ERA Forum ¦ An Anti-Money Laundering Authority for the European Union: A New Center of Gravity in AML Enforcement

An AML Authority for the European Union – a new center of gravity in AML enforcement

The creation of the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA) is the most consequential institutional change in the EU’s AML/CFT architecture in decades. The reform package adopted in 2024 replaces the fragmented patchwork of minimum harmonisation directives with a directly applicable AML Regulation, clarifies supervisory roles, and places an EU-level enforcement actor at the core of cross-border AML oversight. For practitioners, compliance officers, and enforcement professionals, understanding AMLA’s remit, tools and limits is essential: AMLA introduces direct decision‑making and sanctioning powers over a defined universe of high‑risk, cross‑border financial institutions, while leaving most day‑to‑day supervision with national authorities under AMLA’s oversight.

AMLA’s mission and structural role

AMLA is designed to address long‑standing weaknesses exposed by major cross‑border laundering scandals: inconsistent national standards, uneven supervisory practices, and poor coordination across member states. As an EU body with legal personality based in Frankfurt and operational from mid‑2025 (with direct supervision phased in by 2028), AMLA has three complementary responsibilities.

1. It will exercise direct AML/CFT supervision of a limited set of credit and financial institutions that operate across many member states and are classified as high residual ML/FT risk.
2. It will coordinate, monitor and, where necessary, mediate or step in regarding national supervisory authorities (NSAs), effectively acting as an overseer of national AML performance.
3. AMLA must support and facilitate cooperation between financial intelligence units (FIUs), offering technical tools, joint‑analysis support and a platform for cross‑border FIU work.

These roles make AMLA both an enforcement authority and a quasi‑regulatory actor: it will draft binding technical standards, issue guidelines, and build a harmonised supervisory methodology.

Bastian Schwind-Wagner _Follow

"AMLA centralises supervision of the riskiest cross‑border financial players and sets binding methodologies that will raise expectations across the EU’s AML ecosystem. Its limited direct footprint masks a wider regulatory influence that will reshape how firms assess and mitigate residual ML/TF risk.

Effective cooperation between AMLA, national supervisors, FIUs and criminal authorities will determine whether the new architecture succeeds in turning intelligence into action. Firms should prioritise demonstrable control effectiveness and cross‑border coordination to avoid becoming subjects of direct AMLA scrutiny."

Who will AMLA supervise directly?

AMLA’s direct supervisory mandate is narrow by design but impactful. The selection of entities follows a two‑step process.

1. AMLA must periodically assess all credit and financial institutions operating in at least six member states (including branches and remote service provision) and classify their inherent and residual ML/TF risk using a methodology AMLA must develop. Inherent risk is assessed against benchmarks tied to customers, products and delivery channels, geography and other traditional risk factors; residual risk reflects the effectiveness of an entity’s internal AML/CFT controls.
2. Entities whose residual risk is classified as high will be selected as “selected obliged entities” (SOEs). AMLA will set a maximum number of SOEs (the baseline is up to 40, with flexibility to expand in consultation with NSAs); where many institutions meet the criteria, those operating in the greatest number of member states and, if needed, those with the highest ratio of transactions with third countries, will be chosen.

There are mechanisms to bring other entities under AMLA control in exceptional circumstances. NSAs can ask AMLA to take over a non‑SOE where there are unremediable breaches, widespread problems within a group, or where an NSA temporarily lacks capacity. AMLA itself can request to take over supervision when a non‑SOE’s compliance or risk profile deteriorates rapidly and threatens multiple member states or the single market; such a discretionary transfer requires Commission approval and is time‑limited.

What powers does AMLA have?

AMLA’s toolkit is substantial and mirrors the kinds of powers needed to enforce complex, cross‑border AML requirements.

Investigative powers

AMLA can require SOEs, their staff and their outsourced service providers to produce information and documents, and may inspect and copy records, software and IT systems. It can conduct on‑site inspections, including unannounced visits, subject to safeguards where private residences or national judicial authorisation are involved. Routine supervisory enquiries are carried out by joint supervisory teams (JSTs) led by AMLA officials together with NSA staff. Where there are serious indications of wrongdoing that could lead to fines, AMLA must appoint an independent investigatory team to preserve impartiality; that team has the full range of investigative powers and produces the file submitted to AMLA’s Executive Board for decision.

Administrative measures

Where breaches or heightened risks are found, AMLA can adopt administrative measures to remedy or prevent non‑compliance. Those include recommendations, binding orders to comply, cease‑and‑desist orders, enhanced reporting obligations, requirements to strengthen internal controls, restrictions on business activities, divestment orders, governance interventions such as temporary bans on managers, and public naming of the entity or responsible persons. In the gravest cases AMLA may propose withdrawal of a licence to the national licensing authority.

Periodic penalty payments

To enforce compliance with information requests, inspections or remedial measures AMLA may impose periodic penalty payments (PPPs) until obligations are met. PPPs are capped at 3% of the average daily turnover for legal persons (2% of average daily income for natural persons), may be applied retroactively to the date of the measure, and have strict maximum durations with a renewable six‑month window.

Administrative pecuniary sanctions

AMLA can levy fines for intentional or negligent breaches of specific directly applicable Union AML provisions listed in the AML Regulation and Transfers of Funds Regulation, if those breaches are serious, repeated or systemic, or for failure to comply with AMLA’s individual binding decisions. The AMLR sets a detailed methodology for fines: a base amount (from EUR 100,000 up to EUR 2 million or 1% of annual turnover depending on the breach) is adjusted by aggravating and mitigating coefficients, with possible addition of the benefit obtained or losses caused if quantifiable. AMLA must take into account the institution’s ability to pay and consult prudential supervisors where fines could affect solvency or regulatory capital.

Use of national supervisory powers

AMLA may exercise powers that NSAs hold under Union law (including where national powers transpose EU directives), and it can require NSAs to use their national powers where those powers are not transferable. Distinguishing between national powers that are mere transpositions of Union law and powers that are purely national will be a recurring practical and legal question and may require inventories and clear mapping to avoid competence disputes.

How AMLA will work with national authorities and enforcement agencies

AMLA does not replace national supervision. Rather, it creates a two‑tiered system: AMLA directly supervises a targeted set of cross‑border, high‑risk firms, and it oversees the overall performance of NSAs with powers to assess, recommend, instruct and, in limited cases, take over. Direct supervision of SOEs will be carried out by JSTs composed of AMLA‑led teams and NSA staff to preserve local insights and ensure effective investigations.

AMLA is integrated into the EU enforcement landscape: it has formal information sharing duties and working arrangements with EPPO , OLAF , Europol and Eurojust . AMLA must refer to EPPO or OLAF when joint analysis outputs or other supervisory findings point to possible criminal activity affecting EU financial interests or offences within their remit. For dissemination to Europol or Eurojust, AMLA must secure the consent of participating FIUs when working from joint FIU analyses. AMLA must conclude working arrangements with these bodies, and the General Board in FIU composition may host non‑voting observers from EPPO, OLAF, Europol and Eurojust. These links are intended to strengthen the coordination between administrative AML supervision, FIU intelligence work and criminal investigation and prosecution.

Regulatory impact beyond directly supervised firms

AMLA’s regulatory remit is broad. The new AML Regulation replaces multiple directive provisions with directly applicable rules and AMLA will produce binding technical standards, guidelines, recommendations and a harmonised supervisory methodology, particularly for risk assessment and entity categorisation. That harmonisation will influence how NSAs supervise non‑SOEs and how obliged entities design their controls and risk frameworks. The requirement to assess residual risk against common benchmarks and the prospective binding nature of AMLA’s standards mean that even firms not directly supervised by AMLA should expect significant indirect impacts: implementation expectations, supervisory focus, and market practices will migrate towards AMLA’s frameworks.

