6AMLD and the EU AML Package: Key Changes Taking Effect

The European Union's anti-money laundering framework is undergoing its most comprehensive transformation in decades. The 6th Anti-Money Laundering Directive (6AMLD), combined with the broader EU AML package including the Anti-Money Laundering Regulation (AMLR), represents a fundamental rethinking of how Europe combats financial crime.

With 6AMLD's transposition deadline of July 2027 approaching and AMLR's direct applicability creating immediate obligations, businesses across Europe face substantial compliance changes. From new cash payment restrictions to expanded definitions of obliged entities, from enhanced beneficial ownership transparency to stricter cryptoasset requirements, the EU AML package touches nearly every aspect of financial crime compliance.

For compliance professionals navigating this complex regulatory landscape, understanding what is changing, when changes take effect, and how to prepare is essential to maintaining compliance while avoiding costly penalties.

Understanding the EU AML Package

The EU AML package consists of multiple interconnected legal instruments, each serving distinct purposes within a comprehensive framework.

The Sixth Anti-Money Laundering Directive (6AMLD)

6AMLD updates the EU's foundational anti-money laundering directive, addressing identified weaknesses and harmonising approaches across member states.

Key Features:

• Harmonization of criminal offences and penalties across EU member states
• Expanded definition of predicate offences generating criminal proceeds
• Enhanced provisions regarding criminal liability of legal persons (corporations)
• Strengthened jurisdiction rules for cross-border offences
• Extended statute of limitations for money laundering prosecutions

Implementation Timeline: Member states must transpose 6AMLD into national law by July 3, 2027, though many provisions are already influencing national enforcement approaches.

The Anti-Money Laundering Regulation (AMLR)

Unlike directives requiring national transposition, AMLR is a regulation directly applicable in all member states, creating truly harmonised rules.

Key Features:

• Unified customer due diligence requirements across the EU
• Standardised beneficial ownership definitions and verification requirements
• Harmonised transaction monitoring and suspicious activity reporting obligations
• Common rules for cryptoasset service providers
• Mandatory cash payment restrictions
• Enhanced third country risk provisions

Implementation Timeline: AMLR applies directly from its effective date without requiring national transposition, though full implementation occurs in phases through 2029.

Related Instruments

Transfer of Funds Regulation (TFR): Updated rules requiring payment service providers and cryptoasset service providers to share originator and beneficiary information for transfers, implementing the "Travel Rule."

AMLA Regulation: Establishing the Anti-Money Laundering Authority with direct supervisory powers (covered in detail in our separate AMLA article).

Revised 5th AML Directive Amendments: Targeted updates addressing immediate priorities while the broader package is implemented.

Major Changes Affecting Businesses

The EU AML package introduces numerous significant changes affecting how businesses operate and comply with AML obligations.

Cash Payment Restrictions

One of the most visible changes is the introduction of EU-wide cash payment limitations.

€10,000 Threshold

AMLR prohibits cash payments exceeding €10,000 for:

• Purchase of goods
• Provision of services
• Donations to non-profit organisations
• Real estate transactions
• Any commercial transaction

The limit applies per transaction, meaning it cannot be circumvented through multiple related payments below the threshold (structuring).

Exemptions and Carve-Outs

Limited exemptions exist for:

• Consumer-to-consumer transactions between private individuals not acting in a professional capacity
• Certain public authority transactions
• Specific financial transactions already subject to comprehensive AML controls

Member State Flexibility

Member states may impose lower thresholds (many already have limits of €1,000-€3,000) but cannot exceed the €10,000 ceiling.

Compliance Implications

Businesses must:

• Implement point-of-sale controls preventing acceptance of cash exceeding limits
• Train staff on restrictions and exemptions
• Establish procedures for identifying and rejecting excessive cash payments
• Consider reporting obligations when excessive cash payments are attempted
• Adapt business models if significantly dependent on large cash transactions

Cryptoasset Transparency Requirements

The EU AML package brings cryptoassets fully within the regulatory perimeter with comprehensive requirements.

