Source: AMLA consultation paper draft

EN

Article 4 Criteria to be taken into account when setting the level of pecuniary sanctions

This is a draft act

This text has been parsed from the AMLA consultation paper draft as published on 9 February 2026. While we run a suite of validations, the automated parsing can result in errors. Also, before it is finally adopted by the Commission, its wording, numbering and references may change, and entire articles might be removed or added.

    1. To set the level of pecuniary sanctions, supervisorsmeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620; shall, after performing the assessment of the indicators specified in Articles 1 and 2, take into account:

      1. the circumstances referred to in Article 53(6) of Directive (EU) 2024/1640, and

      2. the criteria specified in paragraphs 2 to 6.

    1. The level of pecuniary sanctions shall decrease taking into account each of the following criteria, to the extent that they apply:

      1. the level of cooperation of the natural person or the legal person held responsible with the supervisormeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620;. Supervisorsmeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620; shall consider, in particular, whether the natural person or the legal person has quickly and effectively brought the complete breach to the supervisormeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620;’s attention and whether it has actively and effectively contributed to the investigation of the breach conducted by the supervisormeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620;;

      2. the conduct of the natural person or the legal person held responsible since the breach has been identified either by the natural person or legal person itself or by the supervisormeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620;. Supervisorsmeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620; shall consider, in particular, whether the natural person or legal person held responsible has taken effective and timely remedial actions to end the breach or has taken voluntary adequate measures to effectively prevent similar breaches in the future;

      3. any other criteria identified by the supervisormeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620;.

    1. The level of pecuniary sanctions shall increase taking into account each of the following criteria, to the extent that they apply:

      1. the level of cooperation of the natural person or the legal person held responsible with the supervisormeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620;. Supervisorsmeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620; shall consider, in particular, whether the natural or legal person has failed to cooperate with the supervisormeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620;, did not disclose to the supervisormeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620; anything the supervisormeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620; would have reasonably expected, or took actions aimed at partially or fully concealing the breach to the supervisormeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620; or at misleading the supervisormeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620;;

      2. the conduct of the natural person or the legal person held responsible since the breach was identified either by the entity itself or by the supervisormeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620; and the absence of remedial actions or measures taken to prevent breaches in the future;

      3. the degree of responsibility of the natural person or legal persons held responsible and whether the breach was committed intentionally;

      4. the benefit derived from the breach insofar as it can be determined and whether the natural person or legal person held responsible has benefited or could benefit either financially or competitively from the breach or avoid any loss;

      5. the losses to third parties caused by the breach, insofar as they can be determined, and the loss or risk of loss caused to customers or other market users;

      6. previous breaches by the natural person or the legal person held responsible and whether the supervisormeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620; has imposed any previous sanction concerning an AML/CFT breach or has previously requested remedial action be taken concerning an AML/CFT breach, and whether such action has not been taken in the time requested;

      7. any other criteria identified by the supervisormeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620;.

    1. In addition to the criteria set out in paragraphs 1 to 3, when setting the level of pecuniary sanctions for natural persons who are not themselves obliged entities, supervisorsmeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620; shall take into account, where applicable, their role and effective responsibilities in the obliged entity, the scope of their functions and the extent of involvement in the breach.

    1. When setting the level of pecuniary sanctions, supervisorsmeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620; shall take into account the financial strength of the legal person held responsible, including, where applicable, and in the light of its total annual turnover, any available relevant information from the financial statements in order to assess financial capacity and information from prudential authorities on the level of regulatory capital and liquidity requirements.

    1. When setting the level of pecuniary sanctions, supervisorsmeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620; shall take into account the financial strength of the natural persons held responsible by assessing all the information made available. Such assessment shall cover the annual income, whether consisting of fixed or variable remuneration, received from the obliged entity or groupmeans a group of undertakings which consists of a parent undertaking, its subsidiaries, as well as undertakings linked to each other by a relationship within the meaning of Article 22 of Directive 2013/34/EU; of which the obliged entity is part and where relevant, other income of the natural person held responsible.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

springlex@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod