Art. 8 AML/CFT supervisory methodology | Anti-money laundering authority regulation (AMLAR) | AML

This article tasks the Authority (AMLA) with developing and maintaining a harmonised, risk-based supervisory methodology for AML/CFT supervision across the Union, built in cooperation with national supervisory authorities.

It sets out the core components that methodology must include — such as risk classification benchmarks, approaches to reviewing obliged entities' self-assessments and internal procedures, and evaluation of risk factors across customers, transactions and geographies.

The article also requires AMLA to develop practical data collection tools to support the methodology's application, and mandates that the methodology be kept current by drawing on international standards and input from law enforcement and FIUs.

This article directly underpins the supervisory convergence objectives established in Article 1 and feeds into the direct supervision framework set out in Articles 12 and 13.

Important points:

The Authority is required to develop and maintain a harmonised, risk-based supervisory methodology in cooperation with national supervisory authorities, covering risk classification, review of internal procedures, and evaluation of risk factors.
The Authority must also develop structured questionnaires and other data collection tools to ensure objective and comparable information is gathered from obliged entities and efficiently shared across the AML/CFT supervisory system.
The supervisory methodology must be periodically reviewed and updated, taking into account evolving risks identified by national law enforcement authorities and FIUs, as well as international standards and guidance.

1. In cooperation with the supervisory authorities, the Authority shall develop and maintain an up-to-date and harmonised AML/CFT supervisory methodology detailing the risk-based approach to supervision of obliged entities in the Union. That methodology shall comprise guidelines, recommendations, opinions and other measures and instruments as appropriate, including in particular regulatory and implementing technical standards, on the basis of the empowerments laid down in the acts referred to in Article 1(2).
1. When developing the supervisory methodology, the Authority shall distinguish between obliged entities, including on the basis of their activities and the type and nature of the ML/TF risks to which they are exposed. The supervisory methodology shall be risk-based and contain at least the following elements:
  1. benchmarks and a methodology for classification of obliged entities into risk categories on the basis of their residual risk profile, separately for each category of obliged entities;
  2. approaches to supervisory review of ML/TF risk self-assessments of obliged entities;
  3. approaches to supervisory review of obliged entities’ internal policies and procedures, including their customer due diligence policies and procedures, in line with a risk-based approach to the prevention of ML/TF;
  4. approaches to supervisory evaluation of risk factors inherent in, or related to, customers, business relationships, transactions and delivery channels of obliged entities, as well as geographical risk factors.
1. The Authority shall develop structured questionnaires and other online or offline tools to be used by the Authority and supervisors for the purposes of requesting, collecting, compiling and analysing data and information from obliged entities, including the data to be relied upon in application of the elements of the supervisory methodology listed in paragraph 2.
2. The tools developed by the Authority shall ensure the collection of objective and comparable AML/CFT-related data and information from obliged entities and enable an efficient and speedy exchange of information between supervisors and the Authority.
3. The Authority shall endeavour to develop those tools as soon as the supervisory methodology is applicable across the entire AML/CFT supervisory system.
1. The supervisory methodology shall reflect high supervisory standards at Union level and shall build on relevant international standards and guidance. The Authority shall periodically review and update its supervisory methodology, taking into account the evolution of risks affecting the internal market, including risks and threats identified by national law enforcement authorities and FIUs. The supervisory methodology shall, to the extent possible, take into account best practices and guidance developed by international standard setters.