify it, for example at the time of submission of the financial

statements, or on the occasion of other repetitive interactions with public authorities. The deadline for updating the

information should be reasonable in view of possible complex situations.

(125) Legal entities should take all necessary measures to identify their beneficial owners. There might however be cases

where no natural person is identifiable who ultimately owns or exerts control over an entity. In such exceptional

cases, provided that all means of identification are exhausted, it should be possible for senior managing officials to be

reported instead of the beneficial owners when providing beneficial ownership information to obliged entities in the

course of the customer due diligence process or when submitting the information to the central register. Although

they are identified in those situations, the senior managing officials are not the beneficial owners. Legal entities

should keep records of the actions taken in order to identify their beneficial owners, especially when they rely on this

last resort measure, which should be duly justified and documented.

(126) Difficulties in obtaining the information should not be a valid reason to avoid the identification effort and resort to

reporting the senior management instead. Therefore, legal entities should always be able to substantiate their doubts

as to the veracity of the information collected. Such justification should be proportionate to the risk of the legal

entity and the complexity of its ownership structure. In particular, the record of the actions taken should be

promptly provided to competent authorities where required and, on a risk-sensitive basis, it should be possible for

that record to include resolutions of the board of directors and minutes of their meetings, partnership agreements,

trust deeds, informal arrangements determining powers equivalent to powers of attorney or other contractual

agreements and documentation. In cases where the absence of beneficial owners is evident with respect to the

specific form and structure of legal entity, the justification should be understood as a reference to that fact, namely

that the legal entity does not have a beneficial owner due to its specific form and structure. Such absence of

beneficial owners could arise, where, for example, there are no ownership interests in the legal entity or where the

legal entity cannot be ultimately controlled by other means.

(127) In view of the purpose of determining beneficial ownership, which is to ensure effective transparency of legal

entities, it is proportionate to exempt certain entities from the obligation to identify their beneficial owner. Such

a regime can only be applied to entities for which the identification and registration of their beneficial owners is not

useful and where the similar level of transparency is achieved by means other than beneficial ownership. In that

respect, bodies governed by public law of the Member States should not be obliged to determine their beneficial

owner. Directive 2004/109/EC of the European Parliament and of the Council (²⁷) introduced strict transparency

requirements for companies whose securities are admitted to trading on a regulated market. In certain

circumstances, those transparency requirements can achieve an equivalent transparency regime to the beneficial

ownership transparency rules set out in this Regulation. That is the case where control over the company is exercised

through voting rights, and the ownership or control structure of the company only includes natural persons. In

those circumstances, there is no need to apply beneficial ownership requirements to those listed companies. The

27

(

)

Directive 2004/109/EC of the European Parliament and of the Council of 15 December 2004 on the harmonisation of transparency

requirements in relation to information about issuers whose securities are admitted to trading on a regulated market and amending

Directive 2001/34/EC (OJ L 390, 31.12.2004, p. 38).

24/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

exemption for legal entities from the obligation to determine their own beneficial owner and to register it should not

affect the obligation of obliged entities to identify the beneficial owner of a customer when performing customer due

diligence.

(128) There is a need to ensure a level playing field among the different types of legal forms and to avoid the misuse of

express trusts and legal arrangements, which are often layered in complex structures to further obscure beneficial

ownership. Trustees of any express trust administered in a Member State, or established or residing in a Member

State should thus be responsible for obtaining and holding adequate, accurate and up-to-date beneficial ownership

information regarding the express trust, and for disclosing their status and providing that information to obliged

entities carrying out customer due diligence. Any other beneficial owner of the express trust should assist the trustee

in obtaining such information.

(129) The nature of legal arrangements and the lack of publicity about their structures and purpose places a particular

onus on the trustees, or persons in equivalent positions in similar legal arrangements, to obtain and hold all relevant

information on the legal arrangement. Such information should enable an identification of the legal arrangement,

the assets placed therein or administered through it, and any agent or service provider to the trust. In order to

facilitate the activities of competent authorities in the prevention, detection and investigation of money laundering,

its predicate offences and terrorist financing, it is important that trustees keep that information up-to-date and that

they hold it for a sufficient amount of time after they cease their role as trustees or equivalent. The provision of

a basic amount of information on the legal arrangement to obliged entities is also necessary to enable them to fully

ascertain the purpose of the business relationship or occasional transaction involving the legal arrangement,

adequately assess the associated risks, and implement commensurate measures to mitigate those risks.

(130) In view of the specific structure of certain legal arrangements, and the need to ensure sufficient transparency about

their beneficial ownership, such legal arrangements similar to express trusts should be subject to equivalent

beneficial ownership requirements as those that apply to express trusts.

(131) Nominee arrangements can allow the concealment of the identity of the beneficial owners, because a nominee might

act as the director or shareholder of a legal entity while the nominator is not always disclosed. Those arrangements

might obscure the beneficial ownership and control structure if beneficial owners do not wish to disclose their

identity or role within them. There is thus a need to introduce transparency requirements in order to avoid such

arrangements being misused and to prevent criminals from hiding behind persons acting on their behalf. The

relationship between nominee and nominator is not determined by whether it has an effect on the public or third

parties. Although nominee shareholders whose names appear in public or official records would formally have

independent control over the company, it should be required to disclose whether they are acting on the instructions

of someone else on the basis of a private agreement. Nominee shareholders and nominee directors of legal entities

should maintain sufficient information on the identity of their nominator as well as of any beneficial owner of the

nominator and disclose them as well as their status to the legal entities. The same information should also be

reported by legal entities to obliged entities when customer due diligence measures are applied and to the central

registers.

(132) The risks posed by foreign legal entities and foreign legal arrangements which are misused to channel proceeds of

funds into the Union’s financial system need to be mitigated. Since beneficial ownership standards in place in third

countries might not be sufficient to allow for the same level of transparency and timely availability of beneficial

ownership information as in the Union, there is a need to ensure adequate means to identify the beneficial owners of

foreign legal entities or foreign legal arrangements in specific circumstances. Therefore, legal entities created outside

the Union and express trusts or similar legal arrangements administered outside the Union or whose trustees or

persons holding an equivalent position reside or are established outside the Union should be required to disclose

their beneficial owners where they operate in the Union by entering into a business relationship with a Union’s

obliged entity, by acquiring real estate in the Union or certain high value goods from obliged entities located in the

Union, or by being awarded a contract following a public procurement procedure for goods or services, or

concessions. There might be variations in the risk exposure across Member States, including depending on the

category or type of activities carried out by obliged entities and on the attractiveness for criminals of real estate

properties in their territory. Therefore, where Member States identify cases of higher risk, they should be able to take

additional mitigating measures to address those risks.

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

25/111

EN

OJ L, 19.6.2024

(133) The registration requirements for foreign legal entities and foreign legal arrangements should be proportionate to the

risks associated with their operations in the Union. Given the open nature of the Union internal market, and the use

made by foreign legal entities of the services offered by obliged entities established in the Union, many of which are

associated with lower risks of money laundering, its predicate offences or terrorist financing, it is appropriate to

limit the registration requirement to legal entities that belong to high-risk sectors or that operate in higher risk

categories or that obtain services from obliged entities operating in sectors associated with higher risks. The private

nature of legal arrangements, and the obstacles in accessing beneficial ownership information in the case of foreign

legal arrangements, justify the application of a registration requirement irrespective of the level of risk associated

with the obliged entity providing services to the legal arrangement, or, where relevant, with the sector in which the

legal arrangement operates. Reference to the risk assessment at Union level under Article 7 of Directive

(EU) 2024/1640 should be understood to refer to the risk assessment issued by the Commission pursuant to

Article 6 of Directive (EU) 2015/849 until the first issuance of the report under Article 7 of Directive (EU)

2024/1640.

(134) In order to encourage compliance and ensure an effective beneficial ownership transparency, beneficial ownership

requirements need to be enforced. To that end, Member States should apply penalties for breaches of those

requirements. Those penalties should be effective, proportionate and dissuasive, and should not go beyond what is

required to encourage compliance. Penalties introduced by Member States should have an equivalent deterrent effect

across the Union on the breaches of beneficial ownership requirements. It should be possible for penalties to include,

for example, fines for legal entities and on trustees or persons holding an equivalent position in a similar legal

arrangement imposed for failure to hold accurate, adequate or up-to-date beneficial ownership information, the

striking-off of legal entities that fail to comply with the obligation to hold beneficial ownership information or to

submit beneficial ownership information within a given deadline, fines for beneficial owners and other persons who

fail to cooperate with a legal entity or trustee of an express trust or person holding an equivalent position in a similar

legal arrangement, fines for nominee shareholders and nominee directors who fail to comply with the obligation of

disclosure, or private law consequences for undisclosed beneficial owners as prohibition of the payment of profits or

prohibition of the exercise of voting rights.

(135) With a view to ensuring a consistent approach to the enforcement of beneficial ownership requirements across the

internal market, the Commission should be empowered to adopt delegated acts to define the categories of breaches

subject to penalties and the persons liable for such breaches, as well as indicators on the level of gravity and criteria

to determine the level of penalties. Furthermore, in order to support the determination of that level, and consistent

with the harmonisation goal of this Regulation, it should be possible for the Commission to adopt guidelines setting

out the base amounts to apply to each category of breach.

(136) Suspicious transactions, including attempted transactions, and other information relevant to money laundering, its

predicate offences and terrorist financing, should be reported to the FIU, which should serve as a single central

national unit for receiving and analysing reported suspicions and for disseminating to the competent authorities the

results of its analyses. All suspicious transactions, including attempted transactions, should be reported, regardless of

the amount of the transaction, and the reference to suspicions should be interpreted as including suspicious

transactions, activities, behaviour and patterns of transactions. Reported information could also include

threshold-based information. In order to support obliged entities’ detection of suspicions, AMLA should issue

guidance on indicators of suspicious activity or behaviour. Given the evolving risk environment, that guidance

should be reviewed regularly, and should not prejudge the issuance by FIUs of guidance or indicators on money

laundering and terrorist financing risks and methods identified at national level. The disclosure of information to the

FIU in good faith by an obliged entity or by an employee or director of such an entity should not constitute a breach

of any restriction on disclosure of information and should not involve the obliged entity or its directors or

employees in liability of any kind.

(137) Obliged entities should establish comprehensive reporting regimes encompassing all suspicions, regardless of the

value or perceived severity of the associated criminal activity. They should be aware of the expectations of FIUs and

should, as far as possible, tailor their detection systems and analytical processes to the key risks affecting the Member

State in which they are established and, where necessary, prioritise their analysis towards addressing those key risks.

26/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

(138) Transactions should be assessed on the basis of information known or which should be known to the obliged entity.

That includes relevant information from agents, distributors and service providers. Where the underlying predicate

offence is not known or apparent to the obliged entity, the role of identifying and reporting suspicious transactions

is fulfilled more efficiently by focusing on detecting suspicions and submitting reports promptly. In those cases, the

predicate offence need not be specified by the obliged entity when reporting a suspicious transaction to the FIU, if it

is not known to them. Where that information is available, it should be included in the report. As gatekeepers of the

Union’s financial system, obliged entities should also be able to submit a report where they know or suspect that

funds have been or will be used to carry out criminal activities, such as the purchase of illicit goods, even if the

information available to them does not indicate that the funds used originate from illicit sources.

(139) Differences in suspicious transaction reporting obligations between Member States could exacerbate the difficulties

in AML/CFT compliance experienced by obliged entities that have a cross-border presence or operations. Moreover,

the structure and content of the suspicious transaction reports have an impact on the FIU’s capacity to carry out

analysis and on the nature of that analysis, and also affect the FIU’s abilities to cooperate and to exchange

information. In order to facilitate obliged entities’ compliance with their reporting obligations and allow for a more

effective functioning of the FIU’s analytical activities and cooperation, AMLA should develop draft implementing

technical standards specifying a common template for the reporting of suspicious transactions to be used as

a uniform basis throughout the Union.

(140) FIUs should be able to obtain swiftly from any obliged entity all the necessary information relating to their functions.

Their unfettered and swift access to information is essential to ensure that flows of money can be properly traced

and illicit networks and flows detected at an early stage. The need for FIUs to obtain additional information from

obliged entities based on a suspicion of money laundering or financing of terrorism might be triggered by a prior

suspicious transaction report reported to the FIU, but might also be triggered through other means such as the FIU’s

own analysis, intelligence provided by competent authorities or information held by another FIU. FIUs should

therefore be able, in the context of their functions, to obtain information from any obliged entity, even without

a prior report being made. In particular, records of financial transactions and transfers carried out through a bank,

payment or crypto-asset account are critical for the analytical work of FIUs. However, due to the lack of

harmonisation, at present credit institutions and financial institutions provide FIUs with transaction records in

different formats, which are not readily useable for analysis. Considering the cross-border nature of FIUs’ analytical

activities, the disparity of formats and difficulties of processing transaction records hamper the exchange of

information among FIUs and the development of cross-border financial analyses. AMLA should therefore develop

draft implementing technical standards specifying a common template for the provision of transaction records by

credit institutions and financial institutions to FIUs to be used as a uniform basis throughout the Union.

(141) Obliged entities should reply to a request for information by the FIU as soon as possible and, in any case, within 5

working days of receipt of the request or any other shorter or longer deadline imposed by the FIU. In justified and

urgent cases, the obliged entity should reply to the FIU’s request within 24 hours. Those deadlines should apply to

information requests that are based on sufficiently defined conditions. An FIU should also be able to obtain

information from obliged entities upon request made by another FIU and to exchange the information with the

requesting FIU. Requests to obliged entities vary in nature. For example, complex requests might necessitate more

time and warrant an extended deadline for response. To that end, FIUs should be able to grant extended deadlines to

obliged entities, provided that does not have a negative impact on the FIU’s analysis.

(142) For certain obliged entities, Member States should have the possibility to designate an appropriate self-regulatory

body to be informed in the first instance instead of the FIU. In accordance with the case-law of the European Court

of Human Rights, a system of first instance reporting to a self-regulatory body constitutes an important safeguard for

upholding the protection of fundamental rights as concerns the reporting obligations applicable to lawyers. Member

States should provide for the means and manner by which to achieve the protection of professional secrecy,

confidentiality and privacy.

(143) Notaries, lawyers, other independent legal professionals, auditors, external accountants and tax advisors should not

be obliged to transmit to the FIU or to a self-regulatory body any information received from, or obtained in relation

to, one of their clients in the course of ascertaining the legal position of that client, or in performing the task of

defending or representing that client in, or concerning, judicial proceedings, including providing advice on

instituting or avoiding such proceedings, whether such information is received or obtained before, during or after

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

27/111

EN

OJ L, 19.6.2024

such proceedings. However, such an exception should not apply where the legal professional, auditor, external

accountant or tax advisor is taking part in money laundering or terrorist financing, the legal advice is provided for

the purposes of money laundering or terrorist financing, or where the legal professional, auditor, external

accountant or tax advisor knows that the client is seeking legal advice for the purposes of money laundering or

terrorist financing. Such knowledge and purpose can be inferred from objective, factual circumstances. Legal advice

sought in relation to ongoing judicial proceedings should not be deemed to constitute legal advice for the purposes

of money laundering of terrorist financing. In line with the risk-based approach, Member States should be able to

identify additional situations where, having regard to the high risk of money laundering, its predicate offences or

terrorist financing associated with certain types of transactions, the exemption from the reporting requirement does

not apply. When identifying such additional situations, Member States are to ensure compliance in particular with

Articles 7 and 47 of the Charter.

(144) Obliged entities should exceptionally be able to carry out suspicious transactions before informing the FIU where

refraining from doing so is impossible or likely to frustrate efforts to pursue the beneficiaries of a suspected money

laundering or terrorist financing operation. However, that exception should not be invoked in relation to

transactions concerned by any international obligations accepted by the Member State of the FIU to freeze without

delay funds or other assets of terrorists, terrorist organisations or those who finance terrorism, in accordance with

the relevant UNSC resolutions.

(145) Confidentiality in relation to the reporting of suspicious transactions and to the provision of other relevant

information to FIUs is essential in order to enable the competent authorities to freeze and seize assets potentially

linked to money laundering, its predicate offences or terrorist financing. A suspicious transaction is not an

indication of criminal activity. Disclosing that a suspicion has been reported might tarnish the reputation of the

persons involved in the transaction and jeopardise the performance of analyses and investigations. Therefore, obliged

entities and their directors and employees, or persons in comparable positions, including agents and distributors,

should not inform the customer concerned or a third party that information is being, will be or has been submitted

to the FIU, whether directly or through the self-regulatory body, or that a money laundering or terrorist financing

analysis is being, or might be, carried out. The prohibition of disclosure should not apply in specific circumstances

concerning, for example, disclosures to competent authorities and self-regulatory bodies when performing

supervisory functions, or disclosures for law enforcement purposes or where the disclosures take place between

obliged entities that belong to the same group.

(146) Criminals move illicit proceeds through numerous intermediaries to avoid detection. Therefore it is important to

allow obliged entities to exchange information not only between group members, but also in certain cases between

credit institutions and financial institutions and other entities that operate within networks, with due regard to data

protection rules. Outside of a partnership for information sharing, the disclosure permitted among certain categories

of obliged entities in cases involving the same transaction should only take place with regard to the specific

transaction that is carried out between or facilitated by those obliged entities, and not with regard to connected

previous or subsequent transactions.

(147) The exchange of information among obliged entities and, where applicable, competent authorities, might increase

the possibilities for detecting illicit financial flows concerning money laundering, the financing of terrorism and

proceeds of crime. For that reason, obliged entities and competent authorities should be able to exchange

information in the framework of an information sharing partnership where they deem such sharing to be necessary

for compliance with their AML/CFT obligations and tasks. Information sharing should be subject to robust

safeguards relating to confidentiality, data protection, use of information and criminal procedure. Obliged entities

should not rely solely on information received through the exchange of information to draw conclusions on the

money laundering and terrorist financing risk of the customer or transaction or to take decisions regarding the

establishment or termination of a business relationship or the carrying out of a transaction. As recognised in

Directive 2014/92/EU, the smooth functioning of the internal market and the development of a modern, socially

inclusive economy increasingly depends on the universal provision of payment services. Therefore, access to basic

financial services should not be denied on the basis of information exchanged among obliged entities or between

obliged entities and competent authorities or AMLA.

(148) Compliance with the requirements of this Regulation is subject to checks by supervisors. Where obliged entities

exchange information in the framework of a partnership for information sharing, those checks should also include

compliance with the conditions laid down in this Regulation for those exchanges of information. While supervisory

28/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

checks should be risk-based, they should be performed in any event prior to the commencement of the activities of

the partnership for information sharing. Partnerships for information sharing that involve the processing of personal

data might result in a high risk to the rights and freedoms of natural persons. Therefore, a data protection impact

assessment pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (²⁸) should be

carried out prior to the start of the activities of the partnership. In the context of supervisory checks, supervisors

should consult, where relevant, data protection authorities, which alone are competent for assessing the data

protection impact assessment. The data protection provisions and all requirements concerning the confidentiality of

information on suspicious transactions contained in this Regulation apply to information shared in the framework

of a partnership. Consistent with Regulation (EU) 2016/679, Member States should be able to maintain or introduce

more specific provisions to adapt the application of that Regulation to provide more specific requirements in

relation to the processing of personal data exchanged in the framework of a partnership for information sharing.

(149) While partnerships for information sharing enable the exchange of operational information and personal data under

strict safeguards, those exchanges should not replace the requirements under this Regulation to report any suspicion

to the competent FIU. Therefore, when obliged entities identify suspicious activities on the basis of information

obtained in the context of a partnership for information sharing, they should report that suspicion to the FIU in the

Member State where they are established. Information that indicates suspicious activity is subject to stricter rules that

prohibit its disclosure and should only be shared where necessary for the purposes of preventing and combating

money laundering, its predicate offences and terrorist financing and subject to safeguards protecting fundamental

rights, the confidentiality of FIU work and the integrity of law enforcement investigations.

(150) Regulation (EU) 2016/679 applies to the processing of personal data for the purposes of this Regulation. The fight

against money laundering and terrorist financing is recognised as an important public interest ground by all Member

States. Obliged entities should pay particular attention to the principles requiring that the personal data processed in

the course of compliance with their AML/CFT obligations be accurate, reliable and up-to-date. For the purposes of

complying with this Regulation, obliged entities should be able to adopt processes that enable automated individual

decision-making, including profiling, as set out under Article 22 of Regulation (EU) 2016/679. When doing so, the

requirements set out in this Regulation to safeguard the rights of persons subject to such processes should apply in

addition to any other relevant requirements set out in Union law concerning the protection of personal data.

(151) It is essential that the alignment of the AML/CFT framework with the revised FATF Recommendations is carried out

in full compliance with Union law, in particular as regards Union data protection law and the protection of

fundamental rights as enshrined in the Charter. Certain aspects of the implementation of the AML/CFT framework

involve the collection, analysis, storage and sharing of data. Such processing of personal data should be permitted,

while fully respecting fundamental rights, only for the purposes laid down in this Regulation, and for carrying out

customer due diligence, ongoing monitoring, analysis and reporting of suspicious transactions, identification of the

beneficial owner of a legal person or legal arrangement, identification of a politically exposed person and sharing of

information by credit institutions and financial institutions and other obliged entities. The collection and subsequent

processing of personal data by obliged entities should be limited to what is necessary for the purpose of complying

with AML/CFT requirements and personal data should not be further processed in a way that is incompatible with

that purpose. In particular, further processing of personal data for commercial purposes should be strictly

prohibited.

(152) The processing of certain categories of sensitive data as defined under Article 9 of Regulation (EU) 2016/679 could

give rise to risks to the fundamental rights and freedoms of the subjects of those data. To minimise the risks that the

processing of such data by obliged entities results in discriminatory or biased outcomes that adversely impact the

customer, such as the termination or refusal to enter into a business relationship, obliged entities should not take

decisions solely on the basis of information in their possession concerning special categories of personal data within

the meaning of Regulation (EU) 2016/679 where that information bears no relevance to the money laundering and

terrorist financing risks posed by a transaction or relationship. Similarly, in order to ensure that the intensity of

customer due diligence is based on a holistic understanding of the risks associated with the customer, obliged entities

28

(

)

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons

with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General

Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1).

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

29/111

EN

OJ L, 19.6.2024

should not base the application of a higher or lower level of customer due diligence measures solely on the basis of

sensitive data that they possess on the customer.

(153) The revised FATF Recommendations demonstrate that, in order to be able to cooperate fully and comply swiftly with

information requests from competent authorities for the purposes of the prevention, detection or investigation of

money laundering and terrorist financing, obliged entities should maintain, for at least 5 years, the necessary

information obtained through customer due diligence measures and the records on transactions. In order to avoid

different approaches and in order to fulfil the requirements relating to the protection of personal data and legal

certainty, that retention period should be fixed at 5 years after the end of a business relationship or an occasional

transaction. There might be situations where the functions of competent authorities cannot be effectively carried out

if the relevant information held by obliged entities is deleted pursuant to the lapse of the retention period. In such

cases, competent authorities should be able to request obliged entities to retain information on a case-by-case basis

for a longer period, which should not exceed 5 years.

(154) Where the notion of competent authorities refers to investigating and prosecuting authorities, it should be

interpreted as including the European Public Prosecutor’s Office (EPPO) with regard to the Member States that

participate in the enhanced cooperation on the establishment of the EPPO.

(155) Disseminations by FIUs play a crucial role in detecting possible criminal activities under the competence of the EPPO

or the European Anti-Fraud Office (OLAF), or in relation to which Europol and Eurojust are able to provide

operational support at an early stage in accordance with their respective mandates, and to support prompt and

effective investigations and prosecutions. Information shared with the EPPO and OLAF by FIUs should include

grounds for the suspicion that a crime under the EPPO’s and OLAF’s respective competencies might be or has been

perpetrated, and be accompanied by all relevant information that the FIU holds and which can support action,

including relevant financial and administrative information. Where the EPPO and OLAF request information from

FIUs, it is equally important that FIUs are able to share all the information they hold in relation to the case. In

accordance with the applicable provisions in their founding legal instruments, the EPPO and OLAF should inform

FIUs about the steps taken in relation to the information that was disseminated and any relevant outcomes.

(156) For the purpose of ensuring the appropriate and efficient administration of justice during the period between the

entry into force and application of this Regulation, and in order to allow for its smooth interaction with national

procedural law, information and documents pertinent to ongoing legal proceedings for the purpose of the

prevention, detection or investigation of possible money laundering or terrorist financing, where those proceedings

are pending in the Member States on the date of entry into force of this Regulation, should be retained for a period

of 5 years after that date, and it should be possible to extend that period for a further 5 years.

(157) The rights of access to data by the data subject are applicable to the personal data processed for the purpose of this

Regulation. However, access by the data subject to any information related to a suspicious transaction report would

seriously undermine the effectiveness of the fight against money laundering and terrorist financing. Exceptions to

and restrictions of that right in accordance with Article 23 of Regulation (EU) 2016/679 might therefore be justified.

The data subject has the right to request that an authority referred to in Article 51 of Regulation (EU) 2016/679

check the lawfulness of the processing and has the right to seek a judicial remedy referred to in Article 79 of that

Regulation. That authority is also able to act on an ex officio basis where provided for under Regulation (EU)

2016/679. Without prejudice to the restrictions to the right to access, the supervisory authority should be able to

inform the data subject that all necessary verifications by the supervisory authority have taken place, and of the

result as regards the lawfulness of the processing in question.

(158) Obliged entities might resort to the services of other private operators. However, the AML/CFT framework should

apply to obliged entities only, and obliged entities should retain full responsibility for compliance with AML/CFT

requirements. In order to ensure legal certainty and to avoid that some services are inadvertently brought into the

scope of this Regulation, it is necessary to clarify that persons that merely convert paper documents into electronic

data and are acting under a contract with an obliged entity, and persons that provide credit institutions or financial

institutions solely with messaging or other support systems for transmitting funds as defined in Article 4, point (25),

of Directive (EU) 2015/2366 or with clearing and settlement systems, do not fall within the scope of this Regulation.

30/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

(159) Obliged entities should obtain and hold adequate and accurate information on the beneficial ownership and control

of legal persons. As bearer shares accord ownership to the person who possesses the bearer share certificate, they

allow the beneficial owner to remain anonymous. To ensure that such shares are not misused for money laundering

or terrorist financing purposes, companies — other than those with listed securities on a regulated market or whose

shares are issued as intermediated securities — should convert all existing bearer shares into registered shares,

immobilise them, or deposit them with a financial institution. In addition, bearer share warrants should only be

permitted in intermediated form.

(160) The anonymity of crypto-assets exposes them to risks of misuse for criminal purposes. Anonymous crypto-asset

accounts, as well as other anonymising instruments, do not allow the traceability of crypto-asset transfers, and make

it difficult to identify linked transactions that might raise suspicion or to apply an adequate level of customer due

diligence. In order to ensure effective application of AML/CFT requirements to crypto-assets, it is necessary to

prohibit the provision and the custody of anonymous crypto-asset accounts or accounts allowing for the

anonymisation or the increased obfuscation of transactions by crypto-asset service providers, including through

anonymity-enhancing coins. That prohibition does not apply to providers of hardware and software or providers of

self-hosted wallets insofar as they do not possess access to or control over those crypto-asset wallets.

(161) The use of large cash payments is highly vulnerable to money laundering and terrorist financing, and that

vulnerability has not been sufficiently mitigated by the requirement for persons trading in goods to be subject to

anti-money laundering rules when making or receiving cash payments of EUR 10 000 or more. At the same time,

differences in approaches among Member States have undermined the level playing field within the internal market

to the detriment of businesses located in Member States with stricter controls. It is therefore necessary to introduce

a Union-wide limit to large cash payments of EUR 10 000. Member States should be able to adopt lower thresholds

and further stricter provisions to the extent that they pursue legitimate objectives in the public interest. Given that

the AML/CFT framework is based on the regulation of the business economy, the limit should not apply to payments

between natural persons who are not acting in a professional capacity. In addition, in order to ensure that the

Union-wide limit does not unintentionally create barriers for persons who do not use or do not have access to

banking services to make payments, or for business to deposit the income from their activities in their accounts,

payments or deposits made at the premises of credit institutions, payment institutions or electronic money

institutions should also be exempted from the application of the limit.

(162) Cash payments or deposits made at the premises of credit institutions, payment service providers and electronic

money providers that exceed the threshold for large cash payments should not, by default, be considered an indicator

for suspicion of money laundering, its predicate offences or terrorist financing. The reporting of such transactions

enables the FIU to assess and identify patterns concerning the movement of cash and, while such information

contributes to the FIU’s operational or strategic analyses, the nature of threshold-based disclosures makes them

distinct from suspicious transaction reports. To that effect, threshold-based disclosures do not replace the

requirement to report suspicious transactions or to apply enhanced due diligence measures in cases of higher risk. It

should be possible for FIUs to require the reports to be made within a specific deadline, which could include the

periodic submission on an aggregated basis.

(163) There might be cases where reasons of force majeure, such as those caused by natural catastrophes, result in

a widespread loss of access to payment mechanisms other than cash. In such cases, Member States should be able to

suspend the application of the limit on large cash payments. Such a suspension is an extraordinary measure and

should only be applied where necessary as a response to exceptional, duly justified, situations. An impossibility to

access financial services does not constitute a valid ground for the suspension of the limit where it is attributable to

a Member State’s failure to guarantee that consumers have access to financial infrastructure across the entirety of its

territory.

(164) The Commission should assess the costs, benefits and impacts of adjusting the limit for large cash payments at

Union level with a view to levelling further the playing field for businesses and reducing opportunities for criminals

to use cash for money laundering. That assessment should consider in particular the most appropriate level for

a harmonised limit to cash payments at Union level considering the current existing limits to cash payments in place

in a large number of Member States, the enforceability of such a limit at Union level and the effects of such a limit on

the legal tender status of the euro.

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

31/111

EN

OJ L, 19.6.2024

(165) The Commission should also assess the costs, benefits and impacts of lowering the 25 % threshold for the

identification of beneficial owners where control is exercised through ownership interest. That assessment should

consider in particular the lessons learned from Member States or third countries having introduced lower

thresholds.

(166) Risks associated with high-value goods might also extend to other goods that are highly portable, such as garments

and clothing accessories. The Commission should therefore assess the need to extend the scope of obliged entities to

include persons trading in such high-value goods. In addition, given that this Regulation introduces for the first time

at Union level mandatory threshold-based disclosures in relation to certain high-value goods, the Commission

should assess, based on the experience gathered in relation to implementation of this Regulation, the need to extend

the scope of goods subject to threshold-based disclosures and to harmonise the format for such disclosures in light

of the use of threshold-based disclosures made by FIUs. Finally, given the risks associated with high-value goods in

free trade zones, the Commission should assess the need to expand the scope of information to be reported by

operators trading and storing high-value goods in such free trade zones.

(167) In order to ensure consistent application of AML/CFT requirements, the power to adopt acts in accordance with

Article 290 TFEU should be delegated to the Commission in respect of identifying high-risk third countries, third

countries with compliance weaknesses and third countries posing a specific and serious threat to the Union’s

financial system as well as countermeasures or specific enhanced due diligence measures mitigating risks stemming

from such third countries; identifying additional cases of higher risk affecting Union and associated enhanced due

diligence measures; identifying common additional categories of prominent public functions; identifying the

categories of corporate entities associated with higher risks and the associated lower thresholds for the purpose of

identifying beneficial ownership through ownership interest; defining the categories of breaches of beneficial

ownership transparency requirements that are subject to penalties and the persons liable for them, the indicators to

classify the level of gravity of those breaches and the criteria to be taken into account when setting the level of

penalties. It is of particular importance that the Commission carry out appropriate consultations during its

preparatory work, including at expert level, and that those consultations be conducted in accordance with the

principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making (²⁹). In particular, to

ensure equal participation in the preparation of delegated acts, the European Parliament and the Council receive all

documents at the same time as Member States’ experts, and their experts systematically have access to meetings of

Commission expert groups dealing with the preparation of delegated acts.

(168) The Commission should be empowered to adopt the regulatory technical standards developed by AMLA specifying

the minimum requirements of group-wide policies, procedures and controls, including minimum standards for

information sharing, the criteria for identifying the parent undertaking and the conditions under which structures

which share common ownership, management or compliance controls are required to apply group-wide policies,

procedures and controls; specifying the type of additional measures, including the minimum action to be taken by

groups where the law of third countries do not permit the implementation of group-wide policies, procedures and

controls and additional supervisory actions; specifying the obliged entities, sectors and transactions associated with

higher risk and carrying out low value occasional transactions, the related values, the criteria for identifying

occasional transactions and business relationship and the criteria to identify linked transaction for the purpose of

performance of customer due diligence; and specifying the information necessary for the performance of customer

due diligence. The Commission should adopt those regulatory technical standards by means of delegated acts

pursuant to Article 290 TFEU and in accordance with Article 49 of Regulation (EU) 2024/1620.

(169) In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be

conferred on the Commission in order to set out the methodology for the identification of third countries posing

a specific and serious threat to the Union’s financial system; set out the format for the establishment and

communication of the Member States’ lists of prominent public functions; and identify types of legal entities and

types of legal arrangements similar to express trusts governed by the law of Member States. Those powers should be

exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council (³⁰).

Implementing powers should also be conferred on the Commission in order to decide on putting an end to specific

additional national countermeasures.

29

(

)

OJ L 123, 12.5.2016, p. 1.

30

Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and

general principles concerning mechanisms for control by the Member States of the Commission’s exercise of implementing powers

(OJ L 55, 28.2.2011, p. 13).

32/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

(170) The Commission should be empowered to adopt implementing technical standards developed by AMLA specifying

the format to be used for the reporting of suspicions and for the provision of transaction records, and the format to

be used by FIUs for reporting information to the EPPO. The Commission should adopt those implementing technical

standards by means of implementing acts pursuant to Article 291 TFEU and in accordance with Article 53 of

Regulation (EU) 2024/1620.

(171) This Regulation respects the fundamental rights and observes the principles recognised by the Charter, in particular

the right to respect for private and family life, the right to the protection of personal data and the freedom to

conduct a business.

(172) In accordance with Article 21 of the Charter, which prohibits discrimination based on any grounds, obliged entities

should perform risk assessments in the context of customer due diligence without discrimination.

(173) When drawing up a report evaluating the implementation of this Regulation, the Commission should give due

consideration to the respect of the fundamental rights and principles recognised by the Charter.

(174) Since the objective of this Regulation, namely to prevent the use of the Union’s financial system for the purposes of

money laundering and terrorist financing, cannot be sufficiently achieved by the Member States and can rather, by

reason of the scale or effects of the action, be better achieved at Union level, the Union may adopt measures, in

accordance with the principle of subsidiarity as set out in Article 5 TEU. In accordance with the principle of

proportionality as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve

that objective.

(175) The European Data Protection Supervisor has been consulted in accordance with Article 42(1) of Regulation (EU)

2018/1725 and delivered an opinion on 22 September 2021 (³¹),

HAVE ADOPTED THIS REGULATION:

CHAPTER I

GENERAL PROVISIONS

SECTION 1

Subject matter and definitions

Article 1

Subject matter

This Regulation lays down rules concerning:

(a) the measures to be applied by obliged entities to prevent money laundering and terrorist financing;

(b) beneficial ownership transparency requirements for legal entities, express trusts and similar legal arrangements;

(c) measures to limit the misuse of anonymous instruments.

Article 2

Definitions

1.

For the purposes of this Regulation, the following definitions apply:

OJ C 524, 29.12.2021, p. 10.

31

(

)

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

33/111

EN

OJ L, 19.6.2024

(1) ‘money laundering’ means the conduct set out in Article 3, paragraphs 1 and 5, of Directive (EU) 2018/1673 including

aiding and abetting, inciting and attempting to commit that conduct, whether the activities which generated the

property to be laundered were carried out on the territory of a Member State or on that of a third country; knowledge,

intent or purpose required as an element of that conduct may be inferred from objective factual circumstances;

(2) ‘terrorist financing’ means the conduct set out in Article 11 of Directive (EU) 2017/541 including aiding and abetting,

inciting and attempting to commit that conduct, whether carried out on the territory of a Member State or on that of

a third country; knowledge, intent or purpose required as an element of that conduct may be inferred from objective

factual circumstances;

(3) ‘criminal activity’ means criminal activity as defined in Article 2, point (1), of Directive (EU) 2018/1673, as well as

fraud affecting the Union’s financial interests as defined in Article 3(2) of Directive (EU) 2017/1371, passive and active

corruption as defined in Article 4 (2) and misappropriation as defined in Article 4(3), second subparagraph, of that

Directive;

(4) ‘funds’ or ‘property’ means property as defined in Article 2, point (2), of Directive (EU) 2018/1673;

(5) ‘credit institution’ means:

(a) a credit institution as defined in Article 4(1), point (1), of Regulation (EU) No 575/2013;

(b) a branch of a credit institution, as defined in Article 4(1), point (17), of Regulation (EU) No 575/2013, when

located in the Union, whether its head office is located in a Member State or in a third country;

(6) ‘financial institution’ means:

(a) an undertaking other than a credit institution or an investment firm, which carries out one or more of the

activities listed in points (2) to (12), (14) and (15) of Annex I to Directive 2013/36/EU of the European Parliament

and of the Council (³²), including the activities of currency exchange offices (bureaux de change), but excluding the

activities referred to in point (8) of Annex I to Directive (EU) 2015/2366, or an undertaking the principal activity

of which is to acquire holdings, including a financial holding company, a mixed financial holding company and

a financial mixed activity holding company;

(b) an insurance undertaking as defined in Article 13, point (1), of Directive 2009/138/EC of the European Parliament

and of the Council (³³), insofar as it carries out life or other investment-related assurance activities covered by that

Directive, including insurance holding companies and mixed-activity insurance holding companies as defined,

respectively, in Article 212(1), points (f) and (g), of Directive 2009/138/EC;

(c) an insurance intermediary as defined in Article 2(1), point (3), of Directive (EU) 2016/97 where it acts with respect

to life insurance and other investment-related insurance services, with the exception of an insurance intermediary

that does not collect premiums or amounts intended for the customer and which acts under the responsibility of

one or more insurance undertakings or intermediaries for the products which concern them respectively;

(d) an investment firm as defined in Article 4(1), point (1), of Directive 2014/65/EU of the European Parliament and

of the Council (³⁴);

(e) a collective investment undertaking, in particular:

(i) an undertaking for collective investment in transferable securities (UCITS) as defined in Article 1(2) of

Directive 2009/65/EC and its management company as defined in Article 2(1), point (b), of that Directive or

an investment company authorised in accordance with that Directive and which has not designated

a management company, that makes available for purchase units of UCITS in the Union;

32

(

)

Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions

and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing

Directives 2006/48/EC and 2006/49/EC (OJ L 176, 27.6.2013, p. 338).

Directive 2009/138/EC of the European Parliament and of the Council of 25 November 2009 on the taking-up and pursuit of the

business of Insurance and Reinsurance (Solvency II) (OJ L 335, 17.12.2009, p. 1).

Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and

amending Directive 2002/92/EC and Directive 2011/61/EU (OJ L 173, 12.6.2014, p. 349).

34/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

(ii) an alternative investment fund as defined in Article 4(1), point (a), of Directive 2011/61/EU and its alternative

investment fund manager as defined in Article 4(1), point (b), of that Directive that fall within the scope set out

in Article 2 of that Directive;

(f) a central securities depository as defined in Article 2(1), point (1), of Regulation (EU) No 909/2014 of the

European Parliament and of the Council (³⁵);

(g) a creditor as defined in Article 4, point (2), of Directive 2014/17/EU of the European Parliament and of the

Council (³⁶) and in Article 3, point (b), of Directive 2008/48/EC of the European Parliament and of the Council (³⁷);

(h) a credit intermediary as defined in Article 4, point (5), of Directive 2014/17/EU and in Article 3, point (f), of

Directive 2008/48/EC, when holding the funds as defined in Article 4, point (25), of Directive (EU) 2015/2366 in

connection with the credit agreement, with the exception of the credit intermediary carrying out activities under

the responsibility of one or more creditors or credit intermediaries;

(i) a crypto-asset service provider;

(j) a branch of a financial institution referred to in points (a) to (i), when located in the Union, whether its head office

is located in a Member State or in a third country;

(7) ‘crypto-asset’ means a crypto-asset as defined in Article 3(1), point (5), of Regulation (EU) 2023/1114 except when

falling under the categories listed in Article 2(4) of that Regulation;

(8) ‘crypto-asset services’ means crypto-asset services as defined in Article 3(1), point (16), of Regulation (EU) 2023/1114,

with the exception of providing advice on crypto-assets as referred to in Article 3(1), point (16)(h), of that Regulation;

(9) ‘crypto-asset service provider’ means a crypto-asset service provider as defined in Article 3(1), point (15), of

Regulation (EU) 2023/1114 where performing one or more crypto-asset services;

(10) ‘financial mixed activity holding company’ means an undertaking, other than a financial holding company or a mixed

financial holding company, which is not the subsidiary of another undertaking, the subsidiaries of which include at

least one credit institution or financial institution;

(11) ‘trust or company service provider’ means any natural or legal person that, by way of its business, provides any of the

following services to third parties:

(a) the formation of companies or other legal persons;

(b) acting as, or arranging for another person to act as, a director or secretary of a company, a partner of

a partnership, or a similar position in relation to other legal persons;

(c) providing a registered office, business address, correspondence address or administrative address, as well as other

related services for a company, a partnership or any other legal person or legal arrangement;

(d) acting as, or arranging for another person to act as, a trustee of an express trust or performing an equivalent

function for a similar legal arrangement;

(e) acting as, or arranging for another person to act as, a nominee shareholder for another person;

(12) ‘gambling service’ means a service which involves wagering a stake with monetary value in games of chance, including

those with an element of skill, such as lotteries, casino games, poker games and betting transactions that are provided

at a physical location, or by any means at a distance, by electronic means or any other technology for facilitating

communication, and at the individual request of a recipient of services;

35

(

)

Regulation (EU) No 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving securities settlement in

the European Union and on central securities depositories and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU)

No 236/2012 (OJ L 257, 28.8.2014, p. 1).

Directive 2014/17/EU of the European Parliament and of the Council of 4 February 2014 on credit agreements for consumers

relating to residential immovable property and amending Directives 2008/48/EC and 2013/36/EU and Regulation (EU)

No 1093/2010 (OJ L 60, 28.2.2014, p. 34).

36

37

Directive 2008/48/EC of the European Parliament and of the Council of 23 April 2008 on credit agreements for consumers and

repealing Council Directive 87/102/EEC (OJ L 133, 22.5.2008, p. 66).

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

35/111

EN

OJ L, 19.6.2024

(13) ‘non-financial mixed activity holding company’ means an undertaking, other than a financial holding company or

a mixed financial holding company, which is not the subsidiary of another undertaking, the subsidiaries of which

include at least one obliged entity as referred to in Article 3, point (3);

(14) ‘self-hosted address’ means a self-hosted address as defined in Article 3, point (20), of Regulation (EU) 2023/1113;

(15) ‘crowdfunding service provider’ means a crowdfunding service provider as defined in Article 2(1), point (e), of

Regulation (EU) 2020/1503;

(16) ‘crowdfunding intermediary’ means an undertaking other than a crowdfunding service provider the business of which

is to match or facilitate the matching, through an internet-based information system open to the public or to a limited

number of funders, of:

(a) project owners, which are any natural or legal person seeking funding for projects, consisting of one or a set of

predefined operations aiming at a particular objective, including fundraising for a particular cause or event

irrespective of whether those projects are proposed to the public or to a limited number of funders; and

(b) funders, which are any natural or legal person contributing to the funding of projects, through loans, with or

without interest, or donations, including where such donations entitle the donor to a non-material benefit;

(17) ‘electronic money’ means electronic money as defined in Article 2, point (2), of Directive 2009/110/EC of the

European Parliament and of the Council (³⁸), but excluding monetary value as referred to in Article 1(4) and (5) of that

Directive;

(18) ‘establishment’ means the actual pursuit by an obliged entity of an economic activity covered by Article 3 in a Member

State or third country other than the country where its head office is located for an indefinite period and through

a stable infrastructure, including:

(a) a branch or subsidiary;

(b) in the case of credit institutions and financial institutions, an infrastructure qualifying as an establishment under

prudential regulation;

(19) ‘business relationship’ means a business, professional or commercial relationship connected with the professional

activities of an obliged entity, which is set up between an obliged entity and a customer, including in the absence of

a written contract and which is expected to have, at the time when the contact is established, or which subsequently

acquires, an element of repetition or duration;

(20) ‘linked transactions’ means two or more transactions with either identical or similar origin, destination and purpose,

or other relevant characteristics, over a specific period;

(21) ‘third country’ means any jurisdiction, independent state or autonomous territory that is not part of the Union and

that has its own AML/CFT legislation or enforcement regime;

(22) ‘correspondent relationship’ means:

(a) the provision of banking services by one credit institution as the correspondent to another credit institution as the

respondent, including providing a current or other liability account and related services, such as cash management,

international transfers of funds as defined in Article 4, point (25), of Directive (EU) 2015/2366, cheque clearing,

payable-through accounts and foreign exchange services;

(b) the relationships between and among credit institutions and financial institutions including where similar services

are provided by a correspondent institution to a respondent institution, and including relationships established for

securities transactions or transfers of funds as defined in Article 4, point (25), of Directive (EU) 2015/2366,

transactions in crypto-assets or transfers of crypto-assets;

(23) ‘shell institution’ means:

38

(

)

Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and

prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and

repealing Directive 2000/46/EC (OJ L 267, 10.10.2009, p. 7).

36/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

(a) for credit institutions and financial institutions other than crypto-asset service providers: a credit institution or

financial institution, or an institution that carries out activities equivalent to those carried out by credit institutions

and financial institutions, created in a jurisdiction in which it has no physical presence, involving meaningful mind

and management, and which is unaffiliated with a regulated financial group;

(b) for crypto-asset service providers: an entity whose name appears in the register established by the European

Securities and Markets Authority pursuant to Article 110 of Regulation (EU) 2023/1114 or third country entity

providing crypto-asset services without being licensed or registered nor subject to AML/CFT supervision there;

(24) ‘crypto-asset account’ means a crypto-asset account as defined in Article 3, point (19), of Regulation (EU) 2023/1113;

(25) ‘anonymity-enhancing coins’ means crypto-assets that have built-in features designed to make crypto-asset transfer

information anonymous, either systematically or optionally;

(26) ‘virtual IBAN’ means an identifier causing payments to be redirected to a payment account identified by an IBAN

different from that identifier;

(27) ‘Legal Entity Identifier’ means a unique alphanumeric reference code based on the ISO 17442 standard assigned to

a legal entity;

(28) ‘beneficial owner’ means any natural person who ultimately owns or controls a legal entity or an express trust or

similar legal arrangement;

(29) ‘express trust’ means a trust intentionally set up by the settlor, inter vivos or on death, usually in a form of written

document, to place assets under the control of a trustee for the benefit of a beneficiary or for a specified purpose;

(30) ‘objects of a power’ means the natural or legal persons or class of natural or legal persons among whom trustees may

select the beneficiaries in a discretionary trust;

(31) ‘default taker’ means the natural or legal persons or class of natural or legal persons who are the beneficiaries of

a discretionary trust should the trustees fail to exercise their discretion;

(32) ‘legal arrangement’ means an express trust or an arrangement which has a similar structure or function to an express

trust, including fiducie and certain types of Treuhand and fideicomiso;

(33) ‘basic information’ means:

(a) in relation to a legal entity:

(i) legal form and name of the legal entity;

(ii) instrument of constitution, and the statutes if they are contained in a separate instrument;

(iii) address of the registered or official office and, if different, the principal place of business, and the country of

creation;

(iv) a list of legal representatives;

(v) where applicable, a list of shareholders or members, including information on the number of shares held by

each shareholder and the categories of those shares and the nature of the associated voting rights;

(vi) where available, the registration number, the European Unique identifier, the tax identification number and

the Legal Entity Identifier;

(vii) in the case of foundations, the assets held by the foundation to pursue its purposes;

(b) in relation to a legal arrangement:

(i) the name or unique identifier of the legal arrangement;

(ii) the trust deed or equivalent;

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

37/111

EN

OJ L, 19.6.2024

(iii) the purposes of the legal arrangement, if any;

(iv) the assets held in the legal arrangement or managed through it;

(v) the place of residence of the trustees of the express trust or persons holding equivalent positions in the similar

legal arrangement, and, if different, the place from where the express trust or similar legal arrangement is

administered;

(34) ‘politically exposed person’ means a natural person who is or has been entrusted with prominent public functions

including:

(a) in a Member State:

(i) heads of State, heads of government, ministers and deputy or assistant ministers;

(ii) members of parliament or of similar legislative bodies;

(iii) members of the governing bodies of political parties that hold seats in national executive or legislative

bodies, or in regional or local executive or legislative bodies representing constituencies of at least 50 000

inhabitants;

(iv) members of supreme courts, of constitutional courts or of other high-level judicial bodies, the decisions of

which are not subject to further appeal, except in exceptional circumstances;

(v) members of courts of auditors or of the boards of central banks;

(vi) ambassadors, chargés d’affaires and high-ranking officers in the armed forces;

(vii) members of the administrative, management or supervisory bodies of enterprises controlled under any of the

relationships listed in Article 22 of Directive 2013/34/EU either by the state, or, where those enterprises

qualify as medium sized or large undertakings or medium sized or large groups, as defined in Article 3(3),

(4), (6) and (7) of that Directive, by regional or local authorities;

(viii) heads of regional and local authorities, including groupings of municipalities and metropolitan regions, with

at least 50 000 inhabitants;

(ix) other prominent public functions provided for by Member States;

(b) in an international organisation:

(i) the highest ranking officials, their deputies and members of the board or equivalent functions of an

international organisation;

(ii) representatives to a Member State or to the Union;

(c) at Union level:

functions at the level of Union institutions and bodies that are equivalent to those listed in points (a) (i), (ii), (iv), (v)

and (vi);

(d) in a third country:

functions that are equivalent to those listed in point (a);

(35) ‘family member’ means:

(a) a spouse, or a person in a registered partnership or civil union or in a similar arrangement;

(b) a child and a spouse of, or a person in a registered partnership or civil union or in a similar arrangement with, that

child;

(c) a parent;

38/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

(d) for the functions referred to in point (34)(a)(i) and equivalent functions at Union level or in a third country,

a sibling;

(36) ‘person known to be a close associate’ means:

(a) a natural person who is known to have joint beneficial ownership of legal entities or legal arrangements, or any

other close business relations, with a politically exposed person;

(b) a natural person who has sole beneficial ownership of a legal entity or legal arrangement which is known to have

been set up for the de facto benefit of a politically exposed person;

(37) ‘management body’ means an obliged entity’s body or bodies, which are appointed in accordance with national law,

which are empowered to set the obliged entity’s strategy, objectives and overall direction, and which oversee and

monitor management decision-making, and include the persons who effectively direct the business of the obliged

entity; where no such body exists, the person who effectively directs the business of the obliged entity;

(38) ‘management body in its management function’ means the management body responsible for the day-to-day

management of the obliged entity;

(39) ‘management body in its supervisory function’ means the management body acting in its role of overseeing and

monitoring management decision-making;

(40) ‘senior management’ means the members of the management body in its management function, as well as officers and

employees with sufficient knowledge of the obliged entity’s money laundering and terrorist financing risk exposure

and sufficient seniority to take decisions affecting its risk exposure;

(41) ‘group’ means a group of undertakings which consists of a parent undertaking, its subsidiaries, as well as undertakings

linked to each other by a relationship within the meaning of Article 22 of Directive 2013/34/EU;

(42) ‘parent undertaking’ means:

(a) for groups whose head office is located in the Union, an obliged entity that is a parent undertaking as defined in

Article 2, point (9), of Directive 2013/34/EU that is not itself a subsidiary of another undertaking in the Union,

provided that at least one subsidiary undertaking is an obliged entity;

(b) for groups whose head office is located outside of the Union, where at least two subsidiary undertakings are

obliged entities established in the Union, an undertaking within that group established in the Union that:

(i) is an obliged entity;

(ii) is an undertaking that is not a subsidiary of another undertaking that is an obliged entity established in the

Union;

(iii) has a sufficient prominence within the group and a sufficient understanding of the operations of the group

that are subject to the requirements of this Regulation; and

(iv) is given the responsibility of implementing group-wide requirements under Chapter II, Section 2 of this

Regulation;

(43) ‘cash’ means cash as defined in Article 2(1), point (a), of Regulation (EU) 2018/1672 of the European Parliament and

of the Council (³⁹);

(44) ‘competent authority’ means:

(a) a Financial Intelligence Unit (FIU);

(b) a supervisory authority;

39

(

)

Regulation (EU) 2018/1672 of the European Parliament and of the Council of 23 October 2018 on controls on cash entering or

leaving the Union and repealing Regulation (EC) No 1889/2005 (OJ L 284, 12.11.2018, p. 6).

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

39/111

EN

OJ L, 19.6.2024

(c) a public authority that has the function of investigating or prosecuting money laundering, its predicate offences or

terrorist financing, or that has the function of tracing, seizing or freezing and confiscating criminal assets;

(d) a public authority with designated responsibilities for combating money laundering or terrorist financing;

(45) ‘supervisor’ means the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the

requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of

Regulation (EU) 2024/1620;

(46) ‘supervisory authority’ means a supervisor who is a public body, or the public authority overseeing self-regulatory

bodies in their performance of supervisory functions pursuant to Article 37 of Directive (EU) 2024/1640, or AMLA

when acting as a supervisor;

(47) ‘self-regulatory body’ means a body that represents members of a profession and has a role in regulating them, in

performing certain supervisory or monitoring functions and in ensuring the enforcement of the rules relating to them;

(48) ‘funds or other assets’ means any assets, including, but not limited to, financial assets, economic resources, including

oil and other natural resources, property of every kind, whether tangible or intangible, movable or immovable,

however acquired, and legal documents or instruments in any form, including electronic or digital, evidencing title to,

or interest in, such funds or other assets, including, but not limited to, bank credits, travellers cheques, bank cheques,

money orders, shares, securities, bonds, drafts, or letters of credit, and any interest, dividends or other income on or

value accruing from or generated by such funds or other assets, and any other assets which potentially may be used to

obtain funds, goods or services;

(49) ‘targeted financial sanctions’ means both asset freezing and prohibitions to make funds or other assets available,

directly or indirectly, for the benefit of designated persons and entities pursuant to Council Decisions adopted on the

basis of Article 29 TEU and Council Regulations adopted on the basis of Article 215 TFEU;

(50) ‘UN financial sanctions’ means both asset freezing and prohibitions to make funds or other assets available, directly or

indirectly, for the benefit of designated or listed persons and entities pursuant to:

(a) UNSC Resolution 1267 (1999) and its successor resolutions;

(b) UNSC Resolution 1373 (2001), including the determination that the relevant sanctions will be applied to the

person or entity and the public communication of that determination;

(c) UN financial sanctions relating to proliferation financing;

(51) ‘UN financial sanctions relating to proliferation financing’ means both asset freezing and prohibitions to make funds

or other assets available, directly or indirectly, for the benefit of designated or listed persons and entities pursuant to:

(a) UNSC Resolution 1718 (2006) and any successor resolutions;

(b) UNSC Resolution 2231 (2015) and any successor resolutions;

(c) any other UNSC resolutions imposing asset freezing and prohibitions to make funds or other assets available in

relation to the financing of proliferation of weapons of mass destruction;

(52) ‘professional football club’ means any legal person that is, owns or manages a football club that has been granted

a licence and participates in the national football leagues in a Member State and whose players and staff are

contractually engaged and are remunerated in exchange for their services;

(53) ‘football agent’ means a natural or legal person who, for a fee, provides intermediary services and represents football

players or professional football clubs in negotiations with a view to concluding a contract for a football player or

represents professional football clubs in negotiations with a view to concluding an agreement for the transfer of

a football player;

40/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

(54) ‘high-value goods’ means goods listed in Annex IV;

(55) ‘precious metals and stones’ means metals and stones listed in Annex V;

(56) ‘cultural goods’ means goods listed in Annex I to Council Regulation (EC) No 116/2009 (⁴⁰);

(57) ‘partnership for information sharing’ means a mechanism that enables the sharing and processing of information

between obliged entities and, where applicable, competent authorities referred to in point 44(a), (b) and (c), for the

purposes of preventing and combating money laundering, its predicate offences and terrorist financing, whether at

national level or on a cross-border basis, and regardless of the form of that partnership.

2.

Prominent public functions as referred to in paragraph 1, point (34), shall not be understood as covering

middle-ranking or more junior officials.

3.

Where justified by their administrative organisation and by risk, Member States may set lower thresholds for the

designation of the following prominent public functions:

(a) members of governing bodies of political parties represented at regional or local level, as referred to in paragraph 1,

point (34)(a)(iii);

(b) heads of regional and local authorities, as referred to in paragraph 1, point (34)(a)(viii).

Member States shall notify those lower thresholds to the Commission.

4.

In relation to paragraph 1, point (34)(a)(vii) of this Article, where justified by their administrative organisation and by

risk, Member States may set lower thresholds for the identification of enterprises controlled by regional or local authorities

than those defined in Article 3(3), (4), (6) and (7) of Directive 2013/34/EU.

Member States shall notify those lower thresholds to the Commission.

5.

Where justified by their social and cultural structures and by risk, Member States may apply a broader scope for the

designation of siblings as family members of politically exposed persons, as referred to in paragraph 1, point (35)(d).

Member States shall notify that broader scope to the Commission.

SECTION 2

Scope

Article 3

Obliged entities

The following entities are to be considered obliged entities for the purposes of this Regulation:

(1) credit institutions;

(2) financial institutions;

(3) the following natural or legal persons acting in the exercise of their professional activities:

(a) auditors, external accountants and tax advisors, and any other natural or legal person including independent legal

professionals such as lawyers, that undertakes to provide, directly or by means of other persons to which that other

person is related, material aid, assistance or advice on tax matters as principal business or professional activity;

(b) notaries, lawyers and other independent legal professionals, where they participate, whether by acting on behalf of

and for their client in any financial or real estate transaction, or by assisting in the planning or carrying out of

transactions for their client concerning any of the following:

40

(

)

Council Regulation (EC) No 116/2009 of 18 December 2008 on the export of cultural goods (OJ L 39, 10.2.2009, p. 1).

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

41/111

EN

OJ L, 19.6.2024

(i) buying and selling of real property or business entities;

(ii) managing of client money, securities or other assets, including crypto-assets;

(iii) opening or management of bank, savings, securities or crypto-assets accounts;

(iv) organisation of contributions necessary for the creation, operation or management of companies;

(v) creation, setting up, operation or management of trusts, companies, foundations, or similar structures;

(c) trust or company service providers;

(d) estate agents and other real estate professionals to the extent they act as intermediaries in real estate transactions,

including in relation to the letting of immovable property for transactions for which the monthly rent amounts to

at least EUR 10 000 or the equivalent in national currency, irrespective of the means of payment;

(e) persons trading, as a regular or principal professional activity, in precious metals and stones;

(f) persons trading, as a regular or principal professional activity, in high-value goods;

(g) providers of gambling services;

(h) crowdfunding service providers and crowdfunding intermediaries;

(i) persons trading or acting as intermediaries in the trade of cultural goods, including when this is carried out by art

galleries and auction houses, where the value of the transaction or linked transactions amounts to at least

EUR 10 000 or the equivalent in national currency;

(j) persons storing, trading or acting as intermediaries in the trade of cultural goods and high-value goods, when this is

carried out within free zones and customs warehouses, where the value of the transaction or linked transactions

amounts to at least EUR 10 000 or the equivalent in national currency;

(k) credit intermediaries for mortgage and consumer credits, other than credit institutions and financial institutions,

with the exception of the credit intermediaries carrying out activities under the responsibility of one or more

creditors or credit intermediaries;

(l) investment migration operators permitted to represent or offer intermediation services to third-country nationals

seeking to obtain residence rights in a Member State in exchange for any kind of investment, including capital

transfers, purchase or renting of property, investment in government bonds, investment in corporate entities,

donation or endowment of an activity to the public good and contributions to the state budget;

(m) non-financial mixed activity holding companies;

(n) football agents;

(o) professional football clubs in respect of the following transactions:

(i) transactions with an investor;

(ii) transactions with a sponsor;

(iii) transactions with football agents or other intermediaries;

(iv) transactions for the purpose of a football player’s transfer.

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

42/111

EN

OJ L, 19.6.2024

Article 4

Exemptions for certain providers of gambling services

1.

Member States may decide to exempt, in full or in part, providers of gambling services from the requirements set out

in this Regulation on the basis of the proven low risk posed by the nature and, where appropriate, the scale of operations of

such services.

The exemption referred to in the first subparagraph shall not apply to:

(a) casinos;

(b) providers of gambling services the principal activity of which is to provide online gambling services or sport betting

services, other than:

(i) online gambling services operated by the State, whether through a public authority or an enterprise or body

controlled by the State;

(ii) online gambling services the organisation, operation and administration of which is regulated by the State.

2.

For the purposes of paragraph 1, Member States shall carry out a risk assessment of gambling services assessing:

(a) money laundering and terrorist financing threats and vulnerabilities, and mitigating factors of the gambling services;

(b) the risks linked to the size of the transactions and payment methods used;

(c) the geographical area in which the gambling services are administered, including their cross border dimension and

accessibility from other Member States or third countries.

When carrying out the risk assessments referred to in the first subparagraph of this paragraph, Member States shall take

into account the findings of the risk assessment at Union level conducted by the Commission pursuant to Article 7 of

Directive(EU) 2024/1640.

3.

Member States shall establish risk-based monitoring activities or take other adequate measures to ensure that the

exemptions granted pursuant to this Article are not abused.

Article 5

Exemptions for certain professional football clubs

1.

Member States may decide to exempt, in full or in part, professional football clubs that participate in the highest

division of the national football league and that have a total annual turnover of less than EUR 5 000 000, or the equivalent

in national currency, for each of the previous 2 calendar years from the requirements set out in this Regulation on the basis

of the proven low risk posed by the nature and the scale of operation of such professional football clubs.

Member States may decide to exempt, in full or in part, professional football clubs that participate in a division lower than

the highest division of the national football league from the requirements set out in this Regulation on the basis of proven

low risk posed by the nature and the scale of operation of such professional football clubs.

2.

For the purposes of paragraph 1, Member States shall carry out a risk assessment of the professional football clubs

assessing:

(a) money laundering and terrorist financing threats and vulnerabilities, and mitigating factors of the professional football

clubs;

(b) the risks linked to the size and cross-border nature of the transactions.

When carrying out the risk assessments referred to in the first subparagraph of this paragraph, Member States shall take

into account the findings of the risk assessments at Union level conducted by the Commission pursuant to Article 7 of

Directive (EU) 2024/1640.

3.

Member States shall establish risk-based monitoring activities or take other adequate measures to ensure that the

exemptions granted pursuant to this Article are not abused.

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

43/111

EN

OJ L, 19.6.2024

Article 6

Exemptions for certain financial activities

1.

With the exception of persons engaged in the activity of money remittance as defined in Article 4, point (22), of

Directive (EU) 2015/2366, Member States may decide to exempt legal or natural persons that engage in a financial activity

as listed in Annex I, points (2) to (12), (14) and (15), to Directive 2013/36/EU on an occasional or very limited basis where

there is little risk of money laundering or terrorist financing from the requirements set out in this Regulation, provided that

all of the following criteria are met:

(a) the financial activity is limited in absolute terms;

(b) the financial activity is limited on a transaction basis;

(c) the financial activity is not the main activity of such persons;

(d) the financial activity is ancillary and directly related to the main activity of such persons;

(e) the main activity of such persons is not an activity referred to in Article 3, point (3)(a) to (d) or (g) of this Regulation;

(f) the financial activity is provided only to the customers of the main activity of such persons and is not generally offered

to the public.

2.

For the purposes of paragraph 1, point (a), Member States shall require that the total turnover of the financial activity

does not exceed a threshold which shall be sufficiently low. That threshold shall be established at national level, depending

on the type of financial activity.

3.

For the purposes of paragraph 1, point (b), Member States shall apply a maximum threshold per customer and per

single transaction, whether the transaction is carried out in a single operation or through linked transactions. That

maximum threshold shall be established at national level, depending on the type of financial activity. It shall be sufficiently

low in order to ensure that the types of transactions in question are an impractical and inefficient method for money

laundering or terrorist financing, and shall not exceed EUR 1 000 or the equivalent in national currency, irrespective of the

means of payment.

4.

For the purposes of paragraph 1, point (c), Member States shall require that the turnover of the financial activity does

not exceed 5 % of the total turnover of the natural or legal person concerned.

5.

In assessing the risk of money laundering or terrorist financing for the purposes of this Article, Member States shall

pay particular attention to any financial activity which is considered to be particularly likely, by its nature, to be used or

abused for the purposes of money laundering or terrorist financing.

6.

Member States shall establish risk-based monitoring activities or take other adequate measures to ensure that the

exemptions granted pursuant to this Article are not abused.

Article 7

Prior notification of exemptions

1.

Member States shall notify the Commission of any exemption that they intend to grant in accordance with Articles 4,

5 and 6 without delay. The notification shall include a justification based on the relevant risk assessment carried out by the

Member State to sustain the exemption.

2. The Commission shall within 2 months of the notification referred to in paragraph 1 take one of the following

actions:

(a) confirm that the exemption may be granted on the basis of the justification given by the Member State;

(b) by reasoned decision, declare that the exemption may not be granted.

For the purposes of the first subparagraph, the Commission may request additional information from the notifying Member

State.

44/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

3.

Upon receipt of a confirmation by the Commission pursuant to paragraph 2, point (a), of this Article, Member States

may adopt a decision granting the exemption. The decision shall state the reasons on which it is based. Member States shall

review such decisions regularly, and in any case when they update their national risk assessment pursuant to Article 8 of

Directive (EU) 2024/1640.

4.

By 10 October 2027, Member States shall notify to the Commission the exemptions granted pursuant to Article 2(2)

and (3) of Directive (EU) 2015/849 in place on 10 July 2027.

5.

The Commission shall publish every year in the Official Journal of the European Union the list of exemptions granted

pursuant to this Article and make that list publicly available on its website.

SECTION 3

Cross-border operations

Article 8

Notification of cross-border operations and application of national law

1.

Obliged entities wishing to carry out activities within the territory of another Member State for the first time shall

notify the supervisors of their home Member State of the activities which they intend to carry out in that other Member

State. That notification shall be submitted as soon as the obliged entity takes steps to carry out the activities, and, in the case

of establishments at least 3 months prior to the commencement of those activities. Obliged entities shall immediately notify

the supervisors of their home Member State upon commencement of those activities in that other Member State.

The first subparagraph shall not apply to obliged entities subject to specific notification procedures for the exercise of the

freedom of establishment and of the freedom to provide services under other Union legal acts or to cases where the obliged

entity is subject to specific authorisation requirements in order to operate in the territory of that other Member State.

2.

Any planned change to the information communicated under paragraph 1 shall be communicated by the obliged

entity to the supervisor of the home Member State at least 1 month before making the change.

3.

Where this Regulation allows Member States to adopt additional rules applicable to obliged entities, obliged entities

shall comply with the national rules of the Member State in which they are established.

4.

Where obliged entities operate establishments in several Member States, they shall ensure that each establishment

applies the rules of the Member State in which it is located.

5.

Where obliged entities as referred to in Article 38(1) of Directive (EU) 2024/1640 operate, in other Member States

than the one where they are established through agents, distributors, or through other types of infrastructure located in

those other Member States under the freedom to provide services, they shall apply the rules of the Member States in which

they provide services in relation to those activities, unless Article 38(2) of that Directive applies, in which case they shall

apply the rules of the Member State where their head office is located.

6.

Where obliged entities are required to appoint a central contact point pursuant to Article 41 of Directive (EU)

2024/1640, they shall ensure that the central contact point is able to ensure compliance with applicable law on behalf of

the obliged entity.

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

45/111

EN

OJ L, 19.6.2024

CHAPTER II

INTERNAL POLICIES, PROCEDURES AND CONTROLS OF OBLIGED ENTITIES

SECTION 1

Internal policies, procedures and controls, risk assessment and staff

Article 9

Scope of internal policies, procedures and controls

1.

Obliged entities shall have in place internal policies, procedures and controls in order to ensure compliance with this

Regulation, Regulation (EU) 2023/1113 and any administrative act issued by any supervisor and in particular to:

(a) mitigate and manage effectively the risks of money laundering and terrorist financing identified at the level of the

Union, the Member State and the obliged entity;

(b) in addition to the obligation to apply targeted financial sanctions, mitigate and manage the risks of non-implementation

and evasion of targeted financial sanctions.

The policies, procedures and controls referred to in the first subparagraph shall be proportionate to the nature of the

business, including its risks and complexity, and the size of the obliged entity and shall cover all the activities of the obliged

entity that fall under the scope of this Regulation.

2.

The policies, procedures and controls referred to in paragraph 1 shall include:

(a) internal policies and procedures, including in particular:

(i) the carrying out and updating of the business-wide risk assessment;

(ii) the obliged entity’s risk management framework;

(iii) customer due diligence to implement Chapter III of this Regulation, including procedures to determine whether

the customer, the beneficial owner, or the person on whose behalf or for the benefit of whom a transaction or

activity is being conducted, is a politically exposed person or a family member or person known to be a close

associate;

(iv) reporting of suspicious transactions;

(v) outsourcing and reliance on customer due diligence performed by other obliged entities;

(vi) record retention and policies in relation to the processing of personal data pursuant to Articles 76 and 77;

(vii) the monitoring and management of compliance with such internal policies and procedures in accordance with

point (b) of this paragraph, the identification and management of deficiencies and the implementation of remedial

actions;

(viii) the verification, proportionate to the risks associated with the tasks and functions to be performed, when

recruiting and assigning staff to certain tasks and functions and when appointing agents and distributors, that

those persons are of good repute;

(ix) the internal communication of the obliged entity’s internal policies, procedures and controls, including to its

agents, distributors and service providers involved in the implementation of its AML/CFT policies;

(x) a policy on the training of employees and, where relevant, agents and distributors with regard to measures in place

in the obliged entity to comply with the requirements of this Regulation, Regulation (EU) 2023/1113 and any

administrative act issued by any supervisor;

46/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

(b) internal controls and an independent audit function to test the internal policies and procedures referred to in point (a) of

this paragraph and the controls in place in the obliged entity; in the absence of an independent audit function, obliged

entities may have this test carried out by an external expert.

The internal policies, procedures and controls set out in the first subparagraph shall be recorded in writing. Internal policies

shall be approved by the management body in its management function. Internal procedures and controls shall be approved

at least at the level of the compliance manager.

3.

The obliged entities shall keep the internal policies, procedures and controls up-to-date, and enhance them where

weaknesses are identified.

4.

By 10 July 2026, AMLA shall issue guidelines on the elements that obliged entities should take into account, based on

the nature of their business, including its risks and complexity, and their size, when deciding on the extent of their internal

policies, procedures and controls, in particular as regards the staff allocated to the compliance functions. Those guidelines

shall also identify situations where, due to the nature and size of the obliged entity:

(i) internal controls are to be organised at the level of the commercial function, of the compliance function and of the audit

function;

(ii) the independent audit function can be carried out by an external expert.

Article 10

Business-wide risk assessment

1.

Obliged entities shall take appropriate measures, proportionate to the nature of their business, including its risks and

complexity, and their size, to identify and assess the risks of money laundering and terrorist financing to which they are

exposed, as well as the risks of non-implementation and evasion of targeted financial sanctions, taking into account at least:

(a) the risk variables set out in Annex I and the risk factors set out in Annexes II and III;

(b) the findings of the risk assessment at Union level conducted by the Commission pursuant to Article 7 of Directive (EU)

2024/1640;

(c) the findings of the national risk assessments carried out by the Member States pursuant to Article 8 of Directive (EU)

2024/1640, as well as of any relevant sector-specific risk assessment carried out by the Member States;

(d) relevant information published by international standard setters in the AML/CFT area or, at the level of the Union,

relevant publications by the Commission or by AMLA;

(e) information on money laundering and terrorist financing risks provided by competent authorities;

(f) information on the customer base.

Prior to the launch of new products, services or business practices, including the use of new delivery channels and new or

developing technologies, in conjunction with new or pre-existing products and services or before starting to provide an

existing service or product to a new customer segment or in a new geographical area, obliged entities shall identify and

assess, in particular, the related money laundering and terrorist financing risks and take appropriate measures to manage

and mitigate those risks.

2.

The business-wide risk assessment drawn up by the obliged entity pursuant to paragraph 1 shall be documented, kept

up-to-date and regularly reviewed, including where any internal or external events significantly affect the money laundering

and terrorist financing risks associated with the activities, products, transactions, delivery channels, customers or

geographical zones of activities of the obliged entity. It shall be made available to supervisors upon request.

The business-wide risk assessment shall be drawn up by the compliance officer and approved by the management body in

its management function and, where such body exists, communicated to the management body in its supervisory function.

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

47/111

EN

OJ L, 19.6.2024

With the exception of credit institutions, financial institutions, crowdfunding service providers and crowdfunding

3.

intermediaries, supervisors may decide that individual documented business-wide risk assessments are not required where

the specific risks inherent in the sector are clear and understood.

4.

By 10 July 2026, AMLA shall issue guidelines on the minimum requirements for the content of the business-wide risk

assessment drawn up by the obliged entity pursuant to paragraph 1, and on the additional sources of information to be

taken into account when carrying out the business-wide risk assessment.

Article 11

Compliance functions

1.

Obliged entities shall appoint one member of the management body in its management function who shall be

responsible for ensuring compliance with this Regulation, Regulation (EU) 2023/1113 and any administrative act issued by

any supervisor (‘compliance manager’).

The compliance manager shall ensure that the obliged entity’s internal policies, procedures and controls are consistent with

the obliged entity’s risk exposure and that they are implemented. The compliance manager shall also ensure that sufficient

human and material resources are allocated to that end. The compliance manager shall be responsible for receiving

information on significant or material weaknesses in such policies, procedures and controls.

Where the management body in its management function is a body collectively responsible for its decisions, the compliance

manager shall be responsible for assisting and advising it and for preparing the decisions referred to in this Article.

2.

Obliged entities shall have a compliance officer, to be appointed by the management body in its management function

and with sufficiently high hierarchical standing, who shall be responsible for the policies, procedures and controls in the

day-to-day operation of the obliged entity’s AML/CFT requirements, including in relation to the implementation of targeted

financial sanctions, and shall be a contact point for competent authorities. The compliance officer shall also be responsible

for reporting suspicious transactions to the FIU in accordance with Article 69(6).

In the case of obliged entities subject to checks on their senior management or beneficial owners pursuant to Article 6 of

Directive (EU) 2024/1640 or under other Union legal acts, compliance officers shall be subject to verification that they

comply with those requirements.

Where justified by the size of the obliged entity and the low risk of its activities, an obliged entity that is part of a group may

appoint as its compliance officer an individual who performs that function in another entity within that group.

The compliance officer may only be removed following prior notification to the management body in its management

function. The obliged entity shall notify the supervisor of the removal of the compliance officer, specifying whether the

decision relates to the carrying out of the tasks assigned under this Regulation. The compliance officer may, on his or her

own initiative or upon request, provide information to the supervisor concerning the removal. The supervisor may use that

information to perform its tasks under the second subparagraph of this paragraph and under Article 37(4) of Directive (EU)

2024/1640.

3.

Obliged entities shall provide the compliance functions with adequate resources, including staff and technology, in

proportion to the size, nature and risks of the obliged entity for effective performance of their tasks, and shall ensure that

the persons responsible for those functions are granted the powers to propose any measures necessary to ensure the

effectiveness of the obliged entity’s internal policies, procedures and controls.

4.

Obliged entities shall take measures to ensure that the compliance officer is protected against retaliation,

discrimination and any other unfair treatment, and that decisions of the compliance officer are not undermined or unduly

influenced by commercial interests of the obliged entity.

5.

Obliged entities shall ensure that the compliance officer and the person responsible for the audit function referred to

in Article 9(2), point (b), can report directly to the management body in its management function and, where such a body

exists, to the management body in its supervisory function independently, and can raise concerns and warn the

management body, where specific risk developments affect or may affect the obliged entity.

48/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

Obliged entities shall ensure that the persons directly or indirectly participating in implementation of this Regulation,

Regulation (EU) 2023/1113 and any administrative act issued by any supervisor, have access to all information and data

necessary to perform their tasks.

6.

The compliance manager shall regularly report on the implementation of the obliged entity’s internal policies,

procedures and controls to the management body. In particular, the compliance manager shall submit once a year, or, where

appropriate, more frequently, to the management body a report on the implementation of the obliged entity’s internal

policies, procedures and controls drawn up by the compliance officer, and shall keep that body informed of the outcome of

any reviews. The compliance manager shall take the necessary actions to remedy in a timely manner any deficiencies

identified.

7.

Where the nature of the business of the obliged entity, including its risks and complexity, and its size justify it, the

functions of the compliance manager and the compliance officer may be performed by the same natural person. Those

functions may be cumulated with other functions.

Where the obliged entity is a natural person or a legal person whose activities are performed by one natural person only,

that person shall be responsible for performing the tasks under this Article.

Article 12

Awareness of requirements

Obliged entities shall take measures to ensure that their employees or persons in comparable positions whose function so

requires, including their agents and distributors are aware of the requirements arising from this Regulation, Regulation (EU)

2023/1113 and any administrative act issued by any supervisor, and of the business-wide risk assessment, internal policies,

procedures and controls in place in the obliged entity, including in relation to the processing of personal data for the

purposes of this Regulation.

The measures referred to in the first paragraph shall include the participation of employees or persons in comparable

positions, including agents and distributors, in specific, ongoing training programmes to help them recognise operations

which may be related to money laundering or terrorist financing and to instruct them as to how to proceed in such cases.

Such training programmes shall be appropriate to their functions or activities and to the risks of money laundering and

terrorist financing to which the obliged entity is exposed, and shall be duly documented.

Article 13

Integrity of employees

1.

Any employee, or person in a comparable position, including agents and distributors, directly participating in the

obliged entity’s compliance with this Regulation, Regulation (EU) 2023/1113 and any administrative act issued by any

supervisor, shall undergo an assessment commensurate with the risks associated with the tasks performed and whose

content is approved by the compliance officer of:

(a) individual skills, knowledge and expertise to carry out their functions effectively;

(b) good repute, honesty and integrity.

The assessment referred to in the first subparagraph shall be performed prior to taking up of activities by the employee or

person in a comparable position, including agents and distributors, and shall be regularly repeated. The intensity of the

subsequent assessments shall be determined on the basis of the tasks entrusted to the person and risks associated with the

function they perform.

2.

Employees, or persons in comparable positions, including agents and distributors, entrusted with tasks related to the

obliged entity’s compliance with this Regulation, Regulation (EU) 2023/1113 and any administrative act issued by any

supervisor, shall inform the compliance officer of any close private or professional relationship established with the obliged

entity’s customers or prospective customers and shall be prevented from undertaking any tasks related to the obliged

entity’s compliance in relation to those customers.

3.

Obliged entities shall have in place procedures to prevent and manage conflicts of interest that may affect the carrying

out of tasks related to the obliged entity’s compliance with this Regulation, Regulation (EU) 2023/1113 and any

administrative act issued by any supervisor.

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

49/111

EN

OJ L, 19.6.2024

4.

This Article shall not apply where the obliged entity is a natural person or a legal person whose activities are

performed by one natural person only.

Article 14

Reporting of breaches and protection of reporting persons

1.

Directive (EU) 2019/1937 of the European Parliament and of the Council (⁴¹) shall apply to the reporting of breaches

of this Regulation, Regulation (EU) 2023/1113 and any administrative act issued by any supervisor, and to the protection of

persons reporting such breaches.

2.

Obliged entities shall establish internal reporting channels that meet the requirements set out in Directive (EU)

2019/1937.

3.

Paragraph 2 shall not apply where the obliged entity is a natural person or a legal person whose activities are

performed by one natural person only.

Article 15

Situation of specific employees

Where a natural person falling within any of the categories listed in Article 3, point (3) performs professional activities as an

employee of a legal person, the requirements laid down in this Regulation shall apply to that legal person rather than to the

natural person.

SECTION 2

Provisions applying to groups

Article 16

Group-wide requirements

1.

A parent undertaking shall ensure that the requirements on internal procedures, risk assessment and staff referred to

in Section 1 of this Chapter apply in all branches and subsidiaries of the group in the Member States and, for groups whose

head office is located in the Union, in third countries. To this end, a parent undertaking shall perform a group-wide risk

assessment, taking into account the business-wide risk assessment performed by all branches and subsidiaries of the group,

and establish and implement group-wide policies, procedures and controls, including on data protection and on

information sharing within the group for AML/CFT purposes and to ensure that employees within the group are aware of

the requirements arising from this Regulation. Obliged entities within the group shall implement those group-wide policies,

procedures and controls, taking into account their specificities and the risks to which they are exposed.

The group-wide policies, procedures and controls and the group-wide risk assessments referred to in the first subparagraph

shall include all the elements listed in Articles 9 and 10, respectively.

For the purposes of the first subparagraph, where a group has establishments in more than one Member State and, for

groups whose head office is located in the Union, in third countries, parent undertakings shall take into account the

information published by the authorities of all the Member States or third countries where the group’s establishments are

located.

2.

Compliance functions shall be established at the level of the group. Those functions shall include a compliance

manager at the level of the group and, where justified by the activities carried out at group level, a compliance officer. The

decision on the extent of the compliance functions shall be documented.

The compliance manager referred to in the first subparagraph shall regularly report to the management body in its

management function of the parent undertaking on the implementation of the group-wide policies, procedures and

controls. At a minimum, the compliance manager shall submit once a year a report on the implementation of the obliged

entity’s internal policies, procedures and controls and shall take the necessary actions to remedy in a timely manner any

deficiencies identified. Where the management body in its management function is a body collectively responsible for its

41

(

)

Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who

report breaches of Union law (OJ L 305, 26.11.2019, p. 17).

50/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

decisions, the compliance manager shall assist and advise it, and shall prepare the decisions necessary for the

implementation of this Article.

3.

The policies, procedures and controls pertaining to the sharing of information referred to in paragraph 1 shall require

obliged entities within the group to exchange information when such sharing is relevant for the purposes of customer due

diligence and money laundering and terrorist financing risk management. The sharing of information within the group

shall cover in particular the identity and characteristics of the customer, its beneficial owners or the person on behalf of

whom the customer acts, the nature and purpose of the business relationship and of the occasional transactions and the

suspicions, accompanied by the underlying analyses, that funds are the proceeds of criminal activity or are related to

terrorist financing reported to FIU pursuant to Article 69, unless otherwise instructed by the FIU.

The group-wide policies, procedures and controls shall not prevent entities within a group which are not obliged entities to

provide information to obliged entities within the same group where such sharing is relevant for those obliged entities to

comply with requirements set out in this Regulation.

Parent undertakings shall put in place group-wide policies, procedures and controls to ensure that the information

exchanged pursuant to the first and second subparagraphs is subject to sufficient guarantees in terms of confidentiality, data

protection and use of the information, including to prevent its disclosure.

4.

By 10 July 2026, AMLA shall develop draft regulatory technical standards and submit them to the Commission for

adoption. Those draft regulatory technical standards shall specify the minimum requirements of group-wide policies,

procedures and controls, including minimum standards for information sharing within the group, the criteria for

identifying the parent undertaking in the cases covered by Article 2(1), point (42)(b), and the conditions under which the

provisions of this Article apply to entities that are part of structures which share common ownership, management or

compliance control, including networks or partnerships, as well as the criteria for identifying the parent undertaking in the

Union in those cases.

5.

Power is delegated to the Commission to supplement this Regulation by adopting the regulatory technical standards

referred to in paragraph 4 of this Article in accordance with Articles 49 to 52 of Regulation (EU) 2024/1620.

Article 17

Branches and subsidiaries in third countries

1.

Where branches or subsidiaries of obliged entities are located in third countries where the minimum AML/CFT

requirements are less strict than those set out in this Regulation, the parent undertaking shall ensure that those branches or

subsidiaries comply with the requirements laid down in this Regulation, including requirements concerning data protection,

or equivalent.

2.

Where the law of a third country does not permit compliance with this Regulation, the parent undertaking shall take

additional measures to ensure that branches and subsidiaries in that third country effectively handle the risk of money

laundering or terrorist financing, and shall inform the supervisors of its home Member State of those additional measures.

Where the supervisors of the home Member State consider that the additional measures are not sufficient, they shall

exercise additional supervisory actions, including requiring the group not to enter into any business relationship, to

terminate existing ones or not to undertake transactions, or to close down its operations in the third country.

3.

By 10 July 2026, AMLA shall develop draft regulatory technical standards and submit them to the Commission for

adoption. Those draft regulatory technical standards shall specify the type of additional measures referred to in paragraph 2

of this Article, including the minimum action to be taken by obliged entities where the law of a third country does not

permit the implementation of the measures required under Article 16 and the additional supervisory actions required in

such cases.

4.

Power is delegated to the Commission to supplement this Regulation by adopting the regulatory technical standards

referred to in paragraph 3 of this Article in accordance with Articles 49 to 52 of Regulation (EU) 2024/1620.

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

51/111

EN

OJ L, 19.6.2024

SECTION 3

Outsourcing

Article 18

Outsourcing

1.

Obliged entities may outsource tasks resulting from this Regulation to service providers. The obliged entity shall

notify the supervisor of the outsourcing before the service provider starts to carry out the outsourced task.

2.

When performing tasks under this Article, service providers shall be regarded as part of the obliged entity, including

where they are required to consult the central registers referred to in Article 10 of Directive (EU) 2024/1640 (‘central

registers’) for the purposes of carrying out customer due diligence on behalf of the obliged entity.

The obliged entity shall remain fully liable for any action, whether an act of commission or omission, connected to the

outsourced tasks that are carried out by service providers.

For each outsourced task, the obliged entity shall be able to demonstrate to the supervisor that it understands the rationale

behind the activities carried out by the service provider and the approach followed in their implementation, and that such

activities mitigate the specific risks to which the obliged entity is exposed.

3.

The tasks outsourced pursuant to paragraph 1 of this Article shall not be undertaken in such a way as to impair

materially the quality of the obliged entity’s policies and procedures to comply with the requirements of this Regulation and

of Regulation (EU) 2023/1113, and of the controls in place to test those policies and procedures. The following tasks shall

not be outsourced under any circumstances:

(a) the proposal and approval of the obliged entity’s business-wide risk assessment pursuant to Article 10(2);

(b) the approval of the obliged entity’s internal policies, procedures and controls pursuant to Article 9;

(c) decision on the risk profile to be attributed to the customer;

(d) the decision to enter into a business relationship or carry out an occasional transaction with a client;

(e) the reporting to FIU of suspicious activities pursuant to Article 69 or threshold-based reports pursuant to Article 74

and 80, except where such activities are outsourced to another obliged entity belonging to the same group and

established in the same Member State;

(f) the approval of the criteria for the detection of suspicious or unusual transactions and activities.

4.

Before an obliged entity outsources a task pursuant to paragraph 1, it shall assure itself that the service provider is

sufficiently qualified to carry out the tasks to be outsourced.

Where an obliged entity outsources a task pursuant to paragraph 1, it shall ensure that the service provider, as well as any

subsequent sub-outsourcing service provider, applies the policies and procedures adopted by the obliged entity. The

conditions for the performance of such tasks shall be laid down in a written agreement between the obliged entity and the

service provider. The obliged entity shall perform regular controls to ascertain the effective implementation of such policies

and procedures by the service provider. The frequency of such controls shall be determined on the basis of the critical

nature of the tasks outsourced.

5.

Obliged entities shall ensure that outsourcing is not undertaken in such way as to impair materially the ability of the

supervisory authorities to monitor and retrace the obliged entity’s compliance with this Regulation and Regulation (EU)

2023/1113.

6.

By way of derogation from paragraph 1, obliged entities shall not outsource tasks deriving from the requirements

under this Regulation to service providers residing or established in third countries identified pursuant to Section 2 of

Chapter III, unless all of the following conditions are met:

(a) the obliged entity outsources tasks solely to a service provider that is part of the same group;

(b) the group applies AML/CFT policies and procedures, customer due diligence measures and rules on record-keeping that

are fully in compliance with this Regulation, or with equivalent rules in third countries;

52/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

(c) the effective implementation of the requirements referred to in point (b) of this paragraph is supervised at group level

by the supervisory authority of the home Member State in accordance with Chapter IV of Directive (EU) 2024/1640.

7.

By way of derogation from paragraph 3, where a collective investment undertaking has no legal personality, or has

only a board of directors and has delegated the processing of subscriptions and the collection of funds as defined in

Article 4, point (25), of Directive (EU) 2015/2366 from investors to another entity, it may outsource the task referred to in

paragraph 3, points (c), (d) and (e) to one of its service providers.

The outsourcing referred to in the first subparagraph of this paragraph may only take place after the collective investment

undertaking has notified its intention to outsource the task to the supervisor pursuant to paragraph 1, and the supervisor

has approved such outsourcing taking into consideration:

(a) the resources, experience and knowledge of the service provider in relation to the prevention of money laundering and

terrorist financing;

(b) the knowledge of the service provider of the type of activities or transactions carried out by the collective investment

undertaking.

8.

By 10 July 2027, AMLA shall issue guidelines addressed to obliged entities on:

(a) the establishment of outsourcing relationships, including any subsequent outsourcing relationship, in accordance with

this Article, their governance and procedures for monitoring the implementation of functions by the service provider

and in particular those functions that are to be regarded as critical;

(b) the roles and responsibility of the obliged entity and the service provider within an outsourcing agreement;

(c) supervisory approaches to outsourcing as well as supervisory expectations regarding the outsourcing of critical

functions.

CHAPTER III

CUSTOMER DUE DILIGENCE

SECTION 1

General provisions

Article 19

Application of customer due diligence measures

1.

Obliged entities shall apply customer due diligence measures in any of the following circumstances:

(a) when establishing a business relationship;

(b) when carrying out an occasional transaction of a value of at least EUR 10 000, or the equivalent in national currency,

whether that transaction is carried out in a single operation or through linked transactions, or a lower value laid down

pursuant to paragraph 9;

(c) when participating in the creation of a legal entity, the setting up of a legal arrangement or, for the obliged entities

referred to in Article 3, points (3) (a), (b) or (c), in the transfer of ownership of a legal entity, irrespective of the value of

the transaction;

(d) when there is a suspicion of money laundering or terrorist financing, regardless of any derogation, exemption or

threshold;

(e) when there are doubts about the veracity or adequacy of previously obtained customer identification data;

(f) when there are doubts as to whether the person they interact with is the customer or person authorised to act on behalf

of the customer.

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

53/111

EN

OJ L, 19.6.2024

In addition to the circumstances referred to in paragraph 1, credit institutions and financial institutions, with the

2.

exception of crypto-asset service providers, shall apply customer due diligence measures when initiating or executing an

occasional transaction that constitutes a transfer of funds as defined in Article 3, point (9), of Regulation (EU) 2023/1113,

that amounts to a value of at least EUR 1 000, or the equivalent in national currency, whether that transaction is carried out

in a single operation or through linked transactions.

3.

By way of derogation from paragraph 1, point (b), crypto-asset service providers shall:

(a) apply customer due diligence measures when carrying out an occasional transaction that amounts to a value of at least

EUR 1 000, or the equivalent in national currency, whether the transaction is carried out in a single operation or

through linked transactions;

(b) apply at least customer due diligence measures referred to in Article 20(1), point (a), when carrying out an occasional

transaction where the value is below EUR 1 000, or the equivalent in national currency, whether the transaction is

carried out in a single operation or through linked transactions.

4.

By way of derogation from paragraph 1, point (b), obliged entities shall apply at least customer due diligence measures

referred to in Article 20(1), point (a), when carrying out an occasional transaction in cash amounting to a value of at least

EUR 3 000, or the equivalent in national currency, whether the transaction is carried out in a single operation or through

linked transactions.

The first subparagraph of this paragraph shall not apply where Member States have in place, pursuant to Article 80(2) and

(3), a limit to large cash payments of EUR 3 000 or less, or the equivalent in national currency, except in the cases covered

by paragraph 4, point (b) of that Article.

5.

In addition to the circumstances referred to in paragraph 1, providers of gambling services shall apply customer due

diligence measures upon the collection of winnings, the wagering of a stake, or both, when carrying out transactions

amounting to at least EUR 2 000 or the equivalent in national currency, whether the transaction is carried out in a single

operation or through linked transactions.

6.

For the purposes of this Chapter, obliged entities shall consider as their customers the following persons:

(a) in the case of obliged entities as referred to in Article 3, points (3) (e), (f) and (i) and persons trading in high value goods

as referred to in Article 3, point (3) (j), in addition to their direct customer, the supplier of goods;

(b) in the case of notaries, lawyers and other independent legal professionals intermediating a transaction and to the extent

that they are the only notary or lawyer or other independent legal professional intermediating that transaction, both

parties to the transaction;

(c) in the case of real estate agents, both parties to the transaction;

(d) in relation to payment initiation services carried out by payment initiation service providers, the merchant;

(e) in relation to crowdfunding service providers and crowdfunding intermediaries, the natural or legal person both seeking

funding and providing funding through the crowdfunding platform.

7.

Supervisors may, directly or in cooperation with other authorities in that Member State, exempt obliged entities from

applying, in full or in part, the customer due diligence measures referred to in Article 20(1), points (a), (b) and (c), with

respect to electronic money on the basis of the proven low risk posed by the nature of the product, where all of the

following risk-mitigating conditions are met:

(a) the payment instrument is not reloadable, and the amount stored electronically does not exceed EUR 150 or the

equivalent in national currency;

(b) the payment instrument is used exclusively to purchase goods or services provided by the issuer, or within a network of

service providers;

(c) the payment instrument is not linked to a payment account and it does not permit any stored amount to be exchanged

for cash or for crypto-assets;

(d) the issuer carries out sufficient monitoring of the transactions or business relationship to enable the detection of

unusual or suspicious transactions.

54/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

8.

Providers of gambling services may fulfil their obligation to apply customer due diligence measures referred to in

Article 20(1), point (a), by identifying the customer and verifying the customer’s identity upon entry to the casino or other

physical gambling premises, provided that they have systems in place that enable them to attribute transactions to specific

customers.

9.

By 10 July 2026, AMLA shall develop draft regulatory technical standards and submit them to the Commission for

adoption. Those draft regulatory technical standards shall specify:

(a) the obliged entities, sectors or transactions that are associated with higher money laundering and terrorist financing risk

and to which a value lower than the value set out in paragraph 1, point (b), applies;

(b) the related occasional transaction values;

(c) the criteria to be taken into account for identifying occasional transactions and business relationships;

(d) the criteria to identify linked transactions.

When developing the draft regulatory technical standards referred to in the first subparagraph, AMLA shall take due

account of the inherent levels of risks of the business models of the different types of obliged entities and of the risk

assessment at Union level conducted by the Commission pursuant to Article 7 of Directive (EU) 2024/1640.

10.

Power is delegated to the Commission to supplement this Regulation by adopting the regulatory technical standards

referred to in paragraph 9 of this Article in accordance with Articles 49 to 52 of Regulation (EU) 2024/1620.

Article 20

Customer due diligence measures

1.

For the purpose of conducting customer due diligence, obliged entities shall apply all of the following measures:

(a) identifying the customer and verifying the customer’s identity;

(b) identifying the beneficial owners and taking reasonable measures to verify their identity so that the obliged entity is

satisfied that it knows who the beneficial owner is and that it understands the ownership and control structure of the

customer;

(c) assessing and, as appropriate, obtaining information on and understanding the purpose and intended nature of the

business relationship or the occasional transactions;

(d) verifying whether the customer or the beneficial owners are subject to targeted financial sanctions, and, in the case of

a customer or party to a legal arrangement who is a legal entity, whether natural or legal persons subject to targeted

financial sanctions control the legal entity or have more than 50 % of the proprietary rights of that legal entity or

majority interest in it, whether individually or collectively;

(e) assessing and, as appropriate, obtaining information on the nature of the customers’ business, including, in the case of

undertakings, whether they carry out activities, or of their employment or occupation;

(f) conducting ongoing monitoring of the business relationship including scrutiny of transactions undertaken throughout

the course of the business relationship to ensure that the transactions being conducted are consistent with the obliged

entity’s knowledge of the customer, the business and risk profile, including where necessary the source of funds;

(g) determining whether the customer, the beneficial owner of the customer and, where relevant, the person on whose

behalf or for the benefit of whom a transaction or activity is being carried out is a politically exposed person, a family

member or person known to be a close associate;

(h) where a transaction or activity is being conducted on behalf of or for the benefit of natural persons other than the

customer, identifying and verifying the identity of those natural persons;

(i) verifying that any person purporting to act on behalf of the customer is so authorised and identify and verify their

identity.

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

55/111

EN

OJ L, 19.6.2024

Obliged entities shall determine the extent of the measures referred to in paragraph 1 on the basis of an individual

2.

analysis of the risks of money laundering and terrorist financing having regard to the specific characteristics of the client

and of the business relationship or occasional transaction, and taking into account the business-wide risk assessment by the

obliged entity pursuant to Article 10 and the money laundering and terrorist financing variables set out in Annex I as well

as the risk factors set out in Annexes II and III.

Where obliged entities identify an increased risk of money laundering or terrorist financing they shall apply enhanced due

diligence measures pursuant to Section 4 of this Chapter. Where situations of lower risk are identified, obliged entities may

apply simplified due diligence measures pursuant to Section 3 of this Chapter.

3.

By 10 July 2026, AMLA shall issue guidelines on the risk variables and risk factors to be taken into account by obliged

entities when entering into business relationships or carrying out occasional transactions.

4.

Obliged entities shall at all times be able to demonstrate to their supervisors that the measures taken are appropriate

in view of the risks of money laundering and terrorist financing that have been identified.

Article 21

Inability to comply with the requirement to apply customer due diligence measures

1.

Where an obliged entity is unable to comply with the requirement to apply customer due diligence measures laid

down in Article 20(1), it shall refrain from carrying out a transaction or establishing a business relationship, and shall

terminate the business relationship and consider reporting a suspicious transaction to the FIU in relation to the customer in

accordance with Article 69.

The termination of a business relationship pursuant to the first subparagraph of this paragraph shall not prohibit the receipt

of funds as defined in Article 4, point (25), of Directive (EU) 2015/2366 due to the obliged entity.

Where an obliged entity has a duty to protect its customer’s assets, the termination of the business relationship shall not be

understood as requiring the disposal of the assets of the customer.

In the case of life insurance contracts, obliged entities shall, where necessary as an alternative measure to terminating the

business relationship, refrain from performing transactions for the customer, including payouts to beneficiaries, until the

customer due diligence measures laid down in Article 20(1) are complied with.

2.

Paragraph 1 shall not apply to notaries, lawyers, other independent legal professionals, auditors, external accountants

and tax advisors, to the extent that those persons ascertain the legal position of their client, or perform the task of defending

or representing that client in, or concerning, judicial proceedings, including providing advice on instituting or avoiding

such proceedings.

The first subparagraph shall not apply when the obliged entities referred to therein:

(a) take part in money laundering, its predicate offences or terrorist financing;

(b) provide legal advice for the purposes of money laundering, its predicate offences or terrorist financing; or

(c) know that the client is seeking legal advice for the purposes of money laundering, its predicate offences or terrorist

financing; knowledge or purpose may be inferred from objective factual circumstances.

3.

Obliged entities shall keep record of the actions taken in order to comply with the requirement to apply customer due

diligence measures, including records of the decisions taken and the relevant supporting documents and justifications.

Documents, data or information held by the obliged entity shall be updated whenever the customer due diligence is

reviewed pursuant to Article 26.

The obligation to keep records provided for in the first subparagraph of this paragraph shall also apply to situations where

obliged entities refuse to enter into a business relationship, terminate a business relationship or apply alternative measures

pursuant to paragraph 1.

4.

By 10 July 2027, AMLA shall issue joint guidelines with the European Banking Authority on the measures that may

be taken by credit institutions and financial institutions to ensure compliance with AML/CFT rules when implementing the

requirements of Directive 2014/92/EU, including in relation to business relationships that are most affected by de-risking

practices.

56/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

Article 22

Identification and verification of the identity of customers and beneficial owners

1.

With the exception of cases of lower risk to which measures under Section 3 apply and irrespective of the application

of additional measures in cases of higher risk under Section 4 obliged entities shall obtain at least the following information

in order to identify the customer, any person purporting to act on behalf of the customer, and the natural persons on whose

behalf or for the benefit of whom a transaction or activity is being conducted:

(a) for a natural person:

(i) all names and surnames;

(ii) place and full date of birth;

(iii) nationalities, or statelessness and refugee or subsidiary protection status where applicable, and the national

identification number, where applicable;

(iv) the usual place of residence or, if there is no fixed residential address with legitimate residence in the Union, the

postal address at which the natural person can be reached and, where available the tax identification number;

(b) for a legal entity:

(i) legal form and name of the legal entity;

(ii) address of the registered or official office and, if different, the principal place of business, and the country of

creation;

(iii) the names of the legal representatives of the legal entity as well as, where available, the registration number, the tax

identification number and the Legal Entity Identifier;

(iv) the names of persons holding shares or a directorship position in nominee form, including reference to their status

as nominee shareholders or directors.

(c) for a trustee of an express trust or a person holding an equivalent position in a similar legal arrangement:

(i) basic information on the legal arrangement; however, with regard to the assets held in the legal arrangement or

managed through it, only the assets that are to be managed in the context of the business relationship or occasional

transaction shall be identified;

(ii) the address of residence of the trustees or persons holding an equivalent position in a similar legal arrangement and,

if different, the place from where the express trust or similar legal arrangement is administered, the powers that

regulate and bind the legal arrangement, as well as, where available, the tax identification number and the Legal

Entity Identifier;

(d) for other organisations that have legal capacity under national law:

(i) name, address of the registered office or equivalent;

(ii) names of the persons empowered to represent the organisation as well as, where applicable, legal form, tax

identification number, registration number, Legal Entity Identifier and deeds of association or equivalent.

2.

For the purposes of identifying the beneficial owner of a legal entity or of a legal arrangement, obliged entities shall

collect the information referred to in Article 62(1), second subparagraph, point (a).

Where, after having exhausted all possible means of identification, no natural persons are identified as beneficial owners, or

where there are doubts that the persons identified are the beneficial owners, obliged entities shall record that no beneficial

owner was identified and identify all the natural persons holding the positions of senior managing officials in the legal

entity and shall verify their identity.

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

57/111

EN

OJ L, 19.6.2024

Where the performance of identity verification referred to in the second subparagraph may tip off the customer that the

obliged entity has doubts regarding the beneficial ownership of the legal entity, the obliged entity shall abstain from

verifying the senior managing officials’ identity, and shall instead record the steps taken to ascertain the identity of the

beneficial owners and senior managing officials. Obliged entities shall keep records of the actions taken as well as of the

difficulties encountered during the identification process, which led to resorting to the identification of a senior managing

official.

3.

Credit institutions and financial institutions shall obtain information to identify and verify the identity of the natural

or legal persons using any virtual IBAN they issue, and the associated bank or payment account.

The credit institution or financial institution servicing the bank or payment account to which a virtual IBAN issued by

another credit institution or financial institution redirects payments, shall ensure that it can obtain from the institution

issuing the virtual IBAN the information identifying and verifying the identity of the natural person using that virtual IBAN

without delay and in any case within 5 working days of it requesting that information.

4.

In the case of beneficiaries of trusts or similar legal entities or arrangements that are designated by particular

characteristics or class, an obliged entity shall obtain sufficient information concerning the beneficiary so that it will be able

to establish the identity of the beneficiary at the time of the payout or at the time of the exercise by the beneficiary of its

vested rights.

5.

In the case of discretionary trusts, an obliged entity shall obtain sufficient information concerning the objects of

a power and default takers to enable it to establish the identity of the beneficiary at the time of the exercise by the trustees of

their power of discretion, or at the time that the default takers become the beneficiaries due to the trustees’ failure to

exercise their power of discretion.

6.

Obliged entities shall obtain the information, documents and data necessary for the verification of the identity of the

customer and of any person purporting to act on their behalf through either of the following means:

(a) the submission of an identity document, passport or equivalent and, where relevant, the acquisition of information

from reliable and independent sources, whether accessed directly or provided by the customer;

(b) the use of electronic identification means which meet the requirements of Regulation (EU) No 910/2014 with regard to

the assurance levels ‘substantial’ or ‘high’ and relevant qualified trust services as set out in that Regulation.

7.

Obliged entities shall verify the identity of the beneficial owner and, where relevant, the persons on whose behalf or

for the benefit of whom a transaction or activity is being carried out in either of the following ways:

(a) in accordance with paragraph 6;

(b) by taking reasonable measures to obtain the necessary information, documents and data from the customer or other

reliable sources, including public registers other than the central registers.

Obliged entities shall determine the extent of the information to be consulted, having regard to the risks posed by the

occasional transaction or the business relationship and the beneficial owner, including risks relating to the ownership

structure.

In addition to the means of verification set out in the first subparagraph of this paragraph, obliged entities shall verify the

information on the beneficial owners by consulting the central registers.

Article 23

Timing of the verification of the customer and beneficial owner identity

1.

Verification of the identity of the customer, the beneficial owner, and of any persons pursuant to Article 20(1), points

(h) and (i), shall take place before the establishment of a business relationship or the carrying out of an occasional

transaction. Such obligation shall not apply to situations of lower risk under Section 3 of this Chapter, provided that the

lower risk justifies postponement of such verification.

For real estate agents, the verification referred to in the first subparagraph shall be carried out after an offer is accepted by

the seller or lessor, and in all cases before any funds or property are transferred.

58/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

2.

By way of derogation from paragraph 1, verification of the identity of the customer and of the beneficial owner may

be completed during the establishment of a business relationship if necessary so as not to interrupt the normal conduct of

business and where there is little risk of money laundering or terrorist financing. In such situations, those procedures shall

be completed as soon as practicable after initial contact.

3.

By way of derogation from paragraph 1 of this Article, a credit institution or financial institution may open an

account, including accounts that permit transactions in transferable securities, as may be required by a customer provided

that there are adequate safeguards in place to ensure that transactions are not carried out by the customer or on its behalf

until full compliance with the customer due diligence measures laid down in Article 20(1), points (a) and (b), is obtained.

4.

Whenever entering into a new business relationship with a legal entity or the trustee of an express trust or the person

holding an equivalent position in a similar legal arrangement referred to in Articles 51, 57, 58, 61 and 67 and subject to the

registration of beneficial ownership information pursuant to Article 10 of Directive (EU) 2024/1640, obliged entities shall

collect valid proof of registration or a recently issued excerpt of the register confirming validity of registration.

Article 24

Reporting of discrepancies with information contained in beneficial ownership registers

1.

Obliged entities shall report to the central registers any discrepancies they find between the information available in

the central registers and the information they collect pursuant to Article 20(1), point (b), and Article 22(7).

The discrepancies referred to in the first subparagraph shall be reported without undue delay and, in any case, within 14

calendar days of their detection. When reporting such discrepancies, obliged entities shall accompany their reports with

information they have obtained indicating the discrepancy and whom they consider to be the beneficial owners and, where

applicable, the nominee shareholders and nominee directors to be and why.

2.

By way of derogation from paragraph 1, obliged entities may refrain from reporting discrepancies to the central

register and may instead request additional information from the customers where the discrepancies identified:

(a) are limited to typographical errors, different ways of transliteration, or minor inaccuracies that do not affect the

identification of the beneficial owners or their position; or

(b) are a result of outdated data, but the beneficial owners are known to the obliged entity from another reliable source and

there are no grounds for suspicion that there is an intention to conceal any information.

Where an obliged entity concludes that the beneficial ownership information in the central register is incorrect, it shall

invite the customer to submit the correct information to the central register pursuant to Articles 63, 64 and 67 without

undue delay, and, in any case, within 14 calendar days.

This paragraph shall not apply to cases of higher risk to which measures under Section 4 of this Chapter apply.

3.

Where a customer has not submitted the correct information within the deadline referred to in paragraph 2, second

subparagraph, the obliged entity shall report the discrepancy to the central register in accordance with paragraph 1, second

subparagraph.

4.

This Article shall not apply to notaries, lawyers, other independent legal professionals, auditors, external accountants

and tax advisors in relation to information they receive from, or obtain on, a client, in the course of ascertaining the legal

position of that client, or performing their task of defending or representing that client in, or concerning, judicial

proceedings, including providing advice on instituting or avoiding such proceedings, regardless of whether such

information is received or obtained before, during or after such proceedings.

However, the requirements of this Article shall apply when the obliged entities referred to in the first subparagraph of this

paragraph provide legal advice in any of the situations covered by Article 21(2), second subparagraph.

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

59/111

EN

OJ L, 19.6.2024

Article 25

Identification of the purpose and intended nature of a business relationship or occasional transaction

Before entering into a business relationship or performing an occasional transaction, an obliged entity shall assure itself that

it understands its purpose and intended nature. To that end, the obliged entity shall obtain, where necessary, information

on:

(a) the purpose and economic rationale of the occasional transaction or business relationship;

(b) the estimated amount of the envisaged activities;

(c) the source of funds;

(d) the destination of funds;

(e) the business activity or the occupation of the customer.

For the purposes of the first paragraph, point (a), of this Article, obliged entities covered by Article 74 shall collect

information in order to determine whether the intended use of high value goods referred to in that Article is for commercial

or non-commercial purposes.

Article 26

Ongoing monitoring of the business relationship and monitoring of transactions performed by customers

1.

Obliged entities shall conduct ongoing monitoring of business relationships, including transactions undertaken by the

customer throughout the course of a business relationship, to ensure that those transactions are consistent with the obliged

entity’s knowledge of the customer, the customer’s business activity and risk profile, and where necessary, with the

information about the origin and destination of the funds and to detect those transactions that shall be made subject to

a more thorough assessment pursuant to Article 69(2).

Where business relationships cover more than one product or service, obliged entities shall ensure that the customer due

diligence measures cover all those products and services.

Where obliged entities belonging to a group have business relationships with customers that are also the customers of other

entities within that group, whether obliged entities or undertakings not subject to AML/CFT requirements, they shall take

into account information relating to those other business relationships for the purposes of monitoring the business

relationship with their customers.

2.

In the context of the ongoing monitoring referred to in paragraph 1, obliged entities shall ensure that the relevant

documents, data or information of the customer are kept up to date.

The period between updates of customer information pursuant to the first subparagraph shall be dependent on the risk

posed by the business relationship and shall not in any case exceed:

(a) for higher risk customers to which measures under Section 4 of this Chapter apply, 1 year;

(b) for all other customers, 5 years.

3.

In addition to the requirements set out in paragraph 2, obliged entities shall review and, where relevant, update the

customer information where:

(a) there is a change in the relevant circumstances of a customer;

(b) the obliged entity has a legal obligation in the course of the relevant calendar year to contact the customer for the

purpose of reviewing any relevant information relating to the beneficial owners or to comply with Council Directive

2011/16/EU (⁴²);

(c) they become aware of a relevant fact which pertains to the customer.

42

(

)

Council Directive 2011/16/EU of 15 February 2011 on administrative cooperation in the field of taxation and repealing Directive

77/799/EEC (OJ L 64, 11.3.2011, p. 1).

60/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

4.

In addition to the ongoing monitoring referred to in paragraph 1 of this Article, obliged entities shall regularly verify

whether the conditions laid down in Article 20(1), point (d), are met. The frequency of that verification shall be

commensurate with the exposure of the obliged entity and the business relationship to risks of non-implementation and

evasion of targeted financial sanctions.

For credit institutions and financial institutions, the verification referred to in the first subparagraph shall also be carried out

upon any new designation in relation to targeted financial sanctions.

The requirements of this paragraph shall not replace the obligation to apply targeted financial sanctions or stricter

requirements under other Union legal acts or under national law on the verification of the client base against lists of

targeted financial sanctions.

5.

By 10 July 2026, AMLA shall issue guidelines on ongoing monitoring of a business relationship and on the

monitoring of the transactions carried out in the context of such relationship.

Article 27

Temporary measures for customers subject to UN financial sanctions

1.

In respect of customers that are subject to UN financial sanctions or that are controlled by natural or legal persons or

entities subject to UN financial sanctions, or in which natural or legal persons or entities that are subject to UN financial

sanctions have more than 50 % of the proprietary rights or majority interest, whether individually or collectively, obliged

entities shall keep records of:

(a) the funds or other assets that they manage for the customer at the time when UN financial sanctions are made public;

(b) the transactions attempted by the customer;

(c) the transactions carried out for the customer.

2.

