A guide to the EU Anti-Money Laundering Directives (AMLD)

Since its formation, the European Union has developed a comprehensive anti-money laundering and countering the financing of terrorism (AML/CFT) framework. This allows member states to regulate businesses in their country to protect themselves against financial crime threats. The presence of EU-wide legislation also makes it more difficult for criminals to exploit regulatory gaps between individual jurisdictions. 

Since the early 1990s, the EU’s AML/CFT regime has been built around a series of Anti-Money Laundering Directives (AMLDs). AMLDs are periodically updated laws issued by the European Parliament detailing regulatory requirements for EU firms. However, since this body has no direct enforcement powers, implementation is the responsibility of member states, who must transpose the directives into their domestic legislation. 

A brief history of the EU AMLDs

The 1st, 2nd and 3rd AMLD

The First Anti-Money Laundering Directive (1AMLD) was issued in 1991, and therefore predates the transformation of the original ‘European Community’ into the EU in 1993. 1AMLD was passed at a critical time for AML, two years after the creation of the Financial Action Task Force (FATF), the global financial crime watchdog. It was arguably as much a rhetorical tool as a policy directive, encouraging member states to take AML seriously. Previously, AML had been the subject of only occasional inter-governmental action by European governments in the 1980s. 

The FATF issued its first version of its Recommendations in April 1990, which significantly influenced 1AMLD. 1AMLD’s foundational measure required member states to criminalize money laundering. It also targeted banks as the primary ‘obligated entities’ in the private sector, requiring member states to ensure these firms implemented AML measures. These included know-your-customer (KYC) and customer due diligence (CDD) procedures, transaction monitoring, suspicious transaction reporting, and record-keeping requirements. 

However, 1AMLD’s limits soon became clear: its focus on banks ignored the wide range of businesses used to integrate illicit funds with the legitimate financial system, and it did not address the various predicate crimes in money laundering. As a result, the Second Anti-Money Laundering Directive (2AMLD) was passed in 2001. Following the revision of the FATF’s Recommendations in 1996, it expanded and defined the range of predicate offenses and clarified reporting requirements. It also widened the scope of the directive to include ‘non-banking financial institutions’ (NBFIs), such as money services businesses, and ‘designated non-financial businesses and professions’ (DNFBPs), such as lawyers and accountants, often known as ‘gatekeepers’ to the financial system. 

The Third Anti-Money Laundering Directive (3AMLD) came into effect in 2005 and was largely aimed at tackling the financing of terrorism. Some EU member states had already taken individual legislative actions in this area, such as the UK with the Terrorism Act 2000. In 2003, meanwhile, the FATF revised its Recommendations further to redefine its responsibilities as the international standard-setter for CFT and AML by creating nine ‘Special Recommendations’ on terrorist financing. 

Aside from CFT, 3AMLD continued to expand AML obligations to new types of business, such as casinos, and saw the introduction of the risk-based approach to AML, allowing firms to vary their due diligence procedures depending on customer risk levels. Recognizing the need to motivate regulated firms, 3AMLD also introduced penalties for AML breaches. It did not, however, explicitly cover how these penalties were to be calculated, leaving this to domestic legislation. This would be something further versions of the AMLD would have to return to. 

The Fourth Anti-Money Laundering Directive (4AMLD)

After more than a decade, 4AMLD was implemented in June 2017. It focused on aligning EU policy with the latest FATF guidelines and updating its measures in response to new financial crime typologies and AML opportunities created by technological development. Key updates included: 

• A broader regulatory scope: 4AMLD imposed CDD requirements on many previously unregulated firms, including all gambling services, all credit and financial institutions, and many DNFBPs. It also expanded CDD obligations to certain types of transactions and financial products, including transactions outside of business relationships and, for the first time, some e-money products.
• Beneficial ownership reporting: 4AMLD introduced requirements for EU countries to record ultimate beneficial ownership (UBO) information in centralized registers, and adjusted the definition of UBO to include senior management officials. Record-keeping requirements were also introduced for trustees of express trusts. 
• An expansion of the risk-based approach: 4AMLD strengthened the risk-based approach’s criteria, requiring firms to factor geographic locations, products, services, types of transactions, and delivery channels into their customer risk profiles.
• Coverage of tax crimes: 4AMLD made tax crimes predicate offenses for money laundering and brought legal advice under the scope of AML/CFT reporting obligations. 
• Defining politically exposed persons: 4AMLD expanded the definition of a politically exposed person (PEP) to include domestic figures rather than just foreign individuals. 

The Fifth Anti-Money Laundering Directive (5AMLD)

5AMLD, implemented in 2020, shared much of 4AMLD’s focus, with provisions to strengthen existing regulations. It also introduced new measures to address money laundering through cryptocurrencies. Some important areas of focus for 5AMLD were: 

• Beneficial ownership: In a bid to achieve greater corporate transparency, 5AMLD made centralized UBO registers publicly accessible and introduced a requirement for private UBO registers for bank accounts. EU states were required to make their UBO lists interconnected across countries and strengthen their verification mechanisms. 
• Prepaid cards: 5AMLD reduced the previous transaction limit on prepaid cards to €150, and to €50 for online transactions. Transactions from prepaid cards outside the EU were prohibited unless issued in a territory with EU-equivalent AML/CFT standards.
• High-value goods: Under 5AMLD, traders in high–value goods, such as artwork, became subject to AML/CFT reporting obligations and CDD measures when engaging in transactions of €10,000 or more. To help combat terrorist financing, historical, cultural, and archaeological artifacts also fell under the high-value AML/CFT rules.
• Cryptocurrency: 5AMLD introduced a legal definition of cryptocurrency and brought both cryptocurrencies and cryptocurrency exchanges under the scope of existing AML/CFT regulations. Under 5AMLD, cryptocurrency service providers had to register with financial authorities, and financial intelligence units (FIU) were given powers to obtain the names and addresses of cryptocurrency owners. 
• High-risk countries: 5AMLD required firms to perform mandatory enhanced due diligence (EDD) on customers from high-risk third countries. 
• Politically exposed persons: 5AMLD introduced a requirement for member states to release publicly available functional PEP lists. To aid this process, the EU also released its list of domestic positions it considered politically exposed (without naming the individuals holding them). 

The Sixth Anti-Money Laundering Directive (6AMLD)

Implemented in 2021, 6AMLD, guided member states on emerging money laundering threats and clarified some aspects of 5AMLD. Some crucial elements of 6AMLD were: 

• Predicate offenses: To close loopholes in existing legislation, a crucial step 6AMLD took was to include an expanded list of 22 money laundering predicate offenses, including cybercrime, environmental crime, tax crime, and human trafficking and smuggling.
• Additional offenses: 6AMLD added “aiding and abetting” to the list of activities categorized as money laundering. 
• Extension of criminal liability: 6AMLD extended criminal liability for money laundering to include legal persons (companies and partnerships) in situations where those persons have failed to prevent illegal activity. 
• Stricter punishment: 6AMLD increased the minimum sentence for money laundering crimes to 4 years’ imprisonment. 

The EU’s new AML/CFT framework: A complete guide

Our comprehensive guide for firms contains advice and tips on the latest EU AML legislation, and how to make sure your business complies.

Download now

The ‘New’ Sixth Money Laundering Directive

On July 20, 2021, the European Commission announced a new ‘package’ to overhaul the EU’s AML/CFT framework. Part of this package was a new set of regulations that have come to be known as the ‘new’ 6AMLD – partly because the European Commission now regards the initial 6AMLD as a standalone piece of legislation. The new 6AMLD updated and replaced aspects of previous versions of AMLD, harmonizing AML regulation and enforcement across EU states. Highlights included:

• National Risk Assessments: 6AMLD required member states to conduct National Risk Assessments (NRAs) every four years and make the results available to obligated entities. 
• FIU frameworks: States must also develop proposals for a domestic FIU joint analysis framework to offer regulated entities more clarity on submitting suspicious activity reports (SARs). 
• Regulatory supervisors: States must also establish public bodies with a duty of oversight over domestic self-regulatory bodies, with the EU introducing a risk categorization tool to harmonize supervisory approaches and provisions for cross-border AML/CFT colleges to enhance cooperation between jurisdictions.  
• Beneficial ownership: The new 6AMLD clarified which information should be held in EU beneficial ownership registers.
• Asset registers: EU member states must create cross-border asset registers that contain information on bank accounts, safes, and real estate. 
• Whistleblower protections: States must implement enhanced protections for whistleblowers, strengthening personal data protection and judicial protection.
• Personal data: The new 6AMLD clarified the legal basis for processing personal data in AML/CFT contexts. 

