Select Page

What is AML6, and how does it differ from AML5?

by | Identity Verification

qué es aml6

Money laundering remains a serious threat to the integrity of the European financial system. According to the RAE, it is defined as ‘the crime of acquiring or trading in goods, especially money, that are the proceeds of a serious crime’. This practice erodes transparency, facilitates corruption and impedes the effective detection of criminal networks.

Since 1991, the European Union has been strengthening its framework for the prevention of money laundering and terrorist financing (AML/CFT) through a series of successive directives. The most recent, the Sixth Anti-Money Laundering Directive (AMLD6), together with the new Regulation (EU) 2024/1624, forms the basis of the new European anti-money laundering legislative package.

What is AML6

AMLD6 or Directive (EU) 2024/1640 is the new anti-money laundering directive which aims to strengthen the institutional framework for the prevention of money laundering and terrorist financing in the Member States by setting minimum standards for national authorities, Financial Intelligence Units (FIUs) and future EU-supervised cross-border cooperation.

The major milestone of AML6 is the creation of the European Anti-Money Laundering Authority (AMLA), which will centralise the supervision of high-risk, financially obliged persons. This agency will also coordinate national supervisors to ensure uniform application of AML/CFT rules in the financial sector.

Entry into force and transposition deadlines

AMLD6 was published in the Official Journal of the European Union (OJEU) on 19 June 2024. Still, its full implementation will not be mandatory until 10 July 2027, which is the deadline for transposition by Member States. In the meantime, rules such as Law 10/2010 in Spain remain in force, although they will need to be amended to align with the new European framework.

Some specific provisions, such as access to registers of beneficial ownership, have intermediate deadlines. For example, interconnection of registers must be available by July 2026, and access to land registers must be implemented progressively by 2029.

Industries and entities affected

AMLD6, together with the Regulation, significantly broadens the scope of supervision. Sectors affected include:

  • Financial institutions and insurers
  • Crypto-asset platforms, such as exchanges or custodians
  • Legal advisors, tax advisors and notaries
  • Real estate companies
  • High-value asset traders
  • Professional sports clubs

Traceability, transparency and oversight

One of the priorities of the AML6 is to improve the accessibility and reliability of registers of beneficial ownership. To this end, it obliges states to create and maintain up-to-date registers and establishes a European interconnection system. Furthermore, obliged entities must consult these registers during onboarding processes and report discrepancies.

Financial traceability is also extended: records of bank, securities and crypto-assets accounts will be accessible through a common system, which will facilitate investigations by FIUs and AMLA.

These measures are integrated into the European system through the single access point for financial information (BARIS), which is expected to be fully operational by 2029.

Sanctions regime and criminal liability

Directive (EU) 2024/1640 introduces a common framework for the imposition of administrative sanctions for serious breaches of the obligations set out in Regulation (EU) 2024/1624.

Article 55 of the Directive obliges Member States to ensure that institutions subject to the Directive can be sanctioned for serious, repeated or systematic breaches of the requirements of the Regulation, in particular in the areas of internal controls, risk assessment, group policies and consolidated supervision.

Sanctions must be proportionate, effective and dissuasive and may include minimum financial penalties, depending on the nature of the infringement. The text also provides for the possibility for supervisors to impose additional measures such as revocation of licences, suspension of operations or temporary disqualification of senior management, if permitted by national law.

As far as criminal sanctions are concerned, they are not addressed in this Directive. As of today, Directive (EU) 2018/1673 remains in force, which obliges Member States to criminalise money laundering and to provide for appropriate custodial sentences. This complements the preventive and punitive approach of the new framework.

Differences between AML5 and AML6

Although both are directives, AMLD6 is part of a very different legislative strategy.

While AMLD5 regulated both institutional aspects and private obligations, AMLD6 limits itself to defining the institutional framework, leaving the operational commitments to the new AML regulation, which no longer depends on national transposition.

This means unprecedented uniformity: no more diverging interpretations between countries on thresholds, obliged parties or internal measures. In addition:

  • A centralised authority (AMLA) is created.
  • The regulated sectors are extended to include sports, luxury and new crypto services.
  • Criminal liability for omission is introduced and applicable to senior management.
  • Harmonisation of the use of digital identification and verification tools.

AMLD6, in combination with the new AML Regulation, inaugurates a stricter, more homogenous and ambitious stage in European anti-money laundering regulation. Its impact will be felt particularly by those sectors most exposed to financial risk, which will need to strengthen their internal compliance frameworks, monitoring technology and coordination with authorities.

Organisations operating at the European level must start adapting their policies as soon as possible in anticipation of an environment where non-compliance will no longer be a matter of local interpretation but a direct infringement of EU law.

How does AMLD6 affect digital identity verification processes?

The new framework introduces clear obligations for customer identity verification processes, including those conducted remotely or digitally (eKYC).

1. Verification of identity by means of identification documents

Article 22(6)(a) of Regulation (EU) 2024/1624 requires obliged entities to verify that the identity of the user matches information obtained from a reliable document, data or source. This involves document verification (e.g. passports, ID cards or equivalent documents), using technologies or procedures that allow the document to be validated remotely, such as matching the document with the holder by means of facial biometrics.

2. Use of electronic means aligned with eIDAS

Article 22(6)(b) of the Regulation expressly allows the use of electronic identification means in line with eIDAS Regulation (EU) No 910/2014, provided that they have a ‘substantial’ or ‘high’ level of security. This allows digital identity solutions to be incorporated as valid verification mechanisms in online KYC processes.

Furthermore, Directive (EU) 2024/1640, in its Article 13(4), obliges Member States to accept qualified electronic means for access to national registers of beneficial ownership.

3. Mandatory verification for crypto-asset service providers

The Regulation also lays down specific obligations for crypto-asset service providers, which must verify the identity of their customers even for transactions below EUR 1,000. This is set out in Article 19(3), ensuring that even low-value transactions are subject to a minimum identification check aligned with basic due diligence principles.

4. Better measures in higher-risk contexts

In higher-risk situations, the Regulation requires additional measures. Article 34(4), for example, allows obliged entities to require that the customer’s first payment comes from a bank account in the customer’s name, opened with an institution subject to equivalent AML rules. This acts as additional reinforcement when identification occurs in remote channels, especially in fully digital sign-up processes.

Contact us if you are seeking an eKYC solution that complies with the new European AML6 regulatory framework.

PRODUCT BROCHURE

Discover our identity verification solution

Verify your customers’ identities in seconds through ID document scanning and validation, and facial biometric matching with liveness detection.

Download
mobbeel
Cookies policy summary

We use first-party and third-party cookies to make our website work, analyse how users use the website in order to improve our services and create a profile of your browsing and content viewed in order to show you personalised advertising. Find out more by reading our Cookies policy.

Reject cookies

What is a cookie?

Cookies are files sent from a web server that obtain information from users’ devices, for example, about their preferences and browsing patterns.

Cookies are essential for the functioning of the Internet, as they offer technical solutions that allow the user to browse the different websites; they cannot damage the user’s equipment/device and can be used to identify and resolve possible errors in the functioning of the Website. They may also be used for advertising or analytical purposes.

Use of cookies by Mobbeel

Specifically, MOBBEEL uses its own cookies generated directly by this domain and third-party cookies generated from other websites outside MOBBEEL, belonging to third party companies, for the specific purposes described below. If in the future MOBBEEL uses other cookies for the purpose of providing more and better services, the user will be informed of this.