--- title: "AMLR & AMLA: What Changes for CASPs From July 2027" slug: amlr-amla-casp-2027 publishedAt: 2026-05-14T09:00:00Z author: Finconduit Editorial Team tags: AMLR, AMLA, AMLD6 canonicalUrl: https://finconduit.com/resources/amlr-amla-casp-2027 --- # AMLR & AMLA: What Changes for CASPs From July 2027 The EU AML Package — AMLR single rulebook, AMLD6 recast directive, AMLA direct supervision of ~40 obliged entities. What changes operationally for CASPs from 10 July 2027 and how to prepare. On **10 July 2027** the **EU AML Package** becomes the most consequential change in European **AML** supervision since the **Sixth Anti\-Money Laundering Directive**. Three instruments operate together: the [Anti\-Money Laundering Regulation](https://eur-lex.europa.eu/eli/reg/2024/1624/oj), applicable directly across all **27 member states** with no national variation; the [Sixth Anti\-Money Laundering Directive recast](https://eur-lex.europa.eu/eli/dir/2024/1640/oj) \(**AMLD6**\), updating the procedural and criminal\-law framework; and the [Authority for Anti\-Money Laundering](https://eur-lex.europa.eu/eli/reg/2024/1620/oj) — a new **EU** agency in **Frankfurt** with direct supervisory powers over \~**40** **highest**\-risk **obliged entities**.¹[^1]²[^2]³[^3] For **Crypto\-Asset Service Provider**s, the package compounds three existing pressures. The [Markets in Crypto\-Assets Regulation](https://eur-lex.europa.eu/eli/reg/2023/1114/oj) already brought **CASP**s into the obliged\-entity perimeter via national 5**AML**D/**6AMLD** transpositions; the [Transfer of Funds Regulation](https://eur-lex.europa.eu/eli/reg/2023/1113/oj) imposed **Travel Rule** obligations from 30 December 2024; the new **AMLR** overlays a **single rulebook** from **10 July 2027** that replaces the patchwork of 27 national **AML** laws with one harmonised text. Cross\-border **CASP**s — exactly the operators **MiCA** passporting was designed to enable — are the obvious candidates for direct **AMLA** supervision.⁵[^4]⁶[^5] This guide explains the **AML Package** end\-to\-end: what **AMLR** changes substantively for **CASP** **CDD**, **EDD**, **sanctions screening**, and **Travel Rule** workflow; how **AMLD6** updates the procedural backbone; what **AMLA** does and does not directly supervise; the **selection methodology** for the \~**40** directly\-supervised **obliged entities**; the governance, fees, and reporting cadence under **direct supervision**; the timeline through 2026–2028; and how **CASP**s of different sizes should prepare for either direct **AMLA** oversight or **indirect supervision** via the home NCA under the new harmonised standards. ## The Three Instruments — What Each One Does The **EU AML Package** replaces a patchwork of directives with a directly\-applicable regulation, a recast directive, and a new **EU** agency. Understanding which instrument controls which question is the foundation of any **compliance** plan for the post\-2027 regime. *Table: The three instruments of the EU AML Package — and what each controls.* | Instrument | Type | Application date | What it controls | | --- | --- | --- | --- | | AMLR \(Regulation EU 2024/1624\) | Regulation — directly applicable | 10 July 2027 | Substantive AML rules: CDD/EDD, beneficial ownership, sanctions screening, transaction limits, Travel Rule overlay, obliged\-entity perimeter | | AMLD6 recast \(Directive EU 2024/1640\) | Directive — transposed into national law | 10 July 2027 | Procedural framework: FIU coordination, NCA powers, criminal\-law harmonisation, beneficial\-ownership registers | | AMLA Regulation \(Regulation EU 2024/1620\) | Regulation — directly applicable | Operational 1 July 2025; direct supervision from January 2028 | Establishes the Authority; sets selection methodology; defines direct supervision powers and joint supervisory teams | ## **AMLR** — The **Single AML Rulebook** The **AMLR** replaces 27 national **AML** transpositions with a single text. This is the operational change every **CASP** feels — your Master **AML** Programme stops being 'aligned to national transposition with member\-state variations' and becomes 'aligned to **AMLR** with the same content across every operating jurisdiction'. **AMLR** overlays the **Markets in Crypto\-Assets Regulation** perimeter, sitting on top of **MiCA**'s authorisation framework with substantive **AML** obligations. - Harmonised **CDD**. Customer onboarding requirements identical across all **27 member states**. ID verification, **UBO** identification \(≥25% threshold or control\), purpose of relationship, ongoing monitoring. - Harmonised **EDD** triggers. Specific triggers — high\-risk third countries, **PEP**s, complex structures, unusual transactions, crypto self\-hosted wallet flows — defined in the Regulation rather than diverging by member state. - Beneficial\-ownership thresholds. ≥25% direct or indirect ownership; ≥25% voting rights; or control by other means. Beneficial\-ownership register access expanded across member states under **AMLD6**. - Cash\-payment limit. **€10,000** **EU**\-wide ceiling on cash payments by **obliged entities** — relevant for any **CASP**\-adjacent merchant flows. - **Travel Rule** overlay. **AMLR** codifies the **Transfer of Funds Regulation** **Travel Rule** obligations into the substantive **AML** framework — the **€1,000** threshold, full data set above threshold, self\-hosted wallet treatment. > **Warning:** AMLR's harmonised CDD is more demanding than several current national transpositions, particularly in lighter\-touch member states. Lithuanian and Maltese CASPs accustomed to local implementation flexibility will face a tighter substantive bar from 10 July 2027 — plan AML programme upgrades during 2026 rather than reacting in mid\-2027. ## **AMLD6** Recast — The Procedural Backbone **AMLD6** \(the recast directive — Directive 2024/16**40**\) replaces the existing Anti\-Money Laundering Directives. Where **AMLR** defines the substantive what, **AMLD6** defines the procedural how: how member\-state **FIU**s operate, how NCAs supervise non\-selected **obliged entities**, how beneficial\-ownership registers operate across the **EU**, and how criminal\-law penalties are harmonised. - **FIU** coordination. Strengthened cross\-border **FIU** cooperation; faster information exchange; **AMLA**\-coordinated joint analyses for cross\-border cases. - Beneficial\-ownership registers. Each member state maintains a **UBO** register; access expanded to legitimate\-interest parties beyond the original ECJ\-narrowed scope \(post the 2022 ECJ ruling restricting general public access\). - NCA powers. Strengthened powers for national supervisors — administrative penalties, public censure, fitness\-and\-propriety findings, supervisory\-letter publication. - Criminal\-law harmonisation. Continuation of **6AMLD**'s criminal\-law framework — predicate offences, corporate liability up to 10% of annual turnover, minimum\-maximum imprisonment terms. ## **AMLA** — The New **EU** Supervisor **AMLA** — the Authority for Anti\-Money Laundering and Countering the Financing of Terrorism — is the structural innovation. Headquartered in **Frankfurt**, operational from **1 July 2025**, with direct supervisory powers from January 2028, **AMLA** is the **EU**'s first **AML**\-specific supervisor with binding authority over individual **obliged entities**. The model echoes the Single Supervisory Mechanism for banks under the ECB but applied to **AML**. *Table: AMLA's powers, structure, and selection methodology.* | Element | Detail | Effective | | --- | --- | --- | | Domicile | Frankfurt, Germany | Operational July 2025 | | Direct supervision scope | \~40 selected obliged entities \(financial sector \+ crypto sector\) | From January 2028 | | Indirect supervision | Coordination of national NCAs supervising non\-selected obliged entities | From 2026 | | Selection criteria | Cross\-border footprint \(≥6 member states\), high\-risk profile, scale of obliged\-entity activity | Selected entities published 2027 | | Joint Supervisory Team | AMLA staff \+ home NCA \+ host NCAs of jurisdictions where supervised entity operates | Live for selected entities from 2028 | | Powers over selected entities | On\-site inspections, information requests, periodic penalty payments, administrative fines, supervisory measures | From 2028 | | Selection cycle | Every 3 years | First cycle 2027–2030 | | Funding | Industry\-funded levies on selected entities \+ member\-state contributions | Phase\-in from 2025 | > **Note:** Significant CASPs operating in 6\+ member states with material volume are obvious candidates for first\-cycle AMLA selection. The first formal selection list publishes in 2027 with effect from January 2028. Operators in this band should engage with AMLA preparatory consultations through 2026 — designation handled cooperatively is materially better than designation imposed. ## Selection Methodology — Who Falls Under **AMLA** Direct Supervision **AMLA**'s **selection methodology**, set out in the **AMLA** Regulation and forthcoming technical standards, applies a multi\-criterion scoring model. The threshold is not a single number but a composite assessment. Indicative criteria for a **CASP**: - Cross\-border footprint. Active operations in ≥6 member states. - Customer base scale. Material **EU**\-resident customer numbers \(likely millions for a crypto exchange\). - Transaction volume. High aggregate annual transaction throughput on the obliged\-entity activity. - Inherent ML/TF risk profile. Customer mix, asset mix, jurisdictional exposure, prior supervisory findings. - Significance to financial\-stability or **AML** risk. Qualitative assessment by **AMLA** in conjunction with member\-state NCAs. ## What Changes Operationally for **CASP**s Three categories of **CASP** face different operational changes from the **AML Package**. Pure non\-**EU** **CASP**s are out of scope but increasingly affected via passporting **Travel Rule** counterparties. **EU**\-licensed non\-significant **CASP**s face **AMLR**\-harmonised national supervision. Significant **CASP**s face **AMLA** **direct supervision**. *Table: Operational change for CASPs by category under the EU AML Package.* | CASP category | Pre\-AMLR \(today\) | Post\-AMLR \(10 July 2027 \+\) | | --- | --- | --- | | Small EEA\-licensed CASP \(single member state\) | Local NCA \+ national 5AMLD/6AMLD transposition | AMLR substantive rules \+ AMLD6 procedural; NCA still supervises | | Mid\-sized EEA CASP, 3–5 member states | Local NCA \+ national variations across passport states | AMLR uniform across all states; reduced compliance complexity but tighter substantive bar | | Large EEA CASP, 6\+ member states | Local NCA \+ ESMA convergence influence | Likely AMLA selection; joint supervisory team; higher reporting burden | | Non\-EU CASP serving EU via reverse solicitation | Outside obliged\-entity perimeter | Same — but Travel Rule counterparty CASPs apply AMLR scrutiny on inbound transfers | | Cross\-border crypto group with multiple regulated entities | Per\-entity supervision | Group\-level AMLA assessment for selection; coordinated supervision likely | ## The Timeline — 2025 to 2030 The **AML Package** phases in over five years. Each milestone has **compliance** and operational implications worth planning around. - **1 July 2025** — **AMLA** operational start. **Frankfurt** offices open; staff onboarding; preparatory work on technical standards and **selection methodology** begins. - **January 2026** — **AMLA** full operational capacity. **AMLA** begins coordination of national supervisory work; technical standards finalised; preparatory engagement with potential selected entities. - **10 July 2027** — **AMLR** \+ **AMLD6** application date. Substantive new rules apply across the **EU**; existing **AML** programmes must be aligned. - Late 2027 — First **AMLA** selection list published. \~**40** directly\-supervised entities named; transition to **direct supervision** begins. - January 2028 — **AMLA** **direct supervision** live. Joint supervisory teams operate for selected entities; supervisory fees commence. - 2030 — First selection cycle completes; second cycle's **selection methodology** refines. ## How **CASP**s Should Prepare - Refresh **AML** programme to **AMLR** draft. Use the published **AMLR** text — finalised May 2024 — as the rulebook against which to upgrade existing programmes. Do not wait for **AMLA** technical standards. - Audit cross\-border footprint. Map the member states where you have material activity. ≥6 member states is the **AMLA** selection trigger; if you are at 4–5 today, decide whether to expand or to consolidate before the 2027 selection cycle. - Engage proactively with the home NCA. The home NCA's view feeds into **AMLA**'s selection assessment; building a constructive relationship pre\-selection is materially valuable. - Reporting infrastructure investment. **AMLA**\-supervised entities face monthly data feeds \+ standing reporting \+ ad\-hoc requests. Most **CASP**s need 6–12 months of engineering work to be inspection\-ready under this cadence. - Budget for supervisory fees. **AMLA** fees for selected entities are tiered with material annual cost \(likely €100,000–€500,000\+ depending on size\) on top of NCA fees. - **Travel Rule** \+ blockchain analytics maturity. **AMLA**'s supervision will be at least as rigorous as the **most demanding** NCA today. **Travel Rule** provider deployments and blockchain analytics integration must be inspection\-ready. ## Frequently Asked Questions ### Will my single\-member\-state **CASP** fall under **AMLA** **direct supervision**? Almost certainly not in the first selection cycle. **AMLA**'s **selection methodology** weights cross\-border footprint heavily; a **CASP** authorised in only one member state with operations concentrated there is a candidate for **indirect supervision** via the home NCA under **AMLR**. Direct supervision is reserved for the cross\-border, scaled, and high\-risk\-profile entities. The first **40** selected entities will skew toward groups operating in 6\+ member states with millions of **EU** customers. ### Does **AMLR** replace **MiCA**'s authorisation regime? No — **AMLR** overlays the **Markets in Crypto\-Assets Regulation** rather than replacing it. **MiCA** authorisation continues to control which entities can provide crypto\-asset services in the EEA; **AMLR** controls how those entities run their **AML** programmes. A **CASP** must satisfy both regimes simultaneously: authorisation under **MiCA**, **AML** **compliance** under **AMLR**. The two operate in parallel. ### What happens to existing [EBA Guidelines](https://www.eba.europa.eu/) on **AML** risk?⁴[^6] **EBA Guidelines** remain in force as the operational baseline through the **AMLR** transition. From **AMLR** application date \(**10 July 2027**\), **AMLA** inherits authority for issuing **AML** technical standards across the **EU** and will progressively update the **EBA Guidelines** into **AMLA**\-issued standards. Practical effect: **AML** programmes built to the 2021 **EBA Guidelines** remain useful as a starting point but should be refreshed against **AMLR** text and forthcoming **AMLA** standards. ### How does the **Travel Rule** fit into **AMLR**? **AMLR** codifies the **Transfer of Funds Regulation** **Travel Rule** obligations into the substantive **AML** framework — the **€1,000** data threshold, full data set above, self\-hosted wallet treatment. Practically: existing TFR\-compliant **Travel Rule** capability remains compliant under **AMLR**; the regime becomes more rigorous via **AMLA**\-issued technical standards rather than the Regulation text itself. ### Will **AMLA** fees apply to non\-selected **CASP**s? Indirectly. **AMLA**'s funding mix includes industry\-funded levies on selected entities plus member\-state contributions; non\-selected **CASP**s do not pay direct **AMLA** fees but may see slightly elevated NCA fees as member states recoup **AMLA** contribution costs through national supervisory fee structures. Direct cost differential between selected and non\-selected supervision is material — €100,000–€500,000\+ for selected. ### Should I structure to avoid **AMLA** selection? Maybe — depends on commercial trade\-offs. Limiting active operations to fewer than 6 member states avoids the cross\-border\-footprint trigger; concentrating customer base in lower\-tier\-risk jurisdictions reduces the risk\-profile score. But **AMLA** selection is also a credibility signal — Tier\-1 institutional counterparties view directly\-supervised entities favourably. Most large **CASP**s accept selection as the price of meaningful EEA scale, focus on cooperative engagement with **AMLA** rather than selection avoidance. > **Call to action:** Preparing for AMLR application or AMLA selection? Finconduit scopes the AML programme upgrade work, supports cross\-border footprint planning, and makes vetted introductions to specialist AML counsel and supervisory\-engagement advisers. Get a free AML Package readiness assessment. ## Related Guides - [AML Compliance for Crypto Firms](/resources/aml-compliance-crypto-6amld): What the **6AMLD** requires from **CASP**s and **VASP**s - [The Significant CASP Threshold: When ESMA Takes Over](/resources/significant-casp-esma-threshold): **MiCA** Article 84 thresholds, **ESMA** **direct supervision**, and dual oversight with **AMLA** - [Sanctions Screening for Crypto](/resources/sanctions-screening-crypto-ofac-eu-un): OFAC, **EU** Consolidated, UN — architecture and vendors - [MLRO Hiring Guide for CASPs](/resources/casp-mlro-hiring-guide): What to look for, what to pay **AMLR** \+ **AMLD6** \+ **AMLA** together represent the most ambitious **EU** **AML** reform of the 2020s. For most **CASP**s, the **single rulebook** is positive — fewer national variations, easier multi\-state operations, more predictable supervisory expectations. For the **40** selected entities under **AMLA** **direct supervision**, the change is operationally heavier — monthly reporting cadences, **joint supervisory team**s, **AMLA**\-issued technical standards. Either way, the substantive **AML** bar tightens. The **CASP**s that are inspection\-ready under **AMLR** by 1 January 2027 will navigate the transition cleanly. Those that wait until July 2027 will spend the second half of 2027 in remediation mode. ## Footnotes [^1]: Regulation \(EU\) 2024/1624 \(Anti\-Money Laundering Regulation — AMLR\), 31 May 2024, applicable from 10 July 2027. [^2]: Directive \(EU\) 2024/1640 \(Sixth Anti\-Money Laundering Directive recast — AMLD6\), 31 May 2024. [^3]: Regulation \(EU\) 2024/1620 establishing the Authority for Anti\-Money Laundering and Countering the Financing of Terrorism \(AMLA\), 31 May 2024 — operational from 1 July 2025; direct supervision from January 2028. [^4]: Regulation \(EU\) 2023/1113 \(Transfer of Funds Regulation — TFR / Travel Rule for crypto\-asset transfers\), applicable from 30 December 2024. [^5]: Regulation \(EU\) 2023/1114 \(MiCA\) — establishes the EEA CASP perimeter that AMLR overlays for AML obligations. [^6]: EBA Guidelines on the management of money laundering and terrorist financing risks \(EBA/GL/2021/02\) — current operational baseline; AMLA will inherit and update. --- Source: https://finconduit.com/resources/amlr-amla-casp-2027