EU-Anti-Money Laundering Framework Alert: Strengthening Governance under the AMLR

In the coming years, the current Dutch Anti-Money Laundering and Counter-Terrorist Financing Act (Wwft) will bereplaced by new European anti-money laundering rules. This so-called AML framework consists of several pieces of regulation, including AMLR, AMLD6 and AMLAR.

The introduction of the AMLR will bring changes to the governance structures of obliged entities. While the Wwft mainly provides general frameworks, the AMLR introduces explicit responsibilities, broader definitions, and stricter requirements. These developments highlight the need for institutions to review and adjust their internal governance structures where necessary. This article outlines the key changes and implications.

Employees and equivalent positions: Fit & Proper

Under the AMLR, not only employees but also individuals in comparable positions must be assessed for their skills, knowledge, expertise, reliability, and integrity. This assessment must take place before employment and must be regularly repeated during employment.  The content of the assessment must be approved by the compliance officer. As such, the AMLR applies not only to formal employees and policymakers but also to other individuals with similar responsibilities or access, such as agents, distributors, consultants, or contractors.

In addition, employees must inform the compliance officer of any close personal or professional relationships they have with clients or potential clients that prevent them from performing certain duties regarding those clients. The goal of this measure is to prevent conflicts of interest.

Board: from implicit to explicit responsibility

In the Wwft, the board is not explicitly named as responsible for or actively involved in approving policies or risk assessments. However, it is part of the existing supervisory framework. The AMLR makes it explicit: the board is responsible for approving policies, risk assessments, and appointing the compliance officer. The board must also oversee the effectiveness of the AML/CFT policy.

Broader definition of senior management

The AMLR expands the definition of “senior management.” Not only directors but also other officials with sufficient knowledge and seniority fall under this definition. Senior management  must approve higher-risk cases, such as those involving PEPs (politically exposed persons).

Compliance officer vs. Compliance manager

The compliance officer plays a key role under the AMLR and has a broad and in-depth set of responsibilities. This role is mandatory for obliged entities. The description of tasks, position, and reporting lines largely aligns with the EBA Guidelines on the role of AML/CFT compliance officers dated November 2022. Where these guidelines are not directly binding, the AMLR will give them direct effect.

Appointment and position

• Formally appointed by the board.
• Must operate at a sufficiently high hierarchical level.
• Must be able to function independently within the organization.

Core responsibilities of the Compliance officer

• Day to day compliance with policies, procedures, and controls related to AML/CFT.
• Point of contact for competent authorities.
• Responsible for reporting suspicious transactions to the FIU.
• Approves employee assessments, such as pre-employement screening
• Assesses reports of conflicts of interest.
• Prepares the business-wide risk assessment.
• Reports directly to the board and, if applicable, the supervisory board.
• Contributes to group-wide compliance functions in corporate structures.

The compliance officer may only be dismissed after prior notification to the board, and the supervisory authority must be informed.

The compliance manager is responsible for the broader compliance framework within the organization and supports the board in complying with AMLR obligations. The compliance manager must be a member of the board or equivalent management body.

Core responsibilities of the compliance manager

• Ensures that policies and procedures align with risk exposure.
• Ensures sufficient resources for the compliance function.
• Approves internal procedures or ensures the board does so.
• Collects information on deficiencies in the compliance framework.
• Reports regularly to the board.
• Takes measures to remedy deficiencies.
• Advises the board on AML/CFT-related matters.

Combination of functions

The roles of compliance officer and compliance manager may be fulfilled by the same person, or separated, depending on the nature, size, and risk profile of the institution. 

Audit Function: independent and mandatory

Institutions must have an independent audit function that tests compliance with the AMLR. If no internal audit function is present, this test can be performed by an external expert.

Further guidelines expected from the new supervisor

By 10 July 2026, the AMLA (Anti-Money Laundering Authority) must issue guidelines on the elements that obliged entities must consider when determining the scope of their internal policies, procedures, and controls. These elements will be based on the nature, risks, complexity, and size of their business activities, with particular attention to compliance functions and assigned personnel.

How can institutions start preparing? 

Institutions are advised to prepare in a timely manner by comparing their current governance structure with the new AMLR obligations and identifying where additional measures will be needed. Consider the following:

1. Evaluate whether the current division of roles between the board, compliance officer, and audit function is adequate.
2. Assess whether the compliance officer has sufficient authority, independence, and resources.
3. Establish clear reporting lines to the board and (if applicable) the supervisory board.
4. Identify where internal policies, procedures, and controls need to be adjusted, including responsibilities and escalation paths.
5. Begin training employees and policymakers on the new obligations.
6. Evaluate where employment screening and Fit & Proper assessments need to be adjusted or introduced (including the associated processes).

Institutions should also monitor the upcoming guidelines from the new European AML authority (AMLA), expected by July 2026.

Status and timelines of the AML framework

As of 10 July 2024, the AMLR and AMLD6 have entered into force. Both the AMLR and AMLD6 will be largely applicable from 1 July 2027. Additionally, the Regulation establishing the European AML/CFT Authority (AMLAR) has entered into force as of 25 June 2024 and will be largely applicable from 1 July 2025.

AMLA (EU Authority for Anti-Money Laundering and Countering the Financing of Terrorism) will also play a more active role. One of AMLA’s tasks will be to develop guidelines and technical regulatory standards that will provide more clarity on the application and implementation of AMLR and AMLD6.

In the coming period, we will continue to closely monitor the developments and keep you informed via our website and our monthly newsletter. You can sign up for our newsletter here: