Blog > EU AML Regulation Changes 2023: What Compliance and Risk Professionals Need To Know

3rd February 2023

EU AML Regulation Changes 2023: What Compliance and Risk Professionals Need To Know

The EU’s anti-money laundering regulations reflect a challenging global financial landscape, and evolve to account for emerging criminal threats, geopolitical change, and new technologies. Recent events such as the Covid pandemic and Russia’s invasion of Ukraine have only added complexity to the EU’s AML requirements, and increased the importance of regulatory compliance for organisations across the bloc. 

Non-compliance with EU AML regulations carries the possibility of strict financial and criminal penalties. In 2022, for example, France’s financial regulator imposed a €1.5 million fine against Crédit Agricole for transaction monitoring and customer due diligence failings, while the Netherlands’ financial regulator issued a €2 million fine against Robeco for similar due diligence failings. With those penalties in mind, EU compliance officers must ensure that they account for a diversity of criminal and regulatory risks, and understand how incoming changes will affect their organisation’s products and services. 

From data protection and cryptocurrency, to reporting rules and economic sanctions, the 2023 EU AML package will bring new compliance challenges for firms of every size. To help you stay ahead of those challenges, we’ve put together a guide to the key EU AML developments that your organisation needs to be ready for. 

The EU AML Authority

In 2021, as part of its wider EU AML package, the European Commission proposed the creation of a new Anti-Money Laundering Authority (AMLA), which would be dedicated to protecting the EU’s financial system from money laundering and terrorism financing threats. In a September 2022 address, EU Commissioner Mairead McGuinness described AMLA as a “game changer”, and set out a range of functions that it would perform, including the supervision of high risk cross border financial sector bodies, and the provision of a Joint Supervisory Team with national supervisors. 

AMLA is scheduled for implementation in 2024. The Commissioner pointed out that it will not replace existing national AML/CFT authorities but will contribute to the creation of a harmonised supervision system across the bloc.

The New 6AMLD 

The EU’s AML package also included the announcement of updates to the Sixth Anti-Money Laundering Directive – essentially a ‘new’ 6AMLD. The updates entail a range of legislative mechanisms and measures, which include the introduction of: 

  • National risk assessments every 4 years
  • Financial intelligence unit (FIU) frameworks for analysis and SAR submission
  • Clarification of beneficial ownership information requirements
  • Cross-border asset registers
  • New public supervisory bodies to provide oversight for EU self-regulatory bodies
  • Clarification of the rules for collecting personal data in the context of AML/CFT
  • Enhanced protection for whistleblowers that expose financial crimes

Common Rules of Conduct for FIs

Accompanying the creation of AMLA, will be the introduction of a ‘single rulebook’ for AML/CFT across the EU, based on the harmonised practices set out in the AMLDs. The single rulebook will establish a set of common rules of conduct for financial institutions (FIs) operating in the EU, including:

  • More detailed customer due diligence (CDD) rules to help FIs determine what type of measures should be applied for different levels of risk.
  • Clarification on the rules for determining ultimate beneficial ownership (UBO) in order to establish a more consistent definition of the term across the EU. The rules will also clarify the powers and obligations of FIs when investigating UBO. 
  • A requirement to connect bank accounts to national registers in order to facilitate faster information sharing processes. 

Crypto Asset Transfer Regulations

In June 2022, the EU announced its landmark Markets in Crypto Assets (MiCA) framework, which will come into legal effect in 2024. A set of crypto regulations relating to unbacked crypto assets and stablecoins, MiCA imposes the following compliance requirements on cryptocurrency service providers:

  • Under MiCA, issuers of stablecoins will have to maintain a sufficient liquid reserve to ensure redemption in the event of a mass withdrawal. 
  • MiCA will require crypto asset service providers to obtain authorisation from a national authority in order to operate in the EU. 
  • MiCA will introduce a public register of crypto asset service providers that are non-compliant with the new regulations. The register will be overseen by the European Banking Authority (EBA).

MiCA will come into effect in 2024 along with the Transfer of Funds Regulation (TFR), a separate set of compliance requirements that address the anonymity risks associated with cryptocurrency transactions. The TFR will introduce the following measures and controls:

  • Cryptocurrency exchanges must obtain the personal details of all parties involved in a crypto asset transfer or transaction. This requirement also applies to unhosted crypto wallets when the value of a transaction exceeds €1,000.
  • Crypto service providers must screen beneficiaries of transactions against sanctions lists. 
  • Crypto service providers must provide the authorities with the personal data of customers when it is requested. 

EU firms should begin preparing for the introduction of TFR and MiCA, which are legislatively intertwined, and which are designed to further harmonise AML/CFT regulations across the EU.

The UK’s Second Economic Crime Bill

While the UK left the EU in 2020, its AML/CFT regulations have kept pace with those of the EU. One of the most significant regulatory changes that will take effect in the UK in 2023 is the second Economic Crime (Transparency and Enforcement) Bill, which will prioritise the prevention of foreign money laundering and promote the UK as a safe business destination. Under the second Economic Crime Bill, the UK will implement the following regulatory steps: 

  • Enhanced investigative and enforcement powers for Companies House.
  • Reform of limited partnership regulations to prevent misuse by foreign persons. 
  • New regulatory powers to seize and recover crypto assets derived from money laundering and other financial crimes. 
  • Enhanced anti-money laundering regulations including reformed information sharing rules, a simplified SAR submission process, and an increased focus on high value financial crime. 

The second Economic Crime Bill builds on steps taken in the first Bill, which introduced an overseas entities register containing beneficial ownership information, a simplified unexplained wealth order (UWO) process, and strict liability for economic sanctions breaches. The Economic Crime Bills reflect the UK’s commitment to keeping pace with the EU, in 2023 and beyond, on issues such as Russian abuse of western financial systems, and the money laundering risks posed by cryptocurrencies. 

How Technology Can Support EU Regulatory Compliance in 2023

The EU AML package will require firms to expand their compliance capabilities in 2023, with specific new requirements for data collection during CDD and UBO checks, and the sanctions screening process. At the same time, firms will have to adapt to enhanced scrutiny from new and existing authorities, which will be focusing on AML/CFT harmonisation. In this changing environment, it is crucial that firms find and implement a technology solution capable of meeting new compliance standards, and of adapting to new regulations as they are introduced. 

Ripjar’s Labyrinth Screening platform offers your business a powerful advantage in meeting the evolving standards of EU AML/CFT compliance. Powered by machine learning technology, Labyrinth Screening enables you to search customers against thousands of structured and unstructured data sources, including adverse media, and global sanctions and watch lists. Labyrinth delivers actionable intelligence in real time, screening in over 20 foreign languages, to ensure that you know as soon as possible when a customer’s risk profile changes, and can adapt to new threats as they emerge, or new legislation as it is implemented. 

Learn more about Ripjar’s EU AML/CFT compliance solutions – contact us today

Subscribe to Newsletter

Ask us for a demonstration that will transform your data intelligence strategy.