A new European course in the face of financial risks
Money laundering and terrorist financing pose major threats to the European Union, as they undermine the stability of the financial system, economic security, and the confidence of market participants. By enabling the injection of funds of criminal origin into legitimate channels, these practices harm market integrity, distort competition, and weaken the solvency of financial institutions. They also contribute to the emergence of systemic crises by fostering opacity, speculative bubbles, or cascading failures.
Money laundering involves concealing the illegal origin of sums derived from offences such as tax fraud, trafficking, or misuse of corporate assets, with the aim of reinjecting them into the legitimate economy. These funds can then be used to finance other illicit activities, including terrorism. This is why combating these flows is at the heart of the European Union’s financial security policies.
Faced with constantly evolving threats, European regulation must continually adapt. New forms of financial crime rely on technological innovations (virtual currencies, payment platforms, crowdfunding) and on the globalisation of criminal networks, which exploit regulatory gaps between countries. These developments make detection and control more complex.
In this context, combating money laundering and terrorist financing (AML/CFT) is no longer the exclusive responsibility of public authorities or the banking sector. It now involves a much broader range of economic actors: regulated professions, digital service providers, associations, and even certain very small businesses and SMEs. Vigilance at every level therefore becomes a collective challenge and, for each organisation, an imperative of compliance, responsibility, and prevention of legal, financial, and reputational risks. To address these threats, implementing robust frameworks is not enough; it is also necessary to know how to adapt them, manage them, and audit them regularly.
Regulatory context and developments
Since the 1990s, AML/CFT has established itself as a strategic priority for the European Union. Aware of the systemic risks these practices pose to the integrity of financial markets, economic stability, and investor confidence, the EU has gradually built a regulatory framework based on vigilance, transparency, and cross-border cooperation. Initially focused on banking and financial institutions, this framework has continued to be strengthened, both in terms of obligations and the expansion of its scope.
Over the years, European regulation has thus extended its requirements to many economic actors exposed to money laundering risk. Today, related professions such as accountants and statutory auditors are also concerned, as well as real estate agents, notaries, lawyers, and companies handling crypto-assets or providing payment services. Certain associations, foundations, or sports clubs may also fall within the scope of AML/CFT, insofar as they receive or transfer funds in volumes or contexts that present risk. This extension reflects a broader awareness: money laundering risks run through the entire economy, in increasingly diverse forms.
In this ongoing adaptation dynamic, a major turning point was reached in June 2024 with the adoption of the new “AML/CFT package” by the European institutions. This package is made up of three texts : the sixth anti-money laundering directive (AMLD6), a regulation establishing the AMLA, a European authority dedicated to supervising and coordinating the fight against money laundering across the Union, and a second regulation strengthening due diligence and transparency obligations for obliged entities (AMLR6).
The stated objective is twofold : on the one hand, to harmonize practices among Member States, which are still highly heterogeneous; on the other, to strengthen the capacity to detect, report, and prevent illicit financial flows by closing the loopholes exploited by criminals to circumvent existing controls.
This new regulatory step comes in a context of profound change. Illegal financial flows now circulate at an unprecedented speed, driven by the digitalisation of payments, the development of virtual currencies, and the proliferation of crowdfunding platforms. Criminal and terrorist organisations adapt quickly, exploiting technological innovations and weaknesses in control chains to move funds that are difficult to trace.
In response to this reality, the AML/CFT package requires companies to apply a higher level of vigilance, particularly with regard to customer identification, verification of beneficial owners, and analysis of the nature of transactions. This development creates a growing need for specialised support—legal, operational, and technological.
The three components of the AML/CFT package
First component: The AMLD6 directive
Effective from 10 July 2024, the AMLD6 directive requires Member States to transpose it into national law by 10 July 2027. It aims to standardise the arrangements for creating and managing beneficial ownership registers, i.e., the natural person who actually controls an entity. Requiring registers that are up to date, reliable, and verified means strengthening the ability of authorities and economic actors to detect complex legal structures used for fraudulent purposes.
What sets the AMLD6 apart is that it does not merely ask companies to declare their beneficial owners. It also requires the entities managing the registers (often court registries, tax authorities, or trade registers) to actively verify the information submitted and check its accuracy with the companies concerned. This creates a genuine chain of responsibility and puts an end to a purely declarative approach, which is of limited effectiveness in practice.
By ensuring the accessibility and accuracy of information through the AMLD6 directive, the European Union aims to enhance transparency and increase the effectiveness of its measures to combat opaque financial flows, in response to growing compliance and supervisory requirements. However, these new requirements raise practical difficulties, notably due to the considerable volume of data to be processed by the competent authorities, the technical complexity of the obligations and their operational implementation, and the legal or financial risks associated with non-compliance.
