Skip to content

AI-generated content: Responses are generated by AI, automatically assembled and may contain errors. Conformi is a research tool and does not replace legal advice or case-by-case legal review. All responses should be verified using the linked original sources.

Conformi/Knowledge Base/AML/4. GwRL
🏦Anti-money laundering

Directive (EU) 2015/849 — Prevention of the Use of the Financial System for Money Laundering or Terrorist Financing (AMLD4)

Analysis from 17 April 20262 sourcesConsolidated version of 30.12.2024 (incorporating amendments by Directives 2018/843, 2019/2177, Regulation 2023/1113 and Directive 2024/1640)EUR-Lex Original

Is our customer due diligence programme robust enough to survive an AML supervisory inspection — and what happens if it is not?

Obliged entities that fail to implement risk-based CDD, suspicious-transaction reporting and beneficial-ownership verification face administrative fines of up to EUR 5 million or 10 % of annual turnover [Art. 59(3)], and compliance officers must act now because these obligations are permanently enforceable.

Short Answer

Directive (EU) 2015/849 (AMLD4) requires all obliged entities — credit institutions, financial institutions, auditors, lawyers, trust and company service providers, estate agents, gambling operators and crypto-asset service providers — to apply risk-based customer due diligence before establishing a business relationship or carrying out occasional transactions above EUR 15,000 [Art. 11(b), Art. 13]. Enhanced due diligence applies to politically exposed persons [Art. 20], high-risk third countries [Art. 18a] and correspondent banking relationships [Art. 19]. Every obliged entity must file suspicious transaction reports with the national Financial Intelligence Unit without tipping off the customer [Art. 33, Art. 39].

Who is affected

Credit institutions, financial institutions, auditors, external accountants, tax advisors, notaries, independent legal professionals, trust and company service providers, estate agents (letting above EUR 10,000/month), persons trading in goods for cash above EUR 10,000, gambling service providers, art dealers (transactions above EUR 10,000) and crypto-asset service providers [Art. 2(1)].

Deadline

AMLD4 obligations are permanently enforceable since the transposition deadline of 26 June 2017. The successor framework — AMLD6 (Directive 2024/1640) and the Anti-Money Laundering Regulation (2024/1624) — must be transposed by Member States by 10 July 2027, at which point AMLD4 will be repealed. Until then, all AMLD4 obligations remain in full force.

Risk

For credit and financial institutions: administrative pecuniary sanctions of at least EUR 5,000,000 or 10 % of total annual turnover, whichever is higher [Art. 59(3)(a)]. For other obliged entities: at least EUR 1,000,000 or twice the benefit derived from the breach [Art. 59(2)(e)]. Natural persons face fines of at least EUR 5,000,000 [Art. 59(3)(b)]. Additional measures include public statements naming the offender, withdrawal of authorisation, and temporary bans from managerial functions [Art. 59(2)].

Proof

Legal status

  • In force
  • as of 2026-04-17
  • Consolidated version of 30.12.2024 (incorporating amendments by Directives 2018/843, 2019/2177, Regulation 2023/1113 and Directive 2024/1640)

Primary sources

What to do now

Legal / DPO

  • Map all obliged-entity categories under Art. 2(1) against your corporate structure and client base to confirm which group entities fall within scope — pay special attention to trust and company service providers and any art-trade or crypto-asset business lines [Art. 2, Art. 4].
  • Review and update the beneficial-ownership identification framework to ensure the 25 %-plus-one-share threshold and the fallback to senior managing officials are correctly applied, and that discrepancies with the central register are reported [Art. 3(6), Art. 30(5)].
  • Verify that the tipping-off prohibition is embedded in internal policies so that no customer or third party is informed that a suspicious transaction report has been or will be filed [Art. 39].

Compliance

  • Conduct and document a firm-wide money laundering and terrorist financing risk assessment covering customers, geographic areas, products, services, transactions and delivery channels, and present it to senior management for approval [Art. 8].
  • Ensure that suspicious transaction reports are filed promptly with the national FIU whenever there are grounds to suspect that funds are proceeds of criminal activity or related to terrorist financing — including attempted transactions [Art. 33].
  • Implement record-keeping procedures that retain CDD documents and transaction records for at least five years after the end of the business relationship, and ensure deletion upon expiry unless national law provides otherwise [Art. 40].

IT / Security

  • Deploy automated transaction-monitoring systems capable of detecting complex, unusually large or patterned transactions without apparent economic or lawful purpose, as required for enhanced due diligence [Art. 18(2)].
  • Provide secure, confidential communication channels that allow employees to report potential AML breaches internally and to the FIU without risk of data leakage [Art. 61, Art. 56].
  • Integrate access to centralised bank-account and beneficial-ownership registers where available, ensuring that data retrieval supports real-time CDD verification and ongoing monitoring [Art. 32a, Art. 30].

