Anti-Financial Crime & Financial Crime Compliance
Regulatory Intelligence Leadership | Insight | Network

AML, Analysis, Compliance, EU/Europe, Featured Article, Financial Crime, News, Regulatory

INSIGHT: Setting up the new EU AML Authority (AMLA) for success

EU AGENCY: Central Banker Derville Rowland told EAFCS2024 that "AMLA will need to build in a way that allows it to be looking at the risks today but also be forward-looking and agile. This will allow it to pivot in its approach and focus when necessary to keep pace with change. Again, what aids this is not relying too heavily on prescription or process driven approaches but more on flexible approaches that allows one to follow the risks, wherever they might lead."

By DERVILLE ROWLAND, Deputy Governor, Central Bank of Ireland

THE commitment of European leaders to introduce a single rulebook for AML and the creation of a new European AML supervisory and financial intelligence coordination authority is truly historic.

It signals not only the importance of tackling financial crime on a pan-European basis but also copper-fastens the view that for us to be effective we must work together and to see the risks in a collective and more holistic way.

We really are at an inflection point in the journey of financial crime prevention with the creation of an enhanced regulatory framework. 

We in the Central Bank of Ireland have had a lot of experience in recent years around the setting up of regulatory frameworks at national and European level. As a central bank in the Euro-system, and an integrated regulator of all financial services sectors in a global financial centre, we have learned a lot about regulatory and supervisory approaches since the Global Financial Crisis.

Under the Central Bank’s current Strategy, we are also reviewing and enhancing our own approach to regulation and supervision where many of the design issues applicable to AMLA are ones that we are currently re-assessing (for example our approach to risk identification and mitigation).

In that context, I intend speaking to you today about AMLA and considerations around how to make it most effective and set it up for success from the outset.

Before doing this, I will briefly frame my remarks in the context of the current and future challenges in the financial crime eco-system.

A challenging and uncertain environment

Innovation and new technologies in delivering financial services is good for consumers, businesses, the economy and society where they involve greater accessibility and efficiencies for end users. However, the advantages they confer such as speed and easy connectivity between users becomes a risk when abused by bad actors. For example, in a globally connected world, we all enjoy the convenience of technological innovations that allow us to make instantaneous cross-border payments from our mobile phones or virtual assets that facilitate faster and cheaper payments.

The scale of the challenge faced by regulators, law enforcement and industry in an environment of almost continuous technological advancement is immense. The inter-connected nature of the global financial system and the proliferation of cross-border crime has added a layer of complexity and opaqueness to compound the challenges already faced.

Recent scandals and exposés have revealed many risks. What we have seen is that tackling criminality across borders and stemming flows of money is complex and very difficult. The incentives for bad actors to circumvent obstacles and controls is too great for any single country or authority to be able to combat alone.

The risks of financial crime and the abuse of the financial system is going to continue to rise in the coming years. Digitalisation, artificial intelligence and further moves to a world online for the next generation means that traditional views and methods of preventing financial crime are obsolete. We need smarter, faster and more agile ways to combat financial crime in the system.

However, before concluding on this point, it is not all doom and gloom. The same technological advances will also present more opportunities for transparency, deterrence, detection and disruption. The critical point being that it means we must collaborate and share, follow the risk and not get bogged down in process, and be laser focused on outcomes, not just on outputs.

Europe’s response to the challenges

Turning to where we are now. The genesis of the new EU AML framework was an acknowledgment that a more collective and coordinated approach is required across the EU member states to tackle these challenges.

Moving to a single rulebook and setting up a central AML authority was seen as critical to improving AML effectiveness across the Union. A key concern has been fragmentation in approaches by different national authorities and not identifying and mitigating risks with a broader lens, in a more coordinated way across Europe. 

The creation of AMLA is a significant step in the right direction to confront the challenges we face, today and tomorrow.

It presents a unique opportunity to grasp the nettle of regulatory fragmentation and eliminate the weak points in the current European AML Framework. However, we should not be complacent in assuming that AMLA’s success in combatting money laundering is guaranteed. 

Setting up AMLA for success

Most people do not think about designing Regulation and Supervisory architecture. Why would they?  It is only something that catches people’s attention when something goes wrong, either a micro issue involved a firm or a group of people, or a macro-issue where the system no longer functions the way it should.

We now have an opportunity to get the design right for AMLA so that it is set up in a way that when a shock or risk crystallises that it stands up to scrutiny. In recent years, there has been no shortage of risks and shocks in financial crime meaning getting the set-up of AMLA right is even more pronounced.

In my view, to realise AMLA’s full potential as