Source: AMLA consultation paper draft
- Anti-money laundering
AML 6 directive supplemental acts
- RTS on pecuniary sanctions and administrative measures
Article 2 Classification of the level of gravity of breaches
This is a draft act
This text has been parsed from the AMLA consultation paper draft as published on 9 February 2026. While we run a suite of validations, the automated parsing can result in errors. Also, before it is finally adopted by the Commission, its wording, numbering and references may change, and entire articles might be removed or added.
Summary What does Article 2 of the RTS on pecuniary sanctions and administrative measures say?
Building directly on the indicators established in Article 1, this article sets out the four-category classification system that supervisors must use to grade the severity of a breach, running from category one (least severe) to category four (most severe).
The article gives supervisors concrete decision rules for assigning each category based on the level of impact, duration, repetition, and the presence of more serious aggravating factors such as structural failure or facilitation of criminal activity.
Notably, the article also includes a combination rule, meaning that breaches which individually fall below category three or four can still be elevated to those categories when assessed together.
Important points:
- Supervisors are required to apply the indicators from Article 1 to place every breach into one of four severity categories, with each category having defined threshold conditions that must be met.
- Supervisors cannot classify a breach as category one if certain aggravating indicators from Article 1 are present, regardless of how minor the impact or duration appears in isolation.
- Breaches that appear less severe when assessed individually can be combined to reach a category three or four classification, meaning the cumulative picture matters.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
When classifying the level of gravity of a breach, supervisors shall use four categories as follows, by increased order of severity: category one, category two, category three, category four.
To classify the breaches into one of the four categories listed in paragraph 1, supervisors shall assess whether and to what extent all the applicable indicators of Article 1 of this Regulation are met.
Supervisors may classify under those categories breaches other than those described in paragraphs 4 to 7.
Supervisors shall classify the breach under category one breaches where there is no direct impact or the impact is minor on the obliged entity when assessing the indicators specified in Article 1, points (d) and (e), and, at the same time:
when assessing the indicator specified in Article 1, point (a), the breach has lasted for a short period of time, and
when assessing the indicator specified in Article 1, point (b), the breach has been committed on a non-repetitive basis.
Supervisors shall not classify a breach as category one if indicators specified in Article 1, points (g) to (k) are met.
Supervisors shall classify the breach as category two where, for the indicators specified in Article 1, points (d) or (e), the impact is moderate and none of the indicators (g) to (k) of Article 1 are met.
Supervisors shall classify the breach as at least category three where, for the indicators specified in Article 1, point (d) or point (e), the impact is significant and at the same time:
when assessing the indicators specified in Article 1, point (a), the breach has persisted over a significant period of time, or
one of the indicators specified in Article 1 points (b) or (k), is met.
Supervisors shall classify the breach as category four where:
when assessing the indicators specified in Article 1, point (d) or point (e), the impact is very significant, or
when indicator specified in Article 1, point (h), is met, or
when assessing the indicator specified in Article 1, point (g), the breach has facilitated or otherwise led to significant criminal activities as defined in Article 2(1), point (3), of Regulation (EU) 2024/1624, or
when assessing the indicators specified in Article 1, point (i) or (j), the breach has a significant impact.
Breaches that would not be classified as category three or category four when assessed in isolation could amount to a breach of category three or four when assessed in combination.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
supervisor
Definition
criminal activity