Preparing for AMLA: what senior banking leaders need to know

The European Union’s latest Anti-Money Laundering (AML) package represents the most significant regulatory overhaul in years.

It fundamentally reshapes how Financial Institutions manage Customer Due Diligence (CDD), Beneficial Ownership (BO), and financial crime risk. This is not an incremental change, it is a structural reset. Introducing a single AML rulebook, a new supervisory authority, and materially higher expectations around consistency, auditability, and accountability.

This blog outlines what senior leaders need to prepare for now.

A new supervisory reality

The newly established Anti-Money Laundering Authority, (AMLA), will ramp up operations through 2026 and apply its full powers from July 2027. AMLA replaces fragmented national supervision with centralized, harmonized oversight across the EU.

A small number of high-risk, cross-border institutions, likely Tier-1 multinational banks and large crypto firms, will fall under direct AMLA supervision. Most banks will remain indirectly supervised, but with AMLA coordinating national regulators, issuing Regulatory Technical Standards (RTS), and conducting peer reviews.

The practical implication is clear: supervisory expectations will converge, tolerance for local interpretation will narrow, and enforcement will become more consistent and rigorous.

One rulebook, one standard

At the heart of the reform is AML Regulation EU 2024/1624 (AMLD6), which introduces a single, directly applicable rulebook for CDD across all member states. Banks must:

• Collect standardized data for onboarding and ongoing monitoring
• Verify identities and beneficial ownership (BO) information consistently across jurisdictions
• Accept remote verification via eID and eIDAS-compliant methods
• Consult central BO registers
• Detect, report, and evidence discrepancies

Beneficial ownership transparency and the impact of AMLD6

Transparency around BO is a cornerstone of the new AML framework. AMLD6 materially raises the bar on how FI’s must identify, verify, and evidence ownership structures.

FI’s must verify BO before establishing relationships, using central registers and independent sources where necessary. This applies not only to corporates, but also to trusts and similar arrangements, alongside enhanced due diligence for high-risk countries and correspondent banking relationships.

What AMLD6 materially changes

AMLD6 does not redefine ultimate beneficial owner (UBO) thresholds, mandate blanket re-outreach, or require re-collecting documents where evidence remains valid. Instead, it sharpens expectations around precision, consistency, and defensibility.

Key advances include:

• Explicit discrepancy detection and reporting obligations
• A requirement to act when registers are wrong, not merely note the issue
• Harmonized, directly applicable rules via Regulation rather than national transposition
• Supervisory convergence under AMLA
• Much higher expectations for auditability and decision traceability

Discrepancies between a bank’s findings and central registers must also be identified, reported within defined timelines, and supported with evidence. Where a register appears incorrect, banks must invite the customer to correct it, rather than silently work around the issue.

Failure to comply carries both financial penalties and reputational risk.

Cash caps and crypto rules

EU-wide cash transaction limits will apply alongside tighter controls on crypto transfers. The Travel Rule under Regulation EU 2023/1113 mandates traceability for both traditional and digital assets, increasing monitoring and information-sharing obligations for Crypto Asset Service Providers and banks supporting crypto activity.

What FI’s must do differently?

Often, FI’s rely on manual, fragmented processes for CDD and BO verification. They use spreadsheets, siloed systems, email chains, and inconsistent checks across jurisdictions. These processes are:

• Time-consuming to update
• Prone to errors and missed ownership links
• Difficult to audit and defend in regulatory reviews

The AML reforms demand operational change, not just policy updates. Banks must:

• Align CDD to AMLA standards, standardizing onboarding, and review
• Verify BO for all clients and maintain auditable records
• Accept eIDAS and other digital verification methods
• Apply proportionate, risk-based decisions for high-risk countries and sectors
• Conduct enterprise-wide risk assessments with documented rationale
• Maintain full audit trails, even when processes are outsourced

How technology helps:

• Automation: Streamlines KYC, BO checks, and ongoing monitoring
• Orchestration tools: Connect disparate data sources for consistent, auditable results
• Corporate Digital Identity (CDI): Creates persistent, verified profiles for each corporate client, consolidating ownership structures, risk signals, and compliance history
• Digital-first onboarding: Reduces manual work, rework, and operational risk

Technology, AMLD6 and a risk-based approach

AMLA explicitly promotes a risk-based approach to compliance, discouraging blanket de-risking. Meeting this expectation requires automation and orchestration, not additional manual effort.

CDI plays a central role. By creating a persistent, verified digital profile for each corporate client, CDI consolidates entity data, ownership structures, risk signals, and compliance history. This transforms compliance from a reactive, back-office function into a defensible, scalable operating capability.

How Encompass supports AMLD6 readiness

Encompass applies CDI across the full customer lifecycle, creating unified, real-time corporate identity profiles from multiple trusted sources with the EC360 platform. Automated BO discovery and multi-jurisdiction structure resolution reduce manual effort and minimize missed ownership links.

With our EC Public Automation solution standardized CDD attributes are collected, verified, and perpetually monitored, ensuring continuous compliance. Native registry connections and integrated PEP, sanctions, and adverse media screening provide robust oversight, while eIDAS-compatible flows enable secure, frictionless onboarding. Full audit trails and data lineage ensure every change, decision, and update is traceable , particularly beneficial for refresh and remediation backlogs.

For BO, Encompass automates multi-jurisdiction graphing, consults central registers, and produces discrepancy reports with supporting evidence. Risk-based decisions are supported through unified entity data, geography, and screening signals, with configurable models capturing rationale.

For crypto and Travel Rule obligations, Encompass orchestrates originator and beneficiary information, maintaining consistent audit trails across fiat and digital assets. Banks are AMLA RTS ready from day one, accelerating onboarding, reducing rework, and embedding defensible compliance into daily operations.

In practice, this approach delivers measurable results. Clients typically reduce onboarding processing times by 40 to 60 per cent, while operational rework and remediation effort fall significantly .

Encompass also enables banks to refresh their existing client book in bulk and at scale, prioritizing risk, detecting BO changes and discrepancies, and producing supervisor-ready evidence so institutions can get ahead of AMLA timelines and ensure ongoing compliance.

AMLA 2027: Preparing for the next era of compliance

The EU AML package represents the most significant regulatory overhaul in years and marks a new era of transparency and accountability. It reshapes how banks manage CDD, BO, and financial crime risk. For corporate and institutional banks, this is a structural reset introducing a single AML rulebook, a new supervisory authority, and stricter obligations.

Senior leaders must understand what is changing, when it applies, and how to respond. Those who act early and sharpen their processes now will not just avoid costly remediation. Instead, they will gain a competitive advantage, streamline operations, and realize the full benefits of compliance sooner .