ClickCease

Something we said? Don’t leave just yet!

For more information about latest events, news and insights, leave us your email address below.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form
Dismiss

The EU’s Regulatory Technical Standards for AML: 4 key changes

Breaking down the European Banking Authority’s latest proposals to Regulatory Technical Standards.

William Monk
July 1, 2025

The European Banking Authority (EBA) recently published a Consultation Paper setting out its proposals for a suite of draft Regulatory Technical Standards (RTS). These standards aim to bring greater consistency, clarity, and robustness to AML/CFT supervision and controls across the EU, affecting both supervisors and financial institutions within its remit.  

These changes and public consultation input will guide the future work of the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA).

The Regulatory Technical Standards (RTS) focused on four core areas:

1) Risk Profiling  

RTS on how to assess and classify the inherent and residual AML risk profiles of obliged entities, and how often they should be reviewed.

The EBA is introducing a harmonised methodology that all AML/CFT supervisors across the EU must use to assess and classify the ML/TF risk profile of obliged entities.  

The proposed methodology involves three key steps:

  1. Assessing inherent risk based on factors like business model, customer base, and operational exposure, classifying entities into one of four categories: low (1), medium (2), substantial (3), or high (4).
  1. Evaluating the quality of AML/CFT controls, classifying them as A (very good), B (good), C (moderate), or D (poor).
  1. Determining residual risk (the remaining risk after controls are applied) again using the same 1–4 scale.

This entire process is intended to be automated via a scoring system, but allows for manual adjustments by supervisors, if justified. The resulting residual risk score will inform the frequency and intensity of supervisory actions, aligning oversight with the actual risk an entity poses.  

The goal is to establish a uniform supervisory framework that is proportionate, transparent, and data-driven across all Member States.

2) Direct Supervision

RTS on risk assessments to determine which entities may fall under AMLA’s direct supervision.

According to the proposal, an entity is eligible for direct supervision by AMLA if it operates in at least six Member States either through establishment or through the freedom to provide services.  

To qualify under the proposed Regulatory Technical Standards (RTS), the EBA sets two alternative thresholds to assess material activity in a Member State:  

Financial institutions should either have

  • Number of customers resident in that Member State: above 20,000,  

or  

  • Total value of transactions by those customers: above €50,000,000.  

These thresholds apply regardless of whether the customers are retail or institutional.

3) Customer Due Diligence

RTS covering standardised approaches to CDD requirements.

The AMLR sets out a standardised list of data points that obliged entities must collect to identify and verify customers, beneficial owners, and legal entities. It also defines requirements for data formatting, identity verification, cross-checking, and record-keeping to ensure consistency across the EU. The aim is to improve data quality and enable more effective and harmonised customer due diligence.

The draft RTS also introduces a risk-based frequency for reviewing the ML/TF risk profiles of financial institutions, with annual reviews as the default. Smaller or lower-risk entities may be reviewed every three years instead, but supervisors must reassess more frequently if new risks emerge or existing profiles become outdated. This ensures supervisory efforts remain proportionate and responsive to changes in risk.

4) Sanctions and Penalties

RTS on the use of pecuniary sanctions, administrative actions, and periodic penalty payments.

The draft RTS on the use of pecuniary sanctions, administrative measures, and periodic penalty payments aims to harmonise and clarify how supervisors should apply penalties across the EU for AML/CFT failures. It sets out a framework for determining the seriousness of a breach, considering factors such as its duration, financial impact, and whether it was intentional or negligent. The RTS also specifies criteria for choosing appropriate administrative measures and calculating financial penalties, and it introduces periodic penalty payments as a tool to encourage prompt compliance.

The overall objective is to make enforcement more consistent, fair, and effective, while reflecting the principle of proportionality and the unique circumstances of each case.

How should financial institutions prepare? Response from Napier AI

The EBA’s proposals aim to be proportionate, risk-based, and practical, helping both financial institutions and supervisors implement the rules effectively while managing compliance costs.  

Learn in-depth explanations of the proposed changes and response to key questions on financial crime compliance from Napier AI

Photo by Christian Lue on Unsplash

William Monk
Chief Product Officer
What’s popular./
Tranche 2 AML reforms: who’s being left behind?
Ron Mullins
May 28, 2025
3 ways to modernise AML: combatting the fentanyl crisis in Canada
Sean Parker
May 8, 2025
Napier AI taps into Belfast tech hub with new Centre of Excellence
Napier AI
February 18, 2025