Book a Discovery Call

Resources > AMLA: Preparing for the New Era of EU Supervision

AMLA: Preparing for the New Era of EU Supervision

How Financial Institutions Can Adapt, Comply, and Thrive in a Harmonized AML Landscape

Executive Summary

David Shapiro
David Shapiro

Financial Crimes Manager

The creation of the European Anti-Money Laundering Authority (AMLA) marks a watershed moment in the EU’s campaign to strengthen its defenses against financial crime. Triggered by a series of high-profile compliance failures—spanning both traditional banks and fast-growing fintech firms—AMLA represents a direct response to systemic weaknesses that have long hindered effective enforcement.

At the heart of the issue were two structural root causes that the EU identified as critical barriers to timely detection and prevention of financial misconduct. First, inconsistencies between national AML laws created fragmented compliance environments. While EU directives like AMLD were designed to set minimum standards, the operational implementation of day-to-day controls remained in the hands of individual member states—leading to regulatory divergence and uneven enforcement. Second, the supervision of cross-border entities—particularly foreign bank branches—proved ambiguous and ineffective. Although local supervisors had authority over these branches, cases like the Estonian operations of Danske Bank revealed gaps in accountability between the host country (Estonia) and the home country (Denmark), where supervisory responsibility remained largely with Danish authorities.

In response, AMLA was established to harmonize anti-money laundering rules, centralize supervisory power, and elevate compliance standards across all 27 EU member states. Its mandate is ambitious: to unify oversight, close jurisdictional gaps, and promote smarter, tech-enabled compliance at scale.

While the promise of consistent regulation, innovation support, and stronger cross-border coordination is significant, realizing this vision brings substantial operational, cultural, and technical challenges for both AMLA and the institutions it will supervise.

This paper outlines the regulatory shift ahead, the pain points that led to AMLA’s formation, and the technology, governance, and data strategies financial institutions (FIs) need to adopt now. It also explains how ThetaRay’s platform is specifically built to meet these new demands—delivering scalable, auditable, and intelligent AML compliance.

Table of contents

01
Why AMLA? Understanding the Catalyst

AMLA wasn’t born in a vacuum—it’s a response to systemic, costly compliance failures across the EU:

  • Multi-billion euro scandals in major banks

    Danske Bank (Estonia): Between 2007–2015, approximately €160 billion in suspicious transactions, much from Russia and other non-residents, passed largely unchecked. The scandal culminated in a roughly $2 billion global settlement in 2022.
    The Russian Laundromat Scheme: Between 2009-2014, Billions of Dollars were Transferred from Russia, Latvia and Cyprus to West Europe, in one of the sophisticated Laundering schemes, Most of these transactions stayed below radar.

    HSBC: Fined $1.9 billion by U.S. regulators for facilitating drug cartels and sanctioned nations—highlighting severe compliance breakdowns.

  • Digital-native failures

    Revolut Revolut: European central bank fined Revolut €3.5 million for inadequate transaction monitoring—despite no proven money-laundering, but clear control deficiencies.

    Starling Bank: Fined £29 million by the UK’s FCA for “shockingly lax” crime controls that led to high-risk account openings—not aligned with the bank’s rapid growth.

  • PSP/E-money institution fines

    Multiple European PSPs: Investigated across EU member states for AML breaches in 2024-2025, saw a surge in enforcement during this period demonstrates increasing scrutiny over payment intermediaries and e-money providers.

These cases revealed a fragmented regulatory environment, uneven national enforcement, and outdated detection systems. AMLA was created to solve this—with central oversight, direct supervision of the riskiest firms, to ensure highest standards, encourage local supervisors to be stricter and create a unified rulebook.

What AMLA Will Do

Harmonize AML Supervision

Unifies enforcement under a single EU framework (AMLD6, AMLR, AMLAR) to reduce jurisdictional inconsistencies and regulatory arbitrage.

Direct Supervision of High-Risk Entities

From 2028, AMLA will directly oversee ~40 high-risk firms including global banks, PSPs, and crypto providers—based on cross border exposure and impact.

Data-Driven Oversight

AMLA will champion AI, data analytics, and real-time supervision—requiring institutions to modernize systems and reporting capabilities.

Sector-Wide Coordination

Drives collaboration between Financial Intelligence Units (FIUs), national regulators, and financial institutions to promote transparency and consistency.

Key Regulatory Focus Areas Under AMLA

1. Enhanced Customer Due Diligence (CDD)
Stricter verification of beneficial ownership (especially complex entity structures) with enhanced scrutiny of high-risk customers and politically exposed persons (PEPs).

2. Ongoing CDD
Continuous monitoring of customer behavior, not just point-in-time checks.

3. Stronger KYC Requirements
More thorough identity checks including biometric and digital ID verification with tighter onboarding procedures and validation of customer sources of funds and wealth.

4. Suspicious Activity Reports (SARs)
FIs must report suspicious activity faster, with greater accuracy and detail.

5. Cross-Border Transaction Monitoring
Greater transparency into cross-border payment chains, including originators, intermediaries, and beneficiaries. Correspondent banking relationships face enhanced due diligence and disclosure.

6. Sanctions Compliance
Tigher enforcement and oversight of sanctions screening demonstrating real-time, risk-based controls for sanctions compliance.

7. Advanced Technology Adoption
AMLA is actively encouraging the adoption of AI, machine learning, and advanced analytics for transaction monitoring and risk assessment with systems demonstrating explainability and auditability.

8. Risk-Based Approach
Controls must be proportionate to the risk—not a one-size-fits-all approach.

Operational Impact: What Needs to Change

Challenge AMLA Expectation FI Response

Fragmented supervision

Unified rulebook & direct oversight

Harmonize policies, controls, and reporting across jurisdictions

Outdated detection systems

Advanced AI & analytics

Deploy anomaly detection, fuzzy matching, and ownership graph analysis

Cross-border exposure

Full transaction transparency

Centralize monitoring and alerting across regions

AML drift (neobanks, PSPs, crypto)

Sector-wide regulatory expansion

Integrate sanctions screening + TM across high-velocity flows

Regulatory overlaps & cultural gaps

Consistent data-sharing, centralized audits

Improve interoperability, traceability, and supervisory readiness
02
From Fragmentation to Coordination: Preparing for AMLA’s Impact

The implementation of the EU’s Anti-Money Laundering Authority (AMLA) marks a transformative moment for financial institutions—but also brings complex technical, regulatory, and cultural demands. Below is a synthesized view of the challenges, AMLA mandates, and practical responses.

1

Challenge: Fragmented rules and inconsistent enforcement

Expected Change: EU-wide AML rulebook and joint supervisory teams under AMLD6, AMLR, and AMLAR
What to Do:

  • l Harmonize internal policies, procedures, and reporting across all EU branches
  • l Align with evolving AML legislation by ensuring interpretive consistency between local and central compliance functions
  • l Anticipate divergence during the transition period and invest in tools that enforce global standards locally
2

Challenge: AML drift in fast-growing sectors (e.g., neobanks, PSPs)

Expected Change: Expanded mandates and horizontal audits across all financial subsectors
What to Do:

  • l Implement agile compliance architectures capable of adapting to new business models, emerging payment rails, and evolving risk vectors
  • l Integrate sanctions screening and transaction monitoring as a connected workflow, not siloed tools
  • l Prepare for increased supervisory expectations—including scrutiny of training, testing environments, and documentation
3

Challenge: Legacy systems and outdated detection models

Expected Change: AI-ready detection across complex and high-velocity environments
What to Do:

  • l Replace static screening with AI-powered detection that captures fuzzy matches, ownership networks, and risk patterns across borders
  • l Calibrate tools for explainability and auditability to meet AMLA’s growing supervisory scrutiny
  • l Enable cross-sector visibility and readiness for regulator engagement as AMLA scales its staff (projected to grow to ~430 by 2028)
4

Challenge: Regulatory overlap and national culture shifts

Expected Change: Coordinated supervision, data-sharing, and consistent enforcement
What to Do:

  • l Strengthen interoperability between internal systems and national regulators
  • l Promote data standardization and information-sharing readiness
  • l Support a governance culture that embraces AMLA’s collaborative, pan-European model of compliance
5

Challenge: Cross-border exposure and inconsistent national implementation

Expected Change: Direct oversight for the 40 highest-risk institutions, regardless of geography
What to Do:

  • l Deploy centralized analytics and risk dashboards that standardize detection and reporting across entities
  • l Build internal infrastructure that supports real-time escalation and jurisdiction-aware risk mapping
  • l Establish enterprise-wide ownership for AML compliance at the board and operational level

ThetaRay’s Recommendations for Financial Institutions

To prepare effectively for the incoming AMLA regime, financial institutions should take proactive steps to align both operational capabilities and organizational culture with the new regulatory era.

  • l First, institutions should conduct a comprehensive mapping of their weaknesses, inherent and evolving, related with: existing systems, data flows, and governance structures against AMLA standards and historical enforcement case profiles.
  • l This diagnostic step is essential to identify gaps in compliance readiness and uncover vulnerabilities that may have previously gone undetected.
  • l Next, deploying advanced, AI-driven compliance technologies is critical. By leveraging machine learning, contextual analytics, and real-time detection, firms can move beyond static controls and demonstrate to regulators that they are equipped to meet AMLA’s expectations for dynamic, risk based monitoring.
  • l At the governance level, organizations must ensure that AML oversight reaches the boardroom. Transparent decision-making processes and clear accountability frameworks are especially important for institutions that fall under AMLA’s direct supervisory scope. These governance enhancements will be pivotal in building trust and audit resilience.
  • l Equally important is strengthening collaboration with supervisory authorities. Institutions should prioritize interoperability with Financial Intelligence Units (FIUs) and be prepared for real-time or near real-time data sharing. Establishing shared data frameworks and integrating compliance tools with regulatory expectations will reduce friction during examinations and cross-border coordination.
  • l Finally, AMLA readiness requires cultural alignment. Culture starts from the top, Compliance leaders that will reflect to the board severe weaknesses and will not get the budget to fix them is an example for a serious problem in the culture,
  • l Institutions must invest in regular training and awareness campaigns that go beyond policy checklists. By referencing real enforcement cases and tailoring sessions to different risk functions, firms can embed a deeper understanding of regulatory expectations throughout the organization.

Together, these initiatives form the foundation of an AMLA-ready compliance program—one that is modern, accountable, and resilient under scrutiny.

At ThetaRay, we view AMLA as a turning point for compliance maturity. Our AI-native platform is designed from the ground up to help financial institutions easily meet the demands of this new regulatory landscape with agility to adjust to changes..

ThetaRay’s Key Capabilities

1

Risk-Based Transaction Monitoring

ThetaRay leverages Cognitive AI at the detection layer to uncover subtle, complex risks that traditional rule-based systems overlook. Built for AMLA’s intelligence-led, risk-based approach, our platform continuously surfaces evolving threats and sophisticated behavioral patterns missed by legacy tools.

2

Cross-Border Payment Surveillance

ThetaRay delivers deep visibility into high-volume, cross-border transaction flows, including, but not limited to, SWIFT and SEPA networks. We help institutions meet AMLA’s enhanced due diligence requirements for correspondent relationships, tracing full transaction chains across jurisdictions for comprehensive risk oversight.

3

Explainability & Auditability

Our AI models are transparent and fully explainable giving analysts, auditors, and regulators clear visibility into how risk was detected and why an alert was triggered. We offer full traceability, displaying the impact details for each feature on the detected alert, and documentation for each step, decisions, and parameters in the process, making audit-readiness inherent, not an afterthought.