Obliged entities shall apply this Article between the time that UN financial sanctions are made public and the time of

application of the relevant targeted financial sanctions in the Union.

Article 28

Regulatory technical standards on the information necessary for the performance of customer due diligence

1.

By 10 July 2026, AMLA shall develop draft regulatory technical standards and submit them to the Commission for

adoption. Those draft regulatory technical standards shall specify:

(a) the requirements that apply to obliged entities pursuant to Article 20 and the information to be collected for the

purpose of performing standard, simplified and enhanced due diligence pursuant to Articles 22 and 25 and Articles 33

(1) and 34(4), including minimum requirements in situations of lower risk;

(b) the type of simplified due diligence measures which obliged entities may apply in situations of lower risk pursuant to

Article 33(1) of this Regulation, including measures applicable to specific categories of obliged entities and products or

services, having regard to the results of the risk assessment at Union level conducted by the Commission pursuant to

Article 7 of Directive (EU) 2024/1640;

(c) the risk factors associated with features of electronic money instruments that should be taken into account by

supervisors when determining the extent of the exemption under Article 19(7);

(d) the reliable and independent sources of information that may be used to verify the identification data of natural or legal

persons for the purposes of Article 22(6) and (7);

(e) the list of attributes which electronic identification means and relevant qualified trust services referred to in Article

22(6), point (b), must feature in order to fulfil the requirements of Article 20(1), points (a) and (b), in the case of

standard, simplified and enhanced due diligence.

2.

The requirements and measures referred to in paragraph 1, points (a) and (b), shall be based on the following criteria:

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

61/111

EN

OJ L, 19.6.2024

(a) the inherent risk involved in the service provided;

(b) the risks associated with categories of customers;

(c) the nature, amount and recurrence of the transaction;

(d) the channels used for conducting the business relationship or the occasional transaction.

3.

AMLA shall review regularly the regulatory technical standards and, if necessary, prepare and submit to the

Commission the draft for updating those standards in order, inter alia, to take account of innovation and technological

developments.

4.

Power is delegated to the Commission to supplement this Regulation by adopting the regulatory technical standards

referred to in paragraphs 1 and 3 of this Article in accordance with Articles 49 to 52 of Regulation (EU) 2024/1620.

SECTION 2

Third-country policy and money laundering and terrorist financing threats from outside the Union

Article 29

Identification of third countries with significant strategic deficiencies in their national AML/CFT regimes

1.

Third countries with significant strategic deficiencies in their national AML/CFT regimes shall be identified by the

Commission and designated as ‘high-risk third countries’.

2.

In order to identify third countries as referred to in paragraph 1 of this Article, the Commission is empowered to

adopt delegated acts in accordance with Article 85 to supplement this Regulation, where:

(a) significant strategic deficiencies in the legal and institutional AML/CFT framework of the third country have been

identified;

(b) significant strategic deficiencies in the effectiveness of the third country’s AML/CFT system in addressing money

laundering and terrorist financing risks or in its system to assess and mitigate risks of non-implementation or evasion of

UN financial sanctions relating to proliferation financing have been identified;

(c) the significant strategic deficiencies identified under points (a) and (b) are of a persistent nature and no measures to

mitigate them have been taken or are being taken.

Those delegated acts shall be adopted within 20 calendar days of the Commission ascertaining that the criteria in point (a),

(b) or (c) of the first subparagraph are met.

3.

For the purposes of paragraph 2, the Commission shall take into account calls for the application of enhanced due

diligence measures and additional mitigating measures (‘countermeasures’) by international organisations and standard

setters with competence in the field of preventing money laundering and combating terrorist financing, as well as relevant

evaluations, assessments, reports or public statements drawn up by them.

4.

Where a third country is identified in accordance with the criteria referred to in paragraph 2, obliged entities shall

apply enhanced due diligence measures listed in Article 34(4) with respect to the business relationships or occasional

transactions involving natural or legal persons from that third country.

5.

The delegated act referred to in paragraph 2 shall identify among the countermeasures listed in Article 35 the specific

countermeasures mitigating specific risks stemming from each high-risk third country.

6.

Where a Member State identifies a specific money laundering or terrorist financing risk posed by a third country that

the Commission has identified in accordance with the criteria referred to in paragraph 2 which is not addressed by the

countermeasures referred to in paragraph 5, it may require obliged entities established in its territory to apply specific

additional countermeasures to mitigate the specific risks stemming from that third country. The risk identified and the

corresponding countermeasures shall be notified to the Commission within 5 days of the countermeasures being applied.

62/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

7.

The Commission shall review the delegated acts referred to in paragraph 2 on a regular basis to ensure that the

specific countermeasures identified pursuant to paragraph 5 take account of the changes in the AML/CFT framework of the

third country and are proportionate and adequate to the risks.

Upon receiving a notification pursuant to paragraph 6, the Commission shall assess the information received to determine

whether country-specific risks affect the integrity of the Union’s internal market. Where appropriate, the Commission shall

review the delegated acts referred to in paragraph 2, by adding the necessary countermeasures to mitigate those additional

risks. Where the Commission considers that the specific additional measures applied by a Member State under paragraph 6

are not necessary to mitigate specific risks stemming from that third country, it may decide, by means of an implementing

act, that the Member State shall put an end to the specific additional countermeasure.

Article 30

Identification of third countries with compliance weaknesses in their national AML/CFT regimes

1.

Third countries with compliance weaknesses in their national AML/CFT regimes shall be identified by the

Commission.

2.

In order to identify the third countries referred to in paragraph 1, the Commission is empowered to adopt delegated

acts in accordance with Article 85 to supplement this Regulation, where:

(a) compliance weaknesses in the legal and institutional AML/CFT framework of the third country have been identified;

(b) compliance weaknesses in the effectiveness of the third country’s AML/CFT system in addressing money laundering and

terrorist financing risks or in its system to assess and mitigate risks of non-implementation or evasion of UN financial

sanctions relating to proliferation financing have been identified.

Those delegated acts shall be adopted within 20 calendar days of the Commission ascertaining that the criteria in point (a)

or (b) of the first subparagraph are met.

3.

The Commission, when drawing up the delegated acts referred to in paragraph 2 shall take into account, as a baseline

for its assessment, information on jurisdictions under increased monitoring by international organisations and standard

setters with competence in the field of preventing money laundering and combating terrorist financing, as well as relevant

evaluations, assessments, reports or public statements drawn up by them.

4.

The delegated act referred to in paragraph 2 shall identify the specific enhanced due diligence measures among those

listed in Article 34(4), that obliged entities shall apply to mitigate risks related to business relationships or occasional

transactions involving natural or legal persons from that third country.

5.

The Commission shall review the delegated acts referred to in paragraph 2 on a regular basis to ensure that the

specific enhanced due diligence measures identified pursuant to paragraph 4 take account of the changes in the AML/CFT

framework of the third country and are proportionate and adequate to the risks.

Article 31

Identification of third countries posing a specific and serious threat to the Union’s financial system

1.

The Commission is empowered to adopt delegated acts in accordance with Article 85 to supplement this Regulation

by identifying third countries where in exceptional cases it considers it indispensable to mitigate a specific and serious

threat to the Union’s financial system and the proper functioning of the internal market posed by those third countries, and

which cannot be mitigated pursuant to Articles 29 and 30.

2.

The Commission, when drawing up the delegated acts referred to in paragraph 1, shall take into account in particular

the following criteria:

(a) the legal and institutional AML/CFT framework of the third country, in particular:

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

63/111

EN

OJ L, 19.6.2024

(i) the criminalisation of money laundering and terrorist financing;

(ii) measures relating to customer due diligence;

(iii) requirements relating to record-keeping;

(iv) requirements to report suspicious transactions;

(v) the availability of accurate and timely information of the beneficial ownership of legal persons and arrangements to

competent authorities;

(b) the powers and procedures of the third country’s competent authorities for the purposes of combating money

laundering and terrorist financing including appropriately effective, proportionate and dissuasive sanctions, as well as

the third country’s practice in cooperation and exchange of information with Member States’ competent authorities;

(c) the effectiveness of the third country’s AML/CFT system in addressing money laundering and terrorist financing risks.

3.

For the purposes of determining the level of threat referred to in paragraph 1, the Commission may request AMLA to

adopt an opinion aimed at assessing the specific impact on the integrity of the Union’s financial system due to the level of

threat posed by a third country.

4.

Where AMLA identifies that a third country other than those identified pursuant to Articles 29 and 30 poses

a specific and serious threat to the Union’s financial system, it may address an opinion to the Commission setting out the

threat it has identified and why it believes that the Commission should identify the third country pursuant to paragraph 1.

Where the Commission decides not to identify the third country referred to in the first subparagraph, it shall provide

a justification thereof to AMLA.

5.

The Commission, when drawing up the delegated acts referred to in paragraph 1, shall take into account in particular

relevant evaluations, assessments or reports drawn up by international organisations and standard setters with competence

in the field of preventing money laundering and combating terrorist financing.

6.

Where the identified specific and serious threat from the third country concerned amounts to a significant strategic

deficiency, Article 29(4) shall apply and the delegated act referred to in paragraph 1 of this Article shall identify specific

countermeasures as referred to in Article 29(5).

7.

Where the identified specific and serious threat from the third country concerned amounts to a compliance weakness,

the delegated act referred to in paragraph 1 shall identify specific enhanced due diligence measures among those listed in

Article 34(4), that obliged entities shall apply to mitigate risks related to business relationships or occasional transactions

involving natural or legal persons from that third country.

8.

The Commission shall review the delegated acts referred to in paragraph 1 on a regular basis to ensure that the

countermeasures referred to in paragraph 6 and enhanced due diligence measures referred to in paragraph 7 take account of

the changes in the AML/CFT framework of the third country and are proportionate and adequate to the risks.

9.

The Commission may adopt, by means of an implementing act, the methodology for the identification of third

countries pursuant to this Article. That implementing act shall set out, in particular:

(a) how the criteria referred to in paragraph 2 are assessed;

(b) the process for interaction with the third country under assessment;

(c) the process for involvement of Member States and AMLA in the identification of third countries posing a specific and

serious threat to the Union’s financial system.

The implementing act referred to in the first subparagraph of this paragraph shall be adopted in accordance with the

examination procedure referred to in Article 86(2).

64/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

Article 32

Guidelines on money laundering and terrorist financing risks, trends and methods

1.

By 10 July 2027, AMLA shall issue guidelines defining the money laundering and terrorist financing risks, trends and

methods involving any geographical area outside the Union to which obliged entities are exposed. AMLA shall take into

account, in particular, the risk factors listed in Annex III. Where situations of higher risk are identified, the guidelines shall

include enhanced due diligence measures that obliged entities shall consider applying to mitigate such risks.

2.

3.

AMLA shall review the guidelines referred to in paragraph 1 at least every 2 years.

When issuing and reviewing the guidelines referred to in paragraph 1, AMLA shall take into account evaluations,

assessments or reports of Union institutions, bodies, offices and agencies, international organisations and standard setters

with competence in the field of preventing money laundering and combating terrorist financing.

SECTION 3

Simplified due diligence

Article 33

Simplified due diligence measures

1.

Where, taking into account the risk factors set out in Annexes II and III, the business relationship or transaction

present a low degree of risk, obliged entities may apply the following simplified due diligence measures:

(a) verifying the identity of the customer and the beneficial owner after the establishment of the business relationship,

provided that the specific lower risk identified justified such postponement, but in any case no later than 60 days of the

relationship being established;

(b) reducing the frequency of customer identification updates;

(c) reducing the amount of information collected to identify the purpose and intended nature of the business relationship

or occasional transaction or inferring it from the type of transactions or business relationship established;

(d) reducing the frequency or degree of scrutiny of transactions carried out by the customer;

(e) applying any other relevant simplified due diligence measure identified by AMLA pursuant to Article 28.

The measures referred to in the first subparagraph shall be proportionate to the nature and size of the business and to the

specific elements of lower risk identified. However, obliged entities shall carry out sufficient monitoring of the transactions

and business relationship to enable the detection of unusual or suspicious transactions.

2.

Obliged entities shall ensure that the internal procedures established pursuant to Article 9 contain the specific

measures of simplified verification that shall be taken in relation to the different types of customers that present a lower

risk. Obliged entities shall document decisions to take into account additional factors of lower risk.

3.

For the purpose of applying simplified due diligence measures referred to in paragraph 1, point (a), obliged entities

shall adopt risk management procedures with respect to the conditions under which they can provide services or perform

transactions for a customer prior to the verification taking place, including by limiting the amount, number or types of

transactions that can be performed or by monitoring transactions to ensure that they are in line with the expected norms

for the business relationship at hand.

4.

Obliged entities shall verify on a regular basis that the conditions for the application of simplified due diligence

measures continue to exist. The frequency of such verifications shall be commensurate with the nature and size of the

business and the risks posed by the specific relationship.

5.

Obliged entities shall refrain from applying simplified due diligence measures in any of the following situations:

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

65/111

EN

OJ L, 19.6.2024

(a) the obliged entities have doubts as to the veracity of the information provided by the customer or the beneficial owner

at the stage of identification, or they detect inconsistencies regarding that information;

(b) the factors indicating a lower risk are no longer present;

(c) the monitoring of the customer’s transactions and the information collected in the context of the business relationship

exclude a lower risk scenario;

(d) there is a suspicion of money laundering or terrorist financing;

(e) there is a suspicion that the customer, or the person acting on behalf of the customer, is attempting to circumvent or

evade targeted financial sanctions.

SECTION 4

Enhanced due diligence

Article 34

Scope of application of enhanced due diligence measures

1.

In the cases referred to in Articles 29, 30, 31 and 36 to 46, as well as in other cases of higher risk that are identified

by obliged entities pursuant to Article 20(2), second subparagraph, obliged entities shall apply enhanced due diligence

measures to manage and mitigate such risks appropriately.

2.

Obliged entities shall examine the origin and destination of funds involved in, and the purpose of, all transactions that

fulfil at least one of the following conditions:

(a) the transaction is of a complex nature;

(b) the transaction is unusually large;

(c) the transaction is conducted in an unusual pattern;

(d) the transaction does not have an apparent economic or lawful purpose.

3.

With the exception of the cases covered by Section 2 of this Chapter, when assessing the risks of money laundering

and terrorist financing posed by a business relationship or occasional transaction, obliged entities shall take into account at

least the factors of potential higher risk set out in Annex III and the guidelines adopted by AMLA pursuant to Article 32, as

well as any other indicators of higher risk such as notifications issued by the FIU and findings of the business-wide risk

assessment under Article 10.

4.

With the exception of the cases covered by Section 2 of this Chapter, in cases of higher risk as referred to in

paragraph 1 of this Article, obliged entities shall apply enhanced due diligence measures, proportionate to the higher risks

identified, which may include the following measures:

(a) obtaining additional information on the customer and the beneficial owners;

(b) obtaining additional information on the intended nature of the business relationship;

(c) obtaining additional information on the source of funds, and source of wealth of the customer and of the beneficial

owners;

(d) obtaining information on the reasons for the intended or performed transactions and their consistency with the

business relationship;

(e) obtaining the approval of senior management for establishing or continuing the business relationship;

(f) conducting enhanced monitoring of the business relationship by increasing the number and timing of controls applied,

and selecting patterns of transactions that need further examination;

(g) requiring the first payment to be carried out through an account in the customer’s name with a credit institution subject

to customer due diligence standards that are not less robust than those laid down in this Regulation.

66/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

5.

Where a business relationship that is identified as having a higher risk involves the handling of assets with a value of

at least EUR 5 000 000, or the equivalent in national or foreign currency, through personalised services for a customer

holding total assets with a value of at least EUR 50 000 000, or the equivalent in national or foreign currency, whether in

financial, investable or real estate assets, or a combination thereof, excluding that customer’s private residence, credit

institutions, financial institutions and trust or company service providers shall apply the following enhanced due diligence

measures, in addition to any enhanced due diligence measure applied pursuant to paragraph 4:

(a) specific measures including procedures to mitigate risks associated with personalised services and products offered to

that customer;

(b) obtaining additional information on that customer’s source of funds;

(c) preventing and managing conflicts of interest between the customer and senior management or employees of the

obliged entity that undertake tasks related to that obliged entity’s compliance in relation to that customer.

By 10 July 2027, AMLA shall issue guidelines on the measures to be taken by credit institutions, financial institutions and

trust or company service providers to establish whether a customer holds total assets with a value of at least

EUR 50 000 000, or the equivalent in national or foreign currency, in financial, investable or real estate assets and how to

determine that value.

6.

With the exception of the cases covered by Section 2 of this Chapter, where Member States identify cases of higher

risks pursuant to Article 8 of Directive (EU) 2024/1640, including as a result of sectoral risk assessments carried out by the

Member States, they may require obliged entities to apply enhanced due diligence measures and, where appropriate, specify

those measures. Member States shall notify to the Commission and AMLA their decisions imposing enhanced due diligence

requirements upon obliged entities established in their territory within 1 month of their adoption, accompanied by

a justification of the money laundering and terrorist financing risks underpinning such decision.

Where the risks identified by Member States pursuant to the first subparagraph are likely to stem from outside the Union

and may affect the Union’s financial system, AMLA shall, upon a request from the Commission or on its own initiative,

consider updating the guidelines adopted pursuant to Article 32.

7.

The Commission is empowered to adopt delegated acts in accordance with Article 85 to supplement this Regulation

where it identifies additional cases of higher risk as referred to in paragraph 1 of this Article that affect the Union as a whole

and enhanced due diligence measures that obliged entities are to apply in those cases, taking into account the notifications

by Member States pursuant to paragraph 6, first subparagraph, of this Article.

8.

Enhanced due diligence measures shall not be invoked automatically with respect to branches or subsidiaries of

obliged entities established in the Union which are located in third countries referred to in Articles 29, 30 and 31 where

those branches or subsidiaries fully comply with the group-wide policies, procedures and controls in accordance with

Article 17.

Article 35

Countermeasures to mitigate money laundering and terrorist financing threats from outside the Union

For the purposes of Articles 29 and 31, the Commission may choose from among the following countermeasures:

(a) countermeasures that obliged entities are to apply to persons and legal entities involving high-risk third countries and,

where relevant, other countries posing a threat to the Union’s financial system consisting in:

(i) the application of additional elements of enhanced due diligence;

(ii) the introduction of enhanced relevant reporting mechanisms or systematic reporting of financial transactions;

(iii) the limitation of business relationships or transactions with natural persons or legal entities from those third

countries;

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

67/111

EN

OJ L, 19.6.2024

(b) countermeasures that Member States are to apply with regard to high-risk third countries and, where relevant, other

countries posing a threat to the Union’s financial system consisting in:

(i) refusing the establishment of subsidiaries or branches or representative offices of obliged entities from the country

concerned, or otherwise taking into account the fact that the relevant obliged entity is from a third country that

does not have adequate AML/CFT regimes;

(ii) prohibiting obliged entities from establishing branches or representative offices in the third country concerned, or

otherwise taking into account the fact that the relevant branch or representative office would be in a third country

that does not have adequate AML/CFT regimes;

(iii) requiring increased supervisory examination or increased external audit requirements for branches and subsidiaries

of obliged entities located in the third country concerned;

(iv) requiring increased external audit requirements for financial groups with respect to any of their branches and

subsidiaries located in the third country concerned;

(v) requiring credit institutions and financial institutions to review and amend, or if necessary terminate,

correspondent relationships with respondent institutions in the third country concerned.

Article 36

Specific enhanced due diligence measures for cross-border correspondent relationships

With respect to cross-border correspondent relationships, including relationships established for securities transactions or

fund transfers, involving the execution of payments with a third-country respondent institution, in addition to the customer

due diligence measures laid down in Article 20, credit institutions and financial institutions shall, when entering into

a business relationship, be required to:

(a) gather sufficient information about the respondent institution to understand fully the nature of the respondent’s

business and to determine from publicly available information the reputation of the institution and the quality of

supervision;

(b) assess the respondent institution’s AML/CFT controls;

(c) obtain approval from senior management before establishing new correspondent relationships;

(d) document the respective responsibilities of each institution;

(e) with respect to payable-through accounts, be satisfied that the respondent institution has verified the identity of, and

performed ongoing due diligence on, the customers having direct access to accounts of the correspondent institution,

and that it is able to provide relevant customer due diligence data to the correspondent institution, upon request.

Where credit institutions and financial institutions decide to terminate cross-border correspondent relationships for reasons

relating to AML/CFT policy, they shall document their decision.

Article 37

Specific enhanced due diligence measures for cross-border correspondent relationships for crypto-asset service

providers

1.

By way of derogation from Article 36, with respect to cross-border correspondent relationships involving the

execution of crypto-asset services, with a respondent entity not established in the Union and providing similar services,

including transfers of crypto-assets, crypto-asset service providers shall, in addition to the customer due diligence measures

laid down in Article 20, when entering into a business relationship, be required to:

(a) determine if the respondent entity is licensed or registered;

68/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

(b) gather sufficient information about the respondent entity to understand fully the nature of the respondent’s business

and to determine from publicly available information the reputation of the entity and the quality of supervision;

(c) assess the respondent entity’s AML/CFT controls;

(d) obtain approval from senior management before establishing the new correspondent relationship;

(e) document the respective responsibilities of each party to the correspondent relationship;

(f) with respect to payable-through crypto-asset accounts, be satisfied that the respondent entity has verified the identity of,

and performed ongoing due diligence on, the customers having direct access to accounts of the correspondent entity,

and that it is able to provide relevant customer due diligence data to the correspondent entity, upon request.

Where crypto-asset service providers decide to terminate correspondent relationships for reasons relating to AML/CFT

policy, they shall document their decision.

Crypto-asset service providers shall update the due diligence information for the correspondent relationship on a regular

basis or when new risks emerge in relation to the respondent entity.

2.

Crypto-asset service providers shall take into account the information collected pursuant to paragraph 1 in order to

determine, on a risk sensitive basis, the appropriate measures to be taken to mitigate the risks associated with the

respondent entity.

3.

By 10 July 2027, AMLA shall issue guidelines to specify the criteria and elements that crypto-asset service providers

shall take into account for conducting the assessment referred to in paragraph 1 and the risk mitigating measures referred to

in paragraph 2, including the minimum action to be taken by crypto-asset service providers upon identification that the

respondent entity is not registered or licensed.

Article 38

Specific measures for individual third-country respondent institutions

1.

Credit institutions and financial institutions shall apply the measures laid down in paragraph 6 of this Article in

relation to third-country respondent institutions with which they have a correspondent relationship pursuant to Articles 36

or 37 and in respect of which AMLA issues a recommendation pursuant to paragraph 2 of this Article.

2.

AMLA shall issue a recommendation addressed to credit institutions and financial institutions where there are

concerns that respondent institutions in third countries fall into any of the following situations:

(a) they are in serious, repeated or systematic breach of AML/CFT requirements;

(b) they have weaknesses in their internal policies, procedures and controls that are likely to result in serious, repeated or

systematic breaches of AML/CFT requirements;

(c) they have in place internal policies, procedures and controls that are not commensurate with the risks of money

laundering, its predicate offences and terrorist financing to which the third-country respondent institution is exposed.

3.

The recommendation referred to in paragraph 2 shall be issued where all of the following conditions are met:

(a) on the basis of the information available in the context of its supervisory activities, a financial supervisor, including

AMLA when performing its supervisory activities, deems that a third-country respondent institution falls into any of the

situations listed in paragraph 2 and may affect the risk exposure of the correspondent relationship;

(b) following an assessment of the information available to the financial supervisor referred to in point (a) of this

paragraph, there is an agreement among financial supervisors in the Union that the third-country respondent institution

falls into any of the situations listed in paragraph 2 and may affect the risk exposure of the correspondent relationship.

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

69/111

EN

OJ L, 19.6.2024

Prior to issuing the recommendation referred to in paragraph 2, AMLA shall consult the third-country supervisor in

4.

charge of the respondent institution and request that it provides its own as well as the respondent institution’s views on the

adequacy of AML/CFT policies, procedures and controls as well as of the customer due diligence measures the respondent

institution has in place to mitigate risks of money laundering, its predicate offences and terrorist financing and remedial

measures to be put in place. Where no reply is provided within 2 months or where the reply provided does not indicate that

the third-country respondent institution can implement satisfactory AML/CFT policies, procedures and controls as well as

apply adequate customer due diligence measures to mitigate the risks to which it is exposed that may affect the

correspondent relationship, AMLA shall proceed with the recommendation.

5.

AMLA shall withdraw the recommendation referred to in paragraph 2 as soon as it considers that a third-country

respondent institution on which it adopted that recommendation no longer fulfils the conditions laid down in paragraph 3.

6.

In relation to third-country respondent institutions referred to in paragraph 1, credit institutions and financial

institutions shall:

(a) abstain from entering into new business relationships with the third-country respondent institution unless they

conclude, on the basis of the information collected under Article 36 or 37, that the mitigating measures applied to the

business relationship with the third-country respondent institution and the measures in place in the third-country

respondent institution can adequately mitigate the money laundering and terrorist financing risks associated with that

business relationship;

(b) for ongoing business relationships with the third-country respondent institution:

(i) review and update the information on the respondent institution pursuant to Articles 36 or 37;

(ii) terminate the business relationship unless they conclude, on the basis of the information collected under point (i),

that the mitigating measures applied to the business relationship with the third-country respondent institution and

the measures in place in the third-country respondent institution can adequately mitigate the money laundering and

terrorist financing risks associated with that business relationship;

(c) inform the respondent institution of the conclusions they have drawn in relation to the risks posed by the

correspondent relationship following the recommendation by AMLA and the measures taken pursuant to points (a) or

(b).

Where AMLA has withdrawn a recommendation pursuant to paragraph 5, credit institutions and financial institutions shall

review their assessment as to whether the third-country respondent institutions fulfil any of the conditions laid down in

paragraph 3.

7.

Credit institutions and financial institutions shall document any decision taken pursuant to this Article.

Article 39

Prohibition of correspondent relationships with shell institutions

1.

Credit institutions and financial institutions shall not enter into, or continue, a correspondent relationship with a shell

institution. Credit institutions and financial institutions shall take appropriate measures to ensure that they do not engage in

or continue correspondent relationships with a credit institution or financial institution that is known to allow its accounts

to be used by a shell institution.

2.

In addition to the requirement laid down in paragraph 1, crypto-asset service providers shall ensure that their

accounts are not used by shell institutions to provide crypto-asset services. To that end, crypto-asset service providers shall

have in place internal policies, procedures and controls to detect any attempt to use their accounts for the provision of

unregulated crypto-asset services.

Article 40

Measures to mitigate risks in relation to transactions with a self-hosted address

1.

Crypto-asset service providers shall identify and assess the risk of money laundering and financing of terrorism

associated with transfers of crypto-assets directed to or originating from a self-hosted address. To that end, crypto-asset

service providers shall have in place internal policies, procedures and controls.

70/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

Crypto-asset service providers shall apply mitigating measures commensurate with the risks identified. Those mitigating

measures shall include one or more of the following:

(a) taking risk-based measures to identify, and verify the identity of, the originator or beneficiary of a transfer made from or

to a self-hosted address or beneficial owner of such originator or beneficiary, including through reliance on third

parties;

(b) requiring additional information on the origin and destination of the crypto-assets;

(c) conducting enhanced ongoing monitoring of transactions with a self-hosted address;

(d) any other measure to mitigate and manage the risks of money laundering and financing of terrorism as well as the risk

of non-implementation and evasion of targeted financial sanctions.

2.

By 10 July 2027, AMLA shall issue guidelines to specify the mitigating measures referred to in paragraph 1, including:

(a) the criteria and means for identification and verification of the identity of the originator or beneficiary of a transfer

made from or to a self-hosted address, including through reliance on third parties, taking into account the latest

technological developments;

(b) criteria and means for the verification of whether or not the self-hosted address is owned or controlled by a customer.

Article 41

Specific provisions regarding applicants for residence by investment schemes

In addition to the customer due diligence measures laid down in Article 20, with respect to customers who are

third-country nationals who are in the process of applying for residence rights in a Member State in exchange for any kind

of investment, including transfers, purchase or renting of property, investment in government bonds, investment in

corporate entities, donation or endowment of an activity contributing to the public good and contributions to the state

budget, obliged entities shall, as a minimum, apply enhanced due diligence measures set out in Article 34(4), points (a), (c),

(e) and (f).

Article 42

Specific provisions regarding politically exposed persons

1.

