Unveiling AMLA’s Blueprint: A Snapshot of the 2026-2028 Work Programme and Key Regulatory Instruments

The new EU Anti-Money Laundering Authority (AMLA) is one of the cornerstones of the EU AML Package (see our Navigator for an overview). After having been established in June 2024 and moved into its new Frankfurt offices in spring 2025, AMLA has commenced operations in summer 2025. In January 2026, all anti-money laundering (AML) and counter-terrorism financing (CFT) mandates and functions were transferred from the European Banking Authority (EBA) to AMLA, marking a milestone in the EU’s AML/CFT landscape. 

On 4 February 2026, AMLA published its first multi-year plan, called “Single Programming Document” (SPD). The SPD gives an overview of AMLA’s strategic objectives and scheduled activities across three core deliverables: 

• completing the AML/CFT Single Rulebook to ensure regulatory consistency;
• advancing convergence of supervisory practices across both the financial and the non-financial sectors; and
• strengthening cooperation between Financial Intelligence Units (FIUs), supervisory authorities and law enforcement. 

Shortly thereafter, on 9 February 2026, AMLA launched three public consultations on draft regulatory technical standards (RTS). Three further public consultations, on RTS and implementing technical standards (ITS), have already closed.

This blog post delves into AMLA’s ambitious agenda by highlighting selected take-aways from the SPD and gives an overview of key RTS and ITS developments.

I. Direct supervision of selected financial sector entities 

From 2028 onwards, AMLA will directly supervise 40 EU credit and financial institutions to be selected based on their geographical footprint and risk profile, replacing their previous fragmented supervision (largely at national level) by harmonised supervision (at EU level). AMLA aims to reach full operational readiness for the first supervisory cycle by mid-2028.

To this end, AMLA will develop a strategy setting out the vision, priorities and operational principles which will underpin AMLA’s direct supervision. Key elements of AMLA’s work from 2026 to 2028 will include the following: 

• Selection methodology: One of the most anticipated questions in relation to AMLA is which credit and financial institutions are going to be directly supervised. Building on the draft RTS published by the EBA last year, AMLA has already published its Final Report on the draft RTS on the risk assessment for the purpose of selection for direct supervision (see point V. below). Besides defining the selection methodology, AMLA will run a data collection exercise to test and calibrate its risk assessment models, to be launched in March 2026. The process is expected to conclude in 2026, forming the analytical foundation for the first selection round, which is planned for 2027.
• Information transfer framework: AMLA will also define procedures for the secure transfer of supervisory information and documentation from financial supervisors to AMLA. These arrangements are envisaged to be fully functional by the end of 2026, to allow for a smooth transition once direct supervision launches in 2028.
• Direct supervision framework: Another focus area is the development of the framework for direct supervision, including the supervisory methodology and supervisory tools, alongside operational processes, governance structures and legal safeguards. In 2026, the first draft procedures for off-site monitoring, on-site inspections and follow-up actions may already be prepared for pilot use, alongside exploratory work on reporting templates. AMLA especially aims to ensure readiness for consistent, data‑driven oversight, relying on data quality checks, integration of risk indicators and Joint Supervisory Team dashboards to support off-site supervision, as well as structured procedures for following up on on‑site inspections.
• Enforcement framework: AMLA will also design and implement an enforcement framework to ensure that supervisory decisions are supported by effective sanctioning powers. This includes defining principles, procedures and governance arrangements for enforcement, such as the separation from day-to-day supervisory tasks. By 2028, AMLA aims to have a fully developed enforcement function tasked with ensuring that breaches of AML/CFT requirements are addressed in a consistent manner throughout the EU.

II. Indirect supervision of financial sector entities 

Financial sector entities obliged to comply with AML/CFT requirements but not selected for direct supervision will continue to be supervised by their current supervisors. In this regard, AMLA will exercise indirect supervision by establishing harmonised standards (including RTS and ITS, see point V.), monitoring supervisors’ compliance therewith and supporting them (for example, through trainings and dialogue). 

For this purpose, AMLA will draw up a strategy and work out the operational foundation of such indirect supervision. Core aspects of AMLA’s activities from 2026 to 2028 will include the following: 

• Indirect supervision framework: AMLA will develop methodologies, tools and procedures for indirect supervision, following a risk-oriented approach and based on risk mapping. A core element will be supervisory convergence reviews, which AMLA will plan through 2026-2028. The first cycle of reviews is expected to take seven years and aims to identify vulnerabilities in supervisors’ approaches to AML/CFT supervision. Until the end of June 2027, AMLA will monitor supervisors’ compliance with the current AML/CFT standards; thereafter, AMLA will monitor compliance with the forthcoming AML/CFT standards (under the EU AML Package, including the new instruments discussed in point V.).
• Supervisory colleges: AMLA will select colleges for relevant obliged entities in accordance with a risk-based approach and participate in these colleges. To facilitate their work, AMLA will ensure the availability of an IT platform for information exchange among college members.
• Response to breaches: AMLA will also be prepared to act in cases of serious, repeated or systematic breaches of AML/CFT requirements by obliged entities, or where supervisors have not adequately applied supervisory measures in a way that affects multiple obliged entities and undermines the effectiveness of the AML/CFT system. AMLA plans to develop governance structures and processes for issuing recommendations and warnings to react to potential breaches.

III. Oversight of the non-financial sector 

AMLA will have oversight of a broad range of obliged entities of various non-financial sectors, cooperating with national authorities whom AMLA will assist (yet again, via exchange, guidance and trainings but with an increased focus on awareness-raising for AML/CFT requirements). 

In this respect and similarly to above, AMLA’s planned approach includes creating a strategy and completing the groundwork for such oversight, with key activities in 2026 to 2028 as follows: 

• Oversight framework: Starting with a comprehensive mapping of risks and supervisory practices across the large number of different non-financial sectors in 2026, AMLA endeavours to obtain a comprehensive understanding of risks and gaps in the implementation of AML/CFT requirements, and to develop an oversight framework on this basis, including methodologies and tools.
• Supervisory colleges: Supervisory colleges (see above) are envisaged for the non-financial sector as well. In addition, AMLA will put an emphasis on conducting peer reviews, which are planned to start in 2027.
• Response to breaches: Moreover, AMLA will prepare for requests to act in exceptional circumstances or in cases where it detects that supervisors have not adequately applied supervisory measures.

IV. Further noteworthy points 

AMLA also plans to map out a coordination framework for FIUs, including joint cross-border analyses by FIUs. Moreover, a comprehensive data ecosystem, including an enhanced FIU.net system and a new central AML/CFT database, will lead to increased data analytics and data sharing between authorities. 

1. By 2027, FIU.net should be optimised to enable real-time data exchange across the EU and its management should be transferred to AMLA.
2. Already in 2026, AMLA will prepare the roll-out of a new central AML/CFT database and finalise the related draft RTS. The database will especially include information on obliged entities, risk assessments, the outcomes of ‘fit and proper’ evaluations, supervisory measures, sanctions and authorisation withdrawals. In 2027, the database should be fully operational. 

Obliged entities should keep this in mind, for example, in ownership control proceedings or similar processes involving supervisory authorities across jurisdictions. Supervisory authorities may be able to obtain a consolidated overview of the points mentioned above via the central AML/CFT database, so that it becomes even more important to present information on these matters to all authorities across all filings in an aligned, consistent way. 

V. Key regulatory instruments (RTS/ITS) and timelines

The development and implementation of RTS, ITS and guidelines are central to AMLA’s mission of completing the EU AML/CFT Single Rulebook and ensuring supervisory convergence. AMLA’s plans for 2026-2028 include a significant focus on drafting these instruments in close cooperation with supervisory authorities and in consultation with the private sector (see AMLA’s timetable). The table below provides an overview:

VI. Conclusion: A new era for EU AML/CFT

AMLA’s Single Programming Document for 2026-2028 demonstrates a commitment to fortifying the EU’s defences against money laundering and terrorist financing. AMLA is laying the groundwork for a more unified, effective and technologically advanced AML/CFT framework and positions itself as a global leader in financial crime prevention.

While AMLA expects these efforts to lead to a reduction in illicit financial flows and to increase trust in the EU’s financial system, it remains to be seen how financial sector and non-financial sector firms will be affected. 

First, regarding enforcement, the level of pecuniary sanctions for AML/CFT violations currently varies significantly across EU Member States, reflecting divergent national approaches to fining.  Against the background of recent significant fines imposed by authorities in certain EU Member States, it will be interesting to see what levels of fines could emerge under a more harmonised framework, particularly in light of the draft RTS on pecuniary sanctions, administrative measures and periodic penalty payments published by AMLA on 9 February 2026 (see above and our earlier blogpost on the EU AML/CFT regime for further background).

Second, obliged entities active across various jurisdictions will generally welcome consistent standards across the EU instead of the previously fragmented system, where EU Member States and national authorities took very inconsistent approaches in implementing the EU AML directives, leading to significant differences in national requirements and interpretations (e.g. KYC standards). To what extent the new, EU-wide standards will substantively bring additional, or different, compliance to-dos will largely depend on the currently applicable national requirements and authorities’ expectations that obliged entities must observe (for example, the German Anti-Money Laundering Act (“Geldwäschegesetz”) and related “Auslegungs- und Anwendungshinweise” of BaFin in Germany, the Financial Market Anti-Money Laundering Act (“Finanzmarkt-Geldwäschegesetz”) and related “Rundschreiben” of the FMA in Austria, or the Money Laundering and Terrorist Financing (Prevention) Act (“Wet ter voorkoming van witwassen en financieren van terrorisme”) and related DNB “Wwft Q&As and Good Practices” in the Netherlands). AMLA has stated that it is taking a proportionate and risk-based approach, “paying attention to compliance costs and without imposing unnecessary burdens” and providing guidance on how the framework can be simplified in cases where the risks are low. However, it will be interesting to see how this is going to unfold in detail. 

We encourage obliged entities to follow the developments to evaluate whether they may be in the scope of direct supervision and whether actions will become necessary on their end, in particular updates to their policies, procedures and controls.

The Freshfields AML team will continue to closely monitor this space and is available to support.