AMLA: European anti-money laundering supervision is starting. What it means for a Czech obliged entity

What AMLA is and why it was created

AMLA (Authority for Anti-Money Laundering and Countering the Financing of Terrorism) is the first European authority established exclusively to fight money laundering and terrorist financing. It was established on June 26, 2024, began operations on July 1, 2025 and, from January 1, 2026, took over the AML/CFT agenda from the European Banking Authority (EBA). It is based in the Messeturm in Frankfurt am Main and is expected to employ more than 400 people. It is chaired by Bruna Szego, an Italian lawyer with long-standing AML experience; the executive director is Nicolas Vasse. More information is available on the official AMLA website.

Why did the European Union need such an authority at all? The answer is one word: fragmentation. The previous system worked through directives, which each Member State transposed into its own law in its own way. The result was 27 different interpretations of the same rules. A firm that wanted to avoid stricter supervision could simply move activity to a more lenient jurisdiction — this is called regulatory arbitrage. AMLA is intended to close that space and ensure that the rules work the same way in practice in Frankfurt, Warsaw and Prague.

On February 4, 2026, AMLA published its first multiannual plan, the Single Programming Document, setting priorities for 2026–2028. One of the key priorities is the creation of a central European AML/CFT database containing information on obliged entities, risk assessments, management screening results, supervisory measures and sanctions. This database is expected to be fully operational in 2027.

Three instruments you need to know: AMLR, AMLD6 and the AMLA Regulation

People often speak about “AMLA” as if it were one thing. In reality, it is a package of three separate legal instruments that are connected, but have different roles and different application dates. If you want to understand what is coming, you need to distinguish between them.

The AMLA Regulation (EU 2024/1620) establishes the authority itself and defines its powers and structure. It has applied since July 1, 2025. This is an institutional regulation — it does not directly impose new obligations on you.

AMLR — the Anti-Money Laundering Regulation (EU 2024/1624) is the heart of the whole package. It contains specific rules for obliged entities: how to carry out customer due diligence, how to identify the beneficial owner, and what cash limits apply. Because it is a regulation, not a directive, it applies directly in all Member States without needing to be transposed into Czech law. This is a fundamental difference from the current state. AMLR will become directly applicable from July 10, 2027. The official text is available on EUR-Lex as nařízení (EU) 2024/1624.

AMLD6 — the sixth AML Directive (EU 2024/1640) regulates the institutional framework: how national supervisory authorities, beneficial ownership registers and financial intelligence units should operate. Unlike AMLR, it must be transposed into Czech law by July 10, 2027.

In practice, this means that the Czech zákon č. 253/2008 Sb. — today’s AML Act — will have to be reworked to match AMLD6, while a large part of the specific rules will move directly into AMLR and will no longer be a matter of national discretion.

Timeline: what happens when

The most common mistake obliged entities make is treating 2027 as the only relevant date. The reality is more complex — the process is already under way and has several milestones.

Will AMLA supervise you directly? (Spoiler: probably not — and yet it still affects you)

This is the most common misunderstanding. There is an idea that from 2027 the European authority will personally inspect every real estate agent and every accountant. That is not true.

From January 1, 2028, AMLA will take over direct supervision only of the 40 highest-risk cross-border financial institutions in the entire EU — typically large banks and financial groups operating in at least six Member States. If you are a real estate agent in Brno or an accountant in Olomouc, AMLA will not directly supervise you.

Your supervisory authority remains the Czech Financial Analytical Office (FAU). What changes fundamentally is that FAU will carry out its supervision according to rules coordinated and harmonised by AMLA. In other words: AMLA writes the rules and supervises how FAU applies them; FAU then inspects you. The end of fragmentation means there will no longer be room for a softer Czech interpretation — the standard will be European.

That is exactly why AMLA affects you, even if it never knocks on your door directly. The rules under which FAU will inspect you are being written by AMLA from 2026 onward.