In addition to the customer due diligence measures laid down in Article 20, obliged entities shall apply the following

measures with respect to occasional transactions or business relationships with politically exposed persons:

(a) obtain senior management approval for carrying out occasional transactions or for establishing or continuing business

relationships with politically exposed persons;

(b) take adequate measures to establish the source of wealth and source of funds that are involved in business relationships

or occasional transactions with politically exposed persons;

(c) conduct enhanced, ongoing monitoring of those business relationships.

2.

By 10 July 2027, AMLA shall issue guidelines on the following matters:

(a) the criteria for the identification of persons known to be close associates;

(b) the level of risk associated with a particular category of politically exposed person, family member or person known to

be a close associate, including guidance on how such risks are to be assessed where the person is no longer entrusted

with a prominent public function for the purposes of Article 45.

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

71/111

EN

OJ L, 19.6.2024

Article 43

List of prominent public functions

1.

Each Member State shall issue and keep up-to-date a list indicating the exact functions which, in accordance with its

national laws, regulations and administrative provisions, qualify as prominent public functions for the purposes of Article

2(1), point (34). Member States shall request each international organisation accredited on their territories to issue and keep

up-to-date a list of prominent public functions at that international organisation for the purposes of Article 2(1), point (34).

Those lists shall also include any function which may be entrusted to representatives of third countries and of international

bodies accredited at Member State level. Member States shall notify those lists, as well as any change made to them, to the

Commission and to AMLA.

2.

The Commission may set out, by means of an implementing act, the format for the establishment and communication

of the Member States’ lists of prominent public functions pursuant to paragraph 1. That implementing act shall be adopted

in accordance with the examination procedure referred to in Article 86(2).

3.

The Commission is empowered to adopt delegated acts in accordance with Article 85 to supplement Article 2(1),

point (34), where the lists notified by Member States pursuant to paragraph 1 identify common additional categories of

prominent public functions and those categories of prominent public functions are of relevance for the Union as a whole.

When drawing up delegated acts pursuant to the first subparagraph, the Commission shall consult AMLA.

4.

The Commission shall draw up and keep up-to-date the list of the exact functions which qualify as prominent public

functions at the level of the Union. That list shall also include any function which may be entrusted to representatives of

third countries and of international bodies accredited at Union level.

5.

The Commission shall assemble, based on the lists provided for in paragraphs 1 and 4 of this Article, a single list of all

prominent public functions for the purposes of Article 2(1), point (34). The Commission shall publish that single list in the

Official Journal of the European Union. AMLA shall make that list publicly available on its website.

Article 44

Politically exposed persons who are beneficiaries of insurance policies

Obliged entities shall take reasonable measures to determine whether the beneficiaries of a life or other investment-related

insurance policy or, where relevant, the beneficial owner of the beneficiary are politically exposed persons. Those measures

shall be taken no later than at the time of the payout or at the time of the assignment, in whole or in part, of the policy.

Where there are higher risks identified, in addition to applying the customer due diligence measures laid down in

Article 20, obliged entities shall:

(a) inform senior management before payout of policy proceeds;

(b) conduct enhanced scrutiny of the entire business relationship with the policyholder.

Article 45

Measures for persons who cease to be politically exposed persons

1.

Where a politically exposed person is no longer entrusted with a prominent public function by the Union, a Member

State, third country or an international organisation, obliged entities shall take into account the continuing risk posed by

that person, as a result of his or her former function, in their assessment of money laundering and terrorist financing risks

in accordance with Article 20.

2.

Obliged entities shall apply one or more of the measures referred to in Article 34(4) to mitigate the risks posed by the

politically exposed person until such time as the risks referred to in paragraph 1 of this Article no longer exist, but in any

case for not less than 12 months following the time when the individual ceased to be entrusted with a prominent public

function.

3.

The obligation referred to in paragraph 2 shall apply accordingly where an obliged entity carries out an occasional

transaction or enters into a business relationship with a person who in the past was entrusted with a prominent public

function by the Union, a Member State, third country or an international organisation.

72/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

Article 46

Family members and persons known to be close associates of politically exposed persons

The measures referred to in Articles 42, 44 and 45 shall also apply to family members or persons known to be close

associates of politically exposed persons.

SECTION 5

Specific customer due diligence provisions

Article 47

Specifications for the life and other investment-related insurance sector

For life or other investment-related insurance business, in addition to the customer due diligence measures required for the

customer and the beneficial owner, obliged entities shall apply the following customer due diligence measures on the

beneficiaries of life insurance and other investment-related insurance policies, as soon as the beneficiaries are identified or

designated:

(a) in the case of beneficiaries that are identified as specifically named persons or legal arrangements, recording the name of

the person or arrangement;

(b) in the case of beneficiaries that are designated by characteristics or by class or by other means, obtaining sufficient

information concerning those beneficiaries so that it will be able to establish the identity of the beneficiary at the time

of the payout.

For the purposes of the first subparagraph, the verification of the identity of the beneficiaries and, where relevant, their

beneficial owners shall take place at the time of the payout. In the case of assignment, in whole or in part, of the life or

other investment-related insurance to a third party, obliged entities aware of the assignment shall identify the beneficial

owner at the time of the assignment to the natural or legal person or legal arrangement receiving for its own benefit the

value of the policy assigned.

SECTION 6

Reliance on customer due diligence performed by other obliged entities

Article 48

General provisions relating to reliance on other obliged entities

1.

Obliged entities may rely on other obliged entities, whether located in a Member State or in a third country, to meet

the customer due diligence requirements laid down in Article 20(1), points (a), (b) and (c), provided that:

(a) the other obliged entities apply customer due diligence requirements and record-keeping requirements laid down in this

Regulation, or equivalent when the other obliged entities reside or are established in a third country;

(b) compliance with AML/CFT requirements by the other obliged entities is supervised in a manner consistent with

Chapter IV of Directive (EU) 2024/1640.

The ultimate responsibility for meeting the customer due diligence requirements shall remain with the obliged entity which

relies on another obliged entity.

2.

When deciding to rely on other obliged entities located in third countries, obliged entities shall take into consideration

the geographical risk factors listed in Annexes II and III and any relevant information or guidance provided by the

Commission, or by AMLA or other competent authorities.

3.

In the case of obliged entities that are part of a group, compliance with the requirements of this Article and of

Article 49 may be ensured through group-wide policies, procedures and controls provided that all the following conditions

are met:

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

73/111

EN

OJ L, 19.6.2024

(a) the obliged entity relies on information provided solely by an obliged entity that is part of the same group;

(b) the group applies AML/CFT policies and procedures, customer due diligence measures and rules on record-keeping that

are fully in compliance with this Regulation, or with equivalent rules in third countries;

(c) the effective implementation of the requirements referred to in point (b) of this paragraph is supervised at group level

by the supervisory authority of the home Member State in accordance with Chapter IV of Directive (EU) 2024/1640 or

of the third country in accordance with the rules of that third country.

4.

Obliged entities shall not rely on obliged entities established in third countries identified pursuant to Section 2 of this

Chapter. However, obliged entities established in the Union whose branches and subsidiaries are established in those third

countries may rely on those branches and subsidiaries, where all the conditions laid down in paragraph 3, are met.

Article 49

Process of reliance on another obliged entity

1.

Obliged entities shall obtain from the obliged entity relied upon all the necessary information concerning the

customer due diligence measures laid down in Article 20(1), points (a), (b) and (c), or the business being introduced.

2.

Obliged entities which rely on other obliged entities shall take all necessary steps to ensure that the obliged entity

relied upon provides, upon request:

(a) copies of the information collected to identify the customer;

(b) all supporting documents or trustworthy sources of information that were used to verify the identity of the client, and,

where relevant, of the customer’s beneficial owners or persons on whose behalf the customer acts, including data

obtained through electronic identification means and relevant trust services as set out in Regulation (EU) No 910/2014;

and

(c) any information collected on the purpose and intended nature of the business relationship.

3.

The information referred to in paragraphs 1 and 2 shall be provided by the obliged entity relied upon without delay

and in any case within 5 working days.

4.

The conditions for the transmission of the information and documents mentioned in paragraphs 1 and 2 shall be

specified in a written agreement between the obliged entities.

5.

Where the obliged entity relies on an obliged entity that is part of its group, the written agreement may be replaced by

an internal procedure established at group level, provided that the conditions laid down in Article 48(3) are met.

Article 50

Guidelines on reliance on other obliged entities

By 10 July 2027, AMLA shall issue guidelines addressed to obliged entities on:

(a) the conditions which are acceptable for obliged entities to rely on information collected by another obliged entity,

including in the case of remote customer due diligence;

(b) the roles and responsibility of the obliged entities involved in a situation of a reliance on another obliged entity;

(c) supervisory approaches to reliance on other obliged entities.

74/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

CHAPTER IV

BENEFICIAL OWNERSHIP TRANSPARENCY

Article 51

Identification of beneficial owners for legal entities

Beneficial owners of legal entities shall be the natural persons who:

(a) have, directly or indirectly, an ownership interest in the corporate entity; or

(b) control, directly or indirectly, the corporate or other legal entity, through ownership interest or via other means.

Control via other means as referred to in the first paragraph, point (b), shall be identified independently of and in parallel to

the existence of an ownership interest or control through ownership interest.

Article 52

Beneficial ownership through ownership interest

1.

For the purpose of Article 51, first paragraph, point (a), ‘an ownership interest in the corporate entity’ shall mean

direct or indirect ownership of 25 % or more of the shares or voting rights or other ownership interest in the corporate

entity, including rights to a share of profits, other internal resources or liquidation balance. The indirect ownership shall be

calculated by multiplying the shares or voting rights or other ownership interests held by the intermediate entities in the

chain of entities in which the beneficial owner holds shares or voting rights and by adding together the results from those

various chains, unless Article 54 applies.

For the purposes of assessing whether an ownership interest exists in the corporate entity, all shareholdings on every level

of ownership shall be taken into account.

2.

Where Member States identify pursuant to Article 8(4), point (c), of Directive (EU) 2024/1640 categories of corporate

entities that are exposed to higher money laundering and terrorist financing risks, including based on the sectors in which

they operate, they shall inform the Commission thereof. By 10 July 2029, the Commission shall assess whether the risks

associated with those categories of legal entities are relevant for the internal market and, where it concludes that a lower

threshold is appropriate to mitigate those risks, adopt delegated acts in accordance with Article 85 to amend this

Regulation by identifying:

(a) the categories of corporate entities that are associated with higher money laundering and terrorist financing risks and

for which a lower threshold shall apply;

(b) the related thresholds.

The lower threshold referred to in the first subparagraph shall be set at a maximum of 15 % of ownership interest in the

corporate entity, unless the Commission concludes, on the basis of risk, that a higher threshold would be more

proportionate, which shall in any case be set at less than 25 %.

3.

The Commission shall review the delegated act referred to in paragraph 2 on a regular basis to ensure that it identifies

the relevant categories of corporate entities that are associated with higher risks, and that the related thresholds are

commensurate with those risks.

4.

In the case of legal entities other than corporate entities, for which, having regard to their form and structure, it is not

appropriate or possible to calculate ownership, the beneficial owners shall be the natural persons who control via other

means, directly or indirectly, the legal entity, pursuant to Article 53(3) and (4), except where Article 57 applies.

Article 53

Beneficial ownership through control

1.

Control over a corporate or other legal entity shall be exercised through ownership interest or via other means.

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

75/111

EN

OJ L, 19.6.2024

2.

For the purposes of this Chapter, the following definitions apply:

(a) ‘control of the legal entity’ means the possibility to exercise, directly or indirectly, significant influence and impose

relevant decisions within the legal entity;

(b) ‘indirect control of a legal entity’ means control of intermediate legal entities in the ownership structure or in various

chains of the ownership structure, where the direct control is identified on each level of the structure;

(c) ‘control through ownership interest of the corporate entity’ means direct or indirect ownership of 50 % plus one of the

shares or voting rights or other ownership interest in the corporate entity.

3.

Control of the legal entity via other means shall in any case include the possibility to exercise:

(a) in the case of a corporate entity, the majority of the voting rights in the corporate entity, whether or not shared by

persons acting in concert;

(b) the right to appoint or remove a majority of the members of the board or the administrative, management or

supervisory body or similar officers of the legal entity;

(c) relevant veto rights or decision rights attached to the share of the corporate entity;

(d) decisions regarding distribution of profit of the legal entity or leading to a shift in assets in the legal entity.

4.

In addition to paragraph 3, control of the legal entity may be exercised via other means. Depending on the particular

situation of the legal entity and its structure, other means of control may include:

(a) formal or informal agreements with owners, members or the legal entities, provisions in the articles of association,

partnership agreements, syndication agreements, or equivalent documents or agreements depending on the specific

characteristics of the legal entity, as well as voting arrangements;

(b) relationships between family members;

(c) use of formal or informal nominee arrangements.

For the purpose of this paragraph, ‘formal nominee arrangement’ means a contract or an equivalent arrangement, between

a nominator and a nominee, where the nominator is a legal entity or natural person that issues instructions to a nominee to

act on their behalf in a certain capacity, including as a director or shareholder or settlor, and the nominee is a legal entity or

natural person instructed by the nominator to act on their behalf.

Article 54

Coexistence of ownership interest and control in the ownership structure

Where corporate entities are owned through a multi-layered ownership structure, and in one or more chains of that

structure the ownership interest and the control coexist in relation to different layers of the chain, the beneficial owners

shall be:

(a) the natural persons who control, directly or indirectly, through ownership interest or via other means, legal entities that

have a direct ownership interest in the corporate entity, whether individually or cumulatively;

(b) the natural persons who, whether individually or cumulatively, directly or indirectly, have an ownership interest in the

corporate entity that controls, through ownership interest or via other means, the corporate entity, directly or indirectly.

76/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

Article 55

Ownership structures involving legal arrangements or similar legal entities

Where legal entities referred to in Article 57 or legal arrangements have an ownership interest in the corporate entity,

whether individually or cumulatively, or control, directly or indirectly, the corporate entity, through ownership interest or

via other means, the beneficial owners shall be the natural persons who are the beneficial owners of the legal entities

referred to in Article 57 or of the legal arrangements.

Article 56

Notifications

Each Member State shall notify to the Commission by 10 October 2027 a list of the types of legal entities existing under its

national law with beneficial owners identified in accordance with Article 51 and Article 52(4). That notification shall

include the specific categories of entities, description of characteristics and, where applicable, legal basis under the national

law of the Member State concerned. It shall also include an indication of whether, due to the specific form and structures of

legal entities other than corporate entities, the mechanism under Article 63(4) applies, accompanied by a detailed

justification of the reasons for that.

The Commission shall communicate the notification referred to in the first paragraph to other Member States.

Article 57

Identification of beneficial owners for legal entities similar to express trust

1.

In the case of legal entities other than those referred to in Article 51, similar to express trust, such as foundations, the

beneficial owners shall be all the following natural persons:

(a) the founders;

(b) the members of the management body in its management function;

(c) the members of the management body in its supervisory function;

(d) the beneficiaries, unless Article 59 applies;

(e) any other natural person, who controls directly or indirectly the legal entity.

2.

In cases where legal entities referred to in paragraph 1 belong to multi-layered control structures, where any of the

positions listed in paragraph 1 is held by a legal entity, beneficial owners of the legal entity referred to in paragraph 1 shall

be:

(a) the natural persons listed in paragraph 1; and

(b) the beneficial owners of the legal entities that occupy any of the positions listed in paragraph 1.

3.

Member States shall notify to the Commission by 10 October 2027 a list of types of legal entities, of which the

beneficial owners are identified in accordance with paragraph 1.

The notification referred to in the first subparagraph shall be accompanied by a description of:

(a) the form and basic features of those legal entities;

(b) the process through which they can be set up;

(c) the process for accessing basic information and beneficial ownership information on those legal entities;

(d) the websites at which the central registers containing information on beneficial owners of those legal entities can be

consulted and contact details of the entities in charge of those registers.

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

77/111

EN

OJ L, 19.6.2024

The Commission may adopt, by means of an implementing act, a list of types of legal entities governed by the law of

4.

Member States which should be subject to the requirements of this Article. That implementing act shall be adopted in

accordance with the examination procedure referred to in Article 86(2).

Article 58

Identification of beneficial owners for express trusts and similar legal arrangements

1.

The beneficial owners of express trusts shall be all the following natural persons:

(a) the settlors;

(b) the trustees;

(c) the protectors, if any;

(d) the beneficiaries, unless Article 59 or 60 applies;

(e) any other natural persons exercising ultimate control over the express trust by means of direct or indirect ownership or

by other means, including through a chain of control or ownership.

2.

The beneficial owners of other legal arrangements similar to express trusts shall be the natural persons holding

equivalent or similar positions to those referred to in paragraph 1.

3.

Where legal arrangements belong to multi-layered control structures and where any of the positions listed in

paragraph 1 is held by a legal entity, the beneficial owners of the legal arrangement shall be:

(a) the natural persons listed in paragraph 1; and

(b) the beneficial owners of the legal entities that occupy any of the positions listed in paragraph 1.

4.

Member States shall notify to the Commission by 10 October 2027 a list of types of legal arrangements similar to

express trusts which are governed under their law.

The notification shall be accompanied by a description of:

(a) the form and basic features of those legal arrangements;

(b) the process through which those legal arrangements can be set up;

(c) the process for accessing basic information and beneficial ownership information on those legal arrangements;

(d) the websites at which the central registers containing information on beneficial owners of those legal arrangements can

be consulted and the contact details of the entities in charge of those registers.

The notification shall also be accompanied by a justification detailing the reasons why the Member State considers the

notified legal arrangements to be similar to express trusts and why it concluded that other legal arrangements governed

under its law are not similar to express trusts.

5.

The Commission may adopt, by means of an implementing act, a list of types of legal arrangements governed under

the law of Member States which should be subject to the same beneficial ownership transparency requirements as express

trusts, accompanied by the information referred to in paragraph 4, second subparagraph of this Article. That implementing

act shall be adopted in accordance with the examination procedure referred to in Article 86(2).

Article 59

Identification of a class of beneficiaries

1.

In the case of legal entities similar to express trusts under Article 57 or, with the exception of discretionary trusts,

express trusts and similar legal arrangements under Article 58, where beneficiaries have yet to be determined, the class of

beneficiaries and its general characteristics shall be identified. Beneficiaries within the class shall be beneficial owners as

soon as they are identified or designated.

78/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

2.

In the following cases, only the class of beneficiaries and its characteristics shall be identified:

(a) pension schemes within the scope of Directive (EU) 2016/2341;

(b) employee financial ownership or participation schemes, provided that Member States, following an appropriate risk

assessment, have concluded a low risk of misuse for money laundering or terrorist financing;

(c) legal entities similar to express trusts under Article 57, express trusts and similar legal arrangements under Article 58,

provided that:

(i) the legal entity, the express trust or similar legal arrangement is set up for a non-profit or charitable purpose; and

(ii) following an appropriate risk assessment, Member States have concluded that the category of legal entity, express

trust or similar legal arrangement is at a low risk of misuse for money laundering or terrorist financing.

3.

Member State shall notify to the Commission the categories of legal entities, express trusts or similar legal

arrangements under paragraph 2, together with a justification based on the specific risk assessment. The Commission shall

communicate that notification to the other Member States.

Article 60

Identification of objects of a power and default takers in discretionary trusts

In the case of discretionary trusts, where beneficiaries have yet to be selected, the objects of a power and default takers shall

be identified. Beneficiaries among the objects of a power shall be beneficial owners as soon as they are selected. Default

takers shall be beneficial owners when the trustees fail to exercise their discretion.

Where discretionary trusts meet the conditions laid down in Article 59(2), only the class of objects of a power and default

takers shall be identified. Those categories of discretionary trusts shall be notified to the Commission in accordance with

paragraph 3 of that Article.

Article 61

Identification of beneficial owners of collective investment undertakings

By way of derogation from Article 51, first paragraph and Article 58(1), the beneficial owners of collective investment

undertakings shall be the natural persons who fulfil one or more of the following conditions:

(a) they hold directly or indirectly 25 % or more of the units held in the collective investment undertaking;

(b) they have the ability to define or influence the investment policy of the collective investment undertaking;

(c) they control the activities of the collective investment undertaking through other means.

Article 62

Beneficial ownership information

1.

Legal entities and trustees of express trusts or persons holding equivalent positions in similar legal arrangements shall

ensure that the beneficial ownership information which they hold, provide to obliged entities in the context of customer

due diligence procedures in accordance with Chapter III or submit to central registers is adequate, accurate, and up-to-date.

The beneficial ownership information referred to in the first subparagraph shall include the following:

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

79/111

EN

OJ L, 19.6.2024

(a) all names and surnames, place and full date of birth, residential address, country of residence and nationality or

nationalities of the beneficial owner, number of identity document, such as passport or national identity document, and,

where it exists, unique personal identification number assigned to the person by his or her country of usual residence,

and general description of the source of such number;

(b) the nature and extent of the beneficial interest held in the legal entity or legal arrangement, whether through ownership

interest or control via other means, as well as the date as of which the beneficial interest is held;

(c) information on the legal entity of which the natural person is the beneficial owner in accordance with Article 22(1),

point (b), or, in the case of legal arrangements of which the natural person is the beneficial owner, basic information on

the legal arrangement;

(d) where the ownership and control structure contains more than one legal entity or legal arrangement, a description of

such structure, including names and, where it exists, identification numbers of the individual legal entities or legal

arrangements that are part of that structure, and a description of the relationships between them, including the share of

the interest held;

(e) where a class of beneficiaries is identified under Article 59, general description of the characteristic of the class of

beneficiaries;

(f) where objects of a power and default takers are identified under Article 60:

(i) for natural persons, their names and surnames;

(ii) for legal entities and legal arrangements, their names;

(iii) for a class of objects of a power or default takers, its description.

2.

Legal entities and trustees of express trusts or persons holding an equivalent position in a similar legal arrangement

shall obtain adequate, accurate, and up-to-date beneficial ownership information within 28 calendar days of the creation of

the legal entity or the setting up of the legal arrangement. That information shall be updated promptly, and, in any case,

within 28 calendar days of any change thereto, as well as on an annual basis.

Article 63

Obligations of legal entities

1.

All legal entities created in the Union shall obtain and hold adequate, accurate and up-to-date beneficial ownership

information.

Legal entities shall provide, in addition to information about their legal owners, information on the beneficial owners to

obliged entities where the obliged entities are applying customer due diligence measures in accordance with Chapter III.

2.

A legal entity shall report beneficial ownership information to the central register without undue delay after its

creation. Any change to that information shall be reported to the central register without undue delay and, in any case,

within 28 calendar days thereof. The legal entity shall regularly verify that it holds up-to-date information on its beneficial

ownership. As a minimum, such verification shall be performed annually whether as a self-standing process or as part of

other periodical processes, such as the submission of financial statement.

The beneficial owners of a legal entity as well as the legal entities and, in the case of legal arrangements, their trustees or

persons holding an equivalent position, which are part of the ownership or control structure of a legal entity, shall provide

that legal entity with all the information necessary for the legal entity to comply with the requirements of this Chapter or to

respond to any request for additional information received pursuant to Article 10(4) of Directive (EU) 2024/1640.

3.

Where, having exhausted all possible means of identification pursuant to Articles 51 to 57, no person is identified as

beneficial owner, or where there is substantial and justified uncertainty on the part of the legal entity that the persons

identified are the beneficial owners, legal entities shall keep records of the actions taken in order to identify their beneficial

owners.

4.

In the cases referred to in paragraph 3 of this Article, when providing beneficial ownership information in accordance

with Article 20 of this Regulation and Article 10 of Directive (EU) 2024/1640, legal entities shall provide the following:

80/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

(a) a statement that there is no beneficial owner or that the beneficial owners could not be determined, accompanied by

a justification as to why it was not possible to determine the beneficial owner in accordance with Articles 51 to 57 of

this Regulation and what constitutes uncertainty about the ascertained information;

(b) the details of all natural persons who hold the position of senior managing officials in the legal entity equivalent to the

information required under Article 62(1), second subparagraph, point (a) of this Regulation.

For the purpose of this paragraph, ‘senior managing officials’ means the natural persons who are the executive members of

the management body, as well as the natural persons who exercise executive functions within a legal entity and are

responsible, and accountable to the management body, for the day-to-day management of the entity.

5.

Legal entities shall make the information collected pursuant to this Article available, upon request and without delay,

to competent authorities.

6.

The information referred to in paragraph 4 shall be maintained for 5 years after the date on which the legal entities are

dissolved or otherwise cease to exist, whether by persons designated by the entity to retain the documents, or by

administrators or liquidators or other persons involved in the dissolution of the entity. The identity and contact details of

the person responsible for retaining the information shall be reported to the central registers.

Article 64

Trustee obligations

1.

In the case of any legal arrangement administered in a Member State or whose trustee or the person holding an

equivalent position in a similar legal arrangement resides or is established in a Member State, trustees and persons holding

an equivalent position in a similar legal arrangement shall obtain and hold the following information regarding the legal

arrangement:

(a) basic information on the legal arrangement;

(b) adequate, accurate and up-to-date beneficial ownership information as provided under Article 62;

(c) where legal entities or legal arrangements are parties to the legal arrangement, basic information and beneficial

ownership information on those legal entities and legal arrangements;

(d) information on any agent authorised to act on behalf of the legal arrangement or to take any action in relation to it, and

on the obliged entities with which the trustee or person holding an equivalent position in a similar legal arrangement

enter into a business relationship on behalf of the legal arrangement.

The information referred to in the first subparagraph shall be maintained for 5 years after the involvement of the trustee or

the person holding an equivalent position with the express trust or similar legal arrangement ceases to exist.

2.

The trustee or the person holding an equivalent position in a similar legal arrangement shall obtain and report to the

central register beneficial ownership information and basic information on the legal arrangement without undue delay after

the setting up of the express trust or similar legal arrangement and, in any case, within 28 calendar days thereof. The trustee

or the person holding an equivalent position in a similar legal arrangement shall ensure that any change of beneficial

ownership or of the basic information on the legal arrangement is reported to the central register without undue delay, and

in any case, within 28 calendar days thereof.

The trustee or the person holding an equivalent position in a similar legal arrangement shall regularly verify that the

information they hold over the legal arrangement pursuant to paragraph 1, first subparagraph, is updated. Such verification

shall be performed at least annually, whether as a self-standing process or as part of other periodical processes.

3.

The trustees or the persons holding an equivalent position in a similar legal arrangement referred to in paragraph 1

shall disclose their status and provide the information on the beneficial owners and on the assets of the legal arrangements

that are to be managed in the context of a business relationship or occasional transaction to obliged entities when the

obliged entities are applying customer due diligence measures in accordance with Chapter III.

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

81/111

EN

OJ L, 19.6.2024

The beneficial owners of a legal arrangement other than the trustees or persons holding an equivalent position, its

4.

agents and the obliged entities servicing the legal arrangement, as well as any person and, in the case of legal arrangements,

their trustees, who are part of the multi-layered control structure of the legal arrangement, shall provide the trustees or

persons holding an equivalent position in a similar legal arrangement with all the information and documentation

necessary for the trustees or persons holding an equivalent position to comply with the requirements of this Chapter.

5.

Trustees of an express trust and persons holding an equivalent position in a similar legal arrangement shall make the

information collected pursuant to this Article available, upon request and without delay, to competent authorities.

6.

In the case of legal arrangements whose parties are legal entities, where, after having exhausted all possible means of

identification pursuant to Articles 51 to 57, no person is identified as beneficial owner of those legal entities, or where there

is substantial and justified uncertainty that the persons identified are the beneficial owners, trustees of express trusts or

persons in an equivalent position in similar legal arrangements shall keep records of the actions taken in order to identify

their beneficial owners.

7.

In the cases referred to in paragraph 6 of this Article, when providing beneficial ownership information in accordance

with Article 20 of this Regulation and Article 10 of Directive (EU) 2024/1640, trustees of express trusts or persons in an

equivalent position in similar legal arrangements shall provide the following:

(a) a statement that there is no beneficial owner or that the beneficial owners could not be determined, accompanied by

a justification as to why it was not possible to determine the beneficial owner in accordance with Article 51 to 57 of

this Regulation and what constitutes uncertainty about the ascertained information;

(b) the details of all natural persons who hold the position of senior managing officials in the legal entity that is party to the

legal arrangement equivalent to the information required under Article 62(1), second subparagraph, point (a), of this

Regulation.

Article 65

Exceptions to obligations of legal entities and legal arrangements

Articles 63 and 64 shall not apply to:

(a) companies whose securities are admitted to trading on a regulated market, provided that:

(i) control over the company is exercised exclusively by the natural person with the voting rights;

(ii) no other legal entities or legal arrangements are part of the company’s ownership or control structure; and

(iii) for foreign legal entities under Article 67, equivalent requirements to those referred to in subpoints (i) and (ii) of

this point exist under international standards;

(b) bodies governed by public law as defined in Article 2(1), point (4), of Directive 2014/24/EU of the European Parliament

and of the Council (⁴³).

Article 66

Nominee obligations

Nominee shareholders and nominee directors of a legal entity shall maintain adequate, accurate and up-to-date information

on the identity of their nominator and the nominator’s beneficial owners and disclose them, as well as their status, to the

legal entity. Legal entities shall report that information to the central register.

43

(

)

Directive 2014/24/EU of the European Parliament and of the Council of 26 February 2014 on public procurement and repealing

Directive 2004/18/EC (OJ L 94, 28.3.2014, p. 65).

82/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

Legal entities shall also report the information referred to in the first paragraph to obliged entities when the obliged entities

are applying customer due diligence measures in accordance with Chapter III.

Article 67

Foreign legal entities and foreign legal arrangements

1.

Legal entities created outside the Union and trustees of express trusts or persons holding an equivalent position in

a similar legal arrangement that are administered outside the Union or that reside or are established outside the Union shall

submit beneficial ownership information pursuant to Article 62 to the central register of the Member State where they:

(a) enter into a business relationship with an obliged entity;

(b) acquire real estate in the Union, whether directly or through intermediaries;

(c) acquire, whether directly or through intermediaries, any of the following goods from persons trading as referred to in

Article 3, points (3) (f) and (j), in the context of an occasional transaction:

(i) motor vehicles for non-commercial purposes for a price of at least EUR 250 000 or the equivalent in national

currency;

(ii) watercraft for non-commercial purposes for a price of at least EUR 7 500 000 or the equivalent in national

currency;

(iii) aircraft for non-commercial purposes for a price of at least EUR 7 500 000 or the equivalent in national currency;

(d) are awarded a public contract for goods or services, or concessions by a contracting authority in the Union.

2.

By way of derogation from paragraph 1, point (a), where legal entities created outside the Union enter into a business

relationship with an obliged entity, they shall only submit their beneficial ownership information to the central register

where:

(a) they enter into a business relationship with an obliged entity that is associated with medium-high or high money

laundering and terrorist financing risks pursuant to the risk assessment at Union level or the national risk assessment of

the Member State concerned referred to in Articles 7 and 8 of Directive (EU) 2024/1640; or

(b) the risk assessment at Union level or the national risk assessment of the Member State concerned identifies that the

category of legal entity or the sector in which the legal entity created outside the Union operates is associated, where

relevant, with medium-high or high money laundering and terrorist financing risks.

3.

The beneficial ownership information shall be accompanied by a statement setting out in relation to which of those

activities the information is submitted, as well as any relevant document, and shall be submitted:

(a) for the cases referred to in paragraph 1, point (a), prior to start of the business relationship;

(b) for the cases referred to in paragraph 1, points (b) and (c), before completion of the purchase;

(c) for the cases referred to in paragraph 1, point (d), before signature of the contract.

4.

For the purposes of paragraph 1, point (a), obliged entities shall inform the legal entities where the conditions laid

down in paragraph 2 are met and require a certificate of proof of registration or an excerpt of the beneficial ownership

information held in the central register to proceed with the business relationship or occasional transaction.

5.

In the cases covered by paragraph 1, legal entities created outside the Union and trustees of express trusts or persons

holding an equivalent position in a similar legal arrangement that are administered outside the Union or that reside or are

established outside the Union shall report any change to the beneficial ownership information submitted to the central

register pursuant to paragraph 1 without undue delay, and in any case, within 28 calendar days thereof.

The first subparagraph shall apply:

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

83/111

EN

OJ L, 19.6.2024

(a) for the cases referred to in paragraph 1, point (a), for the entire duration of the business relationship with the obliged

entity;

(b) for the cases referred to in paragraph 1, point (b), for as long as the legal entity or legal arrangement owns the real estate;

(c) for the cases referred to in paragraph 1, point (c), for the period between the initial submission of the information to the

central register and the completion of the purchase;

(d) for the cases referred to in paragraph 1, point (d), for the entire duration of the contract.

6.

Where the legal entity, the trustee of the express trust or the person holding an equivalent position in a similar legal

arrangement meets the conditions laid down in paragraph 1 in different Member States, a certificate of proof of registration

of the beneficial ownership information in a central register held by one Member State shall be considered as sufficient

proof of registration.

7.

Where, on 10 July 2027, legal entities created outside the Union or legal arrangements administered outside the

Union or whose trustee or person holding an equivalent position in a similar legal arrangement resides or is established

outside the Union own, whether directly or through intermediaries, real estate, the beneficial ownership information of

those legal entities and legal arrangements shall be submitted to the central register and accompanied by a justification for

that submission by 10 January 2028.

However, the first subparagraph shall not apply to legal entities or legal arrangements that have acquired real estate in the

Union prior to 1 January 2014.

Member States may decide, on the basis of risk, that an earlier date applies and notify the Commission thereof. The

Commission shall communicate such decisions to the other Member States.

8.

Member States may, on the basis of risk, extend the obligation set out in paragraph 1, point (a), to business

relationships with foreign legal entities that are ongoing on 10 July 2027 and notify the Commission thereof. The

Commission shall communicate such decisions to the other Member States.

Article 68

Penalties

1.

Member States shall lay down rules on the penalties applicable to breaches of the provisions of this Chapter and shall

take all measures necessary to ensure that they are implemented. The penalties provided for shall be effective, proportionate

and dissuasive.

Member States shall by 10 January 2025 notify the Commission of those rules on penalties together with their legal basis

and shall notify it, without delay, of any subsequent amendment affecting them.

2.

By 10 July 2026, the Commission shall adopt delegated acts in accordance with Article 85 to supplement this

Regulation by defining:

(a) the categories of breaches that are subject to penalties and the persons liable for such breaches;

(b) indicators to classify the level of gravity of breaches that are subject to penalties;

(c) the criteria to be taken into account when setting the level of penalties.

The Commission shall regularly review the delegated act referred to in the first subparagraph to ensure that it identifies the

relevant categories of breaches and that the related penalties are effective, dissuasive and proportionate.

84/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

CHAPTER V

REPORTING OBLIGATIONS

Article 69

Reporting of suspicions

1.

Obliged entities, and, where applicable, their directors and employees, shall cooperate fully with the FIU by promptly:

(a) reporting to the FIU, on their own initiative, where the obliged entity knows, suspects or has reasonable grounds to

suspect that funds or activities, regardless of the amount involved, are the proceeds of criminal activity or are related to

terrorist financing or criminal activity and by responding to requests by the FIU for additional information in such

cases;

(b) providing the FIU, at its request, with all necessary information, including information on transaction records, within

the deadlines imposed.

All suspicious transactions, including attempted transactions and suspicions arising from the inability to conduct customer

due diligence shall be reported in accordance with the first subparagraph.

For the purposes of the first subparagraph, obliged entities shall reply to requests for information by the FIU within 5

working days. In justified and urgent cases, FIUs may shorten that deadline, including to less than 24 hours.

By way of derogation from the third subparagraph, the FIU may extend the deadline for a response beyond the 5 working

days where it considers it justified and provided that the extension does not undermine the FIU’s analysis.

2.

For the purposes of paragraph 1, obliged entities shall assess transactions or activities carried out by their customers

on the basis of and against any relevant fact and information known to them or which they are in possession of. Where

necessary, obliged entities shall prioritise their assessment taking into consideration the urgency of the transaction or

activity and the risks affecting the Member State in which they are established.

A suspicion pursuant to paragraph 1, point (a), shall be based on the characteristics of the customer and their counterparts,

the size and nature of the transaction or activity or the methods and patterns thereof, the link between several transactions

or activities, the origin, destination or use of funds, or any other circumstance known to the obliged entity, including the

consistency of the transaction or activity with the information obtained pursuant to Chapter III including the risk profile of

the client.

3.

By 10 July 2026, AMLA shall develop draft implementing technical standards and submit them to the Commission

for adoption. Those draft implementing technical standards shall specify the format to be used for the reporting of

suspicions pursuant to paragraph 1, point (a), and for the provision of transaction records pursuant to paragraph 1, point

(b).

4.

Power is conferred on the Commission to adopt the implementing technical standards referred to in paragraph 3 of

this Article in accordance with Article 53 of Regulation (EU) 2024/1620.

5.

By 10 July 2027, AMLA shall issue guidelines on indicators of suspicious activity or behaviours. Those guidelines

shall be periodically updated.

6.

The compliance officer appointed in accordance with Article 11(2) shall transmit the information referred to in

paragraph 1 of this Article to the FIU of the Member State in whose territory the obliged entity transmitting the

information is established.

7.

Obliged entities shall ensure that the compliance officer appointed in accordance with Article 11(2), as well as any

employee or person in a comparable position, including agents and distributors, involved in the performance of the tasks

covered by this Article are protected against retaliation, discrimination and any other unfair treatment for carrying out

those tasks.

This paragraph shall not affect the protection that the persons referred to in the first subparagraph may be entitled to under

Directive (EU) 2019/1937.

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

85/111

EN

OJ L, 19.6.2024

Where the activities of a partnership for information sharing result in the knowledge, suspicion or reasonable

8.

grounds to suspect that funds, regardless of the amount involved, are the proceeds of criminal activity or are related to

terrorist financing, obliged entities which identified suspicions in relation to the activities of their customers may designate

one among them which shall be tasked with the submission of a report to the FIU pursuant to paragraph 1, point (a). Such

submission shall include at least the name and contact details of all the obliged entities that participated in the activities

giving rise to the report.

Where the obliged entities referred to in the first subparagraph are established in several Member States, the information

shall be reported to each relevant FIU. To that end, obliged entities shall ensure that the report is submitted by an obliged

entity within the territory of the Member States where the FIU is located.

Where the obliged entities decide not to avail themselves of the possibility to submit a single report with the FIU pursuant

to the first subparagraph, they shall include a reference in their reports to the fact that the suspicion is the result of the

activities of a partnership for information sharing.

9.

The obliged entities referred to in paragraph 8 of this Article shall retain a copy of any reports submitted pursuant to

that paragraph in accordance with Article 77.

Article 70

Specific provisions for reporting of suspicions by certain categories of obliged entities

1.

By way of derogation from Article 69(1), Member States may allow obliged entities referred to in Article 3, point (3)(a)

and (b), to transmit the information referred to in Article 69(1) to a self-regulatory body designated by the Member State.

The designated self-regulatory body shall forward the information referred to in the first subparagraph to the FIU promptly

and unfiltered.

2.

Notaries, lawyers, other independent legal professionals, auditors, external accountants and tax advisors shall be

exempted from the requirements laid down in Article 69(1) to the extent that such exemption relates to information that

they receive from, or obtain on a client, in the course of ascertaining the legal position of that client, or performing their

task of defending or representing that client in, or concerning, judicial proceedings, including providing advice on

instituting or avoiding such proceedings, regardless of whether such information is received or obtained before, during or

after such proceedings.

The exemption set out in the first subparagraph shall not apply when the obliged entities referred to therein:

(a) take part in money laundering, its predicate offences or terrorist financing;

(b) provide legal advice for the purposes of money laundering, its predicate offences or terrorist financing; or

(c) know that the client is seeking legal advice for the purposes of money laundering, its predicate offences or terrorist

financing; knowledge or purpose may be inferred from objective factual circumstances.

3.

In addition to the situations referred to in paragraph 2, second subparagraph, where justified on the basis of the

higher risks of money laundering, its predicate offences or terrorist financing associated with certain types of transactions,

Member States may decide that the exemption referred to in paragraph 2, first subparagraph, does not apply to those types

of transactions and, as appropriate, impose additional reporting obligations on the obliged entities referred to in that

paragraph. Member States shall notify the Commission of any decision taken pursuant to this paragraph. The Commission

shall communicate such decisions to the other Member States.

Article 71

Refraining from carrying out transactions

1.

Obliged entities shall refrain from carrying out transactions which they know or suspect to be related to proceeds of

criminal activity or to terrorist financing until they have submitted a report in accordance with Article 69(1), first

subparagraph, point (a), and have complied with any further specific instructions from the FIU or other competent

authority in accordance with the applicable law. Obliged entities may carry out the transaction concerned after having

86/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

assessed the risks of proceeding with the transaction if they have not received instructions to the contrary from the FIU

within 3 working days of submitting the report.

2.

Where it is not possible for an obliged entity to refrain from carrying out a transaction as referred to in paragraph 1or

where refraining would be likely to frustrate efforts to pursue the beneficiaries of a suspected transaction, the obliged entity

shall inform the FIU immediately after carrying out the transaction.

Article 72

Disclosure to FIU

Disclosure of information to the FIU in good faith by an obliged entity or by an employee or director of such an obliged

entity in accordance with Articles 69 and 70 shall not constitute a breach of any restriction on disclosure of information

imposed by contract or by any legislative, regulatory or administrative provision, and shall not involve the obliged entity or

its directors or employees in liability of any kind even in circumstances where they were not precisely aware of the

underlying criminal activity and regardless of whether illegal activity actually occurred.

Article 73

Prohibition of disclosure

1.

Obliged entities and their directors, employees, or persons in comparable positions, including agents and distributors,

shall not disclose to the customer concerned or to other third persons the fact that transactions or activities are being or

have been assessed in accordance with Article 69, that information is being, will be or has been transmitted in accordance

with Article 69 or 70 or that a money laundering or terrorist financing analysis is being, or may be, carried out.

2.

Paragraph 1 shall not apply to disclosures to competent authorities and to self-regulatory bodies where they perform

supervisory functions, or to disclosure for the purposes of investigating and prosecuting money laundering, terrorist

financing and other criminal activity.

3.

By way of derogation from paragraph 1 of this Article, disclosure may take place between obliged entities that belong

to the same group, or between such entities and their branches and subsidiaries established in third countries, provided that

those branches and subsidiaries fully comply with the group-wide policies and procedures, including procedures for sharing

information within the group, in accordance with Article 16, and that the group-wide policies and procedures comply with

the requirements set out in this Regulation.

4.

By way of derogation from paragraph 1 of this Article, disclosure may take place between obliged entities as referred

to in Article 3, point (3)(a) and (b), or entities from third countries which impose requirements equivalent to those laid

down in this Regulation, who perform their professional activities, whether as employees or not, within the same legal

person or a larger structure to which the person belongs and which shares common ownership, management or

compliance control, including networks or partnerships.

5.

For obliged entities referred to in Article 3, points (1), (2), (3)(a) and (b), in cases relating to the same transaction

involving two or more obliged entities, and by way of derogation from paragraph 1 of this Article, disclosure may take

place between the relevant obliged entities provided that they are located in the Union, or with entities in a third country

which imposes requirements equivalent to those laid down in this Regulation, and that they are subject to professional

secrecy and personal data protection requirements.

6.

Where the obliged entities referred to in Article 3, point (3)(a) and (b), seek to dissuade a client from engaging in

illegal activity, that shall not constitute disclosure within the meaning of paragraph 1 of this Article.

Article 74

Threshold-based reports of transactions in certain high-value goods

1.

Persons trading in high-value goods shall report to the FIU all transactions involving the sale of the following

high-value goods when those goods are acquired for non-commercial purposes:

(a) motor vehicles for a price of at least EUR 250 000 or the equivalent in national currency;

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

87/111

EN

OJ L, 19.6.2024

(b) watercraft for a price of at least EUR 7 500 000 or the equivalent in national currency;

(c) aircraft for a price of at least EUR 7 500 000 or the equivalent in national currency.

2.

Credit institutions and financial institutions that provide services in relation to the purchase or transfer of ownership

of the goods referred to in paragraph 1 shall also report to the FIU all transactions they carry out for their customers in

relation to those goods.

3.

Reporting pursuant to paragraphs 1 and 2 shall be carried out within the deadlines imposed by the FIU.

CHAPTER VI

INFORMATION SHARING

Article 75

Exchange of information in the framework of partnerships for information sharing

1.

Members of partnerships for information sharing may share information among each other where strictly necessary

for the purposes of complying with the obligations under Chapter III and Article 69 and in accordance with fundamental

rights and judicial procedural safeguards.

2.

Obliged entities intending to participate in a partnership for information sharing shall notify their respective

supervisory authorities which shall, where relevant in consultation with each other and with the authorities in charge of

verifying compliance with Regulation (EU) 2016/679, verify that the partnership for information sharing has mechanisms

in place to ensure compliance with this Article and that the data protection impact assessment referred to in paragraph 4,

point (h), has been carried out. The verification shall take place prior to the beginning of the activities of the partnership for

information sharing. Where relevant, the supervisory authorities shall also consult the FIUs.

Responsibility for compliance with requirements under Union or national law shall remain with the participants in the

partnership for information sharing.

3.

Information exchanged in the framework of a partnership for information sharing shall be limited to:

(a) information on the customer, including any information obtained in the course of identifying and verifying the identity

of the customer and, where relevant, the beneficial owner of the customer;

(b) information on the purpose and intended nature of the business relationship or occasional transaction between the

customer and the obliged entity, as well as, where applicable, the source of wealth and source of funds of the customer;

(c) information on customer transactions;

(d) information on higher and lower risk factors associated with the customer;

(e) the obliged entity’s analysis of the risks associated with the customer pursuant to Article 20(2);

(f) information held by the obliged entity pursuant to Article 77(1);

(g) information on suspicions pursuant to Article 69.

The information referred to in the first subparagraph shall only be exchanged to the extent that it is necessary for the

purposes of carrying out the activities of the partnership for information sharing.

4.

The following conditions shall apply to the sharing of information within the context of a partnership for information

sharing:

(a) obliged entities shall record all instances of information sharing within the partnership;

(b) obliged entities shall not rely solely on the information received in the context of the partnership to comply with the

requirements of this Regulation;

88/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

(c) obliged entities shall not draw conclusions or take decisions that have an impact on the business relationship with the

customer or on the performance of occasional transactions for the customer on the basis of information received from

other participants in the partnership for information sharing without having assessed that information; any information

received in the context of the partnership that is used in an assessment resulting in a decision to refuse or terminate

a business relationship or to carry out an occasional transaction shall be included in the records kept pursuant to

Article 21(3), and that record shall contain reference to the fact that the information originated from a partnership for

information sharing;

(d) obliged entities shall carry out their own assessment of transactions involving customers in order to assess which ones

may be related to money laundering or terrorist financing or involve proceeds of criminal activity;

(e) obliged entities shall implement appropriate technical and organisational measures, including measures to allows

pseudonymisation, to ensure a level of security and confidentiality proportionate to the nature and extent of the

information exchanged;

(f) the sharing of information shall be carried out only in relation to customers:

(i) whose behaviour or transaction activities are associated with a higher risk of money laundering, its predicate

offences or terrorist financing, as identified pursuant to the risk assessment at Union level and the national risk

assessment carried out in accordance with Articles 7 and 8 of Directive (EU) 2024/1640;

(ii) who fall under any of the situations referred to in Articles 29, 30, 31 and 36 to 46 of this Regulation; or

(iii) for whom the obliged entities need to collect additional information in order to determine whether they are

associated with a higher level of risk of money laundering, its predicate offences or terrorist financing;

(g) information generated through the use of artificial intelligence, machine learning technologies or algorithms may only

be shared where those processes were subject to adequate human oversight;

(h) a data protection impact assessment referred to in Article 35 of Regulation (EU) 2016/679 shall be carried out prior to

the processing of any personal data;

(i) the competent authorities that are members of a partnership for information sharing shall only obtain, provide and

exchange information to the extent that this is necessary for the performance of their tasks under relevant Union or

national law;

(j) where competent authorities referred to in Article 2(1), point (44)(c), of this Regulation participate in a partnership for

information sharing, they shall only obtain, provide or exchange personal data and operational information in

accordance with national law transposing Directive (EU) 2016/680 of the European Parliament and of the Council (⁴⁴)

and with the applicable provisions of national criminal procedural law, including prior judicial authorisation or any

other national procedural safeguard as required;

(k) the exchange of information on suspicious transactions pursuant to paragraph 3, point (g), of this Article shall only take

place where the FIU to which the suspicious transaction report was submitted pursuant to Articles 69 or 70 has agreed

with such disclosure.

5. Information received in the context of a partnership for information sharing shall not be further transmitted, except

where:

(a) the information is provided to another obliged entity pursuant to Article 49(1);

(b) the information is to be included in a report submitted to the FIU or provided in response to a FIU request pursuant to

Article 69(1);

(c) the information is provided to AMLA pursuant to Article 93 of Regulation (EU) 2024/1620;

44

(

)

Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with

regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or

prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing

Council Framework Decision 2008/977/JHA (OJ L 119, 4.5.2016, p. 89).

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

89/111

EN

OJ L, 19.6.2024

(d) the information is requested by law enforcement or judicial authorities, subject to any prior authorisations or other

procedural guarantees as required under the national law.

6.

Obliged entities that participate in partnerships for information sharing shall define policies and procedures for the

sharing of information in their internal policies and procedures established pursuant to Article 9. Such policies and

procedures shall:

(a) specify the assessment to be carried out to determine the extent of information to be shared, and where relevant for the

nature of the information or the applicable judicial safeguards, provide for differentiated or limited access to

information for members of the partnership;

(b) describe the roles and responsibilities of the parties to the partnership for information-sharing;

(c) identify the risk assessments that the obliged entity will take into account to determine situations of higher risk in which

information can be shared.

The internal policies and procedures referred to in the first subparagraph shall be drawn up prior to the participation in

a partnership for information sharing.

7.

Where supervisory authorities deem it necessary, obliged entities participating in a partnership for information

sharing shall commission an independent audit of the functioning of that partnership and shall share the results with the

supervisory authorities.

CHAPTER VII

DATA PROTECTION AND RECORD RETENTION

Article 76

Processing of personal data

1.

To the extent that it is strictly necessary for the purposes of preventing money laundering and terrorist financing,

obliged entities may process special categories of personal data referred to in Article 9(1) of Regulation (EU) 2016/679 and

personal data relating to criminal convictions and offences referred to in Article 10 of that Regulation subject to the

safeguards provided for in paragraphs 2 and 3 of this Article.

2.

that:

Obliged entities shall be able to process personal data covered by Article 9 of Regulation (EU) 2016/679 provided

(a) they inform their customers or prospective customers that such categories of data may be processed for the purpose of

complying with the requirements of this Regulation;

(b) the data originate from reliable sources, are accurate and up-to-date;

(c) they do not take decisions that would lead to biased and discriminatory outcomes on the basis of those data;

(d) they adopt measures of a high level of security in accordance with Article 32 of Regulation (EU) 2016/679, in particular

in terms of confidentiality.

3.

Obliged entities shall be able to process personal data covered by Article 10 of Regulation (EU) 2016/679 provided

that they comply with the conditions laid down in paragraph 2 of this Article and that:

(a) such personal data relate to money laundering, its predicate offences or terrorist financing;

(b) the obliged entities have procedures in place that allow the distinction, in the processing of such data, between

allegations, investigations, proceedings and convictions, taking into account the fundamental right to a fair trial, the

right of defence and the presumption of innocence.

4.

Personal data shall be processed by obliged entities on the basis of this Regulation only for the purposes of the

prevention of money laundering and terrorist financing and shall not be further processed in a way that is incompatible

with those purposes. The processing of personal data on the basis of this Regulation for commercial purposes shall be

prohibited.

90/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

5.

Obliged entities may adopt decisions resulting from automated processes, including profiling as defined in Article 4,

point (4), of Regulation (EU) 2016/679, or from processes involving AI systems as defined in Article 3, point (1), of

Regulation (EU) 2024/xxx of the European Parliament and of the Council (⁴⁵), provided that:

(a) the data processed by such systems is limited to data obtained pursuant to Chapter III of this Regulation;

(b) any decision to enter or refuse to enter into or maintain a business relationship with a customer or to carry out or

refuse to carry out an occasional transaction for a customer, or to increase or decrease the extent of the customer due

diligence measures applied pursuant to Article 20 of this Regulation, is subject to meaningful human intervention to

ensure the accuracy and appropriateness of such a decision; and

(c) the customer may obtain an explanation of the decision reached by the obliged entity, and may challenge that decision,

except in relation to a report as referred to in Article 69 of this Regulation.

Article 77

Record retention

1.

Obliged entities shall retain the following documents and information:

(a) a copy of the documents and information obtained in the performance of customer due diligence pursuant to

Chapter III, including information obtained through electronic identification means;

(b) a record of the assessment undertaken pursuant to Article 69(2), including the information and circumstances

considered and the results of such assessment, whether or not such assessment results in a suspicious transaction report

being made to the FIU, and a copy of the suspicion transaction report, if any;

(c) the supporting evidence and records of transactions, consisting of the original documents or copies admissible in

judicial proceedings under the applicable national law, which are necessary to identify transactions;

(d) when they participate in partnerships for information sharing pursuant to Chapter VI, copies of the documents and

information obtained in the framework of those partnerships, and records of all instances of information sharing.

Obliged entities shall ensure that documents, information and records kept pursuant to this Article are not redacted.

2.

By way of derogation from paragraph 1, obliged entities may decide to replace the retention of copies of the

information by a retention of the references to such information, provided that the nature and method of retention of such

information ensure that the obliged entities can provide immediately to competent authorities the information and that the

information cannot be modified or altered.

Obliged entities making use of the derogation referred to in the first subparagraph shall define in their internal procedures

drawn up pursuant to Article 9, the categories of information for which they will retain a reference instead of a copy or

original, as well as the procedures for retrieving the information so that it can be provided to competent authorities upon

request.

3.

The information referred to in paragraphs 1 and 2 shall be retained for a period of 5 years commencing on the date of

the termination of the business relationship or on the date of the carrying out of the occasional transaction, or on the date

of refusal to enter into a business relationship or carry out an occasional transaction. Without prejudice to retention periods

for data collected for the purposes of other Union legal acts or national law complying with Regulation (EU) 2016/679,

obliged entities shall delete personal data upon expiry of the five-year period.

Competent authorities may require further retention of the information referred to in the first subparagraph on

a case-by-case basis, provided that such retention is necessary for the prevention, detection, investigation or prosecution of

money laundering or terrorist financing. That further retention period shall not exceed 5 years.

45

(

)

Regulation (EU) 2024/xxx of the European Parliament and of the Council of xxx laying down harmonised rules on artificial

intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139

and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act) (Not yet

published in the Official Journal).

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

91/111

EN

OJ L, 19.6.2024

Where, on 10 July 2027, legal proceedings concerned with the prevention, detection, investigation or prosecution of

4.

suspected money laundering or terrorist financing are pending in a Member State, and an obliged entity holds information

or documents relating to those pending proceedings, the obliged entity may retain that information or those documents for

a period of 5 years from 10 July 2027.

Member States may, without prejudice to national criminal law on evidence applicable to ongoing criminal investigations

and legal proceedings, allow or require the retention of such information or documents for a further period of 5 years

where the necessity and proportionality of such further retention have been established for the prevention, detection,

investigation or prosecution of suspected money laundering or terrorist financing.

Article 78

Provision of records to competent authorities

Obliged entities shall have systems in place that enable them to respond fully and speedily to enquiries from their FIU or

from other competent authorities, in accordance with national law, as to whether they are maintaining or have maintained,

during a five-year period prior to that enquiry a business relationship with specified persons, and on the nature of that

relationship, through secure channels and in a manner that ensures full confidentiality of the enquiries.

CHAPTER VIII

MEASURES TO MITIGATE RISKS DERIVING FROM ANONYMOUS INSTRUMENTS

Article 79

Anonymous accounts and bearer shares and bearer share warrants

1.

Credit institutions, financial institutions and crypto-asset service providers shall be prohibited from keeping

anonymous bank and payment accounts, anonymous passbooks, anonymous safe-deposit boxes or anonymous

crypto-asset accounts as well as any account otherwise allowing for the anonymisation of the customer account holder

or the anonymisation or increased obfuscation of transactions, including through anonymity-enhancing coins.

Owners and beneficiaries of existing anonymous bank or payment accounts, anonymous passbooks, anonymous

safe-deposit boxes held by credit institutions or financial institutions, or crypto-asset accounts shall be subject to customer

due diligence measures before those accounts, passbooks, or deposit boxes are used in any way.

2.

Credit institutions and financial institutions acting as acquirers within the meaning of Article 2, point (1), of

Regulation (EU) 2015/751 of the European Parliament and of the Council (⁴⁶) shall not accept payments carried out with

anonymous prepaid cards issued in third countries, unless otherwise provided for in the regulatory technical standards

adopted by the Commission in accordance with Article 28 of this Regulation on the basis of a proven low risk.

3.

Companies shall be prohibited from issuing bearer shares, and shall convert all existing bearer shares into registered

shares, shall immobilise them within the meaning of Article 2(1), point (3), of Regulation (EU) No 909/2014, or deposit

them with a financial institution by 10 July 2029. However, companies with securities listed on a regulated market or

whose shares are issued as intermediated securities either through immobilisation within the meaning of Article 2(1), point

(3), of that Regulation or through a direct issuance in dematerialised form within the meaning of Article 2(1), point (4), of

that Regulation shall be permitted to issue new and maintain existing bearer shares. For existing bearer shares that are not

converted, immobilised or deposited by 10 July 2029, all voting rights and rights to distribution attached to those shares

shall be automatically suspended until their conversion, immobilisation or deposit. All such shares not converted,

immobilised or deposited by 10 July 2030 shall be cancelled, leading to a share capital decrease of the corresponding

amount.

Companies shall be prohibited from issuing bearer share warrants that are not in intermediated form.

46

(

)

Regulation (EU) 2015/751 of the European Parliament and of the Council of 29 April 2015 on interchange fees for card-based

payment transactions (OJ L 123, 19.5.2015, p. 1).

92/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

Article 80

Limits to large cash payments in exchange for goods or services

1.

Persons trading in goods or providing services may accept or make a payment in cash only up to an amount of

EUR 10 000 or the equivalent in national or foreign currency, whether the transaction is carried out in a single operation or

in several operations which appear to be linked.

2.

Member States may adopt lower limits following consultation of the European Central Bank in accordance with

Article 2(1) of Council Decision 98/415/EC (⁴⁷). Those lower limits shall be notified to the Commission within 3 months of

the measure being introduced at national level.

3.

When limits already exist at national level which are below the limit set out in paragraph 1, they shall continue to

apply. Member States shall notify those limits to the Commission by 10 October 2024.

4.

The limit referred to in paragraph 1 shall not apply to:

(a) payments between natural persons who are not acting in a professional capacity;

(b) payments or deposits made at the premises of credit institutions, electronic money issuers as defined in Article 2, point

(3), of Directive 2009/110/EC and payment service providers as defined in Article 4, point (11), of Directive (EU)

2015/2366.

Payments or deposits referred to in the first subparagraph, point (b) above the limit shall be reported to the FIU within the

deadlines imposed by the FIU.

5.

Member States shall ensure that appropriate measures, including the imposition of penalties, are taken against natural

or legal persons acting in their professional capacity which are suspected of a breach of the limit set out in paragraph 1, or

of a lower limit adopted by the Member States.

6.

The overall level of the penalties shall be calculated, in accordance with the relevant provisions of national law, in such

way as to produce results proportionate to the seriousness of the infringement, thereby effectively discouraging further

offences of the same kind.

7.

Where, by reason of force majeure, means of payment by funds as defined in Article 4, point (25), of Directive (EU)

2015/2366 other than banknotes and coins become unavailable at national level, Member States may temporarily suspend

the application of paragraph 1 or, where applicable, of paragraph 2 of this Article and shall inform the Commission thereof

without delay. Member States shall also inform the Commission of the expected duration of the unavailability of means of

payment by funds as defined in Article 4, point (25), of Directive (EU) 2015/2366 other than banknotes and coins and of

the measures taken by Member States to reinstate their availability.

Where, on the basis of the information communicated by the Member State, the Commission considers that the suspension

of the application of paragraph 1 or, where applicable, of paragraph 2 is not justified by a case of force majeure, it shall

adopt a decision addressed to that Member State requesting the immediate lifting of such suspension.

47

(

)

Council Decision 98/415/EC of 29 June 1998 on the consultation of the European Central Bank by national authorities regarding

draft legislative provisions (OJ L 189, 3.7.1998, p. 42).

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

93/111

EN

OJ L, 19.6.2024

CHAPTER IX

FINAL PROVISIONS

SECTION 1

Cooperation between FIUs and the EPPO

Article 81

Cooperation between FIUs and the EPPO

1.

Pursuant to Article 24 of Regulation (EU) 2017/1939, each FIU shall without undue delay report to the EPPO the

results of its analyses and any additional relevant information where there are reasonable grounds to suspect that money

laundering and other criminal activity are being or have been committed in respect of which the EPPO could exercise its

competence in accordance with Article 22 and Article 25(2) and (3) of that Regulation.

By 10 July 2026, AMLA shall, in consultation with the EPPO, develop draft implementing technical standards and submit

them to the Commission for adoption. Those draft implementing technical standards shall specify the format to be used by

FIUs for reporting information to the EPPO.

Power is conferred on the Commission to adopt the implementing technical standards referred to in the second

subparagraph of this paragraph in accordance with Article 53 of Regulation (EU) 2024/1620.

2.

FIUs shall respond in a timely manner to requests for information by the EPPO in relation to money laundering and

other criminal activity as referred to in paragraph 1.

3.

FIUs and the EPPO may exchange the results of strategic analyses, including typologies and risk indicators, where such

analyses relate to money laundering and other criminal activity as referred to in paragraph 1.

Article 82

Requests for information to the EPPO

1.

The EPPO shall respond without undue delay to reasoned requests for information by an FIU where that information

is necessary for the performance of the FIU’s functions under Chapter III of Directive (EU) 2024/1640.

2.

The EPPO may postpone or refuse the provision of the information referred to in paragraph 1 where providing it

would be likely to prejudice the proper conduct and confidentiality of an ongoing investigation. The EPPO shall

communicate in a timely manner the postponement of or refusal to provide the requested information, including the

reasons therefor, to the requesting FIU.

SECTION 2

Cooperation between FIUs and OLAF

Article 83

Cooperation between FIUs and OLAF

1.

Pursuant to Article 8(3) of Regulation (EU, Euratom) No 883/2013 of the European Parliament and of the Council (⁴⁸),

each FIU shall transmit without delay the results of its analyses and any additional relevant information to OLAF where

there are reasonable grounds to suspect that fraud, corruption or any other illegal activity affecting the Union’s financial

interests are being or have been committed in respect of which OLAF could exercise its competence in accordance with

Article 8 of that Regulation.

48

(

)

Regulation (EU, Euratom) No 883/2013 of the European Parliament and of the Council of 11 September 2013 concerning

investigations conducted by the European Anti-Fraud Office (OLAF) and repealing Regulation (EC) No 1073/1999 of the European

Parliament and of the Council and Council Regulation (Euratom) No 1074/1999 (OJ L 248, 18.9.2013, p. 1).

94/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

2.

FIUs shall respond in a timely manner to requests for information by OLAF in relation to fraud, corruption or any

other illegal activity as referred to in paragraph 1.

3.

FIUs and OLAF may exchange the results of strategic analyses, including typologies and risk indicators, where such

analyses relate to fraud, corruption or any other illegal activity as referred to in paragraph 1.

Article 84

Requests for information to OLAF

1.

OLAF shall respond in a timely manner to reasoned requests for information by an FIU where that information is

necessary for the performance of the FIU’s functions under Chapter III of Directive (EU) 2024/1640.

2.

OLAF may postpone or refuse the provision of the information referred to in paragraph 1 where providing it would

be likely to have a negative impact on an ongoing investigation. OLAF shall communicate such postponement or refusal to

the requesting FIU in a timely manner, including the reasons therefor.

SECTION 3

Other provisions

Article 85

Exercise of the delegation

1.

2.

The power to adopt delegated acts is conferred on the Commission subject to the conditions laid down in this Article.

The power to adopt delegated acts referred to in Articles 29, 30, 31, 34, 43, 52 and 68 shall be conferred on the

Commission for an indeterminate period of time from 9 July 2024.

3.

The delegation of power referred to in Articles 29, 30, 31, 34, 43, 52 and 68 may be revoked at any time by the

European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in

that decision. It shall take effect the day following the publication of the decision in the Official Journal of the

European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.

4.

Before adopting a delegated act, the Commission shall consult experts designated by each Member State in accordance

with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making.

5.

As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to

the Council.

6.

A delegated act adopted pursuant to Article 29, 30, 31 or 34 shall enter into force only if no objection has been

expressed either by the European Parliament or by the Council within a period of 1 month of notification of that act to the

European Parliament and to the Council or if, before the expiry of that period, the European Parliament and the Council

have both informed the Commission that they will not object. That period shall be extended by 1 month at the initiative of

the European Parliament or of the Council.

7.

A delegated act adopted pursuant to Article 43, 52 or 68 shall enter into force only if no objection has been expressed

either by the European Parliament or by the Council within a period of 3 months of notification of that act to the European

Parliament and to the Council or if, before the expiry of that period, the European Parliament and the Council have both

informed the Commission that they will not object. That period shall be extended by 3 months at the initiative of the

European Parliament or of the Council.

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

95/111

EN

OJ L, 19.6.2024

Article 86

Committee procedure

1.

The Commission shall be assisted by the Committee on the Prevention of Money Laundering and Terrorist Financing

established by Article 34 of Regulation (EU) 2023/1113. That committee shall be a committee within the meaning of

Regulation (EU) No 182/2011.

2.

Where reference is made to this paragraph, Article 5 of Regulation (EU) No 182/2011 shall apply.

Article 87

Review

By 10 July 2032, and every 3 years thereafter, the Commission shall review the application of this Regulation and submit

a report to the European Parliament and to the Council.

The first review shall include an assessment of:

(a) the national systems for reporting of suspicions pursuant to Article 69 and obstacles and opportunities to establish

a single reporting system at Union level;

(b) the adequacy of the beneficial ownership transparency framework to mitigate risks associated with legal entities and

legal arrangements.

Article 88

Reports

By 10 July 2030, the Commission shall submit reports to the European Parliament and to the Council assessing the

necessity and proportionality of:

(a) lowering the 25 % threshold for the identification of beneficial ownership of legal entities through ownership interest;

(b) extending the scope of high-value goods to include high-value garments and accessories;

(c) extending the scope of the threshold-based disclosures under Article 74 to cover the sale of other goods, of introducing

harmonised formats for the reporting of those transactions based on the usefulness of those reports for FIUs, and of

extending the scope of information collected from persons trading in free-trade zones;

(d) adjusting the limit for large cash payments.

Article 89

Relation to Directive (EU) 2015/849

References to Directive (EU) 2015/849 shall be construed as references to this Regulation and to Directive (EU) 2024/1640

and read in accordance with the correlation table set out in Annex VI to this Regulation.

Article 90

Entry into force and application

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the

European Union.

It shall apply from 10 July 2027, except in relation to obliged entities referred to in Article 3, points (3)(n) and (o), to which

it shall apply from 10 July 2029.

96/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Done at Brussels, 31 May 2024.

For the European Parliament

For the Council

The President

H. LAHBIB

The President

R. METSOLA

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

97/111

EN

OJ L, 19.6.2024

ANNEX I

Indicative list of risk variables

The following is a non-exhaustive list of risk variables that obliged entities shall take into account when drawing up their

risk assessment in accordance with Article 10 and when determining to what extent to apply customer due diligence

measures in accordance with Article 20:

(a) Customer risk variables:

(i) the customer’s and the customer’s beneficial owner’s business or professional activity;

(ii) the customer’s and the customer’s beneficial owner’s reputation;

(iii) the customer’s and the customer’s beneficial owner’s nature and behaviour;

(iv) the jurisdictions in which the customer and the customer’s beneficial owner are based;

(v) the jurisdictions that are the customer’s and the customer’s beneficial owner’s main places of business;

(vi) the jurisdictions to which the customer and the customer’s beneficial owner have relevant personal links;

(b) Product, service or transaction risk variables:

(i) the purpose of an account or relationship;

(ii) the regularity or duration of the business relationship;

(iii) the level of assets to be deposited by a customer or the size of transactions undertaken;

(iv) the level of transparency, or opaqueness, the product, service or transaction affords;

(v) the complexity of the product, service or transaction;

(vi) the value or size of the product, service or transaction;

(c) Delivery channel risk variables:

(i) the extent to which the business relationship is conducted on a non-face-to-face basis;

(ii) the presence of any introducers or intermediaries that the customer might use and the nature of their relationship

with the customer;

(d) Risk variable for life and other investment-related insurance:

(i) the risk level presented by the beneficiary of the insurance policy.

98/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

ANNEX II

Lower risk factors

The following is a non-exhaustive list of factors and types of evidence of potentially lower risk referred to in Article 20:

(1) Customer risk factors:

(a) public companies listed on a stock exchange and subject to disclosure requirements (either by stock exchange rules

or through law or enforceable means), which impose requirements to ensure adequate transparency of beneficial

ownership;

(b) public administrations or enterprises;

(c) customers that are resident in geographical areas of lower risk as set out in point (3);

(2) Product, service, transaction or delivery channel risk factors:

(a) life insurance policies for which the premium is low;

(b) insurance policies for pension schemes if there is no early surrender option and the policy cannot be used as

collateral;

(c) a pension, superannuation or similar scheme that provides retirement benefits to employees, where contributions

are made by way of deduction from wages, and the scheme rules do not permit the assignment of a member’s

interest under the scheme;

(d) financial products or services that provide appropriately defined and limited services to certain types of customers,

so as to increase access for financial inclusion purposes;

(e) products where the risks of money laundering and terrorist financing are managed by other factors such as purse

limits or transparency of ownership (e.g. certain types of electronic money);

(3) Geographical risk factors — registration, establishment, residence in:

(a) Member States;

(b) third countries having effective AML/CFT systems;

(c) third countries identified by credible sources as having a low level of corruption or other criminal activity;

(d) third countries which, on the basis of credible sources such as mutual evaluations, detailed assessment reports or

published follow-up reports, have requirements to combat money laundering and terrorist financing consistent with

the revised FATF Recommendations and effectively implement those requirements.

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

99/111

EN

OJ L, 19.6.2024

ANNEX III

Higher risk factors

The following is a non-exhaustive list of factors and types of evidence of potentially higher risk referred to in Article 20:

(1) Customer risk factors:

(a) the business relationship or occasional transaction is conducted in unusual circumstances;

(b) customers that are resident in geographical areas of higher risk as set out in point (3);

(c) legal persons or legal arrangements that are personal asset-holding vehicles;

(d) corporate entities that have nominee shareholders or shares in bearer form;

(e) businesses that are cash-intensive;

(f) the ownership structure of the company appears unusual or excessively complex given the nature of the company’s

business;

(g) customer is a third-country national who applies for residence rights in a Member State in exchange of any kind of

investment, including capital transfers, purchase or renting of property, investment in government bonds,

investment in corporate entities, donation or endowment of an activity contributing to the public good and

contributions to the state budget;

(h) customer is a legal entity or arrangement created or set up in a jurisdiction in which it has no real economic activity,

substantial economic presence or apparent economic rationale;

(i) customer is directly or indirectly owned by one or several entities or arrangements under point (h);

(2) Product, service, transaction or delivery channel risk factors:

(a) private banking;

(b) products or transactions that might favour anonymity;

(c) payment received from unknown or unassociated third parties;

(d) new products and new business practices, including new delivery mechanism, and the use of new or developing

technologies for both new and pre-existing products;

(e) transactions related to oil, arms, precious metals or stones, tobacco products, cultural artefacts and other items of

archaeological, historical, cultural and religious importance, or of rare scientific value, as well as ivory and protected

species;

(3) Geographical risk factors:

(a) third countries subject to increased monitoring or otherwise identified by the FATF due to the compliance

weaknesses in their AML/CFT systems;

(b) third countries identified by credible sources / acknowledged processes, such as mutual evaluations, detailed

assessment reports or published follow-up reports, as not having effective AML/CFT systems;

(c) third countries identified by credible sources / acknowledged processes as having significant levels of corruption or

other criminal activity;

100/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

(d) third countries subject to sanctions, embargos or similar measures issued by, for example, the Union or the UN;

(e) third countries providing funding or support for terrorist activities, or that have designated terrorist organisations

operating within their country;

(f) third countries identified by credible sources or pursuant to acknowledged processes as enabling financial secrecy

by:

(i) posing barriers to the cooperation and exchange of information with other jurisdictions;

(ii) having strict corporate or banking secrecy laws which prevent institutions and their employees from providing

customer information to competent authorities, including through fines and penalties;

(iii) having weak controls for the creation of legal entities or setting up of legal arrangements; or

(iv) not requiring beneficial ownership information to be recorded or held in a central database or register.

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

101/111

EN

OJ L, 19.6.2024

ANNEX IV

List of high value goods referred to in Article 2(1), point (54):

(1) Jewellery, gold- or silversmith articles of a value exceeding EUR 10 000 or the equivalent in national currency;

(2) Clocks and watches of a value exceeding EUR 10 000 or the equivalent in national currency;

(3) Motor vehicles of a price exceeding EUR 250 000 or the equivalent in national currency;

(4) Aircraft of a price exceeding EUR 7 500 000 or the equivalent in national currency;

(5) Watercraft of a price exceeding EUR 7 500 000 or the equivalent in national currency.

102/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

ANNEX V

Precious metals referred to in Article 2(1), point (55):

(a) Gold

(b) Silver

(c) Platinium

(d) Iridium

(e) Osmium

(f) Palladium

(g) Rhodium

(h) Rhutenium.

Precious stones referred to in Article 2(1), point (55):

(a) Diamond

(b) Ruby

(c) Sapphire

(d) Emerald.

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

103/111

EN

OJ L, 19.6.2024

ANNEX VI

Correlation table

Directive (EU) 2015/849

Directive (EU) 2024/1640

This Regulation

Article 1(1)

—

Article 1(2)

Article 1(3)

Article 2(1), point (1)

Article 2(1), point (2)

Article 2(1), points (1) and (2)

Article 3

Article 1(4)

Article 1(5)

Article 1(6)

Article 2(1)

Article 2(2)

Article 4

Article 2(3)

Article 6(1)

Article 2(4)

Article 6(2)

Article 2(5)

Article 6(3)

Article 2(6)

Article 6(4)

Article 2(7)

Article 6(5)

Article 2(8)

Article 7

Article 2(9)

Article 4(3) and Article 6(6)

Article 2(1), point (5)

Article 2(1), point (6)

Article 2(1), point (4)

Article 2(1), point (3)

Article 2(1), point (47)

Article 2(1), point (28)

Articles 51 to 55

Article 58

Article 3, point (1)

Article 3, point (2)

Article 3, point (3)

Article 3, point (4)

Article 3, point (5)

Article 3, point (6)

Article 3, point (6) (a)

Article 3, point (6) (b)

Article 3, point (6) (c)

Article 3, point (7)

Article 3, point (8)

Article 3, point (9)

Article 57

Article 2(1), point (11)

Article 2(1), point (22)

Article 2(1), point (34) and Article 2(2)

104/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

Directive (EU) 2015/849

Directive (EU) 2024/1640

This Regulation

Article 3, point (10)

—

Article 2(1), point (35) and Article 2(5)

Article 2(1), point (36)

Article 2(1), point (40)

Article 2(1), point (19)

Article 2(1), point (12)

Article 2(1), point (41)

Article 2(1), point (17)

Article 2(1), point (23)

Article 2(1), point (7)

—

Article 3, point (11)

Article 3, point (12)

Article 3, point (13)

Article 3, point (14)

Article 3, point (15)

Article 3, point (16)

Article 3, point (17)

Article 3, point (18)

Article 3, point (19)

Article 4

Article 3

—

Article 5

—

Article 6

Article 7

Article 8

—

Article 7

—

Article 8(1)

Article 10(1)

Article 8(2)

—

Article 10(2) and (3)

Article 9(1)

Article 8(3)

—

Article 8(4)

—

Article 9(2)

Article 8(5)

—

Article 9(2) and (3)

Article 29

Article 9

—

Article 10(1)

Article 10(2)

Article 11

—

Article 79(1)

—

Article 79(3)

—

Article 19(1), (2) and (5)

Article 19(7) and Article 79(2)

Article 20(1)

Article 12

—

Article 13(1)

Article 13(2)

Article 13(3)

Article 13(4)

Article 13(5)

Article 13(6)

—

Article 20(2)

—

Article 20(2)

—

Article 20(4)

—

Article 47

—

Article 22(4)

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

105/111

EN

OJ L, 19.6.2024

Directive (EU) 2015/849

Directive (EU) 2024/1640

This Regulation

Article 14(1)

—

Article 23(1) and (4)

Article 14(2)

Article 14(3)

Article 14(4)

Article 14(5)

Article 15

Article 23(2)

Article 23(3)

Article 21(1) and (2)

Article 26(2) and (3)

Article 20(2), second subparagraph and

Article 33

Article 16

—

Article 33(1)

—

Article 17

Article 18(1)

Article 18(2)

Article 18(3)

Article 18(4)

Article 18a(1)

Article 18a(2)

Article 34(1) and (8)

Article 34(2)

Article 34(3)

—

Article 29(4)

Article 29(5) and (6) and Article 35,

point (a)

Article 18a(3)

—

Article 29(5) and (6) and Article 35,

point (b)

Article 18a(4)

Article 18a(5)

Article 19

—

Article 29(6)

Article 36

Article 20

Article 9(2), Article 20(1) and Article

42(1)

Article 20, point (a)

—

Article 9(2), point (a)(iii) and Article

20(1), point (g)

Article 20, point (b)

Article 20a

Article 21

—

Article 42(1)

Article 43

Article 44

Article 45

Article 46

Article 39

Article 48(1)

Article 48

Article 22

Article 23

Article 24

Article 25

Article 26

106/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

Directive (EU) 2015/849

Directive (EU) 2024/1640

This Regulation

Article 27

Article 28

Article 29

Article 30(1)

—

Article 49

Article 48(3)

—

Article 63(1), (2), second subparagraph

and (4) and Article 68

Article 30(2)

—

Article 63(5)

Article 30(3)

Article 10(1)

—

Article 30(4)

Article 10(7) and (10)

Article 24

Article 30(5), first subparagraph

Article 30(5), second subparagraph

Article 30(5), third subparagraph

Article 30(5a)

Article 11 and Article 12(2)

—

Article 12(1)

—

Article 11(4) and Article 13(12)

—

Article 30(6)

Article 11(1), (2) and (3)

—

Article 30(7)

Article 61(2)

—

Article 30(8)

—

Article 22(7)

Article 30(9)

Article 15

—

Article 30(10)

Article 10(19) and (20)

—

Article 31(1)

—

Articles 58, Article 64(1) and Article 68

Article 31(2)

—

Article 64(3)

Article 31(3)

—

Article 64(5)

Article 31(3a)

Article 10(1), (2) and (3)

Article 11 and Article 12(2)

Article 12(1)

Article 67

Article 31(4), first subparagraph

Article 31(4), second subparagraph

Article 31(4), third subparagraph

Article 31(4), fourth subparagraph

Article 31(4a)

—

Article 11(2)

—

Article 11(4) and Article 13(12)

Article 10(7) and (10)

—

Article 31(5)

Article 24

Article 31(6)

Article 22(7)

Article 31(7)

Article 61(2)

—

Article 31(7a)

Article 15

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

107/111

EN

OJ L, 19.6.2024

Directive (EU) 2015/849

Directive (EU) 2024/1640

This Regulation

Article 31(9)

Article 10(19) and (20)

—

Article 31(10)

Article 31a

—

Article 58(4)

Article 17(1)

Article 19(1)

Article 62(1)

—

Article 32(1)

Article 32(2)

Article 32(3)

Article 19(2), (3), first subparagraph, —

(4) and (5)

Article 32(4)

Articles 21(1) and Article 22(1), first —

subparagraph

Article 32(5)

Article 32(6)

Article 32(7)

Article 32(8)

Article 32(9)

Article 32a(1)

Article 32a(2)

Article 32a(3)

Article 32a(4)

Article 32b

Article 33(1)

Article 33(2)

Article 34(1)

Article 34(2)

Article 34(3)

Article 35

Article 22(1), second subparagraph

—

Article 22(2)

—

Article 24(1)

—

Article 19(3), second subparagraph

—

Article 21(4)

Article 16(1)

Article 16(2)

Article 16(3)

Article 16(5)

Article 18

—

Article 69(1)

Article 69(6)

Article 70(1)

Article 70(2)

—

Article 40(5)

—

Article 71

—

Article 36

Article 42

—

Article 37

Article 72

Article 38

Article 60

Article 11(2), fourth subparagraph, and

(4), Article 14 and Article 69(7)

Article 39

Article 40

—

Article 73

Article 77

108/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

Directive (EU) 2015/849

Directive (EU) 2024/1640

This Regulation

Article 41

Article 70

Article 76

Article 42

—

Article 78

Article 43

—

Article 44(1)

Article 44(2)

Article 44(3)

Article 44(4)

Article 45(1)

Article 45(2)

Article 45(3)

Article 45(4)

Article 45(5)

Article 45(6)

Article 45(7)

Article 45(8)

Article 45(9)

Article 45(10)

Article 45(11)

Article 46(1)

Article 46(2)

Article 46(3)

Article 46(4)

Article 47(1)

Article 47(2)

Article 47(3)

Article 48(1)

Article 48(1a)

Article 48(2)

Article 48(3)

Article 9(1)

—

Article 9(2)

—

Article 9(3) and (6)

—

Article 16(1)

—

Article 8(3), (4) and (5)

—

Article 17(1)

Article 48

—

Article 17(2)

—

Article 17(3)

—

Article 17(4)

—

Article 16(3)

Article 41(1)

Article 41(2)

Article 41(3)

—

Articles 12 and 15

Article 39(2)

Article 28(1)

—

Article 11(1)

Article 4(1) and (2)

Article 6(1)

Article 6(2)

Article 37(1)

Article 37(5) and Article 62(1)

Article 37(2) and (6)

Article 37(7)

—

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

109/111

EN

OJ L, 19.6.2024

Directive (EU) 2015/849

Directive (EU) 2024/1640

This Regulation

Article 48(4)

Article 37(1), first subparagraph, Arti- —

cle 46 and Article 54(4)

Article 48(5)

Article 48(6)

Article 48(7)

Article 48(8)

Article 48(9)

Article 48(10)

Article 49

Article 46(2) and (3) and Article 47

Article 40(1)

Article 40(2)

Article 40(4)

Article 37(3)

Article 40(3)

Article 61(1)

Article 63

—

Article 50

Article 50a

Article 51

Article 61(3)

—

Article 52

Article 29

Article 53

Article 31

Article 54

Article 33

Article 55

Article 34

Article 56

Article 30(2) and (3)

Article 35

Article 57

Article 57a(1)

Article 57a(2)

Article 57a(3)

Article 57a(4)

Article 67(1)

Article 67(2)

Article 67(3)

Article 44, Article 46(1) and Article —

47(1)

Article 57a(5)

Article 57b

Article 51

—

Article 68

Article 58(1)

Article 58(2)

Article 58(3)

Article 58(4)

Article 58(5)

Article 59(1)

Article 59(2)

Article 59(3)

Article 59(4)

Article 53(1)

Article 53(2) and (3)

Article 53(4)

—

Article 53(5)

Article 55(1)

Article 55(2) and Article 56(2) and (3) —

Article 55(3)

Article 55(4)

—

110/111

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

EN

OJ L, 19.6.2024

Directive (EU) 2015/849

Directive (EU) 2024/1640

This Regulation

Article 60(1)

Article 58(1), (2), first subparagraph —

and (3)

Article 60(2)

Article 60(3)

Article 60(4)

Article 60(5)

Article 60(6)

Article 61

Article 62(1)

Article 62(2)

Article 62(3)

Article 63

Article 64

Article 64a

Article 65

Article 66

Article 67

Article 68

Article 69

Annex I

Article 58(2), third subparagraph

—

Article 58(4)

—

Article 53(6)

—

Article 53(7)

—

Article 53(8)

—

Article 60

—

Article 59(1)

—

Article 6(6)

—

Article 59(2)

—

Article 85

Article 86

—

Article 72

—

Annex I

Annex II

Annex III

—

Annex II

Annex III

Annex IV

ELI: http://data.europa.eu/eli/reg/2024/1624/oj

111/111