AMLA Pushes Forward on AML Rulebook with New Consultations on Risk Assessments & Group Controls

Key Takeaways

• Dual Consultations Signal Next Phase: Anti-Money Laundering Authority has launched consultations on business-wide risk assessments and group-wide AML controls, moving from early methodology discussions toward concrete implementation expectations.
• Risk-Based Approach Reinforced: Draft guidelines require obliged entities to assess money laundering and terrorist financing risks across their operations, with proportionality based on size, structure, and risk profile.
• Group-Wide Visibility a Priority: Proposed standards push firms, especially multinationals, to maintain a consolidated view of risk across all entities, including those operating in third countries.
• Non-Financial Sector in Focus: The consultations build on AMLA’s earlier push to standardize risk assessment methodologies across the non-financial sector, an area historically marked by fragmented supervision.
• Early Industry Engagement Continues: Public hearings in May and prior roundtable efforts reflect AMLA’s strategy of incorporating stakeholder input before finalizing its framework.

Deep Dive

Europe’s new Anti-Money Laundering Authority launched two public consultations that go to the heart of that effort, setting out draft expectations for business-wide risk assessments and group-wide AML and counter-terrorist financing frameworks. The proposals arrive as part of a broader push to bring consistency to a system that has long varied across sectors and jurisdictions.

The timing is notable. Just days earlier, AMLA signaled its intention to standardize how risks are assessed across the EU’s non-financial sector, opening early dialogue with industry through a planned roundtable on May 4. That initiative focused on building a common methodology for supervisors, one that could guide how risks are measured and how oversight is applied. The new consultations shift the focus from methodology to execution, outlining how firms themselves are expected to operationalize those assessments.

At the center of the first consultation are draft guidelines on business-wide risk assessments under Article 10(4) of the Anti-Money Laundering Regulation. These guidelines set minimum expectations for “obliged entities” across both financial and non-financial sectors, requiring them to identify and evaluate money laundering and terrorist financing risks across their operations.

The approach is deliberately flexible. AMLA emphasizes proportionality, allowing firms to tailor their risk assessments to their size, business model, and overall risk profile. The aim is not to impose a rigid template, but to ensure that organizations can make informed, risk-based decisions about how to manage their exposure and demonstrate that those decisions are grounded in a clear understanding of where risks actually lie.

The second consultation turns to group-wide requirements, with draft regulatory technical standards under Articles 16(4) and 17(3). These proposals set minimum expectations for how organizations manage AML risks across corporate structures, particularly where operations span multiple jurisdictions or extend into third countries.

Here, the focus is on visibility and alignment. Firms are expected to maintain a consolidated view of risk across all entities, adapting internal policies, procedures, and control functions accordingly. For multinational groups, that could mean tighter coordination between local compliance teams and a more unified approach to risk oversight.

Both consultations reflect a consistent theme emerging from AMLA’s early work, that fragmented approaches to risk assessment are no longer sustainable. In the non-financial sector especially, where business models and risk profiles vary widely, regulators have struggled to apply consistent supervisory standards. AMLA’s parallel effort to develop a common risk assessment methodology for that sector is intended to address precisely that challenge, helping national supervisors focus on higher-risk areas and calibrate the intensity of their inspections.

For now, the authority is seeking input before locking in its approach. Stakeholders are invited to submit feedback in any official EU language, with a particular emphasis on engagement from the non-financial sector. Two public hearings are scheduled to support that process, covering group-wide requirements on May 20 and business-wide risk assessment guidelines on May 28, both running from 10:00 to 12:00 CET.

There is a clear throughline connecting these initiatives. AMLA is not only defining how risk should be measured at a system-wide level, but also how that understanding should translate into day-to-day compliance practices within firms. The combination of early-stage dialogue and formal consultation suggests a regulator intent on shaping the framework with industry input but also on ensuring that, once in place, it is applied with greater consistency across the EU.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.