Europe is undergoing the most significant structural transformation in anti-money laundering supervision in its history. The Authority for Anti-Money Laundering and Countering the Financing of Terrorism — known as AMLA — formally began operations on 1 July 2025, headquartered in Frankfurt am Main, Germany. With a mandate that spans direct supervision of high-risk financial institutions, coordination of national Financial Intelligence Units (FIUs), and the creation of a unified AML/CFT rulebook, AMLA represents a fundamental shift in how financial crime risk is governed across the European Union. For compliance teams and FIUs across all 27 EU Member States, 2026 is not a waiting period — it is a critical preparation window. AMLA is actively developing its risk assessment methodology, finalizing selection criteria for direct supervision, and delivering more than two dozen technical standards before July 2026. By 2027, up to 40 high-risk, cross-border financial institutions will be selected for direct AMLA oversight. Full supervision begins on 1 January 2028. The implications extend far beyond the institutions that will be directly supervised. AMLA's harmonized supervisory culture, its standardized approach to risk assessment, and its FIU coordination role through the FIU.net system will reshape compliance expectations for every obliged entity operating in the EU. Waiting until 2027 to begin preparation is not a viable strategy. This article provides a practical overview of AMLA's supervisory architecture, what is happening in 2026, and the specific steps that FIUs and compliance teams should be taking right now to ensure they are ready for the new supervisory environment.
AMLA operates through two core pillars: AML/CFT supervision and FIU support and coordination. These are not parallel activities — they are deeply interlinked, and together they constitute a new layer of European governance that sits above and alongside existing national systems.
A critical point that is often misunderstood: AMLA does not replace national supervisors or national FIUs. National authorities remain fully responsible for supervising the vast majority of obliged entities and for receiving, analyzing, and disseminating suspicious transaction reports. What AMLA adds is a centralized coordination function, harmonized standards, and direct supervisory power over a small number of the most complex, highest-risk cross-border institutions.
From 2028, AMLA will directly supervise up to 40 financial institutions or groups that meet two key criteria: active operations in at least six EU Member States, and a high residual risk profile determined through the common risk assessment methodology. For each selected entity, a Joint Supervisory Team comprising AMLA staff and national supervisors will be established.
AMLA’s FIU mandate is equally significant. The Authority will host and develop the FIU.net system, support and initiate joint operational analyses of cross-border suspicious activity, organise peer reviews among national FIUs, and set harmonised technical standards for reporting and information exchange. National FIUs retain their core functions — but within an increasingly structured cooperative framework.
AMLA’s 2026 work programmed is dense. The Authority is finalizing a range of regulatory and implementing technical standards that will directly affect how compliance programmers are designed, validated, and supervised across the EU. Key deliverables due before or during 2026 include:
Alongside this, on 1 January 2026, the European Banking Authority formally transferred all of its AML/CFT mandates to AMLA. This consolidation means that institutions previously engaging with EBA guidance on AML matters must now engage with AMLA as the primary source of technical standards and supervisory expectations.
The selection process for the 40 directly supervised entities will begin in 2027, with AMLA and national supervisors working together to apply the risk assessment methodology developed during 2026. While final criteria are still being completed, the published draft regulatory technical standards give a clear picture of the eligibility framework.
An institution is a candidate for direct supervision if it:
Published guidance indicates that there will likely be at least one directly supervised entity from each EU Member State, ensuring geographically broad oversight. Institutions near these thresholds should assess their cross-border footprint, data readiness, and governance maturity now, before the formal selection assessment begins.
National FIUs will not disappear under AMLA — but their operating environment is changing significantly. AMLA’s FIU coordination mandate introduces new expectations around joint analyses, peer reviews, and technical standards for reporting and information exchange. FIUs that are proactive now will be better positioned when AMLA’s standards become binding.
AMLA will host and develop the FIU.net platform — the primary tool for secure cross-border intelligence exchange among EU FIUs and Europol. FIUs should audit their current FIU.net integration, data quality standards, and internal case management processes to ensure they can participate effectively in joint operational analyses once AMLA assumes full coordination responsibilities.