4

Dynamic Risk Scoring

Risk scoring dynamically adjusts in response to behavioral patterns and emerging typologies, helping compliance teams maintain alignment with evolving threats and 4 supervisory expectations.

5

Multijurisdictional SAR Reporting

Ability to support regulatory reporting requirements for multiple jurisdictions under a single umbrella with e-Filing capabilities e.g. goAML (with a roadmap for specific countries),steamlining SAR submissions and standardizing compliance operation globally.

6

Efficient Use of Compliance Resources

ThetaRay’s solution significantly reduces false positives while increasing effectiveness in identifying truly suspicious transactions. Our GenAI-powered alert summaries also help accelerate investigation timelines. The result: improved operational efficiency, faster investigations, and more timely, accurate SAR filings.

05
Conclusion: What Comes Next

AMLA represents a once-in-a-generation opportunity to transform how financial institutions manage financial crime risk—moving from fragmented control to intelligent, proactive compliance. AMLA is the EU’s strong answer to persistent, costly AML failures that have plagued legacy and emerging financial players. Institutions that invest in AI, enforce standardized controls, and adopt cross-border collaboration will be better equipped not only to survive—but to lead in the new regulatory landscape.

But the journey won’t be simple. It will require:

  • Modern, interoperable systems
  • Clear governance and change control
  • Transparent auditability and documentation
  • Scalable, AI-driven platforms that adapt to risk—not just react to it

Glossary of Terms

AMLA (Anti-Money Laundering Authority)
A new EU body created to oversee and harmonize AML/CFT supervision across all 27 EU member states. AMLA will directly supervise high-risk institutions and coordinate national regulators to ensure consistent enforcement.

AMLD6 (Sixth Anti-Money Laundering Directive)
The latest directive from the EU establishing minimum AML standards. AMLD6 introduces stricter penalties, defines criminal liability for legal entities, and strengthens cross-border cooperation.

AMLR (Anti-Money Laundering Regulation)
A proposed EU regulation intended to unify and directly apply AML obligations across all member states, eliminating inconsistencies from national interpretations of AML directives.

AMLAR (Anti-Money Laundering Authority Regulation)
The regulation that formally establishes AMLA and outlines its powers, responsibilities, and governance.

CDD (Customer Due Diligence)
The process of verifying the identity of customers and assessing their risk level. Enhanced CDD is required for high-risk customers or complex ownership structures.

KYC (Know Your Customer)
A key component of AML compliance, involving the collection and verification of customer identification, source of funds, and ongoing monitoring.

SAR (Suspicious Activity Report)
A report submitted by financial institutions to authorities (e.g., FIUs) when there is suspected involvement in money laundering or other financial crimes.

FIU (Financial Intelligence Unit)
A national authority responsible for receiving, analyzing, and disseminating SARs and related financial intelligence to combat money laundering and terrorism financing.

FI (Financial Institution)
Any entity offering financial services, including banks, PSPs, credit institutions, e-money providers, and investment firms.

PSP (Payment Service Provider)
Firms that enable payments and money transfers. They face increased scrutiny under AMLA due to their high-volume, cross-border exposure.

PEP (Politically Exposed Person)
An individual in a prominent public position who may present a higher risk for bribery or corruption, requiring enhanced due diligence.

UBO (Ultimate Beneficial Owner)
The natural person(s) who ultimately owns or controls a legal entity. UBO transparency is a cornerstone of effective AML/CFT regimes.

EU (European Union)
A political and economic union of 27 member states. It legislates on financial crime prevention and enforces AML compliance through centralized bodies like AMLA.

UN (United Nations)
An international body whose Security Council issues binding sanctions that form the basis of national and EU- level sanction lists.

OFSI (Office of Financial Sanctions Implementation)
The UK’s authority for implementing and enforcing financial sanctions, issuing guidance and penalties for non-compliance.

BAFA (Federal Office for Economic Affairs and Export Control)
Germany’s national authority for enforcing export controls and financial sanctions, including compliance with EU restrictive measures.