Article 6 Assessment and classification of the inherent and residual risk at the entity level


This is a draft act

This text has been parsed from the AMLA consultation paper draft as published on 16 December 2025. While we run a suite of validations, the automated parsing can result in errors. Also, before it is finally adopted by the Commission, its wording, numbering and references may change, and entire articles might be removed or added.

Summary What does Article 6 of the ITS on cooperation for the purposes of direct supervision say?

This article sets out how the periodic assessment process — which flows directly from the data collection and eligibility verification established in earlier articles — is conducted and communicated between the Authority and financial supervisors.

It establishes a structured, time-bound sequence: the Authority runs the assessment, shares results with financial supervisors, receives their proposed adjustments, and then finalises and distributes the outcomes.

Crucially, it is not a one-way process; financial supervisors have a formal opportunity to propose adjustments to the assessment of AML/CFT controls, with any rejection by the Authority required to be justified, recorded and communicated back.

Important points:

  • The Authority is required to conduct the periodic assessment and share its findings on inherent risk and AML/CFT control quality with financial supervisors by 31 July of year X.
  • Financial supervisors are required to submit proposed adjustments to the AML/CFT control quality assessment to the Authority by 30 September of year X.
  • Where the Authority refuses a proposed adjustment from a financial supervisor, that refusal must be duly justified, recorded, and shared with the relevant financial supervisor.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

    1. The Authority shall perform the periodic assessment referred to in Article 12 of Regulation (EU) 2024/1620 based on the methodology set out in Delegated Regulation (EU) XXXX/XXX [RTS under art. 12(7) AMLAR].

    1. By 31 July of year X, the Authority shall inform financial supervisors on the outcome of the assessment of the inherent risk and the quality of AML/CFT controls.

    1. By 30 September of year X, financial supervisors shall provide the Authority with their proposals of adjustments of the assessment of the quality of AML/CFT controls in accordance with Article 3(4) of Delegated Regulation (EU) XXXX/XXX [RTS under art. 12(7) AMLAR]. The Authority shall take due consideration of those proposals. Any refusal of a proposal of adjustment by the Authority shall be duly justified, recorded and shared with the relevant financial supervisors.

    1. The Authority shall share the outcome of the periodic assessments of all eligible obliged entities with the relevant financial supervisors.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod