How EU AMLA supervision is reshaping compliance programs for 2026

Dec 5 / Leonard Nwogu-Ikojo

At the end of 2025, the European Banking Authority’s AML/CFT mandate transitions to the new Anti-Money Laundering Authority (AMLA), marking a major shift in EU AML supervision. As AMLA prepares to assume direct supervisory powers over selected high-risk, cross-border institutions, compliance teams face new expectations around governance, risk assessment, and program consistency. This article explains what the transition from EBA to AMLA means in practice, how supervision and enforcement will change, and how institutions should prepare for a more harmonized and analytically driven EU AML framework.

Transition from EBA to AMLA: what compliance teams need to know

At the end of 2025, the European Banking Authority’s AML/CFT tasks, staff, and resources transfer to the new Anti-Money Laundering Authority (AMLA). AMLA becomes the EU’s first body with direct AML supervisory powers, which are scheduled to commence in January 2028, over a defined set of high-risk cross-border institutions. While national supervisors retain responsibility for all other entities under a harmonized EU rulebook, the handover itself establishes a definitive shift toward more consistent oversight, clearer expectations, and a supervisory model that blends centralized authority with coordinated national enforcement across the EU AML framework.

Centralized supervision under the new EU AMLA authority

AMLA replaces the EBA’s AML/CFT mandate and introduces a new structure in which it directly supervises a limited set of high-risk, cross-border financial institutions, while national supervisors retain responsibility for all other obliged entities under AMLA’s harmonized EU-wide framework and with AMLA empowered to intervene where national supervision is inadequate.

Effects on compliance programs:

  • National discretion narrows but does not disappear; EU-wide alignment becomes the dominant reference point for AML compliance programs.
  • Fragmented control environments across subsidiaries increase supervisory risk because AMLA and national authorities will assess consistency against harmonized standards.
  • Documentation, governance, and reporting must meet uniform criteria under the AML Regulation, with less tolerance for jurisdiction-specific deviations.
  • Directly supervised institutions must prepare for AMLA on-site inspections, thematic reviews, and data-driven supervisory work; all other firms remain subject to national supervision under AMLA’s coordinated framework.

Elevated risk-assessment standards in the EU AML framework

AMLA’s supervisory framework emphasizes a harmonized, risk-based approach. Institutions are expected to implement robust, methodologically sound risk assessments covering customer, product, service, geographic, and transactional exposures. AMLA places particular focus on verifying beneficial ownership, monitoring cross-border activity, and addressing complex structures, including those involving crypto-assets.

Program impacts:

  • Monitoring frameworks should evolve from static, rule-based approaches to adaptive, risk-based systems that incorporate analytics and behavioral detection, supporting stronger financial crime prevention.
  • Enterprise-wide risk assessments must be methodologically sound, with clearly documented scoring logic and robust data integrity controls; updates should be conducted regularly and in response to emerging risks.
  • Institutions should anticipate AMLA-led thematic inspections in high-risk areas—such as cross-border payments, correspondent banking, and crypto-asset activity—either directly or in coordination with national supervisory authorities.

Enforcement and accountability under AMLA supervision

AMLA harmonizes enforcement across the EU, reducing divergence in national supervisory approaches. It can impose administrative sanctions directly on entities under its direct supervision, while emphasizing clear governance accountability for AML/CFT failures. For all other obliged entities, enforcement remains with national supervisors, coordinated under AMLA’s framework for consistent AML enforcement.

Internal program requirements:

  • Governance structures must show clear escalation channels, documented oversight, and control ownership.
  • Internal audit must validate program effectiveness with evidence-based findings, not policy-level checks, aligning with stronger EU AML expectations.
  • Regulatory-engagement protocols must reflect AMLA’s more assertive supervisory posture, including rapid remediation of control weaknesses.

Strategic preparation for 2026 in the EU AML landscape

Key readiness actions:

  • Conduct gap analyses against the EU’s new AML Regulation and AMLA’s supervisory methodology.
  • Upgrade monitoring, KYC, and integrated risk-reporting technology to meet expectations for near-real-time analytics and stronger AML risk management.
  • Build staff capability for analytical judgment, investigative reasoning, and cross-border coordination.
  • Standardize group-wide AML governance to eliminate national-level control divergence.

A more harmonized EU AML supervisory model

AMLA represents a shift toward more centralized EU oversight, emphasizing harmonized standards, governance, and analytical rigor. While direct supervision applies to a selected set of high-risk institutions, all other entities remain under national authorities within AMLA’s coordinated framework. Firms that modernize controls, unify frameworks, and implement data-driven risk management will navigate the 2026 supervisory environment effectively, whereas those relying on fragmented, legacy national approaches will face increased supervisory scrutiny and enforcement risk.

Do you agree? The conversation continues.


Created with