Art. 60 Reporting of breaches and protection of reporting persons | Sixth anti-money laundering (AML 6) directive | AML

This article integrates the EU's whistleblowing framework — Directive (EU) 2019/1937 — into the AML/CFT regime, applying it to the reporting of breaches under this Directive and its associated regulations.

It designates which authorities are responsible for handling these breach reports: supervisory authorities take responsibility for reports relating to obliged entities, while the public authorities overseeing self-regulatory bodies (as established under Article 52) handle reports concerning those bodies and their staff.

The article also establishes an annual reporting obligation to AMLA for non-financial sector supervisory authorities, covering data on breach reports received, their outcomes, and reasons for dismissal, with a strict requirement that these reports contain no information that could identify the person who made the report.

Important points:

Directive (EU) 2019/1937 (the EU Whistleblower Protection Directive) applies to breach reporting under this AML/CFT framework, covering both reporters and the persons named in reports.
Supervisory authorities are designated as the competent bodies for establishing external reporting channels and following up on breach reports relating to obliged entities.
Non-financial sector supervisory authorities are required to report annually to AMLA on breach reports received, ensuring no identifying information about reporting persons is included.

1. Directive (EU) 2019/1937 shall apply to the reporting of breaches of Regulations (EU) 2024/1624 and (EU) 2023/1113 and of this Directive, and to the protection of persons reporting such breaches and of the persons concerned by those reports.
1. Supervisory authorities shall be the authorities competent to establish external reporting channels and to follow-up on reports insofar as requirements applicable to obliged entities are concerned, in accordance with Directive (EU) 2019/1937.
1. The public authorities overseeing self-regulatory bodies referred to in Article 52 shall be the authorities competent to establish external reporting channels and to follow up on reports by self-regulatory bodies and their staff insofar as requirements applicable to self-regulatory bodies in the exercise of supervisory functions are concerned.
1. Member States shall ensure that supervisory authorities in the non-financial sector report the following, on an annual basis, to AMLA:
  1. the number of reports received pursuant to paragraph 1 and information on the share of reports that have been or are in the process of being followed-up, including whether they have been closed or are still open, and of the reports that have been dismissed;
  2. the types of irregularities reported;
  3. where reports have been followed-up, a description of the actions taken by the supervisor and, for reports that are still open, the actions which the supervisor intends to take;
  4. where reports have been dismissed, the reasons for dismissing them.
2. Annual reports as referred to in the first subparagraph shall not contain any information on the identity or occupation of the reporting persons, or any other information that could lead to their identification.