AML Compliance and Regulatory Enforcement Across the European Union

For regulated companies in the European Union, 2025 is bringing numerous changes in the area of Anti-Money Laundering (AML), Countering the Financing of Terrorism (CFT) and Know Your Customer (KYC) compliance. New regulations, such as the Anti-Money Laundering Authority (AMLA) and the EU Single Rulebook, require firms to be prepared for stricter requirements, increased enforcement, and higher penalties for violations.

Stricter Regulations Require Proactive Management of KYC/AML Compliance

As regulations governing AML/CFT and KYC continue to evolve rapidly, firms must not only comply with current regulations but also prepare for future obligations in parallel. This requires continuous monitoring and adjustment of internal processes and procedures.  

To keep pace, firms must ensure that they can accurately identify their business partners and monitor and assess risk from both relationships and financial transactions in real time. Technology is the key to keeping up. Companies that do not utilize sophisticated and automated monitoring systems risk technical deficits and regulatory breaches.

Core Regulatory Requirements Across Europe

AML Regulation (EU) 2024/1624 – The EU Single Rulebook

A cornerstone of the EU’s new AML framework is Regulation (EU) 2024/1624, known as the "EU Single Rulebook" for AML/CFT. The EU Single Rulebook regulation applies to all Member States and aims to eliminate fragmentation by harmonizing AML/CFT obligations for financial institutions. It introduces stricter customer due diligence (CDD) requirements, including reduced thresholds for occasional and cash transactions.

The regulation tightens rules and lowers thresholds for beneficial ownership. Enhanced due diligence (EDD) is now mandatory for high-net-worth individuals. Additionally, crypto-asset service providers (CASPs) are now fully subject to AML rules, including the travel rule and anonymous accounts are banned.

6th AML Directive (EU) 2024/1640 – National Mechanisms and Supervision

Directive (EU) 2024/1640 complements the Single Rulebook by mandating national-level mechanisms to support AML enforcement. It requires Member States to maintain centralized registers for beneficial ownership, including for non-EU entities, and to interconnect these via a European Central Platform. The directive also expands the role and powers of Financial Intelligence Units (FIUs), including the ability to suspend transactions and instruct firms to monitor specific accounts. Supervisory colleges will be established for cross-border financial groups, requiring firms to coordinate more closely with regulators in multiple jurisdictions. The directive also increases the maximum pecuniary sanctions for serious AML breaches to €10 million or 10% of annual turnover, raising the stakes for non-compliance.

AMLA Regulation (EU) 2024/1620 – Establishing the EU AML Authority

Regulation (EU) 2024/1620 establishes the Anti-Money Laundering Authority (AMLA), a new EU-level supervisor based in Frankfurt. AMLA will directly oversee high-risk financial institutions and coordinate with national supervisors, particularly in cross-border cases. For financial services firms, this means a shift toward centralized supervision, especially for those operating in multiple EU countries. AMLA will also issue technical standards and guidelines, which firms must integrate into their compliance frameworks. AMLA commenced operations on 1 July 2025, with full supervisory powers to be phased in by 2028.

Regulation (EU) 2023/1113 – Funds Transfer and Crypto Transparency

Regulation (EU) 2023/1113 updates the EU’s rules on information accompanying fund transfers, extending them to crypto-assets. It mandates that payment service providers (PSPs) and crypto-asset service providers (CASPs) include detailed originator and beneficiary information with each transfer. This includes names, account numbers, and legal entity identifiers (LEIs), ensuring traceability throughout the payment chain. For financial institutions, this means upgrading transaction monitoring systems and ensuring interoperability with crypto platforms. The regulation took effect in December 2024 and is critical for firms involved in cross-border payments or digital asset services.

Firms Should Prepare for More Stringent AML/CFT Oversight and National Variance

These reforms represent a significant shift in the EU’s AML/CFT landscape, especially for financial services firms. Firms should prepare for more consistent and possibly more stringent oversight. However, they also promise a more consistent and effective regulatory environment across the region. To meet the requirements, firms will need to make significant updates to their internal compliance systems, risk assessments, and onboarding procedures—or risk costly and reputation-damaging enforcement.

It's critical to note that unified legislation, including the EU Single Rulebook and AMLA, is intended to harmonize AML/CFT supervision across the European Union but will not entirely replace existing national regulations. While these efforts will bring greater standardization, they do not eliminate the possibility of national deviations or additional local requirements. This will likely increase complexity and raise continued challenges for organisations, especially for firms that operate across jurisdictions.

Regulatory Enforcement Across Europe

Enforcement for AML/CFT and KYC violations has been frequent over the past few years, with common themes including failures in customer due diligence, inadequate transaction monitoring and insufficient identification of beneficial ownership data. Penalties are severe, including fines and, in some cases, directives to cease operations. A few examples include:

• In May of 2024, BaFin fined a bank €9.2m for delayed and systematic suspicious activity reporting (SARs) violations.
• In September 2024, the French Prudential Supervision and Resolution Authority (ACPR) and the Financial Markets Authority (AMF) jointly withdrew a crypto platform’s operating license for violating AML regulations.
• In October 2024, the Austrian Financial Market Authority (FMA) ordered a European American bank to halt operations due to inadequate AML controls.
• In December 2024, a Swedish payment solutions company received a remark and an administrative fine of SEK 500 million by the Finansinspektionen, the Swedish Financial Supervisory Authority, for deficiencies in AML risk assessment and general controls.
• In December 2024, a large institution agreed to pay €7 million to BaFin to settle allegations of repeated AML rule violations while handling correspondent transactions for a Danish bank.
• In February of 2025, the Estonian Money Laundering and Terrorist Financing Prevention Committee revoked the license of a digital exchange in February 2025 due to failures in customer due diligence, risk assessment, and transaction monitoring.
• In March of 2025, a global neobank was fined €3.5 million by the Bank of Lithuania for deficiencies in its AML procedures in March of 2025.

Implications of New Regulation for AML Officers

• Enhanced due diligence requirements: Companies will need to individualize their due diligence processes and perform extensive data analysis.
• Global compliance: Need to check for native language characters and non-Latin characters for global compliance of internationally operating companies.
• Centralized AML management: AMLA will audit cross-border activities, leading to more transparency but also stricter controls.
• Updated policies and procedures: The implementation of new standards and stricter transparency regulations will require extensive training and internal process changes.
• Increased focus on transparency and reporting obligations: Firms are mandated to disclose information about customers and transactions to authorities and to be able to provide audit trails when required.
• Increased individual liability risk: the 6th Anti-Money Laundering Directive (6AMLD) extends responsibility to company directors and compliance officers, increasing the risk of personal liability.
• Higher penalties: Violations of the Anti-Money Laundering Act (AML) and KYC requirements can lead to significant fines and reputational damage through AMLA.

Read about the Impact of MiCA on Your AML/KYC Compliance Program

 Firms that rely on inefficient manual reviews, redundant processes, and siloed systems will find themselves facing errors, slow decision-making, high costs, and dissatisfied customers.

Companies that implement AML and KYC measures more efficiently will have a market advantage over less agile competitors who are exposed to reputational risk.

MCO Enables Firms Across Europe to Effectively and Efficiently Meet AML Obligations

MCO provides firms with a comprehensive platform to meet the regulatory requirements of AMLA, the EU Rulebook and other regulations across the region. With onboarding, screening, monitoring and reporting on a single platform, we enable firms to eliminate operational silos, enhance risk visibility, ensure data accuracy and achieve audit-ready, defensible compliance.

Read why a leading crypto firm chose MCO to tackle MiCA compliance challenges