Source: AMLA consultation paper draft
- Anti-money laundering
AMLR supplemental acts
- RTS on group-wide minimum requirements and additional measures for third-country subsidiaries and branches
Article 4 Information sharing within a group
This is a draft act
This text has been parsed from the AMLA consultation paper draft as published on 16 April 2026. While we run a suite of validations, the automated parsing can result in errors. Also, before it is finally adopted by the Commission, its wording, numbering and references may change, and entire articles might be removed or added.
Summary What does Article 4 of the RTS on group-wide minimum requirements and additional measures for third-country subsidiaries and branches say?
This is one of the more detailed articles in the regulation, and it serves as the operational core of the group-wide information sharing framework referenced in Article 3.
Building directly on the group-wide policies and controls established there, Article 4 defines the minimum categories of information that must flow between entities within a group for AML/CFT purposes.
These categories are broad, covering customer due diligence data, transaction details, risk assessments, suspicious transaction reporting, and other relevant compliance information.
The article also sets clear boundaries: information must be shared on a need-to-know basis, in line with data protection rules, and crucially, sharing information does not relieve any individual obliged entity of its own compliance responsibilities.
Important points:
- Ensure your group-wide information sharing framework covers all minimum categories specified, including customer due diligence, transaction data, risk assessments, suspicious activity reports, and general compliance information.
- The parent undertaking in the Union is responsible for defining which situations trigger information sharing, but at a minimum this must cover common customers, customers with the same beneficial owners, and customers belonging to the same group or structure.
- Receiving shared information does not remove your obligation to conduct your own customer due diligence and risk assessments — each obliged entity remains fully responsible for its own AML/CFT decisions.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
When information is relevant for the purposes of the prevention of money laundering, terrorist financing and the non-implementation or evasion of targeted financial sanctions, information sharing within a group as referred to in provisions of Article 16(3) of Regulation (EU) 2024/1624 shall enable at least the sharing of the following information:
on customer due diligence:
the identity and characteristics of a customer, including any information and documents obtained in the course of identifying and verifying the identity of the customer;
information regarding the beneficial owner of a customer, including any information and documents obtained in the course of identifying and verifying the identity of the beneficial owner(s), where applicable;
the identity and characteristics of the person on behalf of whom the customer acts, including any information and documents obtained in the course of identifying and verifying the identity of the person on behalf of whom the customer acts;
the customer’s expected transactional behaviour or business profile, where such information has been established as part of customer due diligence;
the purpose and intended nature of the business relationship or occasional transactions between the customer and the obliged entity, as well as the source of wealth and source of funds of the customer, where applicable;
the customer’s ownership and control structure, including complex ownership arrangements, where relevant for risk assessment purposes;
verification on whether customer or the beneficial owners are subject to targeted financial sanctions and, in the case of a customer or party to a legal arrangement who is a legal entity, whether natural or legal persons subject to targeted financial sanctions control the legal entity or have more than 50 % of the proprietary rights of that legal entity or majority interest in it, whether individually or collectively;
information on the restrictive measures implementing targeted financial sanctions applied to customers, their transactions and their assets;
basic information on legal entities and legal arrangements as referred to in Article 2(1) number (33) of Regulation (EU) 2024/1624;
reliance or outsourcing arrangements related to customer due diligence performed by other entities within the group;
material changes in the customer’s risk profile or status, including changes in beneficial ownership, business activity or risk classification;
any information that has been collected and verified, whenever applicable, under the Delegated Regulation [XXX] on Customer Due Diligence under Article 28(1) of Regulation (EU) 2024/1624.
on transactions, services and activities:
where a transaction, service or activity is being conducted on behalf of or for the benefit of natural or legal persons other than the customer, information on the identification and verification of the identity of those natural or legal persons;
information on customer or counterparties transactions, provision of services, or activities, including as a minimum information to identify the persons, the nature, the location, the origin and destination of such transactions, activities or provision of services and their due diligence, where applicable;
information on occasional transactions, or provision of services;
cash transactions volumes and amounts, where applicable;
payment methods and accounts, where applicable.
on risk assessments:
the business wide-risk assessment, including typologies and risk indicators related to customers, products, geographies, delivery channels identified by the obliged entity or to which the obliged entity is exposed to;
money laundering, terrorist financing and targeted financial sanctions control functions reviews performed at group level and at obliged entity level as well as external audit reviews related to these risks, including findings, remediation measures, actions, recommendations, results and any other corrective measure as deemed relevant;
individual risk assessments, including information on higher and lower risk factors associated with individual customers and the entity´s analysis of the risks associated with the customer;
individual risk assessments of occasional transactions;
information on politically exposed persons, their close family members or closely associated persons including their risk levels and assets under management, where applicable;
information on the risk assessment to prevent and mitigate the non-implementation and evasion of targeted financial sanctions;
information on blocked accounts for reasons related to money laundering, terrorist financing and/or the non-implementation or evasion of targeted financial sanctions;
information on breaches in the group related to anti-money laundering, counter terrorist financing and prevention and management of the non-implementation or evasion of targeted financial sanctions;
information on customers whose entry into business relationship was declined or whose business relationship was terminated for money laundering, terrorist financing or targeted financial sanctions reasons, including the grounds of such decisions;
negative or adverse media reports concerning customers or beneficial owners, including analysis of their potential impact on risks related to money laundering, terrorist financing and the non-implementation or evasion of targeted financial sanctions.
on suspicious transaction and activity reporting:
the suspicions or reasonable grounds to suspect that funds or activities are the proceeds of criminal activity or are related to terrorist financing reported to FIU pursuant to Article 69 of Regulation (EU) 2024/1624, accompanied by the underlying analyses, unless otherwise instructed by the competent FIU;
number and typologies of suspicious transactions and activity reporting.
on other relevant information:
information on the implementation of group-wide policies, procedures and controls pursuant to Article 9 of Regulation (EU) 2024/1624, including outsourcing and reliance arrangements;
information on training related to risks of money laundering, terrorist financing or the non-implementation or evasion of targeted financial sanctions as deemed appropriate;
information on interactions with supervisors, including information on on-site inspections;
information held by the obliged entity of the group pursuant to the obligation of data retention;
any other relevant information related to risks of money laundering, terrorist financing or the non-implementation or evasion of targeted financial sanctions as deemed appropriate.
Information shall be provided within the group to any obliged entity established in the Union taking into account the size, the complexity and the risks of the group as well as the availability and quality of the information.
The parent undertaking in the Union shall define what situations are relevant for information sharing, considering their size, complexity and risks. Information sharing within the group shall cover at least common customers, customers having the same beneficial owners, customers that belong to the same group or structure.
Information-sharing policies, procedures and controls at group level shall include appropriate records of information exchanges to ensure traceability and accountability of such information as well as effective supervision.
To the extent that it is strictly necessary for the purposes of preventing money laundering, terrorist financing and the non-implementation or evasion of targeted financial sanctions, information shall be up-to-date, provided in an adequate and comprehensible form, on a need-to-know basis and be shared in line with the requirements stipulated by the applicable data protection legislation and respecting requirements on confidentiality.
Information sharing shall not exempt obliged entities within the group from the need to conduct adequate own customer due diligence or risk assessments related to customers, products, services, transactions, delivery channels and geographical areas proportionate to the nature of the business, including their size, risks and complexity, also taking into account any outsourcing or reliance arrangements in place.
