RTS on risk assessment to select institutions for direct supervision

COMMISSION DELEGATED REGULATION (EU) .../...

of XXX

supplementing Regulation (EU) 2024/1620 of the European Parliament and of the Council of 31 May 2024 with regard to regulatory technical standards specifying the methodology for assessing credit institutions, financial institutions and groups of credit and financial institutions for the purposes of the selection for direct supervision by the Authority for Anti-Money Laundering and Countering the Financing of Terrorism

(Text with EEA relevance)
This is a draft act

This text has been parsed from the AMLA final report draft as published on 16 December 2025. While we run a suite of validations, the automated parsing can result in errors. Also, before it is finally adopted by the Commission, its wording, numbering and references may change, and entire articles might be removed or added.

THE EUROPEAN COMMISSION,

Having regard to the Treaty on the Functioning of the European Union,

Having regard to Regulation (EU) 2024/1620 of the European Parliament and of the Council of 31 May 2024, establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism and amending Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010, and in particular Article 12(7) thereof,

Whereas:

Open full page
Recital 1

In accordance with Regulation (EU) 2024/1620, certain obliged entities in the financial sector shall be directly supervised by the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (the Authority). The selection of these obliged entities takes place in two stages. In the first stage, the Authority identifies all credit institutions, financial institutions or groups of credit and financial institutions that are operating in at least six Member States, including the home Member State, either via establishment or by conducting relevant operations under the freedom to provide services. In the second stage, the ML/TF risk profile of these entities is classified, to identify those that present a high residual risk.

Recital 2

The ability to provide services in different Member States without having to create an establishment in those Member States is a key feature of the freedom to provide services. In the current context of digitalisation of financial services, a growing number of institutions use this ability to provide their services in other Member States. In some instances, however, entities notify their financial supervisors of their intention to exercise this freedom but do not start this activity in practice. In other instances, entities exercise this freedom, but it does not represent a major part of their overall operations. Considering the above, materiality thresholds should be established to qualify as eligible for the selection of entities whose operation under the freedom to provide services is material. The thresholds and criteria developed in this Regulation should not be used to define the activity under the freedom to provide services principle for any other purposes.

Recital 3

All entities operating in at least six Member States through establishments or by conducting relevant operations under the freedom to provide services and whose residual risk profile is ‘high’ should qualify for direct supervision in accordance with Article 13(1) of Regulation (EU) 2024/1620.

HAS ADOPTED THIS REGULATION:

  1. Section 1Minimum activities to be carried out under the freedom to provide services
  2. Section 2Risk assessment
  3. Section 3Final provisions
Annex
Annexes — not yet parsed

The annex below has not yet been parsed into Springlex. You can read it in the original source PDF.

  1. Annex I Data Points (starts at page 17 of the source PDF)

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Done at Brussels,

For the Commission

The President

[For the Commission

On behalf of the President]

[Position]

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod