EU AMLA Supervisory Authority Regulation

What is the EU AMLA Regulation?

The EU AMLA Regulation — formally Regulation (EU) 2024/1620 — is the European Union instrument that establishes the Anti-Money Laundering Authority (AMLA) as the EU's central AML/CFT supervisor. Adopted in 2024 as a core component of the EU AML Package, it creates a new EU agency headquartered in Frankfurt with the mandate to supervise the highest-risk cross-border financial institutions directly, coordinate national supervisors and Financial Intelligence Units, and develop the technical standards that operationalise the EU's harmonised AML rulebook.

AMLA is the most significant institutional change in EU AML supervision since the framework began. It addresses a long-standing gap: the EU previously had no central supervisor with direct authority over obliged entities, leaving enforcement to a patchwork of national supervisors with widely varying capacity and willingness to act. AMLA is the EU's response — and the central pillar of the supervisory architecture established by the 2024 AML Package alongside the EU AML Regulation (AMLR) and Directive (EU) 2024/1640.

Why the AMLA Regulation matters

The case for AMLA was built over a decade of high-profile EU AML failures — Danske Bank, ING, ABN AMRO, Pilatus, Banca Privada d'Andorra, FBME, and others — that exposed the limits of purely national supervision. Cross-border banking groups operated across multiple supervisory perimeters with inconsistent standards; national regulators sometimes lacked the capacity, the political mandate, or the willingness to act on serious AML failings; and Financial Intelligence Units across the EU operated with widely divergent practice. AMLA addresses these gaps by introducing direct EU-level supervision of the highest-risk groups, common technical standards across all member states, and a coordinated platform for FIU cooperation. For obliged entities in scope of direct AMLA supervision, this means a new supervisor with broad inspection, sanctioning, and enforcement powers — and a materially higher baseline of consistency in supervisory expectations. See our AML compliance complete guide for the operating architecture this supervisor will assess against.

Establishing AMLA: mandate and powers

The Regulation establishes AMLA as an EU agency with five core mandates. First, direct supervision of selected obliged entities deemed high-risk and cross-border in nature — initially around 40 financial institutions across banking, payments, and crypto. Second, indirect supervision and coordination of national AML supervisors for the remaining EU obliged-entity population, including the power to require national authorities to investigate and act in defined circumstances. Third, coordination of national Financial Intelligence Units, including operating a delivery platform for cross-border information exchange and supporting joint analyses. Fourth, rule-making and standard-setting — AMLA will develop the regulatory technical standards (RTS), implementing technical standards (ITS), and guidelines that operationalise the EU AML Regulation across the EU. Fifth, risk assessment and policy support — AMLA will produce EU-wide ML/TF risk assessments and feed them into Commission policy.

To deliver these mandates, AMLA has been given broad powers — to conduct on-site and off-site inspections, request information from supervised entities, issue binding decisions, impose administrative pecuniary sanctions of up to EUR 10 million or 10% of annual turnover for the most serious breaches by directly supervised entities, and require periodic penalty payments where breaches continue.

Who will be directly supervised by AMLA

AMLA will not directly supervise every obliged entity in the EU — that would be operationally impossible. The five-pillar framework (see the 5 pillars of an AML program) anchors the operational expectations regardless of supervisor. Instead, the Regulation provides for the selection of a limited population of "selected obliged entities" that meet defined risk and cross-border criteria. The initial population is expected to comprise around 40 financial institutions — primarily large banking groups with significant cross-border activity, plus a smaller number of payment institutions, e-money institutions, and crypto-asset service providers. The selection methodology emphasises both inherent risk (geographic exposure, customer mix, product complexity) and cross-border footprint (number of member states the entity operates in). The selected list will be reviewed periodically; entities can move into or out of direct supervision over time.

For the non-selected majority of EU obliged entities, national supervisors remain the primary AML authority, but AMLA's coordination and technical-standards role means that supervisory expectations will progressively converge across the bloc.

Coordinating national supervisors and FIUs

A core part of AMLA's role is bringing the patchwork of national authorities into closer coordination. The Regulation gives AMLA the power to develop a common supervisory methodology, conduct peer reviews of national supervisors, request national authorities to investigate specific entities or matters, and (in defined circumstances) take over supervisory action where a national authority is failing to act. AMLA will also coordinate the EU's network of Financial Intelligence Units, operating a secure communication and analysis platform that builds on FIU.net and supporting joint operational analyses on cross-border cases. AMLA's coordination role mirrors the FATF model of mutual evaluation between national authorities, scaled to the EU institutional context — see also the FATF 40 Recommendations for the global standards AMLA's technical work must align with.

Technical standards and rulebook development

AMLA's rule-making role is operationally significant. The EU AML Regulation (AMLR) sets the substantive obligations; the AMLA Regulation gives the new authority responsibility for developing the regulatory and implementing technical standards that translate those obligations into detailed, harmonised operating rules. This includes standards for risk assessment, CDD, beneficial-ownership verification, transaction monitoring, and a long list of related areas. Once adopted by the Commission, these standards will apply directly across the EU, materially reducing the room for national-level divergence in operating practice. For obliged entities, this means a meaningful shift in how AML compliance is delivered — moving from member-state interpretation of broad principles to detailed pan-EU technical rules. Many institutions will reshape their AML screening, transaction monitoring, and reporting infrastructure to align with AMLA-issued standards — including the AML watchlist screening stack and UBO identification workflows — as those become available.

Timeline and operational build-up

AMLA's establishment is phased. The Regulation entered into force on 1 July 2025, and AMLA began its build-up activities — recruitment, governance, infrastructure, and initial standard-setting — through 2025 and 2026. Direct supervision of selected obliged entities begins in 2028, giving the authority a multi-year runway to recruit specialised supervisory staff, develop methodologies, and onboard the first wave of directly supervised entities. The Frankfurt headquarters was selected from a competitive city process in early 2024, with AMLA operating from interim premises during build-up.

Penalties and enforcement

For directly supervised entities, AMLA can impose substantial administrative pecuniary sanctions for breaches of EU AML rules. The headline figure is up to EUR 10 million or 10% of total annual turnover (whichever is higher) for the most serious systemic breaches, with lower bands for less material violations. AMLA can also impose periodic penalty payments of up to a percentage of average daily turnover where breaches continue, and apply non-financial measures such as restrictions on activities, removal of senior managers, or referral to national criminal authorities. For non-directly-supervised entities, sanctions remain with national authorities — but AMLA's peer review and coordination powers create supervisory pressure for consistent enforcement.

AMLA in the EU AML architecture

AMLA does not stand alone. It sits within the four-instrument EU AML Package: the AMLA Regulation creates the supervisor; the EU AML Regulation (AMLR) creates the substantive single rulebook; Directive (EU) 2024/1640 governs national supervision and FIU architecture; and the criminal-law AMLD6 (2018) governs the prosecution of money laundering. Together these instruments represent the most significant overhaul of EU AML supervision in three decades. For obliged entities, the practical consequence is a single, harmonised, more demanding supervisory landscape — with AMLA at the centre.