AMLA is mandated to organize peer reviews of national FIU activities. These reviews will assess operational effectiveness, reporting quality, and cooperation standards. FIUs should review their performance against IO.6 benchmarks and the Egmont Group’s effectiveness indicators, addressing any known gaps in strategic analysis, STR quality, or law enforcement dissemination before AMLA scrutiny begins.
AMLA is developing harmonized technical standards for suspicious transaction reporting and information exchange between FIUs. National FIUs should monitor the publication of these standards closely and begin adapting their reporting pipelines, data formats, and STR feedback mechanisms to align with the incoming framework.
Even institutions that will not be directly supervised by AMLA face a transformed compliance landscape. The Anti-Money Laundering Regulation (AMLR) — which applies from 10 July 2027 — replaces differing national transpositions of AML directives with a single, directly applicable EU regulation. Combined with the Sixth AML Directive (AMLD6) and AMLA’s technical standards, this creates a baseline of expectations that will be enforced consistently across all Member States.
AMLA’s supervisory model places heavy emphasis on structured data and consistent risk scoring. Institutions with fragmented data infrastructure — limited data lineage, inconsistent beneficial ownership register connections, or uneven group-level frameworks — are at a competitive and compliance disadvantage. Structured data readiness is increasingly a prerequisite for credible supervisory engagement.
AMLA’s draft technical standards on customer due diligence require verification aligned with each relationship’s risk level. Institutions should review their CDD frameworks against the draft AMLR requirements, identifying gaps in risk-based customer profiling, PEP and beneficial ownership verification, and ongoing monitoring processes.
Institutions operating in multiple EU jurisdictions should map their cross-border customer and transaction volumes against the published materiality thresholds. Those approaching or exceeding the indicative criteria — more than 20,000 customers or EUR 50 million in transaction volume in a Member State — should begin preparing governance documentation and supervisory engagement materials now.
National supervisors are themselves adapting to the AMLA framework during 2026 and 2027. Proactive engagement with national competent authorities — particularly on the risk assessment methodology and supervisory expectations — will help institutions understand where they stand in the selection landscape and demonstrate a commitment to supervisory cooperation.
Perhaps the most important and least discussed consequence of AMLA is not the direct supervision of 40 institutions — it is the harmonization of supervisory culture across all 27 Member States.
For the first time, supervisors across the EU will use a common methodology to assess money laundering and terrorist financing risks. This harmonized approach eliminates the patchwork of divergent national standards that has historically allowed regulatory arbitrage — where institutions operating across borders could structure their activities to face the most permissive national regime. Under AMLA’s framework, that gap narrows significantly.
The EU’s revised Transfer of Funds Regulation has already introduced tighter controls on payment and crypto-asset traceability. The AMLR will extend directly applicable obligations to all obliged entities in the EU from mid-2027. Taken together, these developments mean that the supervisory bar is rising not just for the 40 directly supervised entities — it is rising for every institution subject to EU AML/CFT obligations.
The establishment of AMLA marks a turning point in EU financial crime governance. For FIUs and compliance teams, the critical question is not whether AMLA will change the operating environment — it is whether institutions and national authorities are ready for that change when it arrives.
The 2026 preparation window is real. AMLA is actively building the standards, methodologies, and institutional infrastructure that will define supervisory expectations from 2028 onward. Institutions that begin aligning their data quality, CDD frameworks, and governance structures now — and FIUs that strengthen their FIU.net readiness, reporting pipelines, and peer review preparedness now — will be significantly better positioned than those that wait.
The era of fragmented, jurisdiction-by-jurisdiction AML supervision in Europe is drawing to a close. For financial intelligence professionals and compliance leaders, AMLA represents both a challenge and an opportunity to raise the standard of financial crime prevention across the continent. Acting now is not optional — it is strategic.