Source: AMLA consultation paper draft
- Anti-money laundering
AMLR supplemental acts
- RTS on group-wide minimum requirements and additional measures for third-country subsidiaries and branches
Article 11 Sharing and processing of customer data within the group or with the obliged entity
This is a draft act
This text has been parsed from the AMLA consultation paper draft as published on 16 April 2026. While we run a suite of validations, the automated parsing can result in errors. Also, before it is finally adopted by the Commission, its wording, numbering and references may change, and entire articles might be removed or added.
Summary What does Article 11 of the RTS on group-wide minimum requirements and additional measures for third-country subsidiaries and branches say?
This article addresses a specific conflict that arises when third-country law blocks or restricts a branch or subsidiary from sharing customer information within the group for AML/CFT purposes — the information-sharing obligations set out in Article 4 of this regulation.
It follows a clear escalation logic: first, notify the supervisor and seek customer consent to overcome the legal barrier; if consent is not obtainable, apply additional measures from Article 15; and if AML/CFT risk still cannot be managed effectively, close down some or all of the third-country operations.
Throughout, any additional measures taken must be determined on a risk-sensitive basis and reported to the home supervisor.
Important points:
- Notify the home Member State supervisor within 28 calendar days of identifying a third-country restriction on customer information sharing for AML/CFT purposes, and explore whether customer consent can legally overcome that restriction.
- Where consent is not feasible, apply one or more of the additional measures set out in points (a) to (c) of Article 15.
- If AML/CFT risk cannot be effectively managed through those measures, close down some or all operations of the affected branch or subsidiary in the third country.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
Where the parent undertaking in the Union or an obliged entity identifies that the law of a third country does not permit or restricts the application of Regulation (EU) 2024/1624 by a subsidiary or a branch when it comes to the sharing of customer information referred to in Article 4 of this Regulation for anti-money laundering and countering the financing of terrorism purposes within the group or with the obliged entity, it shall at least:
inform the supervisor of the home Member State without undue delay and in any case no later than 28 calendar days of the following:
the name of the third country concerned;
how the application of the law of the third country concerned does not permit or restricts the sharing or processing of customer data for anti-money laundering and countering the financing of terrorism purposes;
ensure that their branches or subsidiaries established in the third country determine whether consent from their customers and, where applicable, their customers’ beneficial owners, can be used to legally overcome the restrictions or prohibitions referred to in point (a)(ii);
ensure that their branches or subsidiaries established in the third country require their customers and, where applicable, their customer’s beneficial owners, to provide consent to overcome restrictions or prohibitions referred to in point (a)(ii) to the extent that this is compatible with the law of the third country.
In cases where obtaining the consent referred to in point (c) of paragraph 1 is not feasible, the parent undertaking in the Union or the obliged entity shall apply one or more of the additional measures set out in points (a) to (c) of Article 15.
Where a parent undertaking in the Union or an obliged entity cannot effectively manage the risk of money laundering and terrorist financing by applying the measures referred to in paragraphs 1 and 2, it shall close down some or all of the operations provided by their branch or subsidiary established in the third country.
The parent undertaking in the Union or the obliged entity shall always determine the extent of the required additional measures set out in paragraph 2 and 3 of this Article on a risk-sensitive basis and shall inform without undue delay the supervisor of the home Member State that the extent of the additional measures is appropriate in view of the risk of money laundering and terrorist financing.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
supervisor
Definition
parent undertaking
- for groups whose head office is located in the Union, an obliged entity that is a parent undertaking as defined in Article 2, point (9), of Directive 2013/34/EU that is not itself a subsidiary of another undertaking in the Union, provided that at least one subsidiary undertaking is an obliged entity;
- for groups whose head office is located outside of the Union, where at least two subsidiary undertakings are obliged entities established in the Union, an undertaking within that group established in the Union that:
- is an obliged entity;
- is an undertaking that is not a subsidiary of another undertaking that is an obliged entity established in the Union;
- has a sufficient prominence within the group and a sufficient understanding of the operations of the group that are subject to the requirements of this Regulation; and
- is given the responsibility of implementing group-wide requirements under Chapter II, Section 2 of this Regulation;
Definition
property
Definition
express trust
Definition
legal arrangement
Definition
terrorist financing
Definition
group
Definition
money laundering
Definition
third country
Definition
beneficial owner