New EU AML rules: advice for accountancy practitioners

Accountants, auditors, and tax advisors play a key role in safeguarding European citizens from money laundering and terrorist financing.

This document outlines concrete steps for accountancy practices, national institutes of accountants, auditors and advisors to take to be ready when the EU anti-money laundering and countering the financing of terrorism (AML/CFT) legislation takes effect in 2027.

Background

In May 2024, the EU adopted a comprehensive AML/CFT reforms package. The new legislation imposes stronger AML/CFT obligations on all ‘obliged entities’, including accountants, auditors and tax advisors. It significantly impacts their daily operations and compliance responsibilities in areas such as customer due diligence (CDD), beneficial ownership transparency, targeted financial sanctions, suspicious activity reporting, and record retention.

The AML package consists of the following key legislative acts:

• AML Regulation, AMLR (Regulation (EU) 2024/1624 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing).
• 6^th AML Directive, AMLD6 (Directive (EU) 2024/1640 on the mechanisms to be put in place by Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing).
• AMLA Regulation, (Regulation (EU) 2024/1620 establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism).

Who are the obliged entities?

Obliged entities are required by the EU AML/CFT legislation to have in place policies, controls and procedures designed to assess and mitigate ML/TF risks. They are also expected to consider risk factors related to e.g. their customers, products, services, transactions, geographic area.

Obliged entities are grouped in financial entities such as banks and insurers and non-financial such as auditors, external accountants and tax advisors, notaries, lawyers and other legal professionals, trust or company service providers, estate agents, providers of gambling services.

Obliged entities should start preparing now to ensure that their AML/CFT frameworks are fully compliant, as the new rules are demanding and detailed. This means updating internal policies, procedures and controls, strengthening CDD, and enhancing monitoring and reporting mechanisms to meet the expanded obligations.

New AML changes

Accountancy Europe is publishing a series of factsheets highlighting the key changes introduced by the AML package to support accountants’ preparation for the new regulations. Navigating the EU Anti-Money Laundering Regulation – Key issues for the accountancy profession summarises the key provisions of the AML Regulation (AMLR) and highlights their implications for accountants, auditors, and tax advisors. It is the first in a series and will be followed by factsheets on the 6^th AML Directive and Regulation establishing a new AML Authority.

How can accountants get ready?

Start preparations early: AMLR imposes significant responsibilities, and their implementation is not feasible overnight. This is especially important for smaller practitioners, who will need to thoroughly review AML compliance for each of their new and existing clients.

Advice for practitioners

Map compliance gaps:

begin by identifying any compliance gaps with the new AML/CFT requirements and start aligning your existing policies and procedures with the updated standards to make sure they are well-documented, fit for purpose and subject to regular review. Professional accountancy bodies will be instrumental in supporting smaller practices (see under ‘Advice for professional accountancy organisations’).

Futureproof your governance model:

the AML package introduces increased obligations and accountability for senior management, including requirements for an AML compliance manager, a mandatory compliance officer role, and an independent audit function. These changes will significantly impact governance structures and reshape responsibilities for practitioners in our sector.

Reinforce your compliance culture:

the new EU AML/CFT rules raise the compliance bar, making it crucial to invest in a firms’ compliance system. A robust compliance culture must not be a pure tick-the-box mentality. Instead, it should focus on professional judgement, proactive identification and assessment of money laundering and terrorist financing risks. This may be particularly challenging for smaller practitioners who will need to establish new processes and technology solutions.

Examine underlying processes:

CDD is not just about collecting information; you must also evaluate and strengthen the underlying processes such as identifying beneficial ownership in line with the new requirements. Robust and structured processes are essential and will help alleviate administrative burdens.

Pay attention to detailed changes:

the AMLR has many details, and seemingly minor changes can have significant implications. For example, the current beneficial ownership threshold equals “more than 25 %” (see Article 3, 4^th AML Directive). The AMLR refines the definition of Ultimate Beneficial Owner (UBO), lowering the threshold for beneficial ownership to “25% or more”. This could require additional remediation work within your client portfolio. Accurately categorising corporate entities in your portfolio will support this process.

