Introducing a Single AML Rulebook

Anti-money laundering continues to be an important practice for financial institutions around the globe

Anti-money laundering continues to be an important practice for financial institutions around the globe. Effective AML practice shave grown in importance as the EU released its largest AML package to date.

While the EU’s policies are designed to provide greater support in the fight against money laundering, the EU’s new proposal will eliminate member state’s autonomy for independent approaches to AML and as a result, financial institutions must be prepared to adapt their AML policy in order to comply with changing regulations.

The EU’s package was originally unveiled in July of 2021 and consists of four legislative proposals that target four key areas:Introducing a single AML rulebook, new AMLA supervisory authority, FIU coordination and support mechanism, as well as new requirements for crypto transfers. Below will discuss the first of the four main areas of focus of theEU’s new AML regulatory framework

The New AML Rulebook

The new AML rulebook is arguably one of the most significant changes coming with the EU’s new AML package and will bring a universal rulebook that all member states of the EU must follow. 

This will also increase the scope of organizations that will be required to abide by the rules including investment migration operators, unregulated crowdfunding service providers, crypto-asset firms, creditors for mortgages, consumer credits, and their associated intermediaries. 

The importance of a compliance manager will also become much more significant as all organizations will be required to have a compliance manager on staff that will be in charge of the implementation of policies and procedures, as well as informing the board of all flaws related to AML compliance and practices.

Organizations will be required to update customer surveillance where low-risk customers are only reviewed after specific triggers and high-risk individuals must be reviewed regularly. To do this, it will become necessary for financial institutions to adopt technological software in order to streamline the processes associated with customer surveillance.

Proper reporting will become extremely important as new regulations will require reporting to the FinancialIntelligence Unit on cases for Suspicious Activity Reports or SuspiciousTransaction Reports. The reporting will have to be done within five business days of the alleged suspicious activity and in some cases, it will have to be reported on within 24 hours. This will again create greater importance to effective and efficient means of AML practices that can be achieved through the adoption of proper Governance, Risk, and Compliance software. 

The EU also aims at limiting outsourcing for specific AML tasks. The rulebook will state that financial institutions will only be allowed to outsource customer due-diligence-related tasks which will likely include Transaction Monitoring. Specific tasks that will be banned include identification of criteria for detecting and reporting suspicious activities or transactions, approval of risk assessments and attribution of customer risk profile, and the development and drafting of internal controls, policies, and procedures.

Call to action

The complexity and emphasis on greater compliance and policy management outlined by the EU’s rulebook will force organizations that are within an EU member state to focus more heavily on the development of an effective compliance team. Organizations must be prepared to adopt GRC technology that can allow for streamlined processes and practices as well as ensure that employees are properly trained in order to comply with changing regulations.


Next week we will discuss the second area of the EU’s AML package which will focus on AMLA supervisory authority.









More News Stories

April 8, 2022
Developing a Mature Risk and Resiliency Strategy

Successfully creating and implementing an effective risk and resiliency strategy can be a difficult task for organizations

Read story
March 11, 2022
Managing Information Risk in the Context of the Business

Business today is an interconnected network of connections, business relationships, distributed operations, scattered data and systems, shared processes, and risk exposure

Read story
February 22, 2022
Why Software Companies are Struggling When Selecting Content Partners

Organizations often are finding themselves seriously unhappy with their agencies...

Read story