TheAMLA, or Authority for Anti-Money Laundering and Countering the Financing of Terrorism, is the new European authority responsible for strengthening the fight against money laundering and terrorist financing. Based in Frankfurt, it develops the European regulatory framework, promotes the convergence of supervisory practices, and prepares for the direct supervision of a limited number of financial institutions.
As of July 10, 2026, AMLA is no longer an institutional project awaiting launch. It has been operational since 2025, is already conducting consultations, collecting the data needed to select future supervised institutions, and has published its first set of common guidelines. In this guide, AP Solutions IO outlines key dates and the practical implications for compliance teams.
In a nutshell: What is the AMLA timeline?
The authority’s rise to prominence is based on several specific milestones:
- in 2026, AMLA will calibrate its risk models, prepare the technical tools, and identify institutions likely to be included in the selection process;
- in 2027, it will select up to 40 financial institutions or groups for its first round of direct supervision;
- on July 10, 2027, the AMLR will take effect in most of the affected sectors;
- in 2028, AMLA will begin directly supervising selected entities.
Other professionals will continue to be supervised by their national authorities. They will, however, be subject to the harmonization of rules, inspection methods, and certain reporting requirements.
What is AMLA?
The AMLA was legally established on June 26, 2024, and began operations in the summer of 2025. As of January 1, 2026, it has assumed the European AML-CFT convergence tasks AML-CFT carried out by the European Banking Authority.
His role is structured around three main functions:
- develop technical standards, guidelines, and common methods;
- harmonize the practices of national supervisors;
- strengthen cooperation among financial intelligence units, such as Tracfin in France.
The AMLA will not become a European financial intelligence unit. Reports of suspicious activity will continue to be submitted to the relevant national units.
Our analysis of how the AMLA affects compliance details its powers, its organization, and its relationships with national authorities.

AMLA, AMLR, and AMLD6: How Can We Tell Them Apart?
The AMLA is the institutional cornerstone of the new European package. It should be distinguished from theAMLR, which sets out the main obligations directly applicable to financial institutions, and from the AMLD6 Directive, which governs, among other things, national supervisory mechanisms and financial intelligence units.
The AMLR will take effect primarily on July 10, 2027. In particular, it will harmonize customer due diligence, beneficial owner identification, ongoing monitoring, and certain rules relating to groups.
To understand the changes that will directly affect internal procedures, our guide on the practical impacts of the AMLR outlines the requirements that need to be mapped out before this deadline.
Which institutions will be directly supervised?
Direct supervision will not apply to all regulated professionals. During the first cycle, the AMLA may select up to 40 credit institutions, financial institutions, or financial groups operating in at least six Member States.
The selection will be based, in particular, on the inherent level of risk, the quality of existing controls, and the residual risk. It will be reviewed every three years.
Non-financial businesses—such as the legal profession, real estate, casinos, and future regulated professionals in soccer—will remain under the supervision of their national authorities. The AMLA will, however, perform coordination and evaluation functions that will help harmonize supervisory practices in these sectors.
For the selected entities, supervision will not replace national authorities. It will be carried out by joint teams comprising the AMLA and the competent supervisors in the relevant member states.
2026–2028 Timeline: What Steps Have Already Been Taken?
2026: Data collection and development of the technical corpus
In March and April 2026, the AMLA conducted an exercise designed to test and calibrate the risk models that will be used for the 2027 selection process. In May, it published a new reporting package designed to identify provisionally eligible entities.
National supervisors must submit the requested information to the European authority, which plans to finalize an initial eligibility list by the end of September 2026.
The year 2026 is also focused on regulatory instruments. The work focuses in particular on:
- customer due diligence;
- the distinction between a business relationship and an occasional transaction;
- comprehensive risk assessment;
- ongoing monitoring of relationships and operations;
- the requirements applicable at the group level;
- cooperation among national supervisors.
July 2026: First Concrete Guidelines
On July 2, 2026, the AMLA launched a public consultation on a common format for reporting suspicious activity. The goal is to make the information more structured and comparable across Member States, while allowing for sector-specific adaptations.
On July 8, it published a final report proposing a common methodology for assessing the severity of AML-CFT violations AML-CFT determining supervisory measures.
This proposal must still be adopted by the European Commission before it becomes legally binding. Therefore, a consultation or a final report should not be presented as an obligation that is already in effect.
Nevertheless, these publications provide a clear direction: the data will need to be more consistent, the decision-making criteria better documented, and the results more easily comparable.
2027: Implementation of the AMLR and Selection of Entities
The year 2027 will feature two major deadlines. The first selection process will begin no later than July 1 and must be completed by the end of the year.
The AMLR will take effect on July 10, 2027 in most of the affected sectors. Certain provisions relating to agents and soccer clubs will take effect at a later date.
Organizations must therefore prepare for the AMLR even if they will never come under the direct supervision of the AMLA. The regulation will alter their substantive obligations, while the European authority will influence supervisory methods and technical tools.
2028: Start of direct supervision
In 2028, the AMLA will assume direct oversight of the selected institutions. This date marks the beginning of an ongoing process: the list will be reviewed every three years, and regulatory work will continue in parallel.
Direct supervision is therefore not the final stage of the process. It marks the beginning of a European framework that is set to evolve as new selection cycles unfold and new instruments are adopted.
What are the consequences for professionals who are not selected?
The absence of direct supervision does not mean there is no impact. National supervisors will continue to exercise their authority, but their approaches will gradually be aligned with AMLA’s tools, assessments, and guidance.
Professionals must anticipate more consistent expectations regarding:
- the quality of KYC and KYB data;
- the consistency of risk ratings;
- ongoing monitoring of relationships and operations;
- documentation of alerts and decisions;
- the implementation of procedures at the group level;
- the quality of the information provided to financial intelligence units.
This convergence can reduce certain national differences. However, it requires cross-border groups to first align their data, procedures, and systems.

How can you start preparing your plan now?
Mapping Discrepancies Using the AMLR
The first step is to compare the current system with the requirements that will take effect in 2027. The organization must identify the relevant procedures, missing data, scoring rules that need to be revised, and tools that require adaptation.
The method presented in our guide on the steps to compliance allows you to structure this review without waiting for the latest technical instrument to be published.
Strengthen the traceability of decisions
Any quotation, alert, or case closure must be supported by documentation. The audit trail must include:
- the data used;
- the criteria used;
- the validations performed;
- the changes made;
- the background of the decision.
At AP Solutions IO, this requirement guides the design of the AP Scan, AP Scoring, AP Monitoring, and AP Filter solutions. Their Glass Box architecture is designed to make the rules and results understandable to teams, without shifting the responsibility for decision-making to the tool.
Distinguishing between draft rules and final rules
The consultations published in 2026 provide useful guidance, but not all of them constitute definitive requirements. A draft technical standard must still be adopted in accordance with the applicable European procedure before it becomes binding.
Effective monitoring must therefore identify the status of each document: consultation, final report, adopted guideline, standard approved by the Commission, or text published in the Official Journal of the European Union.
AP Solutions IO monitors these developments and regularly updates its solutions. However, the integration of a new requirement depends on its final adoption and the relevant functional scope.
Testing the quality and comparability of data
The selection exercise conducted in 2026 shows that data availability is becoming a supervisory issue in its own right. The groups concerned must be able to consolidate comparable information on their entities, customers, risks, and controls.
Organizations can also explore the AP Solutions IO’s Glass Box technology to understand how explainability and audit trails can support more auditable compliance.
Prepare for the AMLR without waiting until 2027
The AMLA does not create an isolated change. It supports the transition to a more harmonized European framework, in which the AMLR sets the substantive rules and supervisors gradually adopt more convergent approaches.
The priority is to turn future obligations into concrete initiatives: data, KYC, Beneficial Owners, scoring, transaction monitoring, sanctions, and governance.
Our second analysis of the operational impacts of the AMLR helps organize this work by compliance area.
To assess data quality, the traceability of quotes, and the explainability of alerts, work with AP Solutions IO helps align future European expectations with the system already in place.
AMLA FAQ
When will the AMLA become operational?
The AMLA has been in operation since 2025 and is already carrying out its regulatory and coordination duties. It took over the AML-CFT functions from the European Banking Authority on January 1, 2026. Its direct supervision will begin in 2028.
How many institutions will be directly supervised?
During the first cycle, the AMLA will select up to 40 financial institutions or groups operating in at least six member states. The selection process will be repeated every three years.
Does the AMLA replace the ACPR?
No. The ACPR will continue to supervise the organizations within its scope. For selected entities, direct supervision will involve the AMLA and national authorities working together in joint teams.
What is the difference between AMLA and AMLR?
The AMLA is a European authority. The AMLR is a directly applicable regulation that harmonizes the substantive obligations imposed on professionals effective July 10, 2027.
Are the 2026 consultations already mandatory?
No. They help anticipate future expectations, but their content may change before the standards or guidelines are finally adopted.
How can an organization prepare?
It must identify discrepancies, verify the quality of its data, review its procedures, and improve traceability. These efforts remain valuable even when the organization is not under direct supervision.
Official sources
- AMLA — Overview and Rollout Schedule
- AMLA — Direct Supervision Schedule
- AMLA — Preparing for the Selection of Entities in 2027
- AMLA — Consultation on the Common Format for Reporting Suspicious Activity
- AMLA — Common Methodology for Assessing Noncompliance, published on July 8, 2026
- EUR-Lex — AMLR Regulation and Effective Date