Furthermore, the EC can lower the beneficial ownership threshold to 15% or even lower for corporate entities deemed as high-risk for money laundering and terrorist financing (see Article 52, paragraph 2, AML Regulation). Proactively identifying and categorising corporate entities and their UBOs within your portfolio today will support future remediation efforts and ensure compliance with evolving regulations.

Prioritise data security:

the new rules impose significant obligations for client data collection. Focus on reliable data protection measures to prevent breaches and ensure all collected information’s security.

• assess the risks associated with using external data providers, such as data breaches or accuracy issues as obliged entities remain ultimately responsible for the data they rely upon. Practitioners must ensure that information from external providers aligns with their CDD requirements, which involves thoroughly understanding key parameters such as data sources, reliability, verification processes, update frequency, and data security measures.
• ensure appropriate permissions are in place for secure data sharing across networks, keeping in mind that this process may require significant time and effort.

Go beyond data collection:

collecting paperwork does not constitute meaningful customer knowledge. Checklists and templates provide structure and standardisation, but their completion needs a proper understanding of the information. Box-ticking solely to demonstrate the presence of documentation does not equal compliance with obligations.

Ensure a consistent approach across firms and networks:

by designing and implementing the necessary procedures and processes.

Assess whether your firm structure falls under the AMLR provisions on group-wide requirements outlined in Article 16.

By 10 July 2026, AMLA will draft Regulatory Technical Standards defining the minimum requirements for group-wide policies, procedures, and controls. These standards will also specify the conditions under which group-wide requirements apply to entities within structures sharing common ownership, management, or compliance controls, including networks and partnerships.

Educate and inform your clients:

start educating your clients early about new AML obligations. Keeping them informed about upcoming changes and their implications helps ensure compliance and maintain effective service.

Use the new EU’s AML Authority’s (AMLA) guidelines:

AMLA will provide standards and guidelines in the course of 2026-2027. Use these resources to identify further elements necessary for a comprehensive AML compliance framework.

Relay feedback from practice to AMLA:

AMLA will play a pivotal role in setting standards and issuing guidelines. Practitioners can communicate practical matters to AMLA to ensure that its standards and guidelines are clear, effective, and easily applicable within the profession. We recommend coordination with professional bodies to understand what input, if any, they can provide to AMLA guidance.

Collaborate with professional bodies:

engage with your professional body and peers for guidance on navigating these changes. Leveraging collaboration and shared resources will be key to meeting new AML obligations effectively. Smaller practices (SMPs) will face significant challenges and will need targeted support from local professional bodies and resources to support compliance.

Advice for professional accountancy organisations

• Provide support to map compliance gaps: local bodies are well placed to support practitioners, particularly SMPs, in mapping compliance gaps. Currently, there are significant divergences across jurisdictions in how the AML rules are implemented and enforced, and how these existing rules correlate with the new provisions.
• Provide training materials and resources: professional bodies can play a key role in providing training programs and tools. This includes offering assistance and resources such as technical guidance, template policies, dedicated webpages to help practitioners navigate the obligations. SMPs will particularly benefit from practical “how-to” documents. Where such resources are already available, they will need to be reviewed and updated to align with the new rules.
• Proactively support SMPs: the AML package is unprecedented in its scope and extent of detail. Professional accountancy bodies must take an active role in supporting SMPs, who may lack the resources to develop the necessary AML compliance processes.
• Encourage a mindset shift among SMPs: professional bodies should also emphasise the importance of understanding the rationale behind the AML rules ensuring that SMPs not only comply with the rules but also integrate their underlying principles into daily operations. This cultural shift will help ensure that compliance is not a box-ticking exercise but a core aspect of professional conduct.
• Prepare for new local oversight bodies in each jurisdiction: professional institutes are likely to come under review and oversight themselves. They must update their governance frameworks in anticipation of these changes and in consultation with the national government, relevant ministry and/or enforcement authority.