The new AMLR regulation, cornerstone of the European AML package, requires a profound overhaul of compliance frameworks by July 2027.
From KYC review frequency to extended PEP scope, strengthened UBO requirements, and direct supervision by AMLA, financial institutions must urgently activate a strong transformation trajectory.
Backed by its first AMLR assignments with systemic groups, Capco deciphers here the concrete impacts to anticipate, strategic decisions to take as early as 2025, and our expert vision to turn regulatory shock into a controlled trajectory.
AMLR: unified framework, amplified challenges
This regulation is part of the new European AML package, which also includes a directive (AMLD6) and a regulation (AMLAR) establishing the new European authority.
From July 2027, AMLR will apply to all entities of European financial groups. It introduces directly applicable standards across all Member States. 64 Level 2 & 3 texts (RTS, ITS, guidelines) will complement the AML package in total, with more than 30 texts dedicated to AMLR for financial institutions. AMLA will also directly supervise 40 high-risk groups starting in January 2028.
The most structuring requirements by 2027
Among the numerous requirements in AMLR and the broader AML package, several bring major normative and operational impacts. The most structuring include:
- Mandatory periodic KYC review: all clients must be reassessed at least every 5 years (annually for high-risk clients). This implies a significant increase in KYC remediation campaigns, with major impacts in terms of prioritization, industrialization, and processing capacity.
- Expanded PEP scope: inclusion of local public officials, siblings of PEPs, and occasional business relationships. Screening systems must be updated, with a foreseeable increase in alert volumes.
- UBO: mandatory dual approach: UBO identification must rely on both ownership and control – regardless of shareholding. Automatic appointment of a Senior Managing Official will no longer suffice. This fundamentally changes existing practices.
- Transparency and identification data: full identity collection (all nationalities, all names), LEI, NIF, EU registration proof for offshore entities... Data scope explodes, with complex and often hard-to-collect requirements.
- Strict outsourcing control: critical decisions such as risk profiling or client onboarding can no longer be delegated to third parties. Outsourcing models must be revised.
- Intra-group and external data sharing: review of data sharing arrangements, verification of legal bases (GDPR, banking secrecy), and implementation of formalized governance to secure sensitive data exchanges between entities and partners.
- Recalibrated transaction monitoring: adaptation of scenarios to new thresholds and indicators (fraud, cash >10k€, luxury assets…), update of alert engines, and remediation of historical data, with strong impacts on tools and analytical capacity.
- Deviation reporting under time constraints: obligation to report any deviation within 14 days, requiring a robust detection, traceability and escalation mechanism, as well as enhanced coordination between business lines, compliance, and internal control.
Underrated challenges
Beyond visible impacts, Capco identifies frequent blind spots in current market approaches:
- Resource pressure: multiplied KYC reviews, expanded PEPs, increased alerts... All under HR pressure. Without tooling upgrades and targeted automation, KYC chains will be overwhelmed.
- Budget myopia: not all evolutions fit within a single-year budget. Multiyear planning is crucial to spread investments, absorb IT development peaks, and secure the path to 2027.
- Risky wait-and-see posture: some players delay decisions until all RTS and guidelines are published. Yet deadlines are fixed, many requirements are already readable, and room for maneuver is shrinking. A risk-based approach is essential to launch priority initiatives now, without waiting for a complete theoretical framework.
From regulatory constraint to controlled transformation
AMLR raises strategic questions for institutions: How to meet deadlines? How to plan without RTS? How to budget appropriately?
- Meeting deadlines requires action from 2025 onward, by activating well-defined workstreams (KYC review, due diligence, PEPs…). Other requirements depend on RTS but must be prepared and, in some cases, anticipated to avoid bottlenecks in 2026–2027.
- Planning without final RTS is feasible using consolidated analysis of drafts, AMLA/EBA guidance, and market practices – a key condition to avoid reworks and make the right trade-offs.
- Investments should be structured over several years, with a comprehensive transformation plan, budgeted and aligned with human and technical deployment capacities.
What Capco brings
Capco specializes in AML/CFT transformation programs, bringing the following value:
- A consolidated market view: based on our ongoing AMLR missions with systemic groups and active monitoring of upcoming texts, we identify pain points, anticipation margins, and critical decisions to structure now.
- Firsthand field insight: we identify friction points, anticipation levers and decision thresholds, and know how to orchestrate them without waiting for 2027.
- A proven methodology: regulatory diagnosis, tool-based impact analysis, governance structuring, and multiyear budget planning support.
- Expert and international coverage: mobilization of cross-functional experts (data, legal, IT…) and presence across jurisdictions to address both local and group-wide specificities.
Conclusion: a compliance shift that starts today
This regulation requires more than policy updates — it demands early planning and structured execution. While the regulatory framework is now defined, many implementation details remain to be clarified. Institutions should not wait for all RTS and guidelines to be issued by 2027: transformation must start as soon as possible, relying on already stabilized requirements, applying a risk-based approach where uncertainties remain, and underpinned by strong governance and a clear roadmap.
Capco is today the only player combining field expertise, market insight, and the ability to structure this transformation.
AMLR is not endured. It is managed.
Ready for lift-off?