In addition to 6AMLD, the EU’s AML/CFT package took the major step of creating a new EU-wide regulator responsible for AML/CFT supervision across the region: the Anti-Money Laundering Authority (AMLA). The latest version of the regulation confirming AMLA’s establishment, the Authority for Anti-Money Laundering and Countering the Financing of Terrorism and Amending Regulations, was agreed in December 2023. AMLA’s introduction reflects a changing global risk landscape, including the emergence of disruptive FinTech companies, new payment methods and virtual currencies, and increasingly sophisticated criminal methodologies. It was also a response to the involvement of major European FIs in money laundering-related scandals and the perceived shortcomings in the EU’s existing AML framework that had enabled this. 

AMLA is expected to begin work in 2025, taking on supervisory activities by 2028. These will include: 

• Directly supervising the highest-risk regulated entities operating across borders, referred to as “selected entities,” and indirectly overseeing other entities through self-regulated bodies or other supervisors. 
• Maintaining an AML/CFT supervisory database with updated information for supervisors.
• Overseeing the FIU.net platform, an EU-wide mechanism to enhance data-sharing and enable cooperation between FIUs.
• Fining offenders, with total penalties able to reach whichever is higher out of 10 percent of annual turnover, or €10m.

How to comply with AMLD

The AMLDs are a substantial body of legislation, and EU firms often face the challenges of interpreting complex rules and taking practical, effective steps to fulfill them. To stay compliant and well-positioned for further regulatory updates, firms should ensure they have clear procedures in place to cover all of the following crucial steps: 

• Carry out risk assessments: As specified by AMLD, firms should conduct regular business-wide risk assessments to anticipate the threats they are likely to face and tailor their policies accordingly. 
• Implement effective CDD procedures: Firms should gather the necessary data to confirm each customer’s identity and accurately assess the level of AML/CFT risk they pose. This should include sanctions, PEP, and adverse media screening. 
• Continue to monitor customer risk profiles: Because customer risk levels are dynamic, firms must track any changes that could affect them, reducing their likelihood of doing business with high-risk entities. 
• Monitor all customer transactions: Some AML risks will only become visible over time rather than at customer onboarding. Firms should therefore monitor transactions to detect suspicious activity, such as a pattern of unexplained transactions to high-risk jurisdictions. 
• Adopt advanced AML technology: Collecting and analyzing the required data for these steps makes regulatory technology (RegTech) an essential tool for businesses. Specialist AML/CFT software solutions, especially those leveraging artificial intelligence (AI), allow firms to boost efficiency by automating lower-risk tasks so compliance experts can devote their time to making data-driven case decisions. 

AI-powered compliance solutions for EU firms 

ComplyAdvantage uses market-leading risk intelligence to provide firms with a comprehensive view of their AML/CFT threats, along with screening and monitoring enhanced by cutting-edge machine learning (ML). Firms subject to AMLD rely on ComplyAdvantage to ensure compliance with these solutions: 

• Customer and company screening: Firms can onboard customers securely and at scale by screening them against real-time data on sanctions, watchlists, PEPs and RCAs, adverse media, and enforcement actions. 
• Ongoing customer monitoring: Stay updated on changes in customer profiles without delay, for faster remediation and ongoing regulatory compliance. 
• Payment screening: Reduce false positives and mitigate sanctions risks with a payment screening solution that processes 99% of payments in under half a second. 
• Transaction monitoring: Enhance your ability to detect suspicious payment patterns, tailor rules according to your risk profile and appetite, and prioritize alerts to boost productivity.