Article 1 Definitions


This is a draft act

This text has been parsed from the AMLA final report draft as published on 16 December 2025. While we run a suite of validations, the automated parsing can result in errors. Also, before it is finally adopted by the Commission, its wording, numbering and references may change, and entire articles might be removed or added.

Summary What does Article 1 of the RTS on assessment of inherent and residual risk of obliged entities say?

This is the definitions article, establishing the precise meaning of the two core risk concepts that underpin the entire regulation.

It draws a clear distinction between inherent risk and residual risk in the context of AML/CFT supervision of credit and financial institutions.

These definitions are foundational, as every subsequent article — covering how supervisors assess, score, and classify institutions — depends on understanding exactly what these two terms mean.

The scope of which entities qualify as credit institutions or financial institutions is also embedded within these definitions, referencing a wide range of EU financial sector legislation.

Important points:

  • Inherent risk is the ML/TF risk an institution faces based on its products, services, customers, jurisdictions, and distribution channels, measured before any internal controls are applied.
  • Residual risk is what remains after the institution has put its AML/CFT policies, procedures, systems, and controls in place.
  • The distinction between these two concepts is the engine of the risk-scoring methodology set out in Articles 2, 3, and 4.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

  1. For the purposes of this Regulation, the following definitions shall apply:

    1. inherent risk’ means the risk of money laundering and terrorist financing to which a credit institution or financial institution is exposed, because of the products, services and type of transactions it offers, the customers it serves, the jurisdictions in which it operates and the distribution channels it uses to serve its customers, before any mitigating measures have been applied by that credit institution or financial institution;

    2. residual risk’ means the risk of money laundering and terrorist financing to which a credit institution or financial institution remains exposed, after it has put in place policies, procedures, systems and controls to mitigate inherent risk.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod