Regulatory News
Compliance

EBA Rulebook for AMLA - state of RTS in 2025

Arnaud Schwartz
CEO and Co-Founder
0 minutes reading
October 23, 2025
Summary
Example H2

The EU's New Rulebook: A Simpler, Stronger Way to Fight Dirty Money

For years, the European Union has faced a major challenge in its fight against money laundering. While all member states had the same goal, they each had slightly different rules. This patchwork system made it easy for criminals to find loopholes and expensive for legitimate businesses to operate across borders11.

To fix this, the EU is creating a new, central body called the Anti-Money Laundering Authority (AMLA). It’ll be headquartered in Frankfurt.

But before this new agency can start its work, it needs a single, clear rulebook for the entire EU.

The European Banking Authority (EBA) has just released the first draft of this new rulebook. Think of it as the detailed blueprints for how the EU will fight financial crime from now on. These new rules, known as Regulatory Technical Standards (RTS), aim to create "maximum harmonisation," meaning one set of rules for everyone.It is also meant to remove the cherry picking of local regulators that used to plague the true unicity of the EU markets :

  • Companies asking for their licence in countries with a more relaxed approach to regulation
  • Regulators favoring some of their own regulated entities, leading to a lack of oversight.

Here’s a simple breakdown of what these new rules will do and what they mean for banks and the "watchdogs" who regulate them.

What Are the New Rules About?

The draft rulebook is built on four key pillars:

  1. A Common "Risk Scorecard" for All
    • Currently : A bank's risk level could be rated differently in different countries. A supervisor in Germany might see it as "medium risk," while a supervisor in Italy might see the same operations as "high risk".
    • With the RTS : There will be one common methodology for all supervisors to use. This "scorecard" will measure a financial institution risk in a consistent way, looking at its inherent risk (the risks it faces from its customers and products) and its residual risk (the risk left over after its safety controls are applied).
  2. Deciding Who the New "Sheriff" (AMLA) Watches Directly
    • Currently : All firms were supervised by their national "watchdogs" (the national supervisors).
    • With the RTS :  AMLA itself will become the direct supervisor for a small number of the largest and riskiest financial firms that operate across the EU. These new rules set the test for how AMLA will pick this group.
    • For example, a firm must be "materially active" in at least six EU countries. The rules get specific, defining "active" as having over 20,000 customers or handling over €50 million in transactions in that country.
  3. One Rule for Checking Customer IDs (Customer Due Diligence)
    • Currently : The "Know Your Customer" (KYC) rules—what a bank must do to prove you are who you say you are—were different everywhere. From live video in some countries to local validation schemes, you had to adapt to each market
    • With the RTS : This new rule creates a single, detailed list of exactly what information firms must collect. It specifies the requirements for standard checks, simplified checks (for low-risk cases), and enhanced checks (for high-risk situations like dealing with politically exposed persons).
  4. Making Punishments Fair and Consistent
    • Currently :  The same rule-breaking offense could get a big fine in one country and a small one in another.
    • With the new regulation : The rules create a common framework for penalties to ensure they are "effective, proportionate, and dissuasive" everywhere. Supervisors will use the same system to classify how serious a breach is (e.g., from a low "category one" to a severe "category four") and to decide on the level of fines.

What This Means for Financial Institutions, fintechs and banks alike.

  • A Single Rulebook: This is the biggest win. A bank operating in 10 different countries will no longer have to navigate 10 different sets of rules. In the long run, this is expected to be much cheaper and more efficient.
  • Short-Term Work: In the short term, firms will need to update their  systems to collect the new, specific data for the "risk scorecard". They'll also have to retrain staff and change their customer sign-up processes to meet the new, single standard.
  • A new supervisor (for the larger ones): The biggest cross-border firms will get a new main supervisor: AMLA itself.
  • Clearer Penalties: Enforcement actions and fines will become more consistent and predictable across the entire EU.

What This Means for Regulators (The "Watchdogs")

  • A New Toolkit: National supervisors in every country will have to adopt the new EU-wide "risk scorecard" and stop using their old, custom-built models. No more local interpretation.
  • A New Partner: AMLA will become the central coordinator. National supervisors will work closely with AMLA, using its common rules. For the big firms that AMLA supervises directly, the national "watchdogs" will provide support.
  • Consistent Enforcement: All regulators will use the same rulebook to classify breaches and apply sanctions, ensuring a level playing field from country to country.

Conclusion

In short, these new rules are the foundation for a more unified European defense against dirty money. They aim to make life much harder for criminals but also simpler and fairer for the financial institutions that follow the rules.

They also have true, direct impact on local regulators, now operating under a single rulebook with little interpretation left, leveling the playing field across Europe.

Learn more about Marble

Watch a demo