Table of contents
- Why everything is changing
- What AMLA is and what it does
- "It doesn't affect me" – the biggest mistake
- What is changing in the inspections themselves
- Why the number of inspections and fines will rise
- What will actually interest the inspectors
- The biggest illusions of obliged entities
- What you should sort out today
- Conclusion
Why everything is changing
AML (Anti-Money Laundering) in Europe long operated on a principle of "each state does it its own way". Rules were created at EU level, but their interpretation, supervision and enforcement remained with individual Member States.
The result? What passed inspection in one country failed in another. Criminal structures systematically exploited these differences, especially in cross-border cases.
AMLA is not just another authority. It is the EU's response to the failure of the current system and an effort to shift AML from formal compliance to real risk management.
What AMLA is and what it does
AMLA (Anti-Money Laundering Authority) was established in response to repeated scandals involving major banks, real estate structures and cross-border financial flows. These showed that:
- national supervisory authorities work in isolation
- information is poorly shared between them
- no one bears clear responsibility
AMLA therefore unifies supervision across Europe, coordinates national authorities and directly supervises the highest-risk entities.
Key milestones:
- July 1, 2025 – AMLA began operations in Frankfurt
- By end of 2027 – reaches full capacity
- From 2028 – directly supervises some 40 of the highest-risk cross-border financial groups in the EU
"It doesn't affect me" – the biggest mistake
The truth is that AMLA will not physically inspect most firms. Real estate agencies, traders, advisers or smaller financial institutions will remain under national supervision.
But beware – that does not mean nothing is changing. AMLA sets unified methodologies for the whole EU, pushes for harmonised requirements and defines what is expected of all obliged entities.
In practice this means: The inspection will still come from your national authority, but it will no longer assess things "the national way". It will use European standards.
Arguments like "We do it this way here", "It passed last time" or "Others do it the same" no longer work.
What is changing in the inspections themselves
Previously, inspections checked:
- Do you have a policy?
- Do you have screening?
- Do you have records?
Now inspections check:
- What is your risk management logic?
- How do you decide in concrete cases?
- Are your decisions consistent?
- Can you justify them retrospectively?
It is not about having more paperwork. It is about risk assessments making sense, decisions not being arbitrary, and the system working even when "the one person who has it all in their head" leaves.
Why the number of inspections and fines will rise
The increase in fines will not be because everyone suddenly became criminals. But because the system will now better uncover shortcomings.
Typical problems that will now be visible:
- Two similar clients but different risk ratings – why?
- Decisions without clear justification
- EDD only on paper, without real substance
- Missing documentation of why the decision was made that way
These are things that often "passed" before because each authority measured differently. With AMLA and a unified European approach, that space is disappearing.
What will actually interest the inspectors
They are not interested in paragraphs or legal citations. They are interested in answers to simple questions:
- Why is this client low/medium/high risk?
- What information did you have when you made the decision?
- Who decided and under what rules?
- What would have changed if the input data had been different?
- Can you demonstrate it retrospectively without improvising?
If the answer is "because that's how it came out" or "because the tool said so", you have a problem.
The biggest illusions of obliged entities
"We don't do anything wrong." In most cases that is true. But AML is no longer about intent. It is about the ability to justify your decisions.
AMLA shifts AML from the moral plane to the managerial: risk management, process accountability, demonstrability.
Whoever lacks this will fail. Not because they are dishonest, but because they are unprepared.
What you should sort out today
You don't need to understand legal theory. But you should be able to answer:
Do we have clear and consistent risk assessment logic? Do you decide similarly for similar clients? Or does it depend on mood or who is assessing?
Do we decide the same way today as six months ago? Have your criteria changed? If so, do you know why and is it documented?
Can we explain the "why", not just the "what" we did? It is not enough to say "we did screening". You must be able to say why you did it that way and what led you to it.
Are our decisions traceable retrospectively? If an inspection came in a year, could you prove why you decided the way you did then?
Conclusion
AMLA itself may never come to you. But the inspection will ask its questions.
Prepare for that now, not when the inspection is already at your door.