AMLA 2026–2028: Europe's Shift to a Unified, Data-Driven AML Framework – What Banks Must Do Now

The creation of the Authority for Anti-Money Laundering (AMLA) marks a decisive turning point in Europe's fight against financial crime, moving the EU beyond the limitations of coordination toward genuine supervisory integration.

• AMLA will embed national authorities in a shared, data-driven architecture rather than replace them, eliminating long-standing fragmentation, divergent risk taxonomies, and inconsistent supervisory intensity that have characterised the previous regime.

This article examines what AMLA's 2026–2028 work programme will mean in practice for banks:

• How supervision will evolve through phased convergence, infrastructure development and direct oversight of approximately 40 complex cross-border institutions;
• How a unified, evidence-based model will reshape expectations around data quality, model risk and governance; and
• What boards and Chief Risk Officers must prioritise to prepare their organisations for this new era of harmonised, technology-intensive AML/CFT supervision.

2026-2028 work programme

• Under the previous framework, the EBA could guide and coordinate, but national authorities remained autonomous and divergent.
• As a result, cross‑border banks frequently faced fundamentally different supervisory approaches depending on local jurisdiction.
• AMLA is designed to close those gaps, with its own risk models, data infrastructure and supervisory teams, applying a unified methodology across the Union.  
• Under AMLA, onboarding of the 40 banks will be risk-based rather than size-based, with selection in 2027 driven by  AMLA's ML/TF risk assessment models, which are currently being tested and calibrated through the 2026 EU-wide data collection exercise.
• The AMLA has released its 2026-2028 work programme, marking the operational launch of Europe's AML/CFT framework into a unified, data‑driven supervisory architecture.
• The programme strengthens systemic supervision, ensuring consistent risk assessment and supervision across the Union and, in doing so, redefines supervisory expectations for European financial institutions.
• AMLA's first work programme marks the operational start of Europe's new anti-money laundering (AML)/Combating the Financing of Terrorism (CFT) framework.
• This shift is underpinned by three core features that will shape the design, implementation, and evidencing of AML supervision at EU level: 

Key features 

• Introduction of a single, data‑driven supervisory model, replacing divergent national practices. 
• A phased transformation, with convergence in 2026, infrastructure development in 2027 and direct AMLA supervision in 2028. 
• Banks must shift to evidence‑based AML, strengthening data governance and the use of robust, documented evidence. 

In 2026, the Authority remains in transition and is still supported by the European Banking Authority (EBA). The programme clarifies its immediate priorities, which include:

• Completing core regulatory mandates,
• Preparing the methodology for selecting institutions that will enter direct supervision in 2028 and
• Coordinating with national authorities to ensure supervisory continuity.  

From fragmentation to integration 

Europe's AML/CFT regime has long suffered from heterogeneous national interpretations, divergent risk taxonomies, and inconsistent supervisory intensity. AMLA's creation responds directly to this weakness, and unlike the EBA‑centred model, which relied on coordination, AMLA introduces: 

• One supervisory doctrine grounded in harmonised regulatory technical standards (RTS) and measurable indicators. 
• One analytical base built on consistent taxonomies, thresholds, and evidentiary standards. 
• One intelligence fabric, via the transformation of the Financial Intelligence Unit (FIU)-Net into an integrated cross‑border network. 
• One supervisory perimeter, with joint supervisory teams directly overseeing a group of approximately 40 complex cross‑border institutions by 2028. 

An agenda that impacts banks 

• AMLA's strategic roadmap for 2026–2028 makes its ambition explicit: to reshape the Union's AML/CFT framework into a unified system that produces consistent outcomes across jurisdictions and sectors, with direct and significant impacts on banks. 

Phase 1: Laying the foundation (2026)  

• Finalisation of a large share of AMLA's regulatory mandates. 
• Development of a common supervision model and manual for indirect supervision. 
• Launch of thematic reviews to drive convergence. 
• First phase of harmonised RTS covering customer due diligence, business relationships, enforcement and residual risk assessment. 

This common model is designed to rely on

• Granular data and to produce complete, reliable, and traceable data across onboarding, monitoring, case management, and reporting.
• Data will be quantifiable, requiring models to evolve from predominantly qualitative risk assessments to evidence‑based frameworks aligned with AMLA's harmonised indicators, RTS and EU‑wide taxonomies. 

Phase 2: Building capacity and infrastructure (2027) 

• AMLA staff ramp-up from around 120 to over 400, including data scientists, supervisors and FIU specialists. 
• Deployment of EU-wide data pipelines and initial infrastructure for harmonised risk modelling. 
• Strengthening of FIU-Net and preoperational testing of cross-border intelligence exchange. 

While the internal building of AMLA will directly concern the supervisor,

• Integrating FIU-Net into a pan-European intelligence layer means AMLA will scrutinise alert quality, case documentation, escalation logic, and detection‑to‑response timelines.
• Integrating FIU-Net refers to the technical and operational process of connecting a national FIU's internal systems and databases to this EU-wide secure platform so that information can flow smoothly across borders.
• As a result, banks will need to ensure that monitoring rules, segmentation methods, and scenario libraries are consistent, technically justified, and continuously optimised. 

Phase 3: Direct supervision begins (2028) 

• Selection and onboarding of approximately 40 cross-border institutions under direct AMLA oversight. 
• Operation of joint supervisory teams applying fully harmonised models and metrics. 
• First cycle of comparative assessments across the supervised population. 

In this new supervisory era, banks will face more assertive expectations, including

• Clearer articulation of risk appetite,
• Demonstrable understanding of AMLA's metrics, and
• Documented oversight of data quality and model risk issues.

Supervisory cycles are expected to become more frequent, more model‑driven and less tolerant of national idiosyncrasies. 

• Despite remaining uncertainty around the final concrete expectation of AMLA, banks need to take preparatory steps by: 
• Ensuring the robustness of their global information system to ensure traceability and consistency of AML/CFT data across entities, products and jurisdictions. 
• Ensuring organisational readiness within compliance functions, including sufficient staffing and training, clear allocation of roles and responsibilities for future reporting and robust group-level collection, validation and consolidation processes. 
• Testing governance and escalation frameworks to see if they need to be adapted to be able to justify residual risk assessments and control effectiveness against harmonised European benchmarks. 
• Assessing technological and analytical capabilities against AMLA's data-intensive approach and the requirements observed in the data collection exercise, to determine whether existing tools can support more granular, resource-intensive and repeatable reporting. Banks should consider AI-based solutions as key enablers for scalable, consistent, and timely AML/CFT reporting.
• AI will be useful for adapting AML/CFT controls and reducing manual interventions.
• The focus should be on producing explainable, reproducible, and auditable outputs, rather than adopting technology for its own sake, in an increasingly data-intensive supervisory environment. 

SOURCE

https://www.forvismazars.com/group/en/insights/latest-insights/amla-a-unified-data-driven-aml-cft-framework