The strengthening of transparency obligations, particularly regarding the disclosure of sensitive data, also gives rise to serious concerns about their compatibility with the GDPR and respect for the right to privacy. In March 2023, the European Data Protection Supervisor (EDPS) warned of the risks associated with excessive information sharing between public and private actors. Certain provisions of the new framework could, in its view, undermine the safeguards provided by the Charter of Fundamental Rights of the European Union.
Second component : Regulation (EU) 2024/1620
The second pillar of the new European AML/CFT framework is the Regulation (EU) 2024/1620 which establishes the new European Anti-Money Laundering Authority (AMLA). This supranational authority, based in Frankfurt am Main, represents a strategic turning point. It is tasked with ensuring consistent application of anti-money laundering rules across all Member States, while safeguarding the stability of the financial system and protecting the public interest.
Designed to strengthen supervision at European level, AMLA will play a central role in coordinating Financial Intelligence Units (FIUs), key actors that provide the link between professionals subject to due diligence obligations and the competent authorities. By collecting, analysing, and transmitting suspicious transaction reports, FIUs help detect illicit financial networks and prevent systemic risks. AMLA will therefore harmonise practices, streamline cooperation between Member States, and ensure greater effectiveness of the framework.
However, its powers go far beyond that. With its own legal personality, AMLA will have direct supervisory powers over financial institutions considered high risk, from 2028. It will be able to assess their compliance frameworks, conduct inspections, and, where appropriate, impose corrective measures, administrative fines, or financial penalties. The authority will also be able to establish partnerships with major institutional players in the sector, such as Europol, the European Public Prosecutor’s Office, or international authorities, to ensure coordinated steering of actions at a global level.
For companies in the financial sector, as well as for all actors indirectly affected by these developments, including consulting firms and regulated professions, this new European governance calls for upskilling, a review of compliance frameworks, and strategic anticipation of upcoming requirements . The start of AMLA’s operations will be accompanied by a heightened level of oversight. It is therefore crucial to anticipate this authority’s expectations from today.
Third component : Regulation (EU) 2024/1624
Final component of the new European legislative AML/CFT package, the Regulation (EU) 2024/1624, also known as “AMLR6”, is an essential part of the new European framework. For the first time, a common set of rules applies to all Member States. This standardisation aims to close the regulatory loopholes exploited by fraudsters by establishing a more coherent and more rigorous framework at European level.
This regulation marks a major development by expanding the circle of professionals subject to due diligence obligations. From now on, crypto-asset platforms, dealers in luxury goods, as well as sports clubs and agents join traditional financial institutions within the scope of anti-money laundering rules. This expansion is explained by the specific risks in these sectors : the anonymity and fluidity of crypto-asset transactions, the mobility and high value of luxury goods, and the massive financial flows, sometimes cross-border, in the world of professional sport.
In addition, requirements for customer identification and verification (KYC) are significantly strengthened to combat more effectively the risk of financial crime within financial institutions. The data to be collected on the identity of the customer and the beneficial owner becomes more detailed, and its updating will have to be carried out according to a specific frequency: every year for high-risk profiles, and at least every five years for others.
The regulation also introduces specific obligations in the event of business relationships or occasional transactions involving natural or legal persons from third countries considered high risk by the Financial Action Task Force (FATF), i.e., countries whose frameworks for preventing money laundering and terrorist financing remain weak or incomplete. In these situations, enhanced due diligence measures will have to be systematically deployed.
In short, AMLR6 profoundly redefines the compliance standards expected in Europe. It calls on economic actors, particularly those recently brought within the regulatory scope, to review their internal procedures, strengthen their monitoring frameworks, and equip themselves to meet more frequent, more precise, and stricter control requirements.
Conclusion
The AML/CFT package sets a new European framework—more ambitious and more rigorous—that broadens the range of actors concerned and strengthens due diligence, identification, and traceability requirements. In a context of increased oversight and regulatory pressure, companies must now demonstrate their ability to effectively prevent money laundering and fraud risks.
For these companies, the key lies in anticipation : understanding the texts, mapping risks, updating procedures, training teams, and embedding compliance into every process. Because beyond an obligation, compliance can become a decisive competitive advantage.
Ready to get started ? NG supports SMEs and mid-sized companies with a tailored method adapted to your challenges. Get ahead: make your long-term commitment a driver of growth. Contact us!