News

Fostering a “common culture” among national supervisors and financial intelligence units ranks among the top objectives of the EU’s Anti-Money Laundering Authority, Bruna Szego, the agency’s first leader, told ACAMS moneylaundering.com.

AMLA will set uniform standards for compliance and supervision across the EU, serve as a data-sharing hub for national FIUs, and, from July 2028 onwards, directly oversee 40 financial services companies that, based on their systemic importance and relative exposure to illicit finance, present a high level of risk to the bloc.

In a written interview with London bureau chief Koos Couvée, Szego, a veteran Italian regulator who took the lead at AMLA last month, set out her views on the challenges her agency faces, using technology to combat financial crime, the tension between data-privacy concerns and AML requirements, and more.

An edited version of their discussion follows.

AMLA has four mandates: regulatory, direct supervision, indirect supervision and FIU cooperation, all of which require different expertise. How do you plan to build AMLA’s institutional culture, and in doing so, which of those mandates do you put at the center?

I don’t think AMLA’s identity should be linked to one single mandate. It will be linked directly to the overarching goal: increasing the overall effectiveness of the EU AML regime.

To achieve this goal, all four mandates are equally important, as is fostering synergies between them. Cooperation will be essential as AMLA is not alone. We are part of a broader EU AML system, and let’s also not forget that some of the key players of this system [national authorities] are members of our general board.

How will AMLA promote cooperation and information-sharing between national supervisors, given past challenges?

Creating a common supervisory culture is a key priority for AMLA. This will develop through regular exchange and cooperation [with national regulators], including during our regular general board meetings.

We will seek to foster convergence through supervisory tools and guidance. Peer reviews and continuous cooperation with national authorities will also play a role.

With direct AML supervision, AMLA’s mandate resembles the EU Single Supervisory Mechanism for prudential supervision. What lessons should AMLA take from the SSM? What areas require a different approach?

For direct supervision by AMLA, EU legislators have clearly taken the SSM, which was set up in 2014, as a model, including through the [proposed] establishment of joint supervisory teams, the so-called JSTs, which will include staff from AMLA and the national authorities and directly supervise each selected entity.

This being said, there are important differences. First and foremost, the SSM was established to supervise one financial sector, namely credit institutions, where supervision was already mature and robust cooperation mechanisms with national authorities were in place.

AMLA will directly supervise entities from the whole financial system, including in sectors where it needs to build capacity almost from scratch, such as non-bank financial institutions and crypto-asset service providers, while also applying new rules [the forthcoming, bloc-wide, single AML rulebook]. These markets are also more fragmented nationally and subject to specific AML/CFT [combating-the-financing of terrorism] sectoral risks.

Secondly, the new, single AML rulebook itself remains to be implemented, and many key parameters still need to be approved through around 60 so-called level 2 and 3 measures [forthcoming technical standards and guidelines for implementing the rulebook]. The latter include critical elements, such as the criteria for selecting entities under direct supervision.

All in all, with the above caveats, the SSM remains a reference model in terms of establishing an integrated supervisory system from which we will certainly take inspiration.

How will AMLA keep pace with, and use, technological innovation to swiftly identify financial crime-related risks and non-compliance?

It’s clear that AMLA must stay ahead of evolving money-laundering techniques by having an adequate grip on innovation.

A cornerstone of AMLA’s future tech-stack could be strong suptech [supervisory technology] solutions, where it could be very useful to explore the possibility of using advanced technology, such as artificial intelligence and machine learning, while obviously taking into account the requirements set by the AI Act.

However, AMLA is obviously not yet at a point where we have the capacity to implement these tools. Our focus for now is to set up the infrastructure necessary to become operational.

The head of AML at the European Banking Authority warned in an interview with moneylaundering.com in December that financial institutions frequently fail to test innovative compliance-related tools properly, and, in doing so, expose themselves to new financial crime-related risks. How will AMLA tackle this challenge?

Firstly, we believe that the urge to innovate and develop new approaches is a positive trend. However, it does not come without risk.