Information sharing within the group shall not affect the individual responsibility of each obliged entity for its anti-money laundering, counter terrorist financing and the prevention from the non-implementation or evasion of targeted financial sanctions obligations. Each obliged entity shall remain fully responsible for its own risk assessments and decisions, even when such decisions are based on information shared at group level.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
Legal Entity Identifier
Definition
supervisor
Definition
cash
Definition
funds or other assets
Definition
politically exposed person
- in a Member State:
- heads of State, heads of government, ministers and deputy or assistant ministers;
- members of parliament or of similar legislative bodies;
- members of the governing bodies of political parties that hold seats in national executive or legislative bodies, or in regional or local executive or legislative bodies representing constituencies of at least 50 000 inhabitants;
- members of supreme courts, of constitutional courts or of other high-level judicial bodies, the decisions of which are not subject to further appeal, except in exceptional circumstances;
- members of courts of auditors or of the boards of central banks;
- ambassadors, chargés d’affaires and high-ranking officers in the armed forces;
- members of the administrative, management or supervisory bodies of enterprises controlled under any of the relationships listed in Article 22 of Directive 2013/34/EU either by the state, or, where those enterprises qualify as medium sized or large undertakings or medium sized or large groups, as defined in Article 3(3), (4), (6) and (7) of that Directive, by regional or local authorities;
- heads of regional and local authorities, including groupings of municipalities and metropolitan regions, with at least 50 000 inhabitants;
- other prominent public functions provided for by Member States;
- in an international organisation:
- the highest ranking officials, their deputies and members of the board or equivalent functions of an international organisation;
- representatives to a Member State or to the Union;
- at Union level:
functions at the level of Union institutions and bodies that are equivalent to those listed in points (a) (i), (ii), (iv), (v) and (vi);
- in a third country:
functions that are equivalent to those listed in point (a);
Definition
parent undertaking
- for groups whose head office is located in the Union, an obliged entity that is a parent undertaking as defined in Article 2, point (9), of Directive 2013/34/EU that is not itself a subsidiary of another undertaking in the Union, provided that at least one subsidiary undertaking is an obliged entity;
- for groups whose head office is located outside of the Union, where at least two subsidiary undertakings are obliged entities established in the Union, an undertaking within that group established in the Union that:
- is an obliged entity;
- is an undertaking that is not a subsidiary of another undertaking that is an obliged entity established in the Union;
- has a sufficient prominence within the group and a sufficient understanding of the operations of the group that are subject to the requirements of this Regulation; and
- is given the responsibility of implementing group-wide requirements under Chapter II, Section 2 of this Regulation;
Definition
family member
- a spouse, or a person in a registered partnership or civil union or in a similar arrangement;
- a child and a spouse of, or a person in a registered partnership or civil union or in a similar arrangement with, that child;
- a parent;
- for the functions referred to in point (34)(a)(i) and equivalent functions at Union level or in a third country, a sibling;
Definition
property
Definition
express trust
Definition
legal arrangement
Definition
terrorist financing
Definition
targeted financial sanctions
Definition
group
Definition
money laundering
Definition
structure
- includes at least two obliged entities;
- is not a group with a parent undertaking within the meaning of Article 2(1), point (42) of Regulation (EU) 2024/1624; and
- has the objective of establishing a common framework of business, professional or commercial relationships connecting two or more obliged entities.
Definition
third country
Definition
funds
Definition
beneficial owner
Definition
business relationship
Definition
basic information
- in relation to a legal entity:
- legal form and name of the legal entity;
- instrument of constitution, and the statutes if they are contained in a separate instrument;
- address of the registered or official office and, if different, the principal place of business, and the country of creation;
- a list of legal representatives;
- where applicable, a list of shareholders or members, including information on the number of shares held by each shareholder and the categories of those shares and the nature of the associated voting rights;
- where available, the registration number, the European Unique identifier, the tax identification number and the Legal Entity Identifier;
- in the case of foundations, the assets held by the foundation to pursue its purposes;
- in relation to a legal arrangement:
- the name or unique identifier of the legal arrangement;
- the trust deed or equivalent;
- the purposes of the legal arrangement, if any;
- the assets held in the legal arrangement or managed through it;
- the place of residence of the trustees of the express trust or persons holding equivalent positions in the similar legal arrangement, and, if different, the place from where the express trust or similar legal arrangement is administered;
Definition
criminal activity
Definition
control function