Skip to content

AI-generated content: Responses are generated by AI, automatically assembled and may contain errors. Conformi is a research tool and does not replace legal advice or case-by-case legal review. All responses should be verified using the linked original sources.

Conformi/Knowledge Base/AML/5. GwRL
🏦Anti-money laundering

AMLD5 — Directive (EU) 2018/843 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for money laundering or terrorist financing

Analysis from 17 April 20262 sourcesOriginal version (amending Directive (EU) 2015/849)EUR-Lex Original

Do our AML controls already cover crypto exchanges, art dealers, and the new beneficial ownership registers — or are we exposed to sanctions right now?

Since 10 January 2020, every obliged entity — including virtual currency exchange platforms and custodian wallet providers — must apply full customer due diligence; breaches can trigger fines of up to EUR 5 million or 10 % of annual turnover, and your MLRO should verify coverage immediately [Art. 1].

Short Answer

AMLD5 expanded the scope of the EU anti-money laundering framework by bringing virtual currency exchange services and custodian wallet providers under full AML/CFT obligations [Art. 1(1)(c)]. It lowered anonymous prepaid card thresholds to EUR 150, extended due diligence to art dealers above EUR 10 000 and to letting agents collecting monthly rent above EUR 10 000 [Art. 1(1)(a), Art. 1(1)(c)]. Member States must operate publicly accessible beneficial ownership registers for corporate entities and grant competent authorities unrestricted access to trust beneficial ownership data [Art. 1(15), Art. 1(16)]. Enhanced due diligence requirements now apply as mandatory measures for business relationships involving high-risk third countries [Art. 1(11)].

Who is affected

All obliged entities under Directive 2015/849 — credit institutions, financial institutions, auditors, tax advisers, notaries, lawyers, trust and company service providers, estate agents, and persons trading in goods above EUR 10 000 in cash [Art. 1(1)(a)–(c)]. New obliged entities added by AMLD5: providers of exchange services between virtual currencies and fiat currencies, custodian wallet providers, art dealers and intermediaries when transaction value reaches EUR 10 000, and persons storing or trading works of art in free ports above EUR 10 000 [Art. 1(1)(c)]. Letting agents fall under CDD when monthly rent equals or exceeds EUR 10 000 [Art. 1(1)(c)].

Deadline

All AMLD5 obligations are enforceable now — transposition deadline was 10 January 2020 [Art. 4(1)]. Staggered deadlines: beneficial ownership registers for corporate entities by 10 January 2020, for trusts by 10 March 2020, centralised bank account registries by 10 September 2020, and register interconnection by 10 March 2021 [Art. 1(15), Art. 1(16), Art. 1(19), Art. 1(21)]. Note: the Anti-Money Laundering Regulation (EU) 2024/1624 will replace this Directive framework from 10 July 2027.

Risk

Member States must ensure maximum administrative sanctions of at least EUR 5 000 000 for natural persons and at least EUR 5 000 000 or 10 % of total annual turnover for legal persons [Art. 58, Art. 59 of Directive 2015/849 as maintained]. Supervisors may additionally publish sanctions decisions (naming and shaming), withdraw or suspend authorisations, and impose temporary bans on management functions [Art. 60 of Directive 2015/849]. In practice, national AML fines across the EU have reached hundreds of millions of euros for systemic compliance failures in the banking sector.

Proof

Legal status

  • In force
  • as of 2026-04-17
  • Original version (amending Directive (EU) 2015/849)

Primary sources

What to do now

Legal / DPO

  • Confirm that all newly obliged entities within your group — virtual currency exchanges, custodian wallet providers, art dealers, free port operators — are registered with the national FIU and have designated an MLRO [Art. 1(1)(c)].
  • Verify that your beneficial ownership information is filed in the national central register and kept accurate and up to date; inaccurate filings expose directors to sanctions [Art. 1(15), Art. 1(16)].
  • Review client engagement letters and terms of business to ensure enhanced due diligence is contractually mandated for any business relationship involving a high-risk third country [Art. 1(11)].

Compliance

  • Update your CDD procedures to enforce the lowered prepaid card thresholds — remote payment identification required above EUR 50 and anonymous use prohibited above EUR 150 stored or EUR 150 monthly transactions [Art. 1(7)].
  • Establish or update the risk assessment to cover virtual currency and crypto-asset activities, including wallet custody services, and map these against the national risk assessment [Art. 1(4)].
  • Implement a process to screen all transactions against the Commission's high-risk third country list and apply mandatory enhanced due diligence measures including source of funds verification and senior management approval [Art. 1(11)].

IT / Security

  • Ensure your KYC/AML platform can handle the expanded obliged entity scope — integrate onboarding workflows for virtual currency exchange customers and custodian wallet users with real-time identity verification [Art. 1(1)(c)].
  • Build or procure secure connectivity to the national centralised bank account registry and the beneficial ownership register interconnection system (BORIS) for automated lookups by compliance staff [Art. 1(19), Art. 1(21)].
  • Implement automated transaction monitoring rules that flag anonymous prepaid card usage above the EUR 150/EUR 50 thresholds and generate suspicious transaction reports for the FIU [Art. 1(7)].

Product / Engineering

  • Assess whether any product or service line involves virtual currency exchange, crypto custody, art dealing, or free port storage — each triggers mandatory AML onboarding and ongoing monitoring [Art. 1(1)(c)].
  • Redesign prepaid card products to enforce the EUR 150 stored value cap and EUR 50 remote payment identification threshold, or discontinue anonymous variants [Art. 1(7)].
  • Integrate beneficial ownership verification into client onboarding workflows — ensure that ultimate beneficial owners of corporate clients are identified, verified, and recorded before establishing the business relationship [Art. 1(15)].

Key Terms

Obliged entity
A natural or legal person subject to AML/CFT obligations under Directive 2015/849, including credit institutions, financial institutions, auditors, tax advisers, notaries, lawyers, trust service providers, estate agents, and — since AMLD5 — virtual currency exchanges and custodian wallet providers [Art. 2 of Directive 2015/849 as amended].
Customer due diligence (CDD)
The set of measures an obliged entity must apply to identify and verify the identity of a customer and its beneficial owner, understand the purpose and intended nature of the business relationship, and conduct ongoing monitoring [Art. 13 of Directive 2015/849].
Beneficial owner
The natural person who ultimately owns or controls a customer or on whose behalf a transaction is carried out, including any person holding more than 25 % of shares, voting rights, or ownership interest in a legal entity [Art. 3(6) of Directive 2015/849].
Financial Intelligence Unit (FIU)
The national central unit responsible for receiving, analysing, and disseminating suspicious transaction reports and other information relevant to money laundering, associated predicate offences, or terrorist financing [Art. 32 of Directive 2015/849].
Virtual currency
A digital representation of value not issued or guaranteed by a central bank or public authority, not attached to a legally established currency, but accepted as a means of exchange and transferable, storable, and tradeable electronically [Art. 1(2)(d) of Directive 2018/843].
Custodian wallet provider
An entity that provides services to safeguard private cryptographic keys on behalf of its customers, to hold, store, and transfer virtual currencies [Art. 1(2)(d) of Directive 2018/843].
Enhanced due diligence (EDD)
Additional AML/CFT measures required in higher-risk situations, including business relationships with high-risk third countries, politically exposed persons, or complex and unusually large transactions [Art. 18, Art. 18a of Directive 2015/849 as amended].
?

Frequently Asked Questions

Which entities were newly brought into AML scope by AMLD5?
AMLD5 added four categories: (1) providers of exchange services between virtual currencies and fiat currencies, (2) custodian wallet providers, (3) art dealers and intermediaries when transaction value reaches EUR 10 000, and (4) persons storing or trading works of art in free ports above EUR 10 000. Letting agents were also brought under CDD obligations when monthly rent equals or exceeds EUR 10 000 [Art. 1(1)(c)].
What changed for prepaid cards under AMLD5?
The thresholds for anonymous use were significantly lowered. Customer identification is now required for stored values or monthly transactions exceeding EUR 150 (previously EUR 250), and for remote payment transactions or cash redemptions above EUR 50. Fully anonymous prepaid cards issued in third countries are generally prohibited for use in the EU [Art. 1(7)].
What are the beneficial ownership register requirements?
Member States must maintain central registers containing beneficial ownership information for corporate entities (accessible to the public) and trusts or similar arrangements (accessible to persons with a legitimate interest). The public can access the name, month and year of birth, country of residence, nationality, and nature and extent of the beneficial interest held [Art. 1(15), Art. 1(16)].
What is 'enhanced due diligence' for high-risk third countries?
When a business relationship or transaction involves a high-risk third country (as identified by the European Commission), obliged entities must apply mandatory enhanced measures: obtain additional information on the customer and beneficial owner, the purpose of the relationship, the source of funds and wealth, obtain senior management approval, and conduct enhanced ongoing monitoring [Art. 1(11)].
How does AMLD5 define 'virtual currencies'?
A virtual currency is a digital representation of value that is not issued or guaranteed by a central bank or public authority, is not necessarily attached to a legally established currency, does not have the legal status of currency or money, but is accepted as a means of exchange and can be transferred, stored, and traded electronically [Art. 1(2)(d)].
What is a centralised bank account registry?
Member States must establish centralised automated mechanisms — such as central registries or electronic data retrieval systems — enabling the identification of all natural or legal persons holding bank or payment accounts and safe-deposit boxes. FIUs and national competent authorities must have direct access [Art. 1(19)].
Will AMLD5 be replaced?
Yes. The Anti-Money Laundering Regulation (EU) 2024/1624 (AMLR) and Sixth Anti-Money Laundering Directive (EU) 2024/1640 (AMLD6) will replace the current AMLD4/AMLD5 framework. AMLR applies directly from 10 July 2027. Until then, AMLD5 obligations remain fully enforceable.
3

Assessment Factors & Checklist

Premium
Start 7-day free trial
4

Questions for Your Lawyer

Premium
Start 7-day free trial
5

Conclusion & Summary

Premium
Start 7-day free trial

Detailed analysis with source links.

Schalten Sie die KI-Analyse frei — mit markierten Fundstellen und direkten Links zu EUR-Lex. 7 Tage kostenlos testen.

Start 7-day free trial

Keine Kreditkarte heute. Kündigung jederzeit.