Money laundering and terrorist financing remain among the most serious threats to the integrity of the EU financial system. As highlighted in the analysis prepared for Future Finance Poland by Michał Barszcz of Bank Millennium, the effectiveness of AML/CFT measures depends on coordinated action that reaches far beyond national borders. Criminal activity increasingly operates across jurisdictions, and purely domestic measures, even those implemented at EU level, offer limited protection unless supported by international cooperation.
Over the past decade the EU has built an extensive regulatory architecture inspired by FATF recommendations. AMLD IV introduced the risk-based approach, obligations to identify beneficial owners, wider coverage of obliged institutions and lower thresholds for cash transactions, while strengthening cross-border supervision. AMLD V expanded the regulatory perimeter to virtual asset service providers and the art market, enhanced public access to beneficial ownership registers and placed greater focus on high-risk jurisdictions. AMLD VI harmonised the criminal definition of money laundering, broadened underlying offences and reinforced cooperation between law enforcement authorities. Collectively these directives form the backbone of today’s European AML/CFT regime.
For obliged institutions this framework translates into a demanding set of responsibilities: identifying and assessing ML/TF risks, conducting customer due diligence and enhanced due diligence, monitoring ongoing relationships, reporting suspicious activity, maintaining records and establishing internal procedures supported by staff training. With each revision of the AML rules the operational and legal burdens grow, and supervisory expectations become more precise. National FIUs are increasingly assertive in inspections, and deficiencies in AML/CFT systems frequently lead to administrative penalties.
Despite its breadth, the current framework remains imperfect. The European Banking Authority’s 2023 Opinion highlights persistent weaknesses such as inconsistencies in the enforcement of restrictive measures, shortcomings in identifying beneficial owners, limited awareness of cybercrime-related risks, challenges related to crypto-assets and BigTech, and the continued problem of unjustified de-risking.
In Poland these issues are compounded by divergences between the text of the national AML Act and EU directives, which can directly affect how institutions identify beneficial owners. Training provided by the Polish FIU also remains basic in scope and insufficiently tailored to sector-specific needs.
One of the key strategic questions facing the EU today is whether AML regulation can shift from a reactive model – introduced largely in response to major scandals – to a forward-looking system capable of anticipating emerging forms of financial crime. As Michał Barszcz notes, the AML area has become heavily overregulated. Obliged institutions shoulder extensive administrative tasks that do not necessarily improve risk mitigation. A more effective use of resources, combined with clear, practical and harmonised guidance from AMLA and national supervisors, would strengthen the system far more than adding further layers of formal obligations.
The EU’s Action Plan identifies the need for a single rulebook, EU-level supervision and deeper integration of FIUs. These elements, together with AMLA’s future role, represent an attempt to build a coherent, proportionate and technology-aware AML/CFT architecture. Yet the challenges described in the analysis demonstrate how difficult it is to maintain regulatory effectiveness in a rapidly changing environment shaped by new technologies, geopolitical shifts and evolving criminal techniques.
Ultimately, the evolution of AML/CFT regulation reflects a tension between the need for comprehensive safeguards and the operational realities faced by obliged entities. Each new directive and guideline strengthens system integrity but also increases complexity, cost and interpretative uncertainty. As the EU enters a new phase of AML reforms, the priority will be to create a framework that is not only stringent but also actionable, predictable and capable of addressing risks before they crystalise. For financial institutions, fintechs and payment providers this will determine how compliance, product design and risk management evolve over the coming years.
Access the full article here:
