Source: OJ L, 2024/1624, 19.6.2024Current language: EN
- Anti-money laundering
Basic legislative acts
- Anti-money laundering regulation (AMLR)
Article 16 Group-wide requirements
Summary What does Article 16 of the Anti-money laundering regulation (AMLR) say?
This article establishes the framework for how AML/CFT obligations apply across an entire corporate group, placing the parent undertaking at the centre of responsibility.
Building directly on the individual-entity requirements set out in Articles 9 and 10, it scales those obligations up to group level: the parent must conduct a group-wide risk assessment, establish group-wide policies, procedures and controls, and ensure that every branch and subsidiary — including those in third countries — operates within that framework.
The article also addresses group-level governance, requiring dedicated compliance functions, and mandates structured information sharing between entities within the group to support customer due diligence and risk management.
AMLA is tasked with developing regulatory technical standards to flesh out the minimum requirements.
Important points:
- As a parent undertaking, establish and implement group-wide AML/CFT policies, procedures, controls and a risk assessment that apply to all branches and subsidiaries, including those located in third countries.
- Compliance functions must be established at group level, including a group compliance manager who reports at least annually to the management body of the parent undertaking on the implementation of group-wide policies.
- AMLA is required to develop regulatory technical standards by 10 July 2026 specifying the minimum requirements for group-wide policies and information sharing, including criteria for identifying the parent undertaking.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
A parent undertaking shall ensure that the requirements on internal procedures, risk assessment and staff referred to in Section 1 of this Chapter apply in all branches and subsidiaries of the group in the Member States and, for groups whose head office is located in the Union, in third countries. To this end, a parent undertaking shall perform a group-wide risk assessment, taking into account the business-wide risk assessment performed by all branches and subsidiaries of the group, and establish and implement group-wide policies, procedures and controls, including on data protection and on information sharing within the group for AML/CFT purposes and to ensure that employees within the group are aware of the requirements arising from this Regulation. Obliged entities within the group shall implement those group-wide policies, procedures and controls, taking into account their specificities and the risks to which they are exposed.
The group-wide policies, procedures and controls and the group-wide risk assessments referred to in the first subparagraph shall include all the elements listed in Articles 9 and 10, respectively.
For the purposes of the first subparagraph, where a group has establishments in more than one Member State and, for groups whose head office is located in the Union, in third countries, parent undertakings shall take into account the information published by the authorities of all the Member States or third countries where the group’s establishments are located.
Compliance functions shall be established at the level of the group. Those functions shall include a compliance manager at the level of the group and, where justified by the activities carried out at group level, a compliance officer. The decision on the extent of the compliance functions shall be documented.
The compliance manager referred to in the first subparagraph shall regularly report to the management body in its management function of the parent undertaking on the implementation of the group-wide policies, procedures and controls. At a minimum, the compliance manager shall submit once a year a report on the implementation of the obliged entity’s internal policies, procedures and controls and shall take the necessary actions to remedy in a timely manner any deficiencies identified. Where the management body in its management function is a body collectively responsible for its decisions, the compliance manager shall assist and advise it, and shall prepare the decisions necessary for the implementation of this Article.
The policies, procedures and controls pertaining to the sharing of information referred to in paragraph 1 shall require obliged entities within the group to exchange information when such sharing is relevant for the purposes of customer due diligence and money laundering and terrorist financing risk management. The sharing of information within the group shall cover in particular the identity and characteristics of the customer, its beneficial owners or the person on behalf of whom the customer acts, the nature and purpose of the business relationship and of the occasional transactions and the suspicions, accompanied by the underlying analyses, that funds are the proceeds of criminal activity or are related to terrorist financing reported to FIU pursuant to Article 69, unless otherwise instructed by the FIU.
The group-wide policies, procedures and controls shall not prevent entities within a group which are not obliged entities to provide information to obliged entities within the same group where such sharing is relevant for those obliged entities to comply with requirements set out in this Regulation.
Parent undertakings shall put in place group-wide policies, procedures and controls to ensure that the information exchanged pursuant to the first and second subparagraphs is subject to sufficient guarantees in terms of confidentiality, data protection and use of the information, including to prevent its disclosure.
By 10 July 2026, AMLA shall develop draft regulatory technical standards and submit them to the Commission for adoption. Those draft regulatory technical standards shall specify the minimum requirements of group-wide policies, procedures and controls, including minimum standards for information sharing within the group, the criteria for identifying the parent undertaking in the cases covered by Article 2(1), point (42)(b), and the conditions under which the provisions of this Article apply to entities that are part of structures which share common ownership, management or compliance control, including networks or partnerships, as well as the criteria for identifying the parent undertaking in the Union in those cases.