Product / Engineering

  • Build risk-scoring logic into onboarding workflows that triggers standard, simplified or enhanced CDD depending on the customer risk profile, transaction thresholds (EUR 15,000 for occasional transactions, EUR 10,000 for cash goods) and geographic risk [Art. 11, Art. 13, Art. 15, Art. 18].
  • Implement PEP screening at onboarding and on an ongoing basis, with automated checks against lists of politically exposed persons, their family members and known close associates [Art. 20, Art. 3(9)-(11)].
  • Ensure that electronic-money products comply with the CDD-exemption conditions (maximum EUR 150 stored, non-reloadable or EUR 150 monthly limit, no cash redemption above EUR 50) and that non-compliant instruments trigger full CDD [Art. 12].

Key Terms

Obliged entity
A natural or legal person subject to AML/CFT obligations under the Directive, including credit and financial institutions, auditors, lawyers, notaries, trust service providers, estate agents, gambling operators and crypto-asset service providers [Art. 2(1)].
Customer due diligence (CDD)
Measures obliged entities must take to identify and verify customers and beneficial owners, assess the purpose of the business relationship and conduct ongoing transaction monitoring [Art. 13].
Beneficial owner
Any natural person who ultimately owns or controls a customer, defined as holding 25 % plus one share or more than 25 % ownership interest in a legal entity, or who exercises control via other means [Art. 3(6)].
Politically exposed person (PEP)
A natural person entrusted with prominent public functions — heads of state, ministers, members of parliament, senior judges, central bank board members, ambassadors, high-ranking military officers and directors of state-owned enterprises — excluding middle-ranking or junior officials [Art. 3(9)].
Financial Intelligence Unit (FIU)
An operationally independent national authority responsible for receiving, analysing and disseminating suspicious transaction reports and other information relevant to money laundering or terrorist financing [Art. 32].
Suspicious transaction report (STR)
A report filed by an obliged entity with the FIU when it knows, suspects or has reasonable grounds to suspect that funds are proceeds of criminal activity or related to terrorist financing, regardless of the amount involved [Art. 33].
High-risk third country
A jurisdiction identified by the European Commission via delegated act as having strategic deficiencies in its AML/CFT regime that pose significant threats to the EU financial system, triggering mandatory enhanced due diligence [Art. 9].
Correspondent relationship
Banking or financial services provided by one institution (the correspondent) to another (the respondent), including current accounts, cash management, international fund transfers and, since the 2023 amendment, crypto-asset transactions [Art. 3(8)].
?

Frequently Asked Questions

Which entities are subject to AMLD4 obligations?
Art. 2(1) lists all obliged entities: credit institutions, financial institutions, auditors, external accountants, tax advisors, notaries, independent legal professionals, trust and company service providers, estate agents (including those intermediating lettings above EUR 10,000/month), persons trading in goods for cash above EUR 10,000, gambling service providers, art dealers and persons trading via free ports (above EUR 10,000), and crypto-asset service providers [Art. 2(1)].
When must customer due diligence be applied?
CDD is required when establishing a business relationship, carrying out occasional transactions above EUR 15,000 (or EUR 1,000 for fund transfers), cash transactions above EUR 10,000 for goods traders, gambling transactions above EUR 2,000, whenever there is a suspicion of ML/TF, and when doubts arise about previously obtained identification data [Art. 11].
What constitutes enhanced due diligence under AMLD4?
Enhanced CDD must be applied to business relationships and transactions involving high-risk third countries [Art. 18a], politically exposed persons and their family members and close associates [Art. 20-23], cross-border correspondent banking relationships [Art. 19], and any complex, unusually large or unusual-pattern transactions without apparent economic purpose [Art. 18(2)].
How long must records be retained?
Obliged entities must retain CDD documents and transaction records for at least five years after the end of the business relationship or occasional transaction. Member States may allow or require further retention of up to five additional years where justified for prevention, detection or investigation of ML/TF [Art. 40].
What is the beneficial ownership threshold?
A shareholding of 25 % plus one share or an ownership interest of more than 25 % in a customer held by a natural person is an indication of direct beneficial ownership. The same threshold applies for indirect ownership through corporate chains. Member States may set a lower threshold. Where no beneficial owner is identified, the senior managing official is recorded as a fallback [Art. 3(6)].
What are the consequences of non-compliance?
For serious, repeated or systematic breaches of CDD, STR, record-keeping or internal-control requirements, competent authorities can impose administrative fines of at least EUR 1,000,000 or twice the benefit from the breach. For credit and financial institutions, fines rise to EUR 5,000,000 or 10 % of annual turnover. Sanctions also include public naming, licence withdrawal and management bans [Art. 59].
What is the relationship between AMLD4 and the upcoming AMLR/AMLD6?
AMLD4 will be repealed once Member States transpose Directive (EU) 2024/1640 (AMLD6) by 10 July 2027. The new Anti-Money Laundering Regulation (EU) 2024/1624 (AMLR) will apply directly across the EU. Until then, AMLD4 remains the binding framework as transposed into national law.
3

Assessment Factors & Checklist

Premium
Start 7-day free trial
4

Questions for Your Lawyer

Premium
Start 7-day free trial
5

Conclusion & Summary

Premium
Start 7-day free trial

Detailed analysis with source links.

Schalten Sie die KI-Analyse frei — mit markierten Fundstellen und direkten Links zu EUR-Lex. 7 Tage kostenlos testen.

Start 7-day free trial

Keine Kreditkarte heute. Kündigung jederzeit.