What fundamental changes does the new EU AML package bring for European supervision?
Dirk: Today we are going to talk about the far-reaching changes brought about by the EU AML package. The focus will be on topics such as the new European Anti-Money Laundering Authority, AMLA, the requirements of the AML Regulation, the further development of KYC processes, the increasing importance of data quality, modern risk analyses and the use of artificial intelligence in money laundering prevention.
With me are Tamara Braun, Senior Manager at zeb in Vienna, as well as Rick A. Campbell, CEOย / Executive Chairman of @GROUP, and Matt Winlaw, CEO of @ID and EDD Group, a division of @GROUP. @GROUP is a technology company specializing in software solutions for KYC and financial crime prevention. Pleased to have you here!
Tamara: Thank you, Dirk. This is currently a crucial phase for Europe. Regulation is becoming more uniform, expectations of financial institutions are being more clearly formulated and many processes that were previously interpreted in various ways are now being given a common European framework. AMLA brings these developments together and creates a common standard to which banks in all member states must adhere.
Rick: Many thanks for the invitation from my side too. Iโm happy to contribute my view from a technological perspective. Iโve been active in the American, British and Australian markets for many years, where the structures areย โ at least in partย โ more centralized, which makes some processes easier. However, this doesnโt mean that Europe is lagging behind per se. Europe has a different complexity and therefore a different dynamic. Both are different starting points that each open up their own opportunities.
Figure 1: EU AML packageFrom data chaos to precision: how does the EU AML package transform risk analysis and KYC processes?
Dirk: Tamara, your last BankingHub article from August already discussed the fact that European anti-money laundering supervision is going to change fundamentally. Several months have now passed. Which of the developments expected at the time have now become reality and where is the picture clearer today?
Tamara: The greatest progress relates to standardization. AMLA has consolidated its structures and is beginning to develop common standards for risk analyses, KYC processes and data quality. The requirements, which partly used to be somewhat vague, are now much more precise. Clear expectations have been formulated for data quality and register entries. It has also become evident that risk analyses will need to be more quantified and logically derived in future. The supervisory authority wants to see comprehensible valuation models based on reliable data. All of this means that the framework has become much more tangible.
Efficiency through harmonization: why are data strategy and AI at the heart of the new EU AML regime?
Dirk: Matt, would you like to comment on this from a technological perspective? Europe is now moving towards harmonized data models and uniform structures. What does this mean for the practical use of modern AML technologies?
Matt: Harmonization is one of the greatest levers for efficiency. Technologies such as AI and automation work best when data is consistently structured and centrally accessible. The Anglo-Saxon countries, for example, have the advantage of an essentially centralized supervisory system, which facilitates certain standardizations. Europe has a different starting position as there are lots of registers, identity systems and country-specific features. At the same time, Europe also has enormous potential as a result. When data models are harmonized, AI can not only work more efficiently, but also much more accurately, because it can access a broad, rich and high-quality data basis.
Identity verification in institutions: what are the new European standards for robust money laundering prevention?
Dirk: Letโs look at the KYC requirements. Many things are becoming more granular and complex. Tamara, what specific obligations have now been established and what do they mean for the institutions in practice?
Tamara: The most significant change concerns regular inspections. In future, even low-risk customers must be reviewed every five years at the latest. This is a clear obligation and naturally generates additional effort. In addition, more data is required. Itโs no longer enough to simply record traditional master data such as name and address. The supervisory authority expects additional identity features, tax information, nationalities and information on beneficial owners, including possible nominee structures. To ensure that all this information can be used effectively, it must be maintained comprehensively, consistently and verifiably. Many institutions are therefore faced with the task of modernizing their data repositories and establishing central data sources.
Dirk: Many executives now openly state that it is hardly possible to implement these obligations by purely manual means. Rick, what technological approaches can specifically support and relieve KYC processes?
Rick: Automation is key. Modern systems can automatically read documents, confirm identities biometrically, add information from registers, use information available on the web for cross-checking and review data for plausibility. Screening systems become much more accurate when AI is used. They recognize patterns, filter out irrelevant hits and draw attention to cases that are actually relevant. In addition, risk profiles can be updated dynamically because AI immediately recognizes changes in behavior, transactions or external parameters. Humans always remain in the decision-making chain, but technology takes over preliminary tasks and makes complex processes scalable.
BankingHub-Newsletter
Analyses, articles and interviews about trends & innovation in banking delivered right to your inbox every 2-3 weeks
What is Europeโs approach to AI governance?
Dirk: Tamara, one point that is often discussed is how Europe deals with AI compared to other markets. What differences do you see most clearly from an expert point of view?
Tamara: Europe pursues a very systematic governance approach. Decisions must remain traceable and verifiable. AI models must be explainable and must not be a black box. In addition, the European data landscape is significantly more complex due to different national systems. In the past, this has made the use of scalable AI solutions more difficult. At the same time, it is precisely here that the EU AML package creates new conditions. The more data models, interfaces and registers are harmonized, the easier it will be to implement high-quality AI models. Europe is therefore consciously laying the foundations for sustainably robust solutions.
Rick: I fully agree. In the Anglo-Saxon countries, some solutions could be rolled out more quickly because there is less heterogeneity. Europe, by contrast, has an enormous dynamic and a much broader data basis. As soon as harmonization is more advanced, AI will be very effective here. The size of the European systemย โ similar to the size of the US marketย โ is an advantage as soon as the basics are right.
Dirk: Letโs move on to risk analysis, a core element of the new requirements. Tamara, how is this area changing and what do banks need to pay particular attention to?
Tamara: In future, risk analysis is intended to show more clearly how risks arise and how they are influenced by controls. The supervisory authority expects all relevant risk dimensions, i.e. customers, products, countries, transactions, sales channels, employees and outsourced activities, to be assessed in a structured manner. In practice, a three-stage logic is increasingly gaining traction. First, the inherent risk is described, i.e. the risk without any controls. Then it is assessed which controls are in place and how effective they are. This results in the residual risk. These considerations must be backed up with data and updated regularly. Pure estimates will be much more difficult to justify in future.
Rick: Artificial intelligence can be an important tool here. It helps to analyze large volumes of data from transactions, customer groups or product usage and to make anomalies visible. For example, if certain combinations of characteristics frequently occur in cases with increased risk, this can be incorporated into the modeling. The effectiveness of controls can also be better assessed by systematically analyzing how often certain controls have actually reduced risks.
Looking ahead to 2027: why does the EU AML package include more than just new rules?
Dirk: Finally, Iโd be interested in your view of the future. In your opinion, what are the most important success factors up to 2027, when many transition periods expire and the new requirements become fully effective?
Tamara: From a specialist perspective, the most important point is an integrated AML operating model. Optimizing individual processes is no longer enough. Governance, data quality, KYC, risk analysis and monitoring must be understood and managed as a comprehensive system. This includes ensuring that responsibilities are clearly defined, that data flows are transparent and that models are regularly reviewed and further developed. Institutions that invest in structures, data and skills at an early stage will have less trouble with short-term adjustments in the long term.
Rick: From a technological perspective, I would add that three points are crucial. Firstly, a modern data repository with clear standards and central sources. Secondly, the targeted use of automation and AI, not as an end in itself, but where it offers real added value. And thirdly, close collaboration between specialist departments, compliance, IT and data experts. When these areas plan and develop together, they create solutions that are both regulatory viable and efficient. If these conditions are fulfilled, Europe has a very good chance of taking on a leading role in modern money laundering prevention.
Dirk: Thank you both for your candid and profound insights. Clearly, the coming years will be challenging for banks, but the new regulations also offer a great opportunity to modernize structures and raise money laundering prevention to a new level.