Power is delegated to the Commission to supplement this Regulation by adopting the regulatory technical standards referred to in paragraph 4 of this Article in accordance with Articles 49 to 52 of Regulation (EU) 2024/1620.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
crypto-asset services
Definition
financial mixed activity holding company
Definition
crypto-asset service provider
Definition
credit institution
- a credit institution as defined in Article 4(1), point (1), of Regulation (EU) No 575/2013;
- a branch of a credit institution, as defined in Article 4(1), point (17), of Regulation (EU) No 575/2013, when located in the Union, whether its head office is located in a Member State or in a third country;
Definition
parent undertaking
- for groups whose head office is located in the Union, an obliged entity that is a parent undertaking as defined in Article 2, point (9), of Directive 2013/34/EU that is not itself a subsidiary of another undertaking in the Union, provided that at least one subsidiary undertaking is an obliged entity;
- for groups whose head office is located outside of the Union, where at least two subsidiary undertakings are obliged entities established in the Union, an undertaking within that group established in the Union that:
- is an obliged entity;
- is an undertaking that is not a subsidiary of another undertaking that is an obliged entity established in the Union;
- has a sufficient prominence within the group and a sufficient understanding of the operations of the group that are subject to the requirements of this Regulation; and
- is given the responsibility of implementing group-wide requirements under Chapter II, Section 2 of this Regulation;
Definition
crypto-asset
Definition
establishment
- a branch or subsidiary;
- in the case of credit institutions and financial institutions, an infrastructure qualifying as an establishment under prudential regulation;
Definition
property
Definition
express trust
Definition
legal arrangement
Definition
management body
Definition
terrorist financing
Definition
group
Definition
money laundering
Definition
financial institution
- an undertaking other than a credit institution or an investment firm, which carries out one or more of the activities listed in points (2) to (12), (14) and (15) of Annex I to Directive 2013/36/EU of the European Parliament and of the Council(32), including the activities of currency exchange offices (bureaux de change), but excluding the activities referred to in point (8) of Annex I to Directive (EU) 2015/2366, or an undertaking the principal activity of which is to acquire holdings, including a financial holding company, a mixed financial holding company and a financial mixed activity holding company;
- an insurance undertaking as defined in Article 13, point (1), of Directive 2009/138/EC of the European Parliament and of the Council(33), insofar as it carries out life or other investment-related assurance activities covered by that Directive, including insurance holding companies and mixed-activity insurance holding companies as defined, respectively, in Article 212(1), points (f) and (g), of Directive 2009/138/EC;
- an insurance intermediary as defined in Article 2(1), point (3), of Directive (EU) 2016/97 where it acts with respect to life insurance and other investment-related insurance services, with the exception of an insurance intermediary that does not collect premiums or amounts intended for the customer and which acts under the responsibility of one or more insurance undertakings or intermediaries for the products which concern them respectively;
- an investment firm as defined in Article 4(1), point (1), of Directive 2014/65/EU of the European Parliament and of the Council(34);
- a collective investment undertaking, in particular:
- an undertaking for collective investment in transferable securities (UCITS) as defined in Article 1(2) of Directive 2009/65/EC and its management company as defined in Article 2(1), point (b), of that Directive or an investment company authorised in accordance with that Directive and which has not designated a management company, that makes available for purchase units of UCITS in the Union;
- an alternative investment fund as defined in Article 4(1), point (a), of Directive 2011/61/EU and its alternative investment fund manager as defined in Article 4(1), point (b), of that Directive that fall within the scope set out in Article 2 of that Directive;
- a central securities depository as defined in Article 2(1), point (1), of Regulation (EU) No 909/2014 of the European Parliament and of the Council(35);
- a creditor as defined in Article 4, point (2), of Directive 2014/17/EU of the European Parliament and of the Council(36) and in Article 3, point (b), of Directive 2008/48/EC of the European Parliament and of the Council(37);
- a credit intermediary as defined in Article 4, point (5), of Directive 2014/17/EU and in Article 3, point (f), of Directive 2008/48/EC, when holding the funds as defined in Article 4, point (25), of Directive (EU) 2015/2366 in connection with the credit agreement, with the exception of the credit intermediary carrying out activities under the responsibility of one or more creditors or credit intermediaries;
- a crypto-asset service provider;
- a branch of a financial institution referred to in points (a) to (i), when located in the Union, whether its head office is located in a Member State or in a third country;
Definition
third country
Definition
funds
Definition
beneficial owner
Definition
business relationship
Definition
management body in its management function
Definition
criminal activity