Preamble Recitals


This is a draft act

This text has been parsed from the AMLA final report draft as published on 16 December 2025. While we run a suite of validations, the automated parsing can result in errors. Also, before it is finally adopted by the Commission, its wording, numbering and references may change, and entire articles might be removed or added.

Recital 1

In accordance with Regulation (EU) 2024/1620, certain obliged entities in the financial sector shall be directly supervised by the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (the Authority). The selection of these obliged entities takes place in two stages. In the first stage, the Authority identifies all credit institutions, financial institutions or groups of credit and financial institutions that are operating in at least six Member States, including the home Member State, either via establishment or by conducting relevant operations under the freedom to provide services. In the second stage, the ML/TF risk profile of these entities is classified, to identify those that present a high residual risk.

Recital 2

The ability to provide services in different Member States without having to create an establishment in those Member States is a key feature of the freedom to provide services. In the current context of digitalisation of financial services, a growing number of institutions use this ability to provide their services in other Member States. In some instances, however, entities notify their financial supervisors of their intention to exercise this freedom but do not start this activity in practice. In other instances, entities exercise this freedom, but it does not represent a major part of their overall operations. Considering the above, materiality thresholds should be established to qualify as eligible for the selection of entities whose operation under the freedom to provide services is material. The thresholds and criteria developed in this Regulation should not be used to define the activity under the freedom to provide services principle for any other purposes.

Recital 3

All entities operating in at least six Member States through establishments or by conducting relevant operations under the freedom to provide services and whose residual risk profile is ‘high’ should qualify for direct supervision in accordance with Article 13(1) of Regulation (EU) 2024/1620.

Recital 4

To reduce the operational burden on obliged entities and financial supervisors and to ensure alignment between national and EU-level AML/CFT supervision, the assessment of the minimum activities to be carried out by a credit institution or financial institution to be considered as operating in a Member State other than that where it is established, should be based on data points collected for the purpose of the methodology for assessing the risk profiles of obliged entities in line with Article 40(2) of Directive (EU) 2024/1640. For the same reason, the methodology for the selection of directly supervised entities should build on the methodology for assessing the risk profiles of obliged entities in line with Article 40(2) of Directive (EU) 2024/1640. These risk profiles should be aggregated for the classification of the group risk profile, at the level of the highest parent company in the European Union which is a credit or financial institution.

Recital 5

To avoid that, as an effect of the aggregation of the entity-level score, the ML/TF risk profile of a high ML/TF risk group being unduly reduced because some of its components have a low risk profile, the group-wide methodology for the purposes of selection should reflect the relative importance of each entity within the group, in terms of size and risk, and attribute a higher weight to the most important entities.

Recital 6

It is essential to ensure full comparability of the outcomes of the selection process. Given the diversity of approaches adopted by financial supervisors, under the preceding AML/CFT regime which had been established by Directive (EU) 2015/849, to the evaluation of the residual risk profile of obliged entities, the methodology applied for the first round of selection should have different features from the one applied for the subsequent rounds, where a higher degree of harmonisation is envisaged. Some transitional rules should therefore be set, with the objective of limiting the possibility of adjusting the controls quality score based on qualitative assessments of the effectiveness of the entities’ controls. This would ensure a smoother transition to the application of the full methodology, when the Authority will have been able to foster, and then ensure, the consistency of supervisory practices.

Recital 7

This Regulation is based on the draft regulatory technical standards submitted to the Commission by the Authority.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod