AML package
The AML package was adopted by the Council of the European Union in May 2024 and aims to harmonize the anti-money laundering legislation within the EU. The AML package mainly consists of three parts:
AMLR
Regulates the requirements for business operators, such as banks and accounting consultants. The AMLR will enter into force immediately in all Member States and replace current national legislation from 10 July 2027.
AMLD 6
Specifies how national competent authorities should be organized and should be implemented through national legislation.
AMLA-R
Regulates the new European Anti-Money Laundering and Counter-Terrorism Financing Authority (AMLA)
What do we know and what remains?
What do we know and what remains?
The scope and content of the AMLR have been established and will apply from 10th of July 2027. However, the AMLR will be supplemented by approximately 20 Regulatory Technical Standards (RTS), Guidelines (GL) and Implementing Technical Standards (ITS), which will specify the requirements further in areas such as KYC, internal procedures and outsourcing. AMLA has presented a plan for the development of these, where several drafts will be published in 2026. AMLD6, which regulates, among other things, the work of the Financial Supervisory Authorities and the Financial Intelligence Units as well as the central register of beneficial owners, is to be transposed into national law. The more detailed formulation of this is ongoing and remains to be followed.
Even after July 2027, further additions will be introduced. These include requiring football clubs to apply the AMLR from 10th of July 2029, and from the same date, the introduction of lower thresholds for determining beneficial ownership may be applied to selected categories of companies.
A selection of upcoming RTS, ITS and GL from AMLA
Q1 2026
- Customer due diligence (28.1)
- Identification of business relationships and occasional or linked transactions (19.9)
Q2 2026
- Minimum requirements for group-wide policies, including among other things information exchange (16.4)
Q3 2026
- Minimum requirements for the content of the general risk assessment (10.4)
- Risks to consider when entering into a business relationship (20.3)
- Ongoing monitoring of business relationships and transactions (26.5)
Q1 2027
- Scope of internal policies, including internal roles (9.4)
- Q1 2026Customer due diligence (28.1) Identification of business relationships and occasional or linked transactions (19.9)
- Q2 2026 Minimum requirements for group-wide policies, including among other things information exchange (16.4)
- Q3 2026 Minimum requirements for the content of the general risk assessment (10.4) Risks to consider when entering into a business relationship (20.3) Ongoing monitoring of business relationships and transactions (26.5)
- Q1 2027 Scope of internal policies, including internal roles (9.4)
What does this mean for you as an obliged entity
What does this mean for you as an obliged entity
Since AMLR is part of the AML package that regulates the requirements for operators, it is primarily this part of the AML package that is relevant if you are an obliged entity. However, it is important to understand that both AMLD6 and AMLA-R can have a direct and indirect impact on your business. AMLA-R contains, for example, requirements for how supervisory authorities should assess the risk of operators, which has been clarified via an RTS in the area. Further AMLD6 regulates areas such as access to the central register of beneficial owners and collaboration with authorities.
In dialogue with our customers, we see that the parts of AMLR perceived as most challenging vary. What type of operator you are, how you are organized and the size of your business are examples of factors that affect challenges in regulatory adaptation. Other factors that can also have an impact are whether you are part of a group, the proportion of outsourced operations, the number of employees and existing access to data. Some of the areas that are most discussed with our customers today include:
- Outsourcing – AMLR introduces restrictions on which parts of the AML work are allowed to be outsourced, the restrictions also apply to intra-group outsourcing. This means that AMLR may entail a need for a change in responsibilities and organization.
- Roles – The current roles within the AML legislation will disappear and be replaced by two new roles, Compliance Manager and Compliance Officer. Where the Compliance Officer should be placed, in the first or second line, is the source of many discussions. Depending on where the function is located, reorganization and reallocation of responsibilities may be required.
- Group – AMLR directs an increased focus on groups compared to previous regulations. The changes concern both intra-group information sharing, and in cases where a subsidiary that is under the scope of AMLR can «affect» a parent company. The implication is thus that the parent company may also fall within the scope of the AMLR.
- Customer due diligence – AMLR and the published draft RTSs emphasize a risk-based approach and clarify, among other things, what information may be required to meet requirements for purpose and intended nature (previous purpose and nature). New areas that are being added are e.g. place of birth and the destination of the means.
- Beneficial owner – The AMLR specifies the methodology to use to identify the beneficial owner. New requirements for reporting in the event of identified deviations from the central register for beneficial owners are also stipulated in AMLR.
- Targeted financial sanctions – The prevention of targeted financial sanctions being circumvented or not implemented becomes an integral part of everything from customer due diligence and general risk assessment to the division of responsibility.
- Expanded reporting requirements – The reporting requirements are now expanded to include certain types of threshold-based reports, which places demands on a new type of monitoring.
- Expanded access to data – Financial sector supervisors will assess risk based on a uniform methodology based on approximately 100-150 data points. These data points are expected to be integrated into periodic reporting to the Financial Supervisory Authority, which is why access to data is important to ensure now.
How NFR Group can support you
How NFR Group can support you
Based on the purpose of the regulations, our advisors, with experience from both supervisory authorities and operational and strategic roles, can support you in succeeding with your implementation project. The scope, focus and structure of our advice are adapted based on your individual needs to create long-term solutions that are compatible with your individual situation. Our advisors have expertise in areas ranging from KYC to risk models and internal governance. Their knowledge base, combined with experience from supervisory dialogues and operational understanding of KYC and TM processes, allows us to support you in most parts of your AMLR journey. Below is a selection of areas where NFR Group can assist with support and expertise.
GAP-analysis
We can help you with a GAP-analysis to identify where your gaps are in relation to the AML package or just a specific part of the package, as well as support you in prioritizing.
Implementation
With our understanding of the operational processes within AML combined with experience from supervisory dialogues, we can help you find appropriate and effective solutions that work in the long run for your organization.
Senior advisor
We can be there as your support and senior advisor during the implementation journey to guide you in regulatory interpretations and priorities throughout the project.
Review of data
Access to data is something that often sounds easier than it is. The AML package will place higher demands on your access to and control of essential data. We have advisors with broad experience of both data analysis and requirements for internal data who can support you in your work to structure and ensure data access.
Training
The AML package will entail changes at a number of different levels of the business. We can help you with training at all levels, from board of directors to investigators.
How will the AML package affect your operations, and what preparations are required ahead of AMLR?
