How the New EU AML6 Package Changes the Risk-Based Approach to AML
The European Union’s approach to anti-money laundering (AML) is evolving, and recent developments are set to significantly impact how institutions manage their AML processes. As part of our ongoing series on the risk-based approach (RBA), let's break down how the new AML6 package, released in 2024, changes the landscape for businesses operating in the EU.
A Look at the New AML Package
The AML6 package includes three key documents aimed at enhancing the fight against money laundering and terrorist financing across the EU:
- Directive (EU) 2024/1640: Establishes mechanisms for EU member states to strengthen AML practices and replaces the existing AML framework.
- Regulation (EU) 2024/1624: Provides comprehensive regulations for financial institutions and entities to prevent misuse of the financial system for illicit activities.
- Regulation (EU) 2024/1620: Creates the EU Anti-Money Laundering Authority (AMLA), providing it with oversight powers and amending existing financial supervisory regulations.
These legal updates bring key shifts to the risk-based approach (RBA), which underpins how AML is handled within institutions.
1. The RBA as an Institutional Principle
One major change is that the risk-based approach is now a fundamental principle at every level of the AML framework. It extends from the newly formed AMLA to financial intelligence units, supervisory authorities, and all entities involved in AML tasks. This means that not only traditional financial institutions but also outsourced AML service providers are expected to adopt the RBA.
What Does This Mean?
- The RBA is becoming more than just a practice—it's a guiding philosophy for how AML is approached, structured, and implemented.
- Every player, from large banks to small firms providing AML support, must incorporate the RBA as part of their operational fabric.
2. The Shift from Risk Analysis to Risk Management
The second shift is a more sophisticated approach to managing AML risks. The RBA now goes beyond simple risk analysis to comprehensive risk management, emphasizing continuous improvement. Key elements of this process include:
- Ongoing Self-Assessment: Entities must regularly assess their own AML processes, ensuring they adapt to emerging risks.
- Multi-Stage Approach: Risk management now covers a full cycle of risk identification, assessment, updating, and management.
- Independent Audits: In certain cases, an independent AML audit is recommended to ensure the robustness of your processes.
What Does This Mean?
- It’s not just about spotting risks; it's about actively managing and mitigating them on an ongoing basis.
- Entities are encouraged to keep improving their AML measures, looking at everything from their human resources to their documentation and response processes.
3. Applying the RBA to Every Aspect of AML
The RBA is now expected to be applied at every stage and every aspect of the AML process. This comprehensive approach covers:
- Risk Identification and Assessment: Assessing potential risks across all operations.
- Creating and Updating Documentation: Ensuring that AML policies and procedures are documented, updated, and fit for purpose.
- Due Diligence & Compliance Checks: Applying due diligence and verifying that your approach is not just compliant but also effective and up to date.
What Does This Mean?
- The RBA is no longer a box-ticking exercise; it should inform every decision and process in your AML efforts.
- From documentation to compliance, every element of your AML program should be viewed through the lens of risk management.
Conclusion: Embracing the New RBA Standards
The changes introduced by the AML6 package represent a significant shift toward a more holistic, proactive, and structured approach to managing AML risks in the EU. For financial institutions and related entities, understanding and implementing the new RBA principles will be crucial for effective compliance and risk management in this ever-evolving landscape.
If you're navigating these changes or looking to enhance your AML processes, understanding these updates and how they influence the risk-based approach is key to staying compliant and ahead of the curve.
Related articles
Meeting AML Standards in the UAE: What to Expect in 2025
In 2025, the UAE is enforcing one of its toughest AML/CFT regimes yet, with multi-agency oversight, AI-driven monitoring, and steep penalties reaching AED 50 million. Financial institutions, DNFBPs, and VASPs must strengthen KYC, UBO transparency, and risk-based frameworks to stay compliant and protect operations in this zero-tolerance environment.
Read more
AMLA’s Crypto Crackdown: Why Europe’s New Watchdog Sees Virtual Assets as the Top Money Laundering Threat
The new EU Anti-Money Laundering Authority (AMLA), based in Frankfurt, has placed crypto and virtual assets at the top of its money laundering risk list. For CASPs and financial institutions, this means tougher EU-wide supervision, stricter KYC and monitoring obligations, and higher compliance costs. Early preparation — from policy reviews to blockchain analytics — will be key for firms aiming to stay credible and competitive in Europe’s more regulated market.
Read more
Top Money Laundering Scams: A Growing Global Concern
Money laundering remains a significant global challenge, with criminals continually evolving their tactics to exploit financial systems. This article delves into some of the most impactful money laundering scandals, including the Panama Papers, the Russian Laundromat, the Danske Bank scandal, 1MDB, and Wirecard. These cases reveal the sophisticated methods used to disguise illicit funds and highlight the importance of robust regulatory frameworks and international cooperation. At ComplyWiser, we provide expert guidance to help businesses ensure compliance and protect against these threats.
Read more