By Pedro Parra,Compliance Officer (Assistant Manager)
On 31st May 2024, the EU adopted Regulation (EU) 2024/1624 – a significant development in the EU’s ongoing effort to strengthen its AML/CFT framework. Unlike the previous directive model, the objective is clear: to create a consistent, unified AML/CFT standard across the single market and reduce fragmentation between Member States.
The regulation will apply across the EU from 10th July 2027, with certain obligations relating to the football sector applying later, from 10th July 2029.
In addition, the EU’s new Anti-Money Laundering Authority (AMLA) will issue further guidance and technical standards, including on:
· Business-wide risk assessments
· Ongoing monitoring
· Simplified and enhanced due diligence
· Outsourcing and reliance arrangements
· Crypto-asset related risks
The regulation maintains the core groups already familiar under EU AML rules, including credit and financial institutions, auditors, accountants, notaries, lawyers (for specific activities), and real estate professionals.
However, the scope is expanded to reflect modern financial and commercial activity. Newly included or clarified ategories include:
· Crypto-asset service providers (CASPs) under MiCA
· Crowd funding platforms and intermediaries
· Investment migration operators (residency-for-investment schemes)
· Traders in high-value goods, including precious metals, stones and goods listed in Annex IV
· Cultural goods traders and those operating in free zones
· Credit and mortgage intermediaries not otherwise captured as financial institutions
· Professional football clubs and football agents (with possible risk-based exemptions for lower-risk clubs)
This wider scope is intended to capture how value now moves across borders – digitally, quickly and sometimes through easily transferable assets.
The regulation formalises governance standards that obliged entities must follow. In practice, this means shaving:
· A business-wide risk assessment approved by the management body
· Clear policies, procedures and controls covering CDD, monitoring, reporting and sanctions screening
· Defined roles, including a compliance manager at management-body level and an empowered compliance officer responsible for day-to-day oversight
· Ongoing training, staff integrity checks and conflict-of-interest management
· Group-wide AML/CFT standards applying to subsidiaries and branches, including those outside the EU
Where local legislation in a third country prevents full compliance, parent entities must implement additional safeguards or, where necessary, reassess their presence in that jurisdiction.
CDD remains central to the regime and applies in a range of familiar situations, including:
· When establishing a business relationship
· When carrying out occasional transactions above EUR 10,000
· At EUR 1,000 for crypto transactions involving CASPs
· At EUR 2,000 for gambling
· For cash transactions of EUR 3,000 or more, where minimum identity checks apply
· Whenever there is suspicion or doubt regarding previously obtained information
The regulation also clarifies the use of simplified and enhanced due diligence:
· Simplified CDD maybe applied where low risk is clearly evidenced, with documented justification and continued monitoring.
· Enhanced CDD is mandatory in higher-risk scenarios, including PEPs, certain cross-border correspondent relationships, and exposure to high-risk third countries identified by the Commission.
Importantly, the regulation clarifies “who is the customer” in certain real estate and legal transactions,helping to avoid gaps in responsibility where only one professional intermediates.
The regulation strengthens transparency around beneficial ownership (BO). Key requirements include:
· A default BO threshold of 25% ownership or control, with the option for the European Commission to reduce this to 15% for higher-risk entity types
· Assessment of control by other means, such as voting rights, veto powers, nominee arrangements or family ties
· Aggregation of indirect ownership interests across multi-layered structures
· Specific rules for trusts, foundations, collective investment undertakings and nominee arrangements
· Requirements for entities and trustees to obtain, hold and update BO data within 28 days of creation or change
· Mandatory discrepancy reporting where BO information obtained through CDD conflicts with register data
Where no beneficial owner can be identified after all reasonable means have been exhausted, senior managing officials may be recorded, provided this is properly documented and justified.
Obliged entities must continue tofile suspicious transaction reports (STRs), including attempted transactions,to the Financial Intelligence Unit (FIU), regardless of amount.
The regulation also provides that:
· FIUs will have faster access to information (within five days, or 24 hours in urgent cases)
· AMLA will standardise STR templates and transaction record formats across the EU
· Tipping off remains prohibited, subject to limited supervisory and law enforcement carve-outs
· Information sharing between obliged entities is permitted under strict confidentiality and GDPR safeguards
· Shared information cannot be used to deny basic banking services or as the sole basis for risk decisions
· Data must generally be retained for five years, with extensions possible at the request of competent authorities
Enhanced measures continue to apply to PEPs, their family members and close associates. These include:
· Senior management approval
· Establishing source of wealth and source of funds
· Ongoing monitoring throughout the relationship
After a person ceases to be a PEP, enhanced due diligence must continue for at least 12 months, or longer where risk remains elevated. Member States must also publish lists of prominent public functions,which the European Commission will consolidate at EU level.
Regulation (EU) 2024/1624 represents a meaningful step towards a more unified and consistent AML/CFT regime across the European Union. Its focus on governance, transparency and clarity reflects the changing nature of global financial activity and the increasing importance of cross-border cooperation.
For firms, the message is clear:preparation will be key. Organisations that begin aligning their governance,data capabilities and group-wide processes now will be well positioned ahead of the 2027 implementation.
Please complete the details below to make
an enquiry and we will respond within 48 hours.
