The EU’s New 6th AML Directive - Will It Fix What the 5th Missed?

The EU’s anti-money laundering directives have been a rolling project for years, each one adding a new layer of rules and expectations for financial institutions. The 5th AML Directive (5AMLD) was meant to be a major step forward, especially in areas like beneficial ownership and virtual assets, but it left gaps — both in consistency across member states and in the scope of offences covered.

The 6th AML Directive (6AMLD) is part of a broader package designed to close those gaps and raise the bar on enforcement. It is not just a patch-up job — it is a signal that the EU wants to harden its approach to financial crime, with clearer rules, broader definitions, and sharper penalties.

An Expanded List of Predicate Offences

One of the biggest changes is the extended list of predicate offences for money laundering. Cybercrime, environmental crime, and certain types of tax offences are now explicitly included.

This means transaction monitoring can no longer focus solely on the “classic” typologies of money laundering, fraud, corruption, or drug trafficking. Institutions must also detect activity linked to crimes such as the illegal wildlife trade or ransomware attacks — which often look very different to traditional money laundering until you know the indicators.

A Harmonised Definition Across the EU

Another key change is the introduction of a harmonised definition of money laundering across all member states. Previously, inconsistent definitions created situations where behaviour could be considered criminal in one jurisdiction but not in another.

Now, with an aligned definition, cross-border investigations and prosecutions should become more straightforward. For compliance teams, this reduces the number of grey areas when assessing whether a customer or transaction could amount to money laundering under EU law.

Corporate Liability and Tougher Penalties

Corporate liability is another area receiving a significant upgrade. Under 6AMLD, legal entities can be held criminally liable for offences committed for their benefit by individuals in positions of authority. This extends beyond directors to include anyone with decision-making power or control over resources.

The penalties are tougher as well. Potential sanctions include exclusion from public funding, suspension of business activities, or even winding-up orders in extreme cases. The result is that organisations themselves are far more squarely in the regulatory firing line.

Monitoring, Governance, and Accountability

For compliance teams, these developments have two direct implications. First, detection scenarios and monitoring models must be broadened to reflect the wider scope of offences. Second, governance and accountability frameworks must be watertight, because the risk to the institution itself has increased significantly.

6AMLD also extends limitation periods for prosecution to up to ten years for certain offences. That places more emphasis on record-keeping and on the ability to reconstruct customer and transaction histories if called upon further down the line.

Practical Steps for Compliance Teams

The directive has several practical consequences for day-to-day compliance. Institutions will need to:

• Review transaction monitoring models to ensure they can identify activity linked to the newly listed predicate offences.

• Update typology libraries and internal training to reflect emerging risks such as cybercrime and environmental offences.

• Retrain analysts and investigators to recognise new indicators and escalation points.

• Invest in new data sources that can enrich monitoring with relevant risk signals.

• Strengthen documentation of decision-making processes to show how controls were applied in individual cases.

With corporate liability more clearly defined, there will be a premium on demonstrating not only that controls exist, but that they were properly followed and reasoned through in practice.

Will 6AMLD Fix the Gaps in 5AMLD?

6AMLD closes some of the most glaring loopholes in its predecessor, particularly around predicate offences, definitions, and liability. But it does not entirely solve the challenge of inconsistent implementation across 27 member states. National differences in enforcement and resources will continue to create uneven application of the rules.

Ultimately, the real impact of 6AMLD will depend on how vigorously member states enforce the new requirements, and how quickly institutions adapt their systems and training.

Conclusion

The direction of travel is clear. The EU is moving towards tougher, more consistent enforcement, and 6AMLD represents another step in that progression. 

For financial institutions, the message is to act now: map your current controls against the new requirements, identify gaps, and begin embedding them into monitoring, investigations, and governance processes. Those that prepare early will be better positioned to meet the higher standards and avoid the sharper penalties that are coming.