The current Dutch Anti-Money Laundering and Counter-Terrorist Financing Act (Wwft) will be replaced in the coming years by new European anti-money laundering rules. This so-called EU AML package consists of:
AMLR: Anti-Money Laundering Regulation
AMLD6: Sixth Anti-Money Laundering Directive
AMLAR: Regulation establishing the new supervisory authority AMLA
The Final Response from the European Banking Authority (EBA) is a crucial step in this process. It was submitted on 31 October 2025 and marks the conclusion of a consultation process that ran from March to June 2025. The consultation process was in response to a request for advice from the European Commission to the EBA regarding new mandates for AMLA. Projective Group also participated in the consultation.
The content of the Final Response was shaped by the consultation to a considerable degree.
This alert provides an overview of key points from the Final Response, the implications for financial institutions and the next steps. Key practical question is how institutions can already prepare for the upcoming changes.
Final Response
The response includes four detailed Regulatory Technical Standards (RTS), two technical opinions, and an extensive analysis of the consultation feedback received. These RTS are essential to the new EU-wide AML/CFT framework and aim to harmonize and clarify CDD obligations across all EU member states.
The RTS cover:
regulatory technical standards on the assessment and classification of the inherent and residual risk profile of obliged entities and the frequency at which such profile must be reviewed
regulatory technical standards on the risk assessment for the purpose of selection for direct supervision
regulatory technical standards on customer due diligence (CDD);
draft regulatory technical standards on pecuniary sanctions, administrative measures and periodic penalty payments
guidelines on base amounts for pecuniary fines
regulatory technical standards on group-wide policies and procedures
The RTS form an essential part of the new EU-wide AML/CFT framework and aim to harmonise and clarify the CDD obligations for institutions across all EU Member States.
Our impressions
The EBA received 170 responses on the public consultation and from various stakeholders, including Projective Group. The EBA analysed and incorporated this feedback into its final proposals.
We believe the EBA’s Final Response is more closely aligned with the overarching objective of the legislative package, which is to effectively counter money laundering and terrorist financing. This alignment is reflected in the following approach:
Emphasizing proportionality and a risk-based approach
Weighing expected costs and benefits
Focusing on practical applicability
For example, unnecessary data requirements were removed (about 15% of the original datapoints), and interpretative clarifications were added to definitions.
A full overview of all points in the Final Response is available on the EBA website.
What did the EBA do with Projective Group’s feedback?
In June 2025, we responded to three specific points in the consultation. These have been reflected in the Final Response:
The requirement to identify and verify all nationalities of a customer using independent sources was deemed too complex and burdensome. The EBA had adopted our recommendation for a pragmatic approach, allowing institutions to ask customers about any additional nationalities instead.
The consultation document suggested that ownership structures with two or more layers and registration in different jurisdictions could be considered complex. We found the two-layer criterion too broad, impacting transparent, low-risk organizations like publicly listed companies. Our proposal to apply carve-outs for these groups and accept public information as sufficient evidence was not fully adopted.
However, the Final Response introduced a more nuanced definition of complex structures. Entities shall treat an ownership and control structure as a complex corporate structure where there are three or more layers between the customer and the beneficial owner and, in addition, more than one of the following conditions is met:
there is a legal arrangement or a similar legal entity such as a foundation in any of the layers
the customer and any legal entities present at any of these layers are registered in jurisdictions outside the EU
there are nominee shareholders or nominee directors involved in the structure
the structure obfuscates or diminishes transparency of ownership with no legitimate economic rationale or justification.
The requirement to verify the rationale and legitimacy of each individual transaction was deemed unfeasible, especially for institutions with high volumes. We advocated for a risk-based approach, investigating only unusual or suspicious transactions. The EBA nuanced and adjusted this in its Final Response. For example, there is no obligation to conduct an assessment for every transaction. Such an assessment is only required when there is a deviation from the expected transaction profile.
Implications for financial institutions
Institutions will need to align their policies and processes with the requirements of the EU AML package. New reporting obligations will be introduced, such as collecting specific datapoints and implementing automated risk assessments.
Special attention is given to institutions that are part of a group. These must meet new requirements for group-wide information sharing and policy alignment, including:
What customer and risk data must be shared within the group
How this data can be shared securely and proportionally
The role of the parent company in overseeing compliance across the group
Additionally, a group risk score will be calculated based on the weighted average risk scores of all EU entities within the group. This score will help determine whether the institution will fall under AMLA’s direct supervision.
Institutions operating in at least six member states via an EU passport may also fall under AMLA’s direct supervision. The EBA has proposed specific thresholds for this.
How can financial institutions prepare?
Institutions can already start preparing:
1. Conduct a gap analysis
Compare the current AML/CFT policies and procedures with the points set out in the Final Response.
Identify where adjustments are needed and set priorities
2. Adapt data infrastructure
Assess which data are already available and which still need to be collected
Ensure that systems can meet the required standards.
3. Prepare to revise CDD processes
4. Organize training and awareness programs
5. Develop a transition and implementation plan toward 2027 and beyond
6. Follow updates from AMLA and the EC on final adoption of the RTS
Status and timelines
Both the Anti-Money Laundering Regulation (AMLR) and the Sixth Anti-Money Laundering Directive (AMLD6) will largely apply from 1 July 2027. Unlike AMLR, which will be directly applicable, AMLD6 is a directive and must be transposed into national law. In the Netherlands, a consultation is currently underway on the ‘Implementatiewet ter voorkoming van witwassen en terrorismefinanciering’ The new European supervisory authority AMLA began operations on 1 July 2025.
Once the RTS are reviewed and adopted by AMLA, they will be endorsed by the European Commission. This is expected to happen before 10 July 2027, ensuring the RTS are in force when AMLR takes effect.
AMLA will then implement and monitor compliance. It will also issue guidelines and technical standards for AMLR and AMLD6. Until AMLA becomes fully operational and takes over direct oversight of selected institutions, national supervisory authorities will remain responsible for the enforcement of all obliged entities. institutions Some obligations will be phased in. For example, institutions may update customer information (CDD) for existing clients based on risk over a five-year period, unless earlier review is warranted. Certain data requirements will also become mandatory in later phases, giving institutions time to adapt.
In the coming period, we will continue to closely monitor the developments and keep you informed via our website and our monthly newsletter. You can sign up for our newsletter here:
