AMLA — What It Is, Who It Covers, and What It Means for a Non-Financial Business

Legal status as of: 2026-05-23.

AMLA — the Authority for Anti-Money Laundering and Countering the Financing of Terrorism — is the new EU authority headquartered in Frankfurt am Main. It has been operational since 1 July 2025, and from 1 January 2028 it will assume direct supervision of selected EU financial institutions. It was established by Regulation (EU) 2024/1620 of the European Parliament and of the Council of 31 May 2024 (AMLAR), published in the Official Journal of the EU on 19 June 2024. This article explains what AMLA is, who it covers and — most importantly for you — what AMLA does not change about the sanction screening obligation of non-financial businesses.

TL;DR — five things you need to know about AMLA

• AMLA is an AML body, not a sanctions body. It coordinates the fight against money laundering and terrorist financing across the EU; it has no competence over EU sanctions (Council Regulations 269/2014 and 833/2014), which are part of the Common Foreign and Security Policy.
• Headquarters: Frankfurt am Main, selected in February 2024 from among nine candidate cities (Vienna, Madrid, Rome, Frankfurt, Brussels, Dublin, Paris, Riga, Vilnius).
• Operational launch: 1 July 2025. Direct supervision of selected institutions: from 1 January 2028.
• The 2024 AML package comprises four acts: the AMLAR Regulation (2024/1620), the AMLR Regulation (2024/1624 — the so-called single rulebook), the AMLD6 Directive (2024/1640) with a transposition deadline of 10 July 2027, and the TFR Regulation (2023/1113), which already applies today.
• For a non-financial business, AMLA does not mean a new obligation — but AMLR (2024/1624) introduces an EU-wide cash payment limit of EUR 10,000 and expands the list of “obliged entities” to include certain sectors (trade in luxury goods above thresholds, crypto-asset service providers, and from 2029 also football clubs and agents).

If you run a travel agency, a real estate agency, a law firm, an accounting office or a business trading in luxury goods — read on. Below we separate the AML regime (where AMLA is the EU coordinator) from the sanctions regime (where AMLA has no say).

Where AMLA came from — a brief background

The idea of an EU AML authority matured over several years. The direct trigger was a series of scandals that exposed a gap in cross-border supervision of banks in the EU. The Danske Bank case of 2018 — around EUR 200 billion in suspicious transactions flowed through the Estonian branch of this Danish bank between 2007 and 2015. Then ING in the Netherlands, then Rabobank. Each national supervisor saw only its own fragment of the puzzle; no one was looking at the whole.

The European Commission proposed the AML package in July 2021. Three years of negotiations — and in May 2024 the regulations and the directive were adopted. Publication in the Official Journal of the EU followed on 19 June 2024. This is the biggest change to the European AML system since the first directive of 1991.

The idea is simple: one EU set of rules (the single rulebook), one EU supervisory coordinator (AMLA), direct supervision of entities operating in several countries at once. It is the first attempt to build an AML architecture at EU level in a way analogous to what the ECB does for banking supervision.

What exactly AMLA does

AMLA has five main functions. It is worth setting them out one by one, because they carry very different practical significance from the point of view of an SME.

1. Direct supervision of selected financial institutions with high cross-border risk. From 1 January 2028, AMLA will take up to 40 entities under its direct supervision — mainly large banks and payment institutions operating in several EU Member States. A list of the specific entities does not yet exist publicly; it is to be drawn up during the preparatory period of 2025–2027. This is not the place to guess at names — the selection criteria cover the scale of cross-border activity and the risk profile.

2. Indirect supervision of the remaining institutions through coordination of national AML authorities (in Poland — GIIF, the General Inspector of Financial Information, acting under the Act of 1 March 2018 on counteracting money laundering and terrorist financing). AMLA will issue guidelines, technical standards, opinions and — in the event of serious coordination failures — may take over supervision of a specific entity from the national authority.

3. Coordination of FIU.net — the network for exchanging information between national financial intelligence units. In Poland this unit is GIIF. AMLA takes over the hosting and administration of this platform from the European Commission, which is meant to improve the speed at which information about suspicious transactions is exchanged between Member States.

4. Creating and maintaining EU AML standards. AMLA issues regulatory technical standards (RTS), implementing technical standards (ITS) and guidelines — much as the EBA, ESMA or EIOPA do in their respective fields. It is from these documents that the concrete way of applying AMLR (Regulation 2024/1624) in practice will follow.

5. International cooperation. AMLA represents the EU at the FATF (Financial Action Task Force) and exchanges information with equivalent bodies in third countries (FinCEN in the US, OFAC in another respect, and so on).

In short: AMLA is to AML what the ECB is to banks. It does not replace national authorities — it builds a layer of coordination above them.

The 2024 AML package — four acts you need to know

AMLA is just one element of a much broader change. The full package looks like this:

For an SME, the most important practical differences are:

• AMLR applies directly. An EU regulation does not require transposition — it binds you in the same way as a Polish act, from the application dates set out in the act.
• AMLD6 must be transposed. Poland has until 10 July 2027 to adopt amendments to the Act of 1 March 2018 on counteracting money laundering. Until then the current act applies, but legislative work will get under way in the future and is worth tracking.
• TFR is already in force. If you carry out transfers of funds or crypto-assets — you are obliged to transmit originator and beneficiary data. This is not “the future”, it is the present.

AMLR and the expansion of the list of obliged entities

This is a point worth reading carefully. AMLR (Regulation 2024/1624) modifies the list of entities covered by AML obligations. Some of the expansions may concern businesses that do not today think of themselves as an “obliged entity”.

The new or clarified categories include, among others:

• Crypto-asset service providers (CASPs) — full coverage by the AML regime, regardless of earlier national statuses.
• Dealers in luxury goods above defined transaction-value thresholds — jewellery, watches, luxury vehicles, works of art, yachts, private aircraft. You will find the specific thresholds and scope in AMLR — before planning activity in this sector it is worth consulting a lawyer.
• Professional football clubs and football agents — with deferred entry into force until 2029, which is a unique case within the AML package.
• Real estate intermediaries — with clarification regarding high-rent leasing.
• Dealers in works of art and items made of precious metals and precious stones — with transaction-value thresholds.

If you run a business in one of these sectors — read AMLR and determine whether you have become (or will become in the coming years) an obliged entity in the new, EU-wide sense. This matters, because it affects the scope of AML procedures you must implement: risk assessment, KYC, transaction monitoring, reporting to GIIF.

The second practical element of AMLR is the EU-wide cash payment limit of EUR 10,000 in business activity. This applies to every company operating in the EU, not only to obliged entities. Poland already has its own, lower thresholds for cashless transactions in certain areas — AMLR establishes a single EU-wide ceiling. If, as an entrepreneur, you accept or make cash payments above EUR 10,000, this provision applies to you directly.

And now the key point — AMLA and EU sanctions

This is the section this article was written for. It is very easy to confuse AMLA with a sanctions supervisory body, because both topics operate with similar vocabulary (“lists”, “verification”, “compliance”). That is a costly mistake.

AMLA supervises the AML regime. The AML regime is the system for preventing money laundering and terrorist financing — it derives from EU directives and regulations dedicated to that subject (AMLR, AMLD6) and from the national acts that transpose them (in Poland: the Act of 1 March 2018).

AMLA does NOT supervise the EU sanctions regime. EU sanctions — above all Council Regulations (EU) 269/2014 and 833/2014 — are part of the Common Foreign and Security Policy (CFSP), rest on a different treaty basis (Article 215 TFEU) and have an entirely different enforcement system. In Poland, this regime is enforced by the National Revenue Administration (KAS — inspections, administrative penalties) and the Ministry of the Interior and Administration (which maintains the national sanctions list under Article 15 of the Act of 13 April 2022).

These two regimes are like two different motorways — they run in a similar direction (preventing financial abuse and crime), but they lead to different places, have different operators and different rules of the road. We described the separation of these two regimes in detail in the article AML vs sanctions — what is the difference, which is complementary to what you are reading now.

The simplest comparison table:

The practical consequence: the creation of AMLA does not exempt your company from the sanction screening obligation. If you run a travel agency, a real estate agency, a law firm, a hotel, a leasing company or an e-commerce shop — you are obliged to verify counterparties against the EU sanctions lists and the Polish MSWiA list, regardless of whether you are an obliged entity in the AML sense. This obligation has existed since 2014 and AMLA does not modify it.

What AMLA means for a Polish SME

Let us break it down by sector.

If you are a bank, a payment institution, an insurer, an accounting office, a law firm or another entity that is already an AML obliged entity today — in the coming years new EU technical standards and AMLA guidelines will appear that will have to be implemented. GIIF remains your direct supervisory authority, but its practice will harmonise with AMLA guidelines. In practical terms: expect new risk assessments, new reporting templates, new KYC standards in the period 2025–2028. You must have an AML procedure anyway — now it requires updating.

If you run an accounting office or provide tax advice — the situation is as above. You are an obliged entity already today (Article 2(1) of the Act of 1 March 2018); AMLR confirms this status and clarifies the obligations. Independently of AML, you have a sanction screening obligation arising from the EU regulations.

If you trade in luxury goods — jewellery, watches, premium cars, yachts, works of art — read AMLR carefully. You may find yourself within the new list of obliged entities above defined transaction-value thresholds. This means KYC, risk-assessment and GIIF-reporting obligations that you did not formally have before. Plus, of course — independently of AML — the sanction screening obligation.

If you run a travel agency, a hotel, a marketing agency, an e-commerce shop or a transport company — AMLA and the 2024 AML package probably do not introduce direct new AML obligations for you (with the exception of the EUR 10,000 cash limit, which applies to everyone). But your sanction screening obligation remains in force. Regulation 269/2014 binds you directly and without any sectoral exception — from the moment it was adopted, in 2014.

The most common mistake we encounter in conversations with business owners: “Ah, we are not in AML, so this does not concern us.” It does. Sanctions are a different regime, described in our article on Directive 2024/1226 and the criminalisation of breaches. If you verify a counterparty’s beneficial owner, it is also worth looking at the text on the 50% ownership rule — the standard used to determine whether a counterparty is “controlled” by a listed entity.

Timeline — what and when

If you want a single overview timeline, here it is:

• 31 May 2024 — adoption of the AMLAR Regulation (2024/1620), the AMLR Regulation (2024/1624) and the AMLD6 Directive (2024/1640).
• 19 June 2024 — publication of the package in the Official Journal of the EU, L series.
• February 2024 — selection of Frankfurt as AMLA’s seat from among nine candidates.
• 30 December 2024 — full application of the TFR Regulation (2023/1113) to crypto-asset service providers.
• 1 July 2025 — AMLA’s operational launch.
• 2025–2027 — preparatory period: building AMLA’s structure, recruitment, issuing the first RTS/ITS, identifying the entities subject to direct supervision.
• 10 July 2027 — deadline for transposing AMLD6 (2024/1640) into Polish law.
• 1 January 2028 — start of AMLA’s direct supervision of selected financial institutions (up to 40 entities).
• 2029 — entry into force of AML obligations for professional football clubs and agents.

The application dates of specific AMLR provisions vary within the act itself — before planning changes to your company’s AML procedures it is worth checking EUR-Lex directly or consulting a lawyer.

FAQ — the most common questions about AMLA

Will AMLA supervise my company?

In all likelihood — no. Under direct supervision, AMLA is to have up to 40 entities: the largest financial institutions with high cross-border risk. The remaining entities stay under the supervision of national authorities — in Poland, that is GIIF. A Polish SME will not fall under AMLA’s direct supervision. AMLA’s practical impact on your company will be indirect: through the harmonisation of the AML standards applied by GIIF.

Does AMLA replace GIIF?

No. GIIF (the General Inspector of Financial Information) remains the Polish AML authority — it supervises obliged entities in the meaning of the Act of 1 March 2018, receives suspicious-transaction reports and handles AML cases in Poland. AMLA builds a layer of EU coordination above GIIF: it issues guidelines, coordinates information exchange in FIU.net and, in extreme cases, may take over supervision of a specific entity.

Does the creation of AMLA exempt me from sanction screening?

No. AMLA is an AML body. Sanction screening arises from the EU sanctions regime (Regulations 269/2014 and 833/2014) and the Act of 13 April 2022 — an entirely separate legal system. The obligation to verify counterparties against sanctions lists remains in force regardless of the 2024 AML package and the creation of AMLA.

What does AMLR change for my company if I am not a financial institution?

Most likely two things. First — the EU-wide cash payment limit of EUR 10,000 in business dealings, which applies to all companies. Second — if you trade in luxury goods, works of art or crypto-assets, or operate in football (from 2029), you may find yourself in the new, expanded list of obliged entities with the corresponding new AML obligations. For most other sectors, AMLR in itself does not introduce new AML obligations — but the sanction screening obligation remains unchanged.

When will AMLA issue the first specific guidelines that affect me?

AMLA issues the first regulatory and implementing technical standards (RTS, ITS) from 2025, and the process is spread over the years 2025–2028. Specific guidelines concerning your sector will appear along the way. The most reliable source of up-to-date information is the AMLA website (once it is up and running) and GIIF announcements.

What specifically to do — a checklist for an SME owner

1. Check whether your company is an AML obliged entity within the meaning of Article 2(1) of the Act of 1 March 2018 — and whether the new list under AMLR changes anything (trade in luxury goods, crypto-assets, certain types of real estate intermediation).
2. Check whether you apply the EUR 10,000 limit for cash payments in business dealings. If you make large cash payments — switch to bank transfers or a cashless instrument.
3. Independently of step 1 — implement or refresh a sanction screening procedure. This obligation arises from EU Regulations 269/2014 and 833/2014 and the Act of 13 April 2022, not from the AML package. The 2024 AML package does not change it.
4. Designate a person responsible for AML compliance (if you are an obliged entity) and, separately, for sanctions compliance. These may be the same people, but the documentation should distinguish between the two regimes.
5. Monitor AMLA’s implementing acts — the first RTS/ITS will affect GIIF’s practice and may require updates to AML procedures in the coming years.
6. Plan a review of your procedures in 2027 — the transposition of AMLD6 into Polish law has a deadline of 10 July 2027, which means changes to the Act of 1 March 2018.

How Sanqto can help

Sanqto is sanction screening software designed for businesses outside the financial sector — travel agencies, real estate agencies, law firms, accounting offices, luxury goods trade and other entities that have a sanctions obligation arising from EU regulations. AMLA and the 2024 AML package strengthen the neighbouring AML regime, but your obligation to verify against sanctions lists has remained in force unchanged since 2014. We install Sanqto in the client’s network (on-premise) — counterparty data never leaves your infrastructure. The verification result comes in one of three states (MATCH, POSSIBLE, CLEAR), with automatic documentation of checks as an audit trail and a ready-made package of implementation documents (sanctions policy, workstation instructions, hit register). If you would like to see how it works in practice — book a Sanqto demo.

Legal basis

• Regulation (EU) 2024/1620 of the European Parliament and of the Council of 31 May 2024 establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLAR) — CELEX 32024R1620

• Regulation (EU) 2024/1624 of the European Parliament and of the Council of 31 May 2024 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (AMLR / single rulebook) — CELEX 32024R1624

• Directive (EU) 2024/1640 of the European Parliament and of the Council of 31 May 2024 on the mechanisms to be put in place by the Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (AMLD6) — CELEX 32024L1640

• Regulation (EU) 2023/1113 of the European Parliament and of the Council of 31 May 2023 on information accompanying transfers of funds and certain crypto-assets (TFR) — CELEX 32023R1113

• Council Regulation (EU) No 269/2014 of 17 March 2014 concerning restrictive measures in respect of actions undermining or threatening the territorial integrity, sovereignty and independence of Ukraine — CELEX 32014R0269

• Council Regulation (EU) No 833/2014 of 31 July 2014 concerning restrictive measures in view of Russia’s actions destabilising the situation in Ukraine — CELEX 32014R0833

• Act of 1 March 2018 on counteracting money laundering and terrorist financing (Journal of Laws 2023, item 1124, consolidated text) — eli.gov.pl

• Act of 13 April 2022 on special measures to counter support for aggression against Ukraine and to protect national security (Journal of Laws 2022, item 835) — eli.gov.pl

Information, not legal advice. This article is for information and educational purposes only and does not constitute legal advice. The specific legal assessment of an individual case should be carried out with a qualified lawyer specialising in sanctions and export-control law. Legal status: 23 May 2026.