On 9 February 2026, the EU’s new Anti-Money Laundering Authority (“AMLA”) opened a public consultation process in respect of its draft Regulatory Technical Standards on enforcement (the “RTS”).
Established in July 2024, AMLA is a decentralised EU agency that will coordinate national authorities to ensure the correct and consistent application of the EU AML rules. It is a key component of the EU’s new AML package and its full set of powers will become effective in July 2027. In preparation for this, AMLA is launching a number of consultation processes to garner views from stakeholders to help shape the new AML landscape within the EU. This follows previous consultations by the European Banking Authority (“EBA”) which focussed on the financial sector; and separate consultations in respect of business relationships and customer due diligence are also currently ongoing.
The RTS aim to develop a harmonised enforcement framework that is applied consistently across Member States and is “proportionate, effective and dissuasive”, and set out criteria to be considered when assessing the gravity of AML breaches and when determining the penalty to be applied. The deadline for responses in the consultation process is 9 March 2026.
The Sixth AML Directive (Directive (EU) 2024/1640) – which forms part of the EU’s AML package and has a general transposition deadline of 10 July 2027 – requires Member States to ensure that:
- pecuniary sanctions are imposed on obliged entities for serious, repeated or systematic breaches. The Directive provides for maximum pecuniary sanctions of at least €1 million for obliged entities, €10 million for credit / financial institutions and €5 million for natural persons (and Member States can empower competent authorities to impose higher pecuniary sanctions) (Article 55);
- supervisors are able to apply administrative measures to an obliged entity, including, but not limited to, orders to implement specific corrective measures and restriction or limitation on the obliged entity’s business, where they identify breaches of AML regulations by an obliged entity or deficiencies in an obliged entity’s AML policies, procedures and controls (Article 56);
- supervisors are able to impose periodic penalty payments in order to compel compliance with those administrative measures where obliged entities fail to comply with specified administrative measures within the applicable deadlines (Article 57); and
- supervisors publish on their website decisions imposing pecuniary sanctions, applying administrative measures (such as those referenced above) or imposing periodic penalty payments (Article 58).
Under the draft RTS, pecuniary sanctions, administrative measures and periodic penalty payments may be imposed separately or in combination. Specific provisions for natural persons who are not themselves obliged entities, including senior management and members of the management body in its supervisory function, are also included in the draft RTS.
Key elements of the draft RTS include:
- Indicators to assess AML breaches: In determining the classification of AML breaches, the draft RTA sets out a list of indicators that supervisors (such as the Central Bank of Ireland) will take into consideration, including the duration, repetition and systemic nature of the breach, as well as the impact of the breach on the financial viability of the obliged entity or of the group of which the obliged entity is part.
- Classification of AML breaches: Once supervisors have assessed the breach against all indicators referenced above, they will assign a classification from one to four by increased order of severity. The draft RTS explains how indicators are to influence classification. For example, where a breach was for a short time and not repeated it can be classified as a category one breach. On the other end of the scale, where the impact of the breach on the financial viability of the obliged entity is considered significant, supervisors shall classify the breach as category four.
- Criteria for pecuniary sanctions: Having completed the steps above, when deciding upon the level of a pecuniary sanction, a supervisor will consider criteria including the level of co-operation with the supervisor, conduct since the breach has been identified, whether the breach was intentional and any previous breaches. Supervisors shall also take into account the financial strength of both legal and natural persons.
- Criteria for administrative measures: Article 56 of the Sixth AML Directive refers to specific administrative measures that supervisors may impose. Prescriptive criteria are set out in the draft RTS for some of these measures. For example, where an obliged entity is subject to an authorisation and a supervisor is considering whether to withdraw or suspend the authorisation it will consider (in addition to other criteria) whether such a measure is capable of mitigating the actual impact or preventing a potential impact of the breach.
- Methodology for imposition of periodic penalty payments: The draft RTS provides that before a supervisor can impose periodic penalty payments on a party, they must furnish to the party a statement of findings justifying the periodic payments. Further, the responsible party has a right to be heard and will have a four weeks to deliver written submissions in response to the statement of findings. When deciding upon the calculation of the periodic payment the supervisor will consider various factors listed in the draft RTS, including the reason for non-compliance with the administrative measures and losses to third parties. The periodic payment can be set on a daily, weekly or monthly basis. The draft RTS provides that periodic penalty payments shall be governed by national law in force in the Member State where the periodic penalty payments are imposed and collected.
For transparency in its policy formation, AMLA publishes consultation responses on its website as well as a final report summarising the key points arising from the consultation exercise.
The outcome of the consultation process, and its ultimate impact on AMLA’s enforcement framework, remains to be seen and we will continue to monitor developments.
Contact us
In the meantime if you have an queries about this update please contact any of the authors or your usual contact in the Disputes and Investigations Group or the Financial Institutions Group at Matheson.