Introducing a Single AML Rulebook

Anti-money laundering continues to be an important practice for financial institutions around the globe

Anti-money laundering continues to be an important practice for financial institutions around the globe. Effective AML practice shave grown in importance as the EU released its largest AML package to date.

While the EU’s policies are designed to provide greater support in the fight against money laundering, the EU’s new proposal will eliminate member state’s autonomy for independent approaches to AML and as a result, financial institutions must be prepared to adapt their AML policy in order to comply with changing regulations.

The EU’s package was originally unveiled in July of 2021 and consists of four legislative proposals that target four key areas:Introducing a single AML rulebook, new AMLA supervisory authority, FIU coordination and support mechanism, as well as new requirements for crypto transfers. Below will discuss the first of the four main areas of focus of theEU’s new AML regulatory framework

The New AML Rulebook

The new AML rulebook is arguably one of the most significant changes coming with the EU’s new AML package and will bring a universal rulebook that all member states of the EU must follow. 

This will also increase the scope of organizations that will be required to abide by the rules including investment migration operators, unregulated crowdfunding service providers, crypto-asset firms, creditors for mortgages, consumer credits, and their associated intermediaries. 

The importance of a compliance manager will also become much more significant as all organizations will be required to have a compliance manager on staff that will be in charge of the implementation of policies and procedures, as well as informing the board of all flaws related to AML compliance and practices.

Organizations will be required to update customer surveillance where low-risk customers are only reviewed after specific triggers and high-risk individuals must be reviewed regularly. To do this, it will become necessary for financial institutions to adopt technological software in order to streamline the processes associated with customer surveillance.

Proper reporting will become extremely important as new regulations will require reporting to the FinancialIntelligence Unit on cases for Suspicious Activity Reports or SuspiciousTransaction Reports. The reporting will have to be done within five business days of the alleged suspicious activity and in some cases, it will have to be reported on within 24 hours. This will again create greater importance to effective and efficient means of AML practices that can be achieved through the adoption of proper Governance, Risk, and Compliance software. 

The EU also aims at limiting outsourcing for specific AML tasks. The rulebook will state that financial institutions will only be allowed to outsource customer due-diligence-related tasks which will likely include Transaction Monitoring. Specific tasks that will be banned include identification of criteria for detecting and reporting suspicious activities or transactions, approval of risk assessments and attribution of customer risk profile, and the development and drafting of internal controls, policies, and procedures.

Call to action

The complexity and emphasis on greater compliance and policy management outlined by the EU’s rulebook will force organizations that are within an EU member state to focus more heavily on the development of an effective compliance team. Organizations must be prepared to adopt GRC technology that can allow for streamlined processes and practices as well as ensure that employees are properly trained in order to comply with changing regulations.


Next week we will discuss the second area of the EU’s AML package which will focus on AMLA supervisory authority.









More News Stories

February 13, 2024
The Digital Odyssey: Navigating Complexity and Triumphs in the Auditor's Tale

In the ever-shifting tides of modern business, the role of internal auditors has undergone a seismic transformation, navigating a labyrinth of complexity that rivals the twists and turns of a riveting thriller

Read story
May 22, 2023
Protecting Third-Party Data Within SaaS Solutions

Modern-day organizations have become increasingly reliant on various third-party software in order to operate effectively. The covid-19 pandemic and the newly blooming remote work environment brought a greater reliance on third-party software such as Microsoft Office or Salesforce

Read story
May 3, 2023
Is your Software Supply Chain Vulnerable to Cyber Threats?

It probably won't come as a surprise that modern organizations have had a growing reliance on various forms of software to operate effectively and efficiently

Read story