Featured Image

The Evolution of EU AML & CFT Legislation Beyond AMLD 4,5, & 6


By Barrie C. Ingman  |  November 20, 2019

AMLD 5, operative from Jan 10, 2020, significantly updates AMLD 4: the EU’s framework directive on anti-money laundering (AML) and counter-terrorist financing (CFT). AMLD 6, operative from December 3, 2020, strengthens and harmonizes predicate offenses, money laundering offenses, and sanctions across the EU and facilitates cross-border police and judicial cooperation on AML matters. These are the EU’s two most prominent regulatory developments garnering the most attention from commentators at present. However, they are just one part of a much broader tapestry of AML/ CFT measures that have been published by the EU over the last year. This third and final article in our series focuses on these additional measures that supplement the AMLD 4, 5, and 6 framework.

Background Measures

AMLD 5 and 6 are just two measures within a much broader Commission CFT Action Plan, which includes developments on topics as diverse as tackling the illicit trade in cultural goods (see Regulation (EU) 2019/880), the illegal trafficking of wildlife (see Commission Report COM (2018) 711), cash control measures (see Regulation (EU) 2018/1672), and tax-related initiatives such as those set out in Communication COM (2016) 451 and latterly, Directive (EU) 2019/1153.

In terms of background initiatives, the Commission’s CFT Action Plan is complemented by the European Council’s AML Action Plan of December 2018, which sets out an ambitious package of measures for enhancing AML requirements in relation to prudential supervision.

These background Action Plans serve as nurseries for an abundance of developments, the progeny of which have begun to populate the Official Journal and spring forth from EU institutions and the European Supervisory Authorities in recent months. For those that have been preoccupied with AMLD 5 and 6 and may have overlooked this recent set of developments, this article provides a primer on what you need to know.

Supplementary Measures

Against this broader background, the EU has recently published several regulatory materials that directly supplement AMLD 4 and 5. Starting in May 2019, Commission Delegated Regulation (EU) 2019/758 was published in the EU’s Official Journal, setting out minimum actions and additional measures to be undertaken in relation to third countries which restrict the implementation of group-wide AML/CFT policies through conflicting laws (such as strict data protection or banking secrecy laws). The Regulation covers issues such as individual risk assessments, customer data processing, record keeping, and reporting of suspicious transactions against a backdrop of conflicts of laws. The Regulation applied from September 3, 2019.

Separately, one of the key innovations in AMLD 5 is the creation of a series of centralized registers of companies, trusts, real estate (where available), and bank accounts. In early July 2019, Directive (EU) 2019/1153 was published in the Official Journal, establishing those agencies entitled to access the bank account registers. The Directive also enhances arrangements for the sharing of such information between Financial Intelligence Units (‘FIUs’), Member States, competent authorities, and Europol.

These measures are part of a much broader cross-border co-operation and information disclosure initiative between EU institutions, FIUs and competent authorities, which include prudential supervisorswith specific measures set down to facilitate information sharing between competent authorities and the European Central Bank, as formalized in a recent Multilateral Agreement.

Two weeks after the publication of Directive (EU) 2019/1153, the Commission published a Financial Intelligence Units Report and an Interconnection of Central Bank Account Registries Report, which, among other matters, identify shortcomings in supervision and cooperation in relation to their respective subject matters that suggest ways to address these shortcomings through, among other proposals, enhanced information sharing protocols and the deployment of enhanced technology, which includes the FIU.net platform: a platform through which FIUs exchange information.

On the same day as the above two reports, the European Commission also published its updated AML/CFT Risk Assessment Report, mandated under Article 6 of AMLD 4. This report is part of a wider cascade of risk assessments, which start at the international level with Financial Action Task Force (FATF) reports, which in turn inform the current Commission report which then trickles down through Member State and individual firm risk assessments.

The Commission Risk Assessment Report highlights existing AML/ CFT vulnerabilities including the proliferation of anonymous products, problems with the identification of beneficial ownership, the emergence of new unregulated products such as virtual assets, and supervisory fragmentation that can lead to cases falling between gaps.

The Commission Report followed hot on the heels of the FATF update of its list of jurisdictions identified as having strategic AML/CFT deficiencies with a FATF Action Plan and its list of deficient jurisdictions for which a call for action applies.” The FATF also published Terrorist Financing Risk Assessment Guidance in July 2019. Such FATF materials inform the AML/CFT laws of numerous regions including the EU, with Recital 28 of AMLD 4 specifically directing the European Commission to take into consideration FATF publications when publishing its own, aforementioned, periodic Risk Assessment Report.

For the sake of completeness, and in rounding out the list of AML/CFT related reports published by the European Commission over the summer, it is also worth noting Commission Report COM (2019) 282, in which the Commission provided analysis on compliance with Regulation (EU) 2015/847 (sometimes referred to as the Second Wire Transfer Regulation or Funds Transfer Regulation)a companion legislative text to AMLD 4 that sets out disclosure requirements in relation to the transfer of funds. The report found broad compliance with the regulation overall but noted problems remain in relation to horizontal cross-border issues.

Future Measures

The Commission reports above were published alongside another Commission Report into  certain recent high profile money laundering scandals following a request from the European Council in its AML Action Plan of December 2018. This post-mortem report identified additional structural weaknesses in the current AML/ CFT framework together with criticism of the banks and regulators involved in the scandals as well as certain Member States who have been slow to fully implement and apply AMLD 4.

In its press release announcing the reports, the Commission confirmed that it had launched infringement procedures against those Member States that had failed to adequately transpose AMLD 4. This follows the Commission Opinion of November 2018, which put Malta’s FIU into special measures for failings brought to light during the Pilatus Bank scandal.

In addition to these reports, the Commission announced that it had adopted a Communication, ponderously entitled: Towards a better implementation of the EU's anti-money laundering and countering the financing of terrorism framework.” The Communication sets out an overview of the Commission’s bumper summer crop of AML/CFT reports and emphasizes the urgent need for all Member States to fully implement AMLD 5 and AMLD 6. As with the post-mortem report, the Communication also sets out existing and emerging risks and structural shortcomings that still need addressing within the broader AML/CFT framework.


In short, over the last year and indeed in the space of just a few months, EU institutions have ticked virtually every box of every regulatory development measure that could have been undertaken concerning AML/CFT, which includes supervisory, legislative, and enforcement activity across all levels of the Lamfalussy legislative architecture. These developments show that AMLD 5 and AMLD 6 are only parts of a much bigger picture.

Moreover, those measures outlined above that do not constitute formal regulatory measures establish a sweeping framework of new proposals that beg for another round of legislative developments in the AML/CFT arena.

In the near-term, firms need to focus on ensuring compliance with new AMLD 5 requirements and thereby avoid potential criminal liability under AMLD 6, by ensuring they have the latest technology to meet new enhanced due diligence rules and the supplementary measures outlined above. Firms will also need to overhaul their systems, controls, and policies and procedures to ensure they meet these new requirements. In the medium to long term firms will also need, as ever, to keep an eye out for the next round of regulatory developments in the ever-changing AML/CFT regulatory landscape.

KYC Journey

Barrie C. Ingman

Regulatory Advisor




The information contained in this article is not investment advice. FactSet does not endorse or recommend any investments and assumes no liability for any consequence relating directly or indirectly to any action or inaction taken based on the information contained in this article.