Cryptoasset Service Provider Obligations

Entities providing cryptoasset services must:

• Conduct customer due diligence on all customers
• Implement transaction monitoring for suspicious activity
• Screen customers against sanctions lists
• Maintain comprehensive transaction records
• Report suspicious transactions to financial intelligence units
• Comply with Travel Rule information sharing requirements

Self-Hosted Wallet Provisions

Particularly controversial are provisions regarding self-hosted wallets (wallets not provided by CASPs):

• CASPs must verify ownership of self-hosted wallets involved in transactions exceeding €1,000
• Enhanced due diligence applies to transfers to/from self-hosted wallets
• Risk assessments must consider self-hosted wallet exposure
• Some privacy advocates criticise these provisions as disproportionate, though they remain legally binding

DeFi Considerations

While decentralised finance (DeFi) protocols remain partially outside the framework's scope, the Commission has signaled that future regulatory proposals will address DeFi specifically, particularly where protocols have identifiable operators or governance structures.

Compliance Implications

Cryptoasset businesses must:

• Implement comprehensive AML programs comparable to traditional financial institutions
• Deploy transaction monitoring systems designed for blockchain analytics
• Establish procedures for Travel Rule information exchange
• Develop self-hosted wallet verification processes
• Monitor regulatory developments regarding DeFi and other emerging models

Expanded Obliged Entities

The AML package expands the categories of businesses subject to AML obligations.

Professional Football Clubs

For the first time, professional football clubs and agents are explicitly designated as obliged entities when involved in transactions exceeding €10,000, recognising the sector's vulnerability to money laundering.

Clubs must:

• Conduct customer due diligence on players, agents, sponsors, and other business partners
• Monitor transactions for suspicious activity
• Report suspicious transactions
• Maintain comprehensive records
• Appoint compliance officers
• Provide AML training to relevant staff

Crowdfunding Platforms

Crowdfunding service providers face AML obligations including:

• Customer due diligence on project creators and major contributors
• Transaction monitoring for suspicious patterns
• Beneficial ownership verification for business crowdfunding
• Suspicious activity reporting

Art Market Participants

The threshold for art market participant obligations is lowered and scope expanded:

• Galleries, auction houses, and dealers face obligations for transactions exceeding €10,000 (previously some national thresholds were higher)
• Enhanced due diligence required for high-value transactions
• Beneficial ownership verification for purchasing entities
• Provenance documentation requirements

Freeports and Secure Storage

Operators of freeports and secure storage facilities for high-value goods must:

• Identify and verify customers and beneficial owners
• Understand the nature and purpose of stored goods
• Monitor for suspicious activity
• Report suspicious activities
• Maintain comprehensive records of stored assets and their owners

Compliance Implications

Newly obliged entities must:

• Develop comprehensive AML policies and procedures
• Appoint money laundering reporting officers
• Implement customer due diligence processes
• Deploy transaction monitoring appropriate to their business model
• Provide staff training on AML obligations and red flags
• Establish suspicious activity reporting channels to FIUs
• Budget for compliance infrastructure and ongoing operational costs

Enhanced Beneficial Ownership Requirements

Beneficial ownership transparency is strengthened significantly.

Expanded Definition

Beneficial ownership thresholds and definitions are harmonised:

• 25% ownership or control remains the primary threshold
• Enhanced clarity regarding indirect ownership through corporate chains
• Specific provisions addressing complex structures including trusts, foundations, and similar arrangements
• Explicit requirement to identify natural persons even when ownership appears dispersed

Verification Obligations

Businesses must verify, not merely collect, beneficial ownership information:

• Independent verification through reliable sources beyond customer self-reporting
• Documentary evidence supporting ownership claims
• Investigation when declared information appears inconsistent or implausible
• Ongoing monitoring ensuring beneficial ownership information remains current

Central Registers

Member states maintain central beneficial ownership registers with:

• Mandatory registration for most legal entities
• Public access to beneficial ownership information (with limited exceptions for data protection)
• Interconnection between national registers enabling EU-wide searches
• Automatic information sharing between registers

Compliance Implications

Businesses must:

• Enhance beneficial ownership verification procedures beyond simple customer declarations
• Access multiple information sources including commercial databases, public registers, and documentary evidence
• Develop investigation capabilities for complex structures
• Implement ongoing monitoring triggering beneficial ownership re-verification when ownership changes occur
• Maintain comprehensive documentation supporting beneficial ownership determinations

Harmonised Customer Due Diligence

AMLR establishes truly harmonised customer due diligence requirements across the EU.

Standardised CDD Measures

All obliged entities must:

• Identify customers and verify identity using independent, reliable sources
• Identify beneficial owners and verify their identity
• Understand the purpose and intended nature of business relationships
• Conduct ongoing monitoring of business relationships
• Keep documents and information up to date

Risk-Based Enhanced Due Diligence

Enhanced measures apply to higher-risk situations including:

• Politically exposed persons (PEPs) and their family members and close associates
• Customers from high-risk third countries
• Complex or unusually large transactions without apparent economic purpose
• Non-face-to-face relationships
• Correspondent banking relationships
• New technologies with anonymity features

Enhanced due diligence includes:

• Obtaining senior management approval for establishing or continuing relationships
• Conducting enhanced ongoing monitoring
• Taking additional measures to verify identity and source of wealth
• Investigating purpose and background of unusual transactions

Simplified Due Diligence Restrictions

The package restricts simplified due diligence, which had been inconsistently applied:

• Simplified measures only permitted for genuinely low-risk situations
• Explicit risk assessment required before applying simplified measures
• Prohibition on simplified measures in specific high-risk contexts
• Enhanced documentation of decisions to apply simplified measures

Compliance Implications

Organizations must:

• Review and update CDD policies ensuring alignment with harmonised requirements
• Enhance beneficial ownership verification processes
• Implement risk-based approaches with clear escalation to enhanced due diligence
• Restrict simplified due diligence to demonstrably low-risk scenarios
• Train staff on updated CDD requirements and risk indicators
• Audit CDD practices ensuring consistent application

Predicate Offenses and Criminal Liability

6AMLD significantly expands criminal law aspects of anti-money laundering.

Expanded Predicate Offenses

6AMLD harmonises the list of predicate offences (crimes that can generate proceeds subject to money laundering) across member states, including 22 categories:

• Participation in organised criminal groups
• Terrorism and terrorist financing
• Human trafficking and migrant smuggling
• Sexual exploitation including child sexual abuse
• Illicit drug trafficking
• Illicit arms trafficking
• Corruption and bribery
• Fraud and swindling
• Counterfeiting currency and means of payment
• Counterfeiting and piracy of products
• Environmental crime
• Murder and grievous bodily injury
• Kidnapping, illegal restraint, and hostage-taking
• Robbery and theft
• Smuggling
• Tax crimes (expanded significantly)
• Extortion
• Forgery
• Piracy
• Insider trading and market manipulation
• Cybercrime
• All offences punishable by imprisonment exceeding one year

Tax Crime Inclusion

The explicit inclusion of all tax crimes as predicate offences is particularly significant, requiring businesses to consider tax evasion risks in AML risk assessments and suspicious activity reporting.

Criminal Liability of Legal Persons

6AMLD establishes comprehensive frameworks for corporate criminal liability:

Liability Standards

Legal persons (corporations, partnerships, etc.) can be held liable when offences are committed for their benefit by:

• Persons with decision-making authority
• Employees under supervision of decision-makers when failure to supervise enabled the offence

Sanctions Against Legal Persons

Member states must ensure legal persons face effective, proportionate, and dissuasive sanctions including:

• Criminal or administrative fines
• Exclusion from public benefits or aid
• Temporary or permanent disqualification from commercial activities
• Judicial supervision
• Judicial winding-up orders
• Temporary or permanent closure of establishments used for money laundering

Compliance Implications

Organizations must:

• Implement compliance programs demonstrating efforts to prevent offences
• Establish clear accountability for AML compliance at senior management levels
• Maintain comprehensive documentation demonstrating compliance efforts
• Conduct regular risk assessments identifying vulnerabilities
• Provide training ensuring employees understand obligations and consequences
• Consider corporate criminal liability exposure in compliance resource allocation decisions

Enhanced Supervision and Enforcement

The package significantly strengthens supervisory powers and enforcement mechanisms.

Supervisory Powers

National competent authorities and AMLA (for directly supervised entities) possess extensive powers:

Investigative Powers:

• Conducting on-site inspections without prior notice
• Requiring provision of information and documents
• Interviewing personnel at all organisational levels
• Accessing IT systems and transaction records
• Engaging external experts for specialised analysis

Enforcement Powers:

• Issuing binding directions requiring specific actions
• Imposing restrictions on business activities or products
• Suspending management personnel
• Imposing administrative fines and penalties
• Publishing enforcement actions
• Withdrawing licences or registrations

Administrative Penalties

AMLR establishes harmonised maximum penalties:

For Natural Persons:

• Up to €5 million for serious violations
• Temporary prohibition from management positions
• Public warnings and statements

For Legal Persons:

• Up to €10 million or 10% of total annual turnover (whichever is higher) for serious violations
• Up to €5 million or 5% of total annual turnover for less severe violations
• Publication of sanctions decisions
• Temporary or permanent prohibition from certain activities

Violations Attracting Highest Penalties:

• Failure to implement adequate AML policies and procedures
• Failure to conduct adequate customer due diligence
• Failure to report suspicious transactions
• Failure to implement adequate internal controls
• Obstruction of supervisory investigations

Public Disclosure

Enforcement actions are generally published, including:

• Names of sanctioned entities and individuals
• Nature of violations
• Penalties imposed
• Required remedial actions

Publication serves transparency goals while acting as reputational deterrent, particularly significant for institutions dependent on public trust.

Compliance Implications

Organizations must:

• Ensure compliance programs meet heightened standards given stronger enforcement
• Budget for potential penalties in risk assessments
• Prepare for possibility of public enforcement exposure
• Develop remediation capabilities addressing potential violations quickly
• Consider regulatory relationship management as strategic priority

Third Country Risk Management

The package enhances provisions addressing risks from high-risk third countries.

Enhanced Due Diligence for High-Risk Countries

The European Commission maintains and regularly updates lists of high-risk third countries with strategic AML/CFT deficiencies.

Mandatory Enhanced Measures

For customers from or transactions involving high-risk countries, obliged entities must apply enhanced due diligence including:

• Obtaining additional information on customer and beneficial owner
• Understanding source of funds and wealth
• Understanding reasons for intended or performed transactions
• Obtaining senior management approval for establishing or continuing relationships
• Conducting enhanced ongoing monitoring
• Limiting business relationships or transactions in certain circumstances

Business Relationship Restrictions

For countries with most serious deficiencies, member states may require:

• Systematic reporting of transactions to financial intelligence units
• Refusal to establish business relationships
• Prohibition of transactions
• Other measures preventing financial system exposure

Correspondent Banking

Enhanced requirements apply to correspondent banking relationships:

• Gathering sufficient information about respondent institutions
• Assessing respondent institutions' AML controls
• Obtaining approval from senior management before establishing relationships
• Documenting responsibilities for AML compliance
• Ensuring respondent institutions verify customer identity for payable-through accounts
• Refusing relationships with shell banks

Compliance Implications

Businesses must:

• Maintain current awareness of high-risk country designations
• Implement screening flagging high-risk country exposure
• Develop enhanced due diligence procedures for high-risk country relationships
• Escalate decisions to senior management as required
• Consider whether business models are compatible with high-risk country restrictions
• Monitor geopolitical developments potentially affecting country risk assessments

Preparing for Compliance

The EU AML package's complexity and phased implementation requires strategic preparation.

Immediate Actions (2025)

Gap Analysis: Compare current practices against package requirements, identifying compliance gaps.

Policy Updates: Begin updating policies and procedures reflecting new requirements even before final transposition deadlines.

Training: Educate compliance teams on package provisions and implications.

Technology Assessment: Evaluate whether current compliance technology can support new requirements or if investments are needed.

Stakeholder Communication: Brief senior management and board members on package implications, resource requirements, and timeline.

Near-Term Actions (2026-2027)

Implementation Planning: Develop detailed implementation plans with clear milestones, responsibilities, and resource requirements.

Procedure Development: Create or update operational procedures implementing policy commitments.

Technology Implementation: Deploy new compliance technology or enhance existing systems supporting new requirements.

Process Redesign: Redesign customer onboarding, transaction monitoring, and investigation processes reflecting updated requirements.

Staff Training: Deliver comprehensive training to all relevant personnel on updated requirements and procedures.

Ongoing Actions (2027+)

Monitoring Compliance: Implement ongoing compliance monitoring ensuring practices align with requirements.

Regulatory Intelligence: Track regulatory guidance, enforcement actions, and supervisory expectations as they evolve.

Continuous Improvement: Refine compliance programs based on operational experience, audit findings, and regulatory feedback.

Regulatory Engagement: Maintain constructive dialogue with supervisors regarding compliance approach and challenges.

How VeriPlus Supports Compliance

The EU AML package creates complex compliance obligations, but VeriPlus provides comprehensive solutions addressing requirements efficiently and effectively.

Customer Due Diligence

Our identity verification platform supports harmonised CDD requirements:

• Document verification for 200+ countries and 10,000+ document types
• Biometric verification including liveness detection
• Beneficial ownership identification and verification
• PEP and sanctions screening
• Risk-based due diligence workflows
• Ongoing monitoring triggering re-verification when risk profiles change

Transaction Monitoring

Our AML screening and monitoring platform provides:

• Risk-based transaction monitoring detecting suspicious patterns
• High-risk country identification and enhanced scrutiny
• Cash transaction monitoring supporting payment limit compliance
• Cryptoasset transaction analysis for crypto businesses
• Suspicious activity detection and investigation workflows
• Regulatory reporting automation

Beneficial Ownership

VeriPlus helps businesses meet enhanced beneficial ownership requirements:

• Corporate registry integration accessing official beneficial ownership data
• Document collection and verification supporting ownership claims
• Complex structure analysis tracing indirect ownership
• Ongoing monitoring detecting ownership changes
• Comprehensive audit trails documenting verification efforts

Cryptoasset Compliance

For cryptoasset service providers, VeriPlus offers specialised capabilities:

• Blockchain transaction analysis
• Self-hosted wallet verification procedures
• Travel Rule information exchange
• Risk-based monitoring for crypto transactions
• Integration with major blockchain networks

Sanctions and PEP Screening

Our screening platform addresses expanded obligations:

• Real-time screening against 200+ sanctions lists
• PEP database covering over 1 million individuals
• Adverse media monitoring
• Ongoing screening detecting status changes
• False positive reduction through intelligent matching

Advisory Services

Beyond technology, VeriPlus provides expert guidance:

• Gap analyses comparing current programs against EU AML package requirements
• Implementation planning and project management support
• Policy and procedure development
• Training program design and delivery
• Ongoing regulatory intelligence and guidance

The Road to Full Implementation

The EU AML package represents years of implementation work ahead. Member states will transpose 6AMLD by July 2027, though some are moving faster. AMLR provisions phase in over several years, with full implementation expected by 2029.

This extended timeline allows businesses to prepare strategically rather than reactively, but it also means compliance requirements will continue evolving. Organizations that begin preparation now will navigate transitions smoothly, while those delaying face compressed implementation timelines and potential non-compliance exposure.

The package represents the EU's most ambitious AML reform effort, creating truly harmonised requirements across 27 member states. While implementation is complex, the result will be clearer, more consistent requirements replacing the current fragmented landscape.

For businesses operating across European markets, the package ultimately simplifies compliance by establishing single standards rather than varying national approaches. Short-term implementation challenges yield long-term compliance efficiency.

Take Action Now

The EU AML package is not a distant concern—6AMLD's July 2027 transposition deadline approaches rapidly, and AMLR provisions are already creating obligations. Organizations beginning preparation now will implement changes thoughtfully and cost-effectively. Those waiting face rushed implementations, higher costs, and greater compliance risks.

VeriPlus helps organisations navigate EU AML package compliance through comprehensive technology solutions, expert guidance, and implementation support.

Book a demo to see how VeriPlus addresses EU AML package requirements, or contact our team to discuss your specific compliance situation and implementation timeline.

Explore our detailed documentation for technical specifications and guidance on implementing controls meeting modern European AML requirements.

The EU AML package represents the future of European financial crime compliance. The question is whether your organisation will be ready.