The AMLA Era:
Centralised Supervision and the Future of Compliance

On 1 July 2025, a new authority quietly assumed power in the heart of the EU’s regulatory framework: the Anti-Money Laundering Authority (AMLA).

More than just a bureaucratic milestone, AMLA represents a fundamental rethink of how the EU tackles financial crime, shifting from fragmented national oversight to centralised, intelligence-led supervision. For financial institutions, this is not just a regulatory change – it’s a strategic signal.

What AMLA Really Changes

Yes, AMLA will directly supervise a select group of high-risk, cross-border financial institutions. Yes, it will issue technical standards and coordinate Financial Intelligence Units (FIUs).

But the real shift isn’t just procedural – it’s philosophical.

It turns supervision into a strategic capability. It puts data at the centre of decision-making. It treats information sharing not as a compliance afterthought, but as a regulatory requirement. And it’s designed to evolve, with cross-border collaboration and real-time analytics built into its DNA.

From Compliance Obligation to Strategic Risk Management

For institutions operating across the EU, AMLA changes the rules of the game. Compliance functions must now be:

New Work Programme Signals the Future – and Crypto Takes Centre Stage

The release of AMLA’s July 2025 Work Programme offers the clearest picture yet of how the authority will operate, and what it values.

While the programme outlines foundational efforts around staffing, infrastructure, and supervisory coordination, one early priority stands out: crypto-asset service providers (CASPs).

In a clear signal of intent, AMLA has launched technical working groups specifically focused on crypto, aiming to create harmonised supervisory standards across the EU. This isn’t a future ambition – it’s an active workstream.

By addressing crypto risks at the outset, AMLA is placing technology-driven, high-risk sectors at the heart of its supervisory agenda. This is a warning shot to firms operating in or adjacent to crypto: the days of regulatory ambiguity are numbered.

Questions Every Institution Should Ask Now

As we move from policy to implementation, forward-looking compliance leaders should ask:

• Are our AML frameworks robust enough for centralized, cross-border scrutiny?
• Do our KYC/CDD processes align with AMLA’s expectations?
• Are we leveraging AML data for strategic insights or merely meeting minimum requirements?
• Is our risk management consistent across regions and sectors?
• Are we prepared for intensified focus on high-risk areas like crypto?

The Road Ahead: Transition Now, Supervision Later

AMLA’s full supervisory powers, including direct oversight of 40 high-risk institutions, will activate by 2028, with selections finalized by 2027. This transition period is a strategic runway for firms to:

• Assess and close gaps in existing AML frameworks.
• Invest in modern tools like AI-driven risk detection and real-time monitoring.
• Align compliance with business strategy to drive efficiency and trust.

Firms that treat 2028 as a deadline will scramble to catch up. Those that act now will lead the pack.