Limits and checks on AMLA’s reach

Despite its powers, AMLA’s direct supervisory footprint is deliberately limited to preserve subsidiarity and proportionality. Most obliged entities remain supervised by NSAs. AMLA’s ability to take over a non‑SOE at its own initiative is subject to Commission approval and time limits to avoid unrestricted discretion; transfer on request from an NSA must generally be accepted. Decision‑making is collegial and several internal checks exist: the Executive Board adopts supervisory decisions, the General Board is responsible for quasi‑regulatory outputs and provides oversight in supervisory composition, and an Administrative Board of Appeal conducts internal review of individual supervisory acts before external judicial review. Judicial review remains available: national judges can review the proportionality and authenticity of on‑site inspections where national law requires authorisation, while the Court of Justice of the European Union retains competence over EU acts.

Practical implications for compliance, risk teams and enforcement practitioners

For compliance and risk teams, the practical consequences are immediate and concrete. Firms that operate across many member states must prepare for a common, EU‑level residual risk assessment and understand how common benchmarks will be applied. The quality of internal controls now has a harder, quantitative role in whether a firm becomes an SOE and thus falls under AMLA’s direct supervision. Firms with significant cross‑border operations – particularly those serving clients or transacting with high‑risk third countries or using emerging delivery channels such as crypto‑assets – should reassess their group‑level governance, transaction monitoring, and AML‑controls maturity against anticipated EU benchmarks. Outsourcing arrangements, third‑party providers and cross‑border data flows will be subject to heightened scrutiny in on‑site inspections and document requests.

For national supervisors, AMLA introduces both a partner and a counterweight. NSAs will still carry primary responsibility for most firms but under AMLA’s performance monitoring and the possibility of instruction or takeover. This places a premium on consistent documentation of supervisory decisions and on the ability of NSAs to demonstrate supervisory effectiveness and capacity.

For enforcement and criminal investigators, AMLA promises better EU‑level intelligence and a more harmonised evidential base for cross‑border cases. Its joint FIU facilitation, technical tools, and formal reporting paths to EPPO, OLAF, Europol and Eurojust should reduce fragmentation and accelerate the transition from suspicious activity reporting to investigations. That said, criminal prosecutions will remain the competence of national authorities and EPPO where that office’s material scope is engaged; AMLA’s role is complementary and primarily administrative and supervisory.

Conclusions

AMLA rebalances the EU AML/CFT architecture by introducing – for the first time – an EU supervisory actor with direct investigative and sanctioning powers over a defined set of cross‑border, high‑risk financial institutions. The combination of a directly applicable AML Regulation and AMLA’s quasi‑regulatory and supervisory functions aims to deliver a single rulebook and a more consistent application of the risk‑based approach across the EU. The direct supervisory remit is intentionally limited, but the regulatory and methodological outputs that AMLA will produce are likely to reshape supervisory expectations and market behaviour across the board.

For entities, the message is clear: strengthen group‑wide risk governance, document residual risk and the effectiveness of controls, and ensure robust cooperation with local supervisors. For national authorities and enforcement bodies, AMLA is both an ally and a test: the quality of national supervision will be scrutinised, and effective cooperation will be required. For the EU as a whole, the ultimate test will be whether AMLA’s tools and partnerships reduce the incidence and profitability of cross‑border money laundering and terrorist financing without creating undue fragmentation or legal uncertainty. A first structured review of AMLA’s interaction with criminal enforcement actors and its overall performance is expected by 2030; meanwhile, market participants should plan on substantive regulatory harmonisation and an elevated supervisory standard emerging from the new centre of gravity in EU AML enforcement.

Dive deeper

• EUR-Lex ¦ Regulation (EU) 2024/1624 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing ¦ Link

• EUR-Lex ¦ Regulation (EU) 2023/1113 on information accompanying transfers of funds and certain crypto-assets and amending Directive (EU) 2015/849 ¦ Link

• Research ¦ Tosza, S., Voordeckers, O. An anti-money laundering authority for the European Union: a new center of gravity in AML enforcement. ERA Forum 25, 405–424 (2024). https://doi.org/10.1007/s12027-024-00805-9 ¦ Link ¦ licensed under the following terms, with no changes made: CC BY 4.0