Source: AMLA final report draft
- Anti-money laundering
AMLAR supplemental acts
- RTS on risk assessment to select institutions for direct supervision
Article 2 Assessment and classification of the inherent risk at entity level
This is a draft act
This text has been parsed from the AMLA final report draft as published on 16 December 2025. While we run a suite of validations, the automated parsing can result in errors. Also, before it is finally adopted by the Commission, its wording, numbering and references may change, and entire articles might be removed or added.
Summary What does Article 2 of the RTS on risk assessment to select institutions for direct supervision say?
This is a core methodological article that lays out the step-by-step scoring process used to assess and classify the inherent risk profile of credit and financial institutions.
It feeds directly into the broader risk classification framework established under Regulation (EU) 2024/1640, and its output — the inherent risk score — also serves as one of the two inputs used in Article 4 to derive the residual risk score.
The article works through a sequential process: identifying applicable risk indicators, scoring them, rolling those scores up through sub-categories and categories using weighted averages, and ultimately arriving at a single numerical score that maps to one of four risk classifications.
Important points:
- The scoring scale for inherent risk runs from 1 (lowest risk) to 4 (highest risk), with the final classification falling into one of four bands: low, medium, substantial, or high.
- Weighted arithmetic averages are used at every level of aggregation, with higher-scoring categories carrying greater weight in the final inherent risk score calculation.
- The resulting inherent risk classification directly feeds into the residual risk assessment under Article 4, making this article a foundational step in the overall supervisory risk profiling process.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
The methodology for assessing and classifying the inherent and residual risk profile of a credit institution or financial institution as referred to in Article 12, paragraphs (5) and (6), of Regulation (EU) 2024/1640 as low, medium, substantial or high, shall consist of the following sequential steps:
identify all the inherent risk indicators that apply to the credit institution or financial institution and allocate a score to each of these indicators, in accordance with paragraph 2;
identify all the sub-categories of indicators listed in Section A of Annex I, within the ‘products and services’ category, that apply to the credit institution or financial institution, and calculate a combined score for each of those sub- categories, in accordance with paragraph 3;
calculate combined scores for all categories of indicators listed in Section A of Annex I, in accordance with paragraph 4;
calculate the inherent risk score of the credit institution or financial institution, in accordance with paragraph 5;
classify the inherent risk profile of the credit institution or financial institution, in accordance with paragraph 6.
Each score allocated to an inherent risk indicator shall be a numerical value without decimal places ranging from 1, that corresponds to the lowest level of risk, to 4, that corresponds to the highest level of risk. The inherent risk indicators shall be established based on the data points listed in Section A of Annex I. The scores shall be calculated based on pre-determined thresholds.
A sub-category shall apply only if at least one of its indicators applies to the credit institution or financial institution. Each combined score per sub-category shall be a numerical value with two decimal places ranging from 1, that corresponds to the lowest level of risk, to 4, that corresponds to the highest level of risk. Each combined score per sub-category shall be calculated from the scores allocated to its inherent risk indicators, in accordance with paragraph 2. For this purpose, a weighted arithmetic average method shall be used. The weight applied to each indicator shall be based on its risk significance. The weights shall be expressed as a numerical value without decimal places ranging from 1, that corresponds to the lowest level of risk significance, to 5 that corresponds to the highest level of risk significance.
Each combined score per category shall be a numerical value with two decimal places ranging from 1, that corresponds to the lowest level of risk, to 4 that corresponds to the highest level of risk. Each combined score per category shall be calculated from the scores allocated to its inherent risk indicators, in accordance with paragraph 2. By way of derogation, the combined score of the ‘products and services’ category shall be calculated from the combined scores attributed to its sub-categories, in accordance with paragraph 3. For this purpose, a weighted arithmetic average method shall be used. The weight applied to each indicator or sub-category shall be based on its risk significance. The weights shall be expressed as a numerical value without decimal places ranging from 1, that corresponds to the lowest level of risk significance, to 5, that corresponds to the highest level of risk significance.
The inherent risk score shall be a numerical value with two decimal places ranging from 1, that corresponds to the lowest level of risk, to 4, that corresponds to the highest level of risk. The inherent risk score shall be calculated from the combined scores per category determined in accordance with paragraph 4. For this purpose, a weighted arithmetic average method shall be used. The weight applied to each category shall be dependent on the score it received. Categories that received a higher risk score shall have a greater weight than categories that received a lower risk score.
The classification shall be based on the inherent risk score attributed to the credit institution or financial institution in accordance with paragraph 5. The classification shall be made in accordance with the following conversion rules:
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
crypto-asset services
Definition
financial mixed activity holding company
Definition
crypto-asset service provider
Definition
credit institution
- a credit institution as defined in Article 4(1), point (1), of Regulation (EU) No 575/2013;
- a branch of a credit institution, as defined in Article 4(1), point (17), of Regulation (EU) No 575/2013, when located in the Union, whether its head office is located in a Member State or in a third country;
Definition
crypto-asset
Definition
property
Definition
financial institution
- an undertaking other than a credit institution or an investment firm, which carries out one or more of the activities listed in points (2) to (12), (14) and (15) of Annex I to Directive 2013/36/EU of the European Parliament and of the Council(32), including the activities of currency exchange offices (bureaux de change), but excluding the activities referred to in point (8) of Annex I to Directive (EU) 2015/2366, or an undertaking the principal activity of which is to acquire holdings, including a financial holding company, a mixed financial holding company and a financial mixed activity holding company;
- an insurance undertaking as defined in Article 13, point (1), of Directive 2009/138/EC of the European Parliament and of the Council(33), insofar as it carries out life or other investment-related assurance activities covered by that Directive, including insurance holding companies and mixed-activity insurance holding companies as defined, respectively, in Article 212(1), points (f) and (g), of Directive 2009/138/EC;
- an insurance intermediary as defined in Article 2(1), point (3), of Directive (EU) 2016/97 where it acts with respect to life insurance and other investment-related insurance services, with the exception of an insurance intermediary that does not collect premiums or amounts intended for the customer and which acts under the responsibility of one or more insurance undertakings or intermediaries for the products which concern them respectively;
- an investment firm as defined in Article 4(1), point (1), of Directive 2014/65/EU of the European Parliament and of the Council(34);
- a collective investment undertaking, in particular:
- an undertaking for collective investment in transferable securities (UCITS) as defined in Article 1(2) of Directive 2009/65/EC and its management company as defined in Article 2(1), point (b), of that Directive or an investment company authorised in accordance with that Directive and which has not designated a management company, that makes available for purchase units of UCITS in the Union;
- an alternative investment fund as defined in Article 4(1), point (a), of Directive 2011/61/EU and its alternative investment fund manager as defined in Article 4(1), point (b), of that Directive that fall within the scope set out in Article 2 of that Directive;
- a central securities depository as defined in Article 2(1), point (1), of Regulation (EU) No 909/2014 of the European Parliament and of the Council(35);
- a creditor as defined in Article 4, point (2), of Directive 2014/17/EU of the European Parliament and of the Council(36) and in Article 3, point (b), of Directive 2008/48/EC of the European Parliament and of the Council(37);
- a credit intermediary as defined in Article 4, point (5), of Directive 2014/17/EU and in Article 3, point (f), of Directive 2008/48/EC, when holding the funds as defined in Article 4, point (25), of Directive (EU) 2015/2366 in connection with the credit agreement, with the exception of the credit intermediary carrying out activities under the responsibility of one or more creditors or credit intermediaries;
- a crypto-asset service provider;
- a branch of a financial institution referred to in points (a) to (i), when located in the Union, whether its head office is located in a Member State or in a third country;
Definition
third country
Definition
funds