AMLA consults on business-wide risk assessment and group-wide requirements
a few people working at a table

AMLA consults on business-wide risk assessment and group-wide requirements

AMLA moves forward with shaping the EU AML framework

The European Anti-Money Laundering Authority (AMLA) has launched two key public consultations on:

• Business-wide risk assessments (BWRA)
• Group-wide AML/CFT requirements

Key dates:
• 20 May 2026 – Public hearing (BWRA)
• 28 May 2026 – Public hearing (Group-wide requirements)
• 12 June 2026 – Consultation deadline

The proposed guidelines establish minimum expectations for how obliged entities identify, assess, and manage money laundering and terrorist financing (ML/TF) risks, while allowing proportionality based on size and risk profile. In parallel, draft standards on group-wide requirements aim to ensure robust AML frameworks across cross-border structures, including operations in third countries.

Who is in scope – AMLR obliged entities:

  • Financial institutions (banks, EMIs, PIs, insurers, CASPs)
  • DNFBPs (lawyers, auditors, TCSPs, real estate, etc.)
  • Newly captured sectors (crowdfunding platforms, football agents and clubs)

At group level, entities are expected to perform a comprehensive group-wide risk assessment, consolidating risks across all entities, branches, and jurisdictions.

4 Pillars of an AMLA-compliant BWRA:

  • Business model: Clear mapping of structure, customers, products, delivery channels, and geographies;
  • Inherent risk: Identification and assessment of ML/TF risks across all factors, including emerging risks;
  • Controls framework: Assessment of AML/CFT controls (design and effectiveness), linked to the risks they mitigate;
  • Residual risk: Understanding remaining risk after controls, with defined remediation where exposure is too high.

Data expectations are expanding significantly. AMLA promotes evidence-based risk assessments, requiring input from multiple sources such as FATF publications, sanctions and international reports, FIU feedback and STR/SAR analysis, internal audit and compliance testing, supervisory findings, as well as industry intelligence, public-private partnerships, and external risk data.

Governance expectations are clearly defined. The BWRA should be owned by the Compliance function, approved by the management body, regularly reviewed and kept up to date, embedded across the organisation through training, and readily available to supervisory authorities

Draft Guidelines on business-wide risk assessment
https://www.amla.europa.eu/amla-consults-group-wide-requirements-and-business-wide-risk-assessment_en

Share: 

Related news:

Low angle view of illuminated skyscrapers against a twilight sky, capturing urban architecture and city life.

Basel Committee publishes report on ICT risk management

Please are having a meeting and discussion

EBA streamlines its Guidelines on connected clients to align with new EU legislation

AMLA consults

September 2026: AMLA to Reveal First Entities Selected for Direct Supervision