Since its entry into force on 9 July 2024, Regulation (EU) 2024/1624 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (the “AMLR”) forms the cornerstone of the new EU AML/CFT framework, which will become fully applicable as of 10 July 2027.
On 9 February 2026, the EU Anti-Money Laundering Authority (the “AMLA”) launched public consultations on three key draft Regulatory Technical Standards (the “draft RTS”) specifying the operational rules implementing the AMLR. The consultations closed on 8 May 2026 and AMLA is now expected to submit the final RTS to the European Commission.
Under the current Belgian framework, built on the Law of 18 September 2017 implementing the previous generation of EU directives (the “Belgian AML Law”), entities subject to the AML legal framework (the “Obliged Entities”) entities have been subject to a national set of due diligence and reporting obligations. That national framework will now be replaced by the directly applicable AMLR.
The three draft RTS under consultation
The three draft RTS cover the most operationally consequential elements of the new framework: (i) the criteria for identifying business relationships and transactions, (ii) customer due diligence (“CDD”) proper, and (iii) the harmonised sanctions regime under the Sixth AML Directive (“AMLD6”).
a. Article 19(9) AMLR – Identifying business relationships and transactions
The first draft RTS specifies the criteria for identifying business relationships, occasional transactions and linked transactions. This classification is foundational: CDD is always required for a business relationship, while for an occasional transaction it is only triggered above certain thresholds.
A noteworthy drafting choice is the negative definition of an occasional transaction: anything that is not a business relationship qualifies as occasional. The draft RTS also provides further insight on the criteria to consider that transactions are linked as per the AMLR.
The draft RTS does not, and cannot, change the AMLR’s legal definitions: its function is to operationalise them consistently across the EU and to reduce divergent practices between Member States.
b. Article 28(1) AMLR – Customer due diligence
The second draft RTS specifies how CDD should be performed, and addresses two topics:
- the identification and verification framework applicable to customers, beneficial owners and representatives, the use of independent and reliable sources, electronic identification ;
- the different levels of CDD regime, covering standard, simplified and enhanced due diligence, including the risk factors that should trigger each level.
….
c. Article 53(10) AMLD6 – Sanctions and administrative measures
The third draft RTS completes the package with a harmonised enforcement framework:
- indicators to classify the gravity of breaches and criteria for setting the level of pecuniary sanctions and applying administrative measures, such as restriction of activities, withdrawal of authorisation or modification of governance arrangements;
- a methodology for the imposition of periodic penalty payments, designed to ensure that the same breach is assessed and sanctioned in the same way by all supervisors across the EU.
Implications for Belgian obliged entities
While Belgian law has so far been grounded in a risk-based approach, the draft RTS marks a move towards a more rule-based regime, characterised by significantly more granular and precise operational requirements for Belgian Obliged Entities.
For Belgian Obliged Entities, once those RTS will be adopted, the practical impact will be of two sorts:
- onboarding and CDD: Obliged Entities will need to make a gap analysis of their existing processes and adapt them, as the case may be, to the new detailed obligations. In particular, they should list all specific requirements under the draft RTS and ensure that each of them are complied with;
- existing customer files: AMLA has confirmed that there is no expectation of a full refresh of all customer files by 10 July 2027 (no full ‘re-onboarding’). However, Obliged Entities should update the information they have on their existing customers in the timing set by the AMLR for regular KY updates. As a consequence, high-risk customers should be prioritised (update within one year maximum), with the remainder remediated on a risk-based timeline in line with Article 26 AMLR.
…..
Group-wide considerations should also be addressed without delay. A second wave of AMLA consultations has been opened in April 2026 on group-wide AML/CFT requirements (Articles 16(4) and 17(3) AMLR) and on the business-wide risk assessment guidelines (Article 10(4) AMLR), with public hearings held on 20 and 28 May 2026. Cross-border groups operating from or into Belgium should follow this workstream closely.
If you have any questions or would like to discuss the implications of the AMLR for your activities, feel free to reach out to us at financialregulation@simontbraun.eu.
***
This newsletter does not constitute legal advice or a legal opinion. Please consult with a legal counsel of your choice before taking any action based on the information provided.