If you ask financial institutions where they stand today on AMLR, the answers tend to follow a familiar pattern: “We’re reviewing the regulation.”, “We’ve done an initial gap analysis.”, or “We’re setting up a project.”
These answers reflect a broader industry reality. Many organisations have started the work, but most efforts still focus on interpretation and internal alignment. Fewer teams have defined what AMLR means for daily AML operations and how it will change workflows in practice.
In this article, we’ll introduce an overview of AMLR, discuss where organisations stand today, and show how you can start operationalising your AML process today so you can be ready for the upcoming changes.
What is AMLR?
The Anti-Money Laundering Regulation (AMLR) forms part of the EU’s Single Rulebook. It aims to harmonise anti-money laundering and counter-terrorist financing requirements across member states.
Unlike previous directives, AMLR applies directly. This means that it removes national interpretation and establishes a single set of rules. It introduces:
- A unified AML framework across the EU
- Expanded customer due diligence requirements
- Stronger alignment between transaction monitoring, risk assessment, and customer profiles
- Increased transparency, including traceability of crypto transactions
- A new EU authority, AMLA, to coordinate supervision
This shift raises expectations for consistency across the entire AML lifecycle. Financial institutions must demonstrate how their AML framework operates in practice, with clear logic and documented decisions.
AMLR readiness: Where organisations stand today
When speaking with customers, one question comes up consistently: “Where do we even begin?”
Our customer research shows that 58% of institutions have completed an initial analysis, while 17% plan to start soon. Only 8% have begun structured implementation, and another 8% have not started at all.
Despite the July 2027 deadline, AMLR already presents an active challenge for most organisations.
Confidence levels reflect this uncertainty. 33% say they feel confident, while another 33% are actively working towards readiness, but are not yet confident. 25% report low confidence, and only 8% feel fully prepared.
Want to share your thoughts on AMLR readiness? Fill in our anonymous survey here.
Teams must maintain daily AML operations while simultaneously driving transformation. Data exists, but teams often question its consistency and reliability.
While organisations understand regulatory expectations at a high level, they still struggle to translate them into system behaviour and workflows.
What supervisors expect to see in practice
A common starting point for compliance teams is trying to understand the regulatory expectations. While this work is necessary, it can create a checkbox approach.
Supervisors will instead focus on what they can observe in your operations, such as:
- Control effectiveness: Do your controls actually detect and manage risk, or do they generate alerts without clear prioritisation or outcome?
- Consistency: Is the same risk logic applied across onboarding, ongoing due diligence, transaction monitoring, and investigations, or are different systems producing different answers?
- Traceability: Can you explain every decision? What data was used, which rule triggered the outcome, and how the case was handled?
- Evidence: Can you provide information immediately or do you need more time to gather all information?
What operationalising AMLR looks like
If AMLR is an operational challenge, then success depends on how well organisations translate regulatory expectations into day-to-day execution. In practice, this means moving from fragmented processes to a connected AML lifecycle.
- Align risk logic
Many organisations already apply risk scoring across different processes, but often with variations in definitions, thresholds, or methodology. AMLR requires these differences to be removed. Define risk and apply consistently across onboarding, monitoring, and investigations.
- Connect workflows
In many organisations today, AML processes are still separated across teams and systems, which can create manual handovers, duplicated work, and gaps in visibility. Reduce these breaks by unifying all your processes into one platform to create a more continuous process, where information flows without friction.
- Establish a data foundation that can be trusted
Data is rarely missing, but it’s often fragmented. Different systems hold different versions of the same customer. Ownership structures are documented but difficult to use, while definitions vary across teams. Establish a shared, reliable data foundation that supports consistent risk assessment and decision-making.
- Move towards a more continuous approach to compliance
Instead of relying primarily on periodic reviews, AML processes need to respond dynamically to events, such as transactions, screening hits, or changes in customer behaviour. This allows risk to be updated in real time and due diligence to be triggered when it is actually needed.
In conclusion
With AMLR coming into effect in July 2027, the deadline can be pretty tight. However, this doesn’t mean that you must start from zero. For Nordic institutions, AML frameworks are already well developed, so the focus will be on aligning existing practices with AMLR requirements.
Author
Gabriela Taranu is a Content Manager with a strong background in B2B marketing, currently driving content strategy at RegTech company Trapets in Stockholm. With a background in content writing and experience across several tech companies, she focuses on creating and optimising content for various platforms, including social media, blogs, and websites.
