Voorbereiden voor de AMLA: In vier stappen naar een waterdicht AML-framework

The new European Anti-Money Laundering Authority (AMLA) will launch in 2025 and gain direct supervisory powers over financial institutions and large companies starting in 2026. For businesses, this means your anti-money laundering (AML) framework needs to be in top shape. This article walks you through a practical four-step plan to future-proof your AML operations.

Step 1: Map your AML landscape

Before you take concrete action, you first need to understand what you already have in place:

1. Customer acceptance policy (KYC/KYB)
   1. Which documents do you typically request?
   2. How do you verify legal entities and their Ultimate Beneficial Owners (UBOs)?
2. PEP and sanctions screening
   1. Which data sources do you use?
   2. How often do you repeat the checks?
3. Processes and systems
   1. Which teams and tools are responsible for which checks?
   2. Where are there manual handoffs or data silos?

This will give you a clear view of what you currently have in place, and you might already spot gaps in your processes, such as repeating checks only once a year. Being critical of your current process is important because only when you know where you truly need improvement can you start working effectively.

Interesting read: Three years after the AML6: Is it time for the AML7?

Step 2: Set up UBO and PEP Profiling

A solid AML framework relies on reliable UBO and PEP data. Here's how to approach it:

1. Central UBO registration point
   • Build or upgrade your master data hub so that UBO data is stored once and automatically updated.
2. Multiple data sources
   • Combine trade registers, corporate registries, and commercial databases for maximum coverage. This is especially important if you do business outside of the Netherlands, as Chamber of Commerce numbers are not international. A D-U-N-S-number is international.
3. Periodic reassessment
   • Set triggers, for example, for changes in the board structure or unusual transaction behavior.

Interesting read: 5 Tips for finding the UBO

Step 3: Define risk classification & monitor triggers

Not every customer or transaction has the same risk profile. Streamline your classification:

1. Develop a risk model
   1. Consider factors such as industry, jurisdiction, transaction size, and historical compliance data.
2. Automate risk classification
   1. Set scoring rules in your transaction monitoring system that trigger an alert when thresholds are exceeded.
3. Establish escalation rules
   1. Define which thresholds lead to an initial review and which trigger a more in-depth investigation.

Checklist of triggers during monitoring:

The following events are triggers to have a company go through your process again and recheck everything.

• Transaction amount above X EUR
• Exceeding the average monthly turnover by more than 50%
• New risk jurisdiction
• UBO change within 30 days
• PEP match or sanctions list alert during the first or subsequent check.

Step 4: Continuous improvement & prepare for audits

An AML framework is never 'complete.' Integrate feedback and document everything in a structured manner:

1. Regular internal audits
   1. Plan quarterly reviews for processes and data quality.
2. Lean management
   1. Create KPI dashboards for turnaround times, false positives, and compliance errors.
3. Training & awareness
   1. Organize semi-annual workshops for front office, risk teams, and IT.

Is there a lack of internal knowledge or time? We’d be happy to assist you in finding a suitable compliance solution. Our tools automatically create an audit trail, and thanks to monitoring, you’ll receive instant alerts for significant changes within your portfolio. Schedule a conversation below, or take a look at our compliance solutions.