Clearly, financial institutions must be aware of the risks associated with cybersecurity and privacy issues and outsourcing, the risk of deteriorating data quality, as well as “black-box” risk, where they are no longer aware of what factors influence the decisions the models make.

All these risks increase immensely when a financial institution does not properly vet and test their solutions. These risks are not specific to AML, but relate more generally to the entire business of financial institutions increasingly using advanced technology. In our case, DORA [the EU’s Digital Operational Resilience Act] and the AI Act will help.

Liaising with prudential authorities in this context will also always be key.

What role do you believe AMLA can play in boosting financial inclusion and helping financial institutions focus their anti-financial crime efforts more towards high-risk customers?

Having the same rules across EU, as set out in the AML package, and the same authority, AMLA, providing guidance on how they should be applied will bring compliance costs down for cross-border institutions.

More broadly, it will be important to ensure—also considering the wide scope of AMLA’s powers—that AML regulation and policies are efficient, i.e. designed to achieve their objectives at minimum cost.

In addition to this, we must remember that the AML framework is risk-based, and this approach allows for containing compliance costs. It will be important to ensure that obliged entities have sound governance mechanisms and internal control systems in place that allow them to manage ML/FT risks according to this approach.

Paying attention to compliance costs will also be conducive to containing de-risking practices and avoiding financial exclusion.

Will AMLA work with other authorities to help financial institutions balance the clash between AML and data privacy?

There are undoubtedly frictions between AML and data privacy. This is a global issue, not only a European one, but I think the AML package seeks to strike a balance between protecting individual privacy rights and ensuring effective AML controls by implementing harmonized rules and defining clear data processing limits, among other things.

For level 2 or level 3 regulation, AMLA will consult the European Data Protection Board wherever necessary, both when preparing regulatory technical standards and when drafting guidelines.

How does AMLA intend to foster robust cooperation with law enforcement agencies, such as Europol and Eurojust, to facilitate information-sharing?

AMLA is expected to facilitate information-sharing by establishing a structured and secure framework for exchanging intelligence between financial intelligence units, law enforcement agencies and other authorities.

The exact modalities of AMLA’s role in information-sharing will depend on its operational framework as it develops. We want to ensure that it complements and strengthens existing structures rather than duplicates efforts.

This will likely include setting up standardized processes for data exchanges, ensuring interoperability between national [data] systems and promoting the use of secure communication channels. By acting as a central point of coordination, AMLA could help streamline cross-border cooperation and reduce barriers to timely and effective information flow while also ensuring compliance with legal and data protection requirements.

Additionally, AMLA may develop analytical capabilities to support joint analyses by FIUs and provide guidance on best practices for information-sharing. This could involve creating common reporting templates and developing risk indicators.

What are AMLA’s three top priorities for the current year? What milestones do you hope to achieve?

AMLA’s top priorities for 2025 are meeting its operational needs, including by recruiting staff, setting up our IT infrastructure and developing our governance systems, preparing for its core activities of facilitating the sharing of financial intelligence and direct supervision, and, finally, building and strengthening the EU AML community.

We reached the first milestone by launching our first AML expert selection procedure in January. Having our first staff members in Frankfurt was also a big step for us.

We also are looking forward to the executive board joining, which will allow us to be operational in the summer.

Broadly, what challenges do you foresee for AMLA in achieving its mandate? How do you plan to overcome them?

The biggest challenge is ensuring that best standards in FIUs [financial intelligence units] and supervision will be applied—considering that the starting point is a quite fragmented European landscape—while on the other hand ensuring no one is left behind.

Our path to overcoming this challenge is quite clear. Firstly, we must prepare a realistic, feasible and credible workplan with national FIUs and supervisors so that we’re all on the same page on where we want to go and how to get there.

We need to involve national authorities as much as possible in executing the plan, and use peer reviews and periodic reviews of national authorities to stimulate improvement.

Finally, in the future AMLA could provide secure, effective and efficient supervisory technology and data analytics tools to NCA [national competent authorities] and FIUs, as this would be a powerful way of accelerating the convergence between national authorities and FIUs across the EU.

Contact Koos Couvée at kcouvee@acams.org