Eight key changes introduced by AMLR

This is where general discussion ends and concrete obligations begin. AMLR changes a number of rules you have so far been used to under zákon č. 253/2008 Sb. These are the eight most important changes for non-financial obliged entities:

1. EU-wide cash limit of EUR 10,000. Under Article 80, AMLR introduces a single EU-wide limit for cash payments in business dealings of EUR 10,000. In addition, clients must be identified for occasional cash transactions from EUR 3,000. Note that this is a different limit from today’s Czech cash payment ceiling of CZK 270,000 under Act No. 254/2004 Coll.; AMLR introduces a separate EU AML limit.
2. Lower threshold for customer due diligence. The threshold triggering the obligation to perform customer due diligence for occasional transactions falls from the current EUR 15,000 to EUR 10,000 (Article 19 AMLR).
3. Stricter definition of beneficial owner. A beneficial owner will newly include a person holding a share, voting rights or control of 25% or more — previously the rule was “more than 25%”. This may look cosmetic, but in practice it expands the number of persons you must record and verify. It is closely linked to customer due diligence and verification of beneficial ownership.
4. Broader definition of politically exposed person (PEP). The definition of politically exposed persons is expanded to regional and local officials. Enhanced due diligence (EDD) for PEPs must continue for at least 12 months after they leave office.
5. Fixed cycles for updating client data. AMLR sets maximum cycles for updating client information: 5 years for lower-risk clients and 1 year for risky clients (Article 26(2) AMLR). You must also update information whenever circumstances change or a new relevant fact appears.
6. Sanctions compliance as a mandatory part of the AML system. Screening against sanctions lists ceases to be a separate agenda and becomes an integral part of your AML system.
7. Five working days to respond to FAU requests. You will have to respond to requests from the supervisory authority within 5 working days. That creates new requirements for how quickly you can retrieve and submit your documentation.
8. New compliance manager role. AMLR introduces — alongside the existing compliance officer (responsible for day-to-day AML duties) — a compliance manager role: a member of the management body with overall responsibility for the AML/CFT framework. Smaller and lower-risk entities may combine both roles into one person.

Why “I’ll wait until 2027” is a dangerous strategy

The logic that “the regulation applies from July 2027, so I still have time” has two fundamental flaws.

The first flaw: new business relationships have no adaptation period. AMLR does allow a transitional remediation period for the existing client portfolio until 2032, based on a risk-based approach. But every new business relationship established after July 10, 2027 must comply with AMLR immediately, without any adaptation period. If you accept a new client in summer 2027, you must apply the full AMLR rules from the first minute.

The second flaw: changing systems takes longer than you think. Between publication of the final RTS (planned by July 10, 2026) and AMLR application (July 10, 2027), there is roughly one year. By then, you need to analyse the gap between your current state and AMLR requirements, update internal documentation, redesign customer due diligence processes, solve the collection of new beneficial ownership data and ensure sanctions screening. For a firm that still runs AML on paper or in Excel, this is close to the limit of what is realistic. Deploying a digital AML system and setting up AML compliance processes early is the surest way to meet AMLR requirements without last-minute pressure.

Obliged entities that wait for the final wording of every standard risk running out of time to adjust IT systems, review KYC processes and rewrite internal policies.

What to do now

Preparing for AMLR does not require you to know every letter of the future standards today. It requires you to start. Four concrete steps make sense already in 2026:

1. Perform a gap analysis. Compare your current AML processes with what AMLR requires. Where are the gaps? Do you record beneficial owners from the 25% threshold? Do you have a cycle for updating client data?
2. Map whether your obligations will expand. AMLR expands the scope of obliged entities, including to crowdfunding platforms and traders in high-value goods. Verify whether any new categories apply to you.
3. Assess data and system readiness. Can you retrieve the check of a specific client within 5 working days today? Do you have an audit trail that will stand up? If you keep AML records on paper, it is time to consider a digital AML system.
4. Clarify responsibility. AMLR clearly defines the roles of persons responsible for AML compliance. For smaller and lower-risk entities, roles may be combined in one person, but responsibility must be clearly assigned.

AMLA is not a threat, but it is not a formality either. It is the end of the era when AML could somehow be “survived” with a declaration in a drawer. The European standard is coming and FAU will enforce it. Obliged entities that start preparing in 2026 will enter July 2027 ready. The rest will build their compliance system under pressure and in a hurry — exactly the situation in which mistakes happen and fines are imposed. The time you have is not “until 2027”. It is the time until you accept your first client under the new rules — and that moment will come sooner than it seems.