.png)
EU AML Reform Framework
The EU AML legislative package introduces a structural reform of the AML/CFT regime. It includes the AMLR, AMLD6, the Regulation establishing the Anti-Money Laundering Authority (AMLA), and the recast Transfer of Funds Regulation. The AMLR will apply directly across Member States from 10 July 2027, establishing a harmonised single rulebook and reducing reliance on national transposition, while AMLD6 maintains a complementary national layer, particularly in areas requiring transposition such as sanctions and supervisory powers.
Supervisory Architecture and Technical Standards
The AMLA introduces a centralised supervisory component. It will directly supervise selected high-risk cross-border financial institutions and exercise indirect oversight over national competent authorities. It will also develop draft Regulatory Technical Standards and Implementing Technical Standards, to be adopted by the European Commission, specifying detailed requirements for customer due diligence, beneficial ownership, and internal controls. A significant tranche is expected around 2026, subject to consultation and legislative timelines.
Core Regulatory Changes
The AMLR introduces greater standardisation and prescriptiveness. Institutions must document the purpose and intended nature of business relationships in a consistent and auditable manner, including relevant occasional transactions. The framework clarifies the beneficial ownership threshold at 25 percent and reinforces the obligation to identify control through other means, including through economic or contractual arrangements. It also expands ownership concepts to include economic rights such as profit entitlement or liquidation proceeds. In parallel, it strengthens expectations on the consistency, traceability, and documentation of customer due diligence and risk assessment methodologies.
Persistent Framework Weaknesses
Common deficiencies remain, including incomplete risk identification, static risk models not aligned to regulatory developments, limited effectiveness testing and validation of transaction monitoring and screening systems, and training not aligned to the entity’s risk profile. The EU framework also increases emphasis on structured, standardised data, supporting more consistent risk analysis, model outputs, and supervisory review.
Comparison with Maltese PMLFTR
A comparison with Malta’s PMLFTR highlights the transition. The AMLR is directly applicable EU law, while the PMLFTR are national measures based on earlier directives, reflecting a more principles-based framework with greater national discretion.
Supervision under the PMLFTR is exercised at national level, primarily by the FIAU. Under the new framework, an EU-level supervisory layer is introduced through the AMLA, enhancing supervisory convergence and consistency, particularly for cross-border groups.
While both regimes are risk-based, the AMLR is more prescriptive in the application of customer due diligence and risk assessment. It standardises the 25 percent ownership threshold, clarifies broader ownership interests, and provides for lower thresholds in defined higher-risk scenarios within the legislative framework. National rules will remain, but the Maltese framework will require targeted amendments to align with directly applicable EU provisions and AMLD6.
Implementation Planning
The AMLR will apply from July 2027, with certain elements phased. Institutions should initiate gap analyses against requirements and forthcoming technical standards, prioritise remediation, and establish governance structures to oversee implementation. AML/CFT frameworks must remain dynamic and aligned with evolving EU technical standards and supervisory expectations.
How BDO Malta Supports Ongoing AML/CFT Compliance and AMLR Readiness
BDO Malta provides support to subject persons through structured regulatory impact assessments, focused gap analyses, enhancement of AML/CFT frameworks, and recalibration of risk assessment methodologies in line with EU harmonised requirements and Maltese supervisory expectations. The approach emphasises controlled implementation, robust documentation, and auditability, ensuring outcomes that are consistent and defensible under supervisory scrutiny.