AMLA and the Centralisation of Financial Crime Supervision in Europe

The establishment of the European Union’s Anti-Money Laundering Authority (AMLA) represents one of the most significant structural changes to financial crime supervision in Europe in decades. 

While much of the policy discussion has focused on its future supervisory mandate, a more consequential development is already underway. Through 2026, the AMLA is testing a methodology that will determine which institutions are selected for direct EU-level supervision, with the formal selection process commencing on July 1, 2027.

Although the number of firms subject to direct oversight will be limited, the significance of AMLA extends far beyond this cohort. The authority marks a shift towards a centralised supervisory model built on unified risk assessment, harmonised methodologies, and cross border intelligence sharing. 

In practice, this represents a shift from fragmented national supervision to a more integrated European framework aligned with modern financial systems.

The broader implication is that financial crime supervision in Europe is becoming more data-driven, standardised, and focused on network-based risk. This evolution will affect not only directly supervised institutions but the wider ecosystem of banks, payment providers, fintech firms, and crypto asset service providers operating across the EU.

The Structural Drivers Behind AMLA

The Authority is best understood as a response to long standing structural weaknesses in the European AML and CTF framework. 

For many years, supervision remained the responsibility of national competent authorities operating under a broadly harmonised but inconsistently applied regulatory framework. This created divergence in supervisory intensity, enforcement outcomes, and risk interpretation across member states, despite increasingly integrated financial markets.

The issue became more pronounced as financial services themselves became more cross border in nature. Passporting regimes, integrated payment systems, and the rapid expansion of digital financial infrastructure meant that firms could operate seamlessly across jurisdictions while remaining subject to varying supervisory expectations. This imbalance created regulatory arbitrage and systemic blind spots in financial crime detection.

The AMLA represents the EU’s attempt to address this gap by introducing a central supervisory authority with direct oversight powers over selected high risk institutions and a mandate to harmonise AML supervision across all member states. Headquartered in Frankfurt, the AMLA will ultimately supervise approximately 40 financial institutions, selected on the basis of risk profile, cross border activity, and systemic importance within the EU financial system.

The Importance of the 2026 Methodology Testing Phase

The current methodology testing phase running through 2026 is a critical but often underappreciated component of the AMLA’s development. 

During this period, the authority is working with national supervisors and selected institutions to calibrate the risk assessment models that will determine which firms fall within its direct supervisory perimeter. This process includes data collection, comparative analysis across jurisdictions, and the refinement of scoring frameworks used to assess financial crime risk.

The significance of this phase lies in the fact that supervisory methodology ultimately determines supervisory reality.

The way the AMLA defines risk, evaluates governance effectiveness, measures cross border exposure, and assesses transaction monitoring capability will directly influence not only selection outcomes, but also the broader supervisory expectations applied across the European financial system.

This is the first time European regulators have had access to a centralised dataset of this scale across jurisdictions. As a result, the AMLA is developing a level of comparative visibility that has not previously existed within the EU supervisory architecture. This enables more consistent benchmarking of institutional risk and more granular assessment of systemic vulnerabilities across sectors and member states.

Direct Supervision and Its Wider Regulatory Impact

Although the initial perimeter of direct supervision is expected to include around 40 firms, the strategic importance of the AMLA is not confined to this group. 

The more significant development is the diffusion of its supervisory methodology across the wider regulatory ecosystem. National competent authorities are expected to increasingly align their own frameworks with AMLA standards, creating a convergence effect that extends well beyond directly supervised entities.

This means the AMLA will function not only as a supervisor, but as a standard setter for AML and CTF expectations across Europe. Institutions that are not directly supervised will nevertheless face increasing pressure to align with the AMLA-driven approaches to risk classification, governance expectations, data reporting standards, and control effectiveness assessments.

This dynamic is similar to the evolution observed in prudential supervision following the creation of the European Central Bank’s Single Supervisory Mechanism, where centralised oversight of key institutions led to broader harmonisation of supervisory expectations across the banking sector.

Implications for Crypto Asset Service Providers

The implications for crypto asset service providers are significant given the sector’s rapid growth and cross-border nature. Its introduction coincides with the regulatory implementation of Markets in Crypto-Assets (MiCA), heightened sanctions enforcement, and growing regulatory scrutiny of digital asset markets across Europe.

Large crypto firms operating across multiple jurisdictions are likely to fall within the broader scope of AMLA attention, particularly where they exhibit high transaction volumes, complex cross border flows, or exposure to elevated financial crime risk factors. 

Centralised supervision is likely to expose inconsistencies in governance, transaction monitoring, and risk assessment that may not have been tested under fragmented national supervision.

As a result, the crypto sector will increasingly be assessed through the same lens as traditional financial institutions, with greater emphasis placed on data quality, control effectiveness, and the ability to demonstrate robust financial crime risk management across jurisdictions and products. 

This represents a material shift from earlier supervisory approaches that often treated digital asset firms as a distinct regulatory category.

The Shift Towards Data-Driven Supervision

A defining feature of the AMLA is the transition towards a more data-driven supervisory model. 

Traditional AML supervision has relied on periodic assessments, documentation reviews, and retrospective analysis. While still relevant, they are increasingly insufficient in modern financial systems characterised by real-time payments, digital onboarding, and complex cross-border flows.

The AMLA’s methodology development indicates a move towards continuous data analysis, risk based modelling, and more dynamic forms of supervisory intelligence. This includes the use of large scale datasets to identify behavioural patterns, compare institutional performance across jurisdictions, and detect emerging systemic risks in near real-time.

At the same time, this shift introduces new supervisory expectations around data governance, model transparency, and explainability. Institutions will be expected not only to deploy advanced monitoring systems but also to demonstrate how those systems operate, how risk decisions are made, and how governance frameworks ensure appropriate oversight of automated processes.

Artificial intelligence and advanced analytics will play an increasing role in this environment, particularly in relation to transaction monitoring and risk detection. However, regulators are likely to place equal emphasis on the governance structures that underpin these technologies, particularly where decisions are automated or algorithmically driven.

The Broader Regulatory and Geopolitical Context

The AMLA should be understood within the wider context of increasing convergence between financial crime supervision, sanctions enforcement, and economic security policy. Fragmentation of global financial systems, expansion of digital asset markets, and the rise of alternative payment infrastructures have created a more complex risk environment.

Within this context, the AMLA forms part of a broader effort to strengthen the EU’s ability to monitor and manage financial crime risks across an integrated but evolving financial system. The centralisation of supervision reflects a recognition that national frameworks are no longer sufficient to address cross-border, cross-asset risks.

This is particularly relevant given the increasing interaction between traditional financial systems and digital asset infrastructure, as well as the emergence of alternative settlement mechanisms that operate outside conventional banking channels. The AMLA therefore sits at the intersection of financial regulation, technological change, and geopolitical risk management.

What Institutions Should Be Doing Now

For financial institutions, payment providers, fintech firms, and crypto asset service providers, the AMLA should be viewed as an immediate strategic consideration, not a future regulatory development. The direction of travel is clear, with increasing emphasis on data quality, cross-border risk visibility, governance maturity, and integrated financial crime controls.

Institutions should reassess their ability to produce consistent, high-quality risk data across jurisdictions, particularly where operations span multiple regulatory environments. They should review the integration of AML, sanctions, and fraud controls to also ensure risks are assessed holistically rather than in isolation.

More broadly, firms must demonstrate that their financial crime frameworks can operate effectively in an increasingly centralised, data-driven, and systemically focused supervisory environment. This will require not only investment in technology and analytics but also a stronger emphasis on governance, accountability, and cross functional coordination.

Conclusion

The AMLA represents a structural shift in European financial crime supervision rather than a simple institutional reform. The methodology testing underway through 2026 is laying the foundations for a centralised model that will redefine how financial crime risk is assessed and managed across the EU.

While direct supervision will initially apply to a limited number of firms, its influence will extend far more widely through the standardisation of supervisory expectations and the diffusion of its risk-based methodology across national authorities.

In this environment, supervision will be defined less by jurisdiction and more by methodology.

Institutions that adapt early will be better positioned to operate within an increasingly unified – and more demanding – regulatory framework.