Source: AMLA consultation paper draft
- Anti-money laundering
AMLR supplemental acts
- RTS on group-wide minimum requirements and additional measures for third-country subsidiaries and branches
Article 13 Sharing of customer data for the purposes of supervision
This is a draft act
This text has been parsed from the AMLA consultation paper draft as published on 16 April 2026. While we run a suite of validations, the automated parsing can result in errors. Also, before it is finally adopted by the Commission, its wording, numbering and references may change, and entire articles might be removed or added.
Summary What does Article 13 of the RTS on group-wide minimum requirements and additional measures for third-country subsidiaries and branches say?
This article addresses a specific scenario that sits within the broader framework dealing with third-country restrictions: what happens when a third country's law prevents or limits the sharing of customer data from a branch or subsidiary with the supervisory authority in a Member State for AML/CFT purposes.
It builds on the same logic as Articles 10, 11, and 12, applying a structured response obligation when such a legal barrier is identified.
Rather than allowing the restriction to create a supervisory blind spot, the article requires the parent undertaking or obliged entity to compensate through a combination of internal escalation, enhanced oversight of the affected branch or subsidiary, and alternative reporting to senior management that can then be made available to supervisors on request.
Important points:
- Notify the home Member State supervisor within 28 calendar days of identifying a third-country law that restricts customer data sharing for AML/CFT supervision purposes, specifying the country and the nature of the restriction.
- Carry out enhanced reviews of the affected branch or subsidiary — including on-site checks or independent audits where appropriate — and provide the findings to the home supervisor without undue delay.
- Require the branch or subsidiary to regularly report key risk data to senior management, covering high-risk customer numbers and suspicious transaction figures, and make this information available to the supervisor upon request.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
Where the parent undertaking in the Union or an obliged entity identifies that the law of a third country does not permit or restricts the application of Regulation (EU) 2024/1624 when it comes to sharing data related to customers of a branch or subsidiary established in a third country with the supervisor in a Member State for the purpose of supervision for anti-money laundering and countering the financing of terrorism, it shall at least:
inform the supervisor of the home Member State without undue delay and in any case no later than 28 calendar days of the following:
the name of the third country concerned;
how the application of the law of a third country does not permit or restricts the sharing of data related to customers for the purpose of supervision for anti-money laundering and countering the financing of terrorism;
carry out enhanced reviews, including, where this is commensurate with the money laundering and terrorist financing risk associated with the operation of the branch or subsidiary established in the third country, onsite checks or independent audits, to be satisfied that the branch or subsidiary effectively implements group-wide policies, procedures and controls, and that it adequately identifies, assesses and manages the money laundering and terrorist financing risks;.
provide the findings of the reviews referred to in point (b) of this paragraph to the supervisor of the home Member State without undue delay;
require the branch or subsidiary established in the third country to regularly to provide relevant information to the obliged entity’s or parent undertaking’s senior management, including at least the following:
the number of high-risk customers and aggregated statistical data providing an overview of the reasons why customers have been classified as high risk, such as the politically exposed person status;
the number of suspicious transactions identified and reported and aggregated statistical data providing an overview of the circumstances that gave rise to suspicion;
make the information referred to in point (d) of this paragraph available to the supervisor of the home Member State upon request.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
supervisor
Definition
senior management
Definition
politically exposed person
- in a Member State:
- heads of State, heads of government, ministers and deputy or assistant ministers;
- members of parliament or of similar legislative bodies;
- members of the governing bodies of political parties that hold seats in national executive or legislative bodies, or in regional or local executive or legislative bodies representing constituencies of at least 50 000 inhabitants;
- members of supreme courts, of constitutional courts or of other high-level judicial bodies, the decisions of which are not subject to further appeal, except in exceptional circumstances;
- members of courts of auditors or of the boards of central banks;
- ambassadors, chargés d’affaires and high-ranking officers in the armed forces;
- members of the administrative, management or supervisory bodies of enterprises controlled under any of the relationships listed in Article 22 of Directive 2013/34/EU either by the state, or, where those enterprises qualify as medium sized or large undertakings or medium sized or large groups, as defined in Article 3(3), (4), (6) and (7) of that Directive, by regional or local authorities;
- heads of regional and local authorities, including groupings of municipalities and metropolitan regions, with at least 50 000 inhabitants;
- other prominent public functions provided for by Member States;
- in an international organisation:
- the highest ranking officials, their deputies and members of the board or equivalent functions of an international organisation;
- representatives to a Member State or to the Union;
- at Union level:
functions at the level of Union institutions and bodies that are equivalent to those listed in points (a) (i), (ii), (iv), (v) and (vi);
- in a third country:
functions that are equivalent to those listed in point (a);
Definition
parent undertaking
- for groups whose head office is located in the Union, an obliged entity that is a parent undertaking as defined in Article 2, point (9), of Directive 2013/34/EU that is not itself a subsidiary of another undertaking in the Union, provided that at least one subsidiary undertaking is an obliged entity;
- for groups whose head office is located outside of the Union, where at least two subsidiary undertakings are obliged entities established in the Union, an undertaking within that group established in the Union that:
- is an obliged entity;
- is an undertaking that is not a subsidiary of another undertaking that is an obliged entity established in the Union;
- has a sufficient prominence within the group and a sufficient understanding of the operations of the group that are subject to the requirements of this Regulation; and
- is given the responsibility of implementing group-wide requirements under Chapter II, Section 2 of this Regulation;
Definition
property
Definition
management body
Definition
terrorist financing
Definition
group
Definition
money laundering
Definition
third country
Definition
management body in its management function