Article 21 Conditions for the application of group-wide requirements to structures sharing common ownership, management or compliance control


This is a draft act

This text has been parsed from the AMLA consultation paper draft as published on 16 April 2026. While we run a suite of validations, the automated parsing can result in errors. Also, before it is finally adopted by the Commission, its wording, numbering and references may change, and entire articles might be removed or added.

Summary What does Article 21 of the RTS on group-wide minimum requirements and additional measures for third-country subsidiaries and branches say?

This article extends the reach of group-wide AML/CFT requirements beyond formal corporate groups to cover a broader range of organisational arrangements.

Building on the group-wide obligations established in Article 16 of Regulation (EU) 2024/1624, it ensures that obliged entities operating within structures such as partnerships, networks, or franchises — which share common ownership, management, or compliance control but do not meet the formal definition of a group — must nonetheless apply equivalent standards.

The article also provides detailed criteria for determining when such common ownership, management, or compliance control exists, casting a wide net to prevent regulatory arbitrage through the use of looser organisational arrangements.

Important points:

  • Apply group-equivalent AML/CFT policies, procedures and controls if your organisation operates within a structure sharing common ownership, management, or compliance control with other obliged entities, even where no formal group relationship exists.
  • The scope of qualifying structures is broad, covering partnerships, networks, and franchises, with multiple indicators across ownership, management, and compliance dimensions used to determine whether the threshold is met.
  • Non-obliged entities within a structure, such as franchisors or network members, cannot be used as a reason to avoid applying group-equivalent requirements to the obliged entities within that structure.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

    1. The parent undertaking identified in this Section and obliged entities within the structures identified in this Article shall apply requirements equivalent to the group-wide requirements set out in Article 16(1), (2) and (3) of Regulation (EU) 2024/1624 and in this Regulation, taking into account the obliged entities´ size, complexity and risks.

    1. Structures which share common ownership, management or compliance control shall be, among others, partnerships, networks or franchises as defined in Article 2 of this Regulation that do not fall under the definition of a group pursuant to Article 2(1) number (41) of Regulation (EU) 2024/1624, and that fulfil at least one of the following conditions:

      1. Common ownership by any of the following:

        1. two or more obliged entities share any common majority shareholder(s) or partner(s) exercising ownership rights or control on their activities in the structure, including situations where the parent undertaking in the Union is not an obliged entity;

        2. two or more obliged entities share the ownership or control of the structure.

      2. Common management by any of the following:

        1. two or more obliged entities are legally dependent parts of an entity in the Union or an entity in a third country and carry out all or some of the transactions or activities or services inherent in the business of an obliged entity as referred to in Article 3 of Regulation (EU) 2024/1624;

        2. two or more obliged entities have a common management body or the majority of members thereof and are subject to a homogeneous business strategy and/or business model;

        3. two or more obliged entities have a common structure or mechanism in place to share profits or revenues or results or losses or to transfer remunerations, revenues or costs for services or activities provided;

        4. two or more obliged entities have level of reporting equivalent to groups such as the case of obliged entities required to report to the management body or senior management of one of them or another obliged entity or another entity or person;

        5. two or more obliged entities have in place arrangements requiring them to implement and operate activities and operations based on common policies and procedures;

        6. two or more obliged entities conferred the responsibility for developing mandatory group-equivalent policies and procedures related to anti money laundering and counter terrorism financing to one of them or to another obliged entity or to another natural or legal person.

      3. Common compliance control by any of the following:

        1. two or more obliged entities operate under common policies, procedures or controls managed by a control function;

        2. two or more obliged entities are obliged to periodically report to a connected obliged entity, legal or natural person on control functions matters such as compliance or risk management;

        3. two or more obliged entities have in place a system of periodic central compliance operations or compliance costs managed by one of them or by another obliged entity or a natural or legal person;

        4. two or more obliged entities share audit or reporting functions overseeing the implementation of controls, policies and procedures;

        5. two or more obliged entities have common branding, marketing or franchising arrangements and share the same audits, reviews, risk assessments or control functions related to such branding, marketing or franchising arrangements.

    1. Entities within the structure, including franchisors, partners or network members, which are not obliged entities, shall not prevent the application of group-equivalent policies, procedures and controls to obliged entities within the structure.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod