CRA Update - Financial Secrecy Becomes a Mandatory Factor in Geographic Risk Assessments from July 2027

EU AML Regulation 2024/1624: Financial Secrecy Becomes a Mandatory Factor in Geographic Risk Assessments from July 2027

Executive Summary

• From 10 July 2027, the EU’s new Anti-Money Laundering Regulation (Regulation (EU) 2024/1624) will require
• All obliged entities to explicitly factor financial secrecy risks into their GEOGRAPHIC RISK ASSESSMENTS and CUSTOMER DUE DILIGENCE PROCESSES.
• This is a landmark shift: for the first time, EU AML rules formally recognise that jurisdictions enabling financial secrecy through
• Barriers to information exchange,
• Strict banking or corporate secrecy laws,
• Weak controls on legal entity formation, or
• The absence of central beneficial ownership registers creates elevated money laundering and terrorist financing risks.
• The change aligns regulatory expectations with long-established evidence from
• Law enforcement,
• The Basel AML Index, and
• The Tax Justice Network’s Financial Secrecy Index.
• The change moves financial secrecy from a peripheral consideration to a structured, measurable component of risk-based compliance.

• The EU’s explicit inclusion of financial secrecy in geographic risk assessments
• Marks meaningful progress.
• It translates decades of research, law enforcement insight, and data into enforceable regulatory practice.
• Those who integrate financial secrecy considerations effectively and proportionately
• Will not only meet their July 2027 obligations
• But will also strengthen their overall AML/CFT defences in a way that better reflects how financial crime actually occurs.
• For compliance officers, MLROs, and directors, the message is clear: preparation must begin now.
• This means updating policies, methodologies, and training now to ensure readiness and supervisory defensibility when the rules take effect.

Detailed Analysis

For years, financial secrecy has been widely acknowledged as a facilitator of economic crime, yet it has rarely been embedded as a formal, quantifiable element in AML geographic risk frameworks.

The new EU regulation changes that. Annex III of Regulation (EU) 2024/1624 lists “third countries identified by credible sources … as enabling financial secrecy” as a higher-risk geographic factor.

Specific indicators include:

• Barriers to cooperation and exchange of information with other jurisdictions;
• Strict corporate or banking secrecy laws that penalise disclosure of customer information;
• Weak controls for the creation of legal entities or arrangements; and
• The absence of requirements to record or hold beneficial ownership information in a central database or register.

Obliged entities must now.

• Integrate these factors into their business-wide risk assessments (Article 10) and when determining the level of customer due diligence (Article 20).
• Where higher risks are identified, enhanced due diligence measures apply.
• The European Banking Authority’s successor, the AML Authority (AMLA), will issue supporting guidelines by 10 July 2027 to promote consistent application.

This development reflects a deeper truth about how illicit financial flows operate.

• Jurisdictions with high levels of financial secrecy consistently offer greater opportunities for concealment, especially when combined with large transaction volumes and weak transparency standards.
• Weak beneficial ownership transparency, restrictions on information exchange, and gaps in oversight do not merely marginally increase risk; they shape the environments in which tax abuse, corruption, and the concealment of illicit wealth become feasible.

The recognition of financial secrecy as a core risk factor is not occurring in isolation.

• It builds on established international practice. Financial secrecy indicators already form a central pillar of the Basel AML Index.
• In March 2026, the International Foreign Bribery Taskforce, comprising the FBI and law enforcement agencies from the Five Eyes alliance (Australia, Canada, New Zealand, and the UK), formally adopted the Tax Justice Network’s Financial Secrecy Index and Corporate Tax Haven Index as recommended tools for assessing corruption and foreign bribery risks.

The EU’s move, therefore, represents regulatory convergence:

• Policy and enforcement communities are increasingly speaking the same language about the mechanics of financial crime.

By explicitly requiring institutions to account for secrecy, the framework closes a long-standing gap between acknowledged realities and day-to-day compliance practice.

Impact Assessment: What Compliance Officers, Directors, and Risk Teams Should Consider

The introduction of financial secrecy as a mandatory geographic risk factor will have immediate and ongoing implications for obliged entities. Key considerations include:

1. Risk Assessment Methodology Updates
• Review and revise geographic risk scoring models to incorporate financial secrecy indicators.
• Use credible, publicly available sources such as the Tax Justice Network’s Financial Secrecy Index, the Basel AML Index, and any future AMLA guidelines.
• Ensure models distinguish between EU/EEA jurisdictions (where the requirement is not mandatory but can be applied voluntarily for consistency) and third countries.
• Document the rationale for risk ratings to withstand supervisory scrutiny.
2. Customer Due Diligence and Enhanced Measures
• Customers or transactions linked to high-secrecy jurisdictions will trigger enhanced due diligence more frequently.
• This may include deeper beneficial ownership verification, source-of-wealth/ source-of-funds enquiries, and ongoing monitoring.
• Update customer onboarding questionnaires, screening tools, and transaction monitoring rules to flag secrecy-related red flags.
3. Training and Governance
• Deliver targeted training to relationship managers, compliance analysts, and second-line functions on the new requirement and its practical application.
• Ensure board-level and senior management awareness, as the risk-based approach now carries a clearer regulatory expectation around financial secrecy.
4. Technology and Data
• Assess whether existing compliance platforms can automate the incorporation of secrecy risk data.
• Many RegTech solutions already integrate indices such as the FSI; evaluate integration timelines. See www.itrackaml.com
• Consider the cost and effort of maintaining up-to-date risk data, especially as secrecy landscapes evolve.
5. Broader Strategic Implications
• Institutions with significant exposure to high-secrecy jurisdictions may need to reassess business strategies, correspondent banking relationships, or client acceptance policies.
• The change signals a broader policy direction: regulators are moving beyond managing the symptoms of financial secrecy toward addressing its structural causes.
• Forward-looking organisations may choose to apply the same standards voluntarily within the EU or advocate for similar reforms in public policy.

Conclusion

• The EU’s explicit inclusion of financial secrecy in geographic risk assessments marks meaningful progress. It translates decades of research, law enforcement insight, and data into enforceable regulatory practice.
• For compliance professionals, the message is clear: preparation must begin now.
• Those who integrate financial secrecy considerations effectively and proportionately will not only meet their July 2027 obligations but will also strengthen their overall AML/CFT defences in a way that better reflects how financial crime actually occurs.
• The real test, however, lies beyond compliance.
• If the same logic is applied consistently across public policy, tax, company law, and international cooperation, the EU and its partners can move from merely managing the effects of financial secrecy to tackling its root causes.

Sources  

• Regulation (EU) 2024/1624 (full text):
• https://eur-lex.europa.eu/eli/reg/2024/1624/oj/eng
• Tax Justice Network
• Press release on FBI and Five Eyes adoption of the Financial Secrecy Index:
• https://taxjustice.net/press/fbi-and-five-eyes-law-enforcement-agencies-adopt-the-tax-justice-networks-financial-secrecy-index-and-corporate-tax-haven-index/
• Financial secrecy has entered the EU AML rulebook. What comes next?
• https://taxjustice.net/2026/04/14/financial-secrecy-has-entered-the-eu-aml-rulebook-what-comes-next/?utm_source=newsletter&utm_medium=email&utm_campaign=financial_secrecy_has_entered_the_eu_aml_rulebook_what_comes_next&utm_term=2026-05-01