Skip to content

AML/CTF Compliance in the European Union


Money laundering and terrorism financing laws in the European Union?

The European Union (EU) is made up of 27 countries (Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain and Sweden), all of whom can “translated” the rules of the EU into laws within their own countries.

To achieve this in relation to Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) laws the EU has issued a series of “directives”, which are an instrument that sets out a goal that all EU countries must achieve when they “translate” these rules and therefore laws, and the application of these laws can (and does) vary by member state as laws are devised in different ways to reach these goals.

The main directives issued by the EU in relation to AML/CTF are outlined below:

  • 6AMLD - Came into force on 3 December 2020 (released on 23 October 2018) and codified 22 predicate offences including cyber and environmental crimes.  Click here for a summary of the 6AMLD.
  • 5AMLD - Came into force on 10 January 2020 (released in 2018) and added to the “transparency agenda” requiring public ultimate beneficial owner (UBO) lists. Click here for a summary of the 5AMLD.
  • 4AMLD - Came into force on 26 June 2017 (released in 2015) and widened the scope of AML rules to include DNFBPs and Gaming firms. Click here for a summary of the 4AMLD.
  • 3AMLD - Came into force in 2007 (released in 2005) and tackled issues related to terrorism financing.
  • 2AMLD - Came into force in 2001 and expanded predicate offence definitions in alignment with the Financial Action Task Force (FATF)
  • 1AMLD - The EU adopted the first anti-money laundering Directive in 1990 in order to prevent the misuse of the financial system for the purpose of money laundering and required member states to criminalise money laundering.

In addition to these directives, the European Banking Authority (EBA), one of the European Supervisory Authorities that are part of the European System of Financial Supervision issue guidance on money laundering and terrorism financing.  For a very brief overview of how the EU legislative framework operates, click here.


Key obligations that reporting entities have under EU laws?

The key obligations under the AML/CTF laws in the EU include:

  • Customer Due Diligence (CDD) - Financial institutions, including banks, credit institutions, investment firms, and other entities such as virtual asset service providers and certain DNFBPs, are required to establish and implement risk-based CDD measures. This includes verifying the identity of customers, obtaining beneficial ownership information, and assessing the risk associated with each customer.
  • Enhanced Due Diligence (EDD) - In cases where there is a higher risk of money laundering or terrorism financing, regulated entities are required to apply enhanced due diligence measures. This may include obtaining additional information, conducting enhanced monitoring, and obtaining senior management approval for high-risk relationships.
  • Ultimate Beneficial Ownership (UBO) Registers - EU member states are required to establish centralised UBO registers to collect and maintain information on the beneficial owners of legal entities, trusts, and similar legal arrangements. The registers are aimed at enhancing transparency and facilitating access to UBO information by competent authorities and obliged entities.
  • Suspicious Transaction Reporting - Regulated entities must report any knowledge, suspicion, or reasonable grounds to suspect money laundering or terrorism financing to their national Financial Intelligence Units (FIUs). The reports should be made promptly when suspicion arises.
  • Record-Keeping - Regulated entities must maintain records of transactions, customer identification information, and supporting documentation for a period of at least five years. These records should be readily available for examination by regulatory authorities.
  • Compliance Programs - Regulated entities are expected to establish and maintain effective AML/CTF compliance programs. This includes implementing internal policies, procedures, and controls to detect, prevent, and report money laundering and terrorism financing activities. Staff training and regular independent audits are also important components of these programs.


ML/TF regulators in the EU and what functions do they perform?

As outlined above each member state has their own AML/CTF regulatory framework comprising, regulator(s) (often multiple that are responsible for oversight of reporting entities in different industry sectors), Financial Intelligence Units (FIUs), Central Banks, Police and Intelligence Agencies and Judicial authorities all playing different roles in the prevention of money laundering, terrorism financing and other financial crimes. In the European Union, there are other bodies that play a role in issuing guidance and supporting EU member states in their efforts to combating money laundering ad terrorism financing across the region:

EU member states actively cooperate with each other and international counterparts in combating money laundering and terrorism financing. This involves exchanging information, cooperating on investigations, and providing assistance to other jurisdictions when requested.  An example of this is a crackdown on gold smuggling networks across Italy, Germany and Switzerland.


Penalties for non-compliance with AML/CTF laws?

Every EU member country can apply its own criminal offences, where individuals or entities convicted of money laundering or terrorism financing offences can face imprisonment and/or fines imposed by the courts which be substantial and are often based on the severity and scope of the offence.Every EU member country has the power to impose administrative fines for breaches of AML/CTF requirements. The fines can vary depending on the nature and severity of the violation.  These EU member states also have the power to seize and forfeit funds and assets.


Largest fines for non-compliance with AML/CTF laws?

Often regulators, FIUs and prosecutors will collaborate to enforce compliance by taking regulatory action in concert by collaborating across the EU member states, examples include:

  • ING Bank (Netherlands, 2018) - In September 2018, ING Bank was fined €775 million by the Dutch Public Prosecution Service for serious AML/CTF failures. The bank had not properly implemented customer due diligence measures and failed to timely report suspicious transactions.
  • Danske Bank (Denmark, 2018) -  In December 2018, Danske Bank was fined €481 million by the Estonian Financial Supervisory Authority for AML/CTF deficiencies related to its Estonian branch. The branch was involved in a significant money laundering scandal involving billions of euros.
  • Credit Suisse (Switzerland, 2020) - While not an EU member state, Credit Suisse, a Swiss bank, was fined €80 million ($94 million) by the Swiss Financial Market Supervisory Authority (FINMA) in November 2020 for failings in its AML control processes. The bank had breached its duty to combat money laundering in connection with a corruption case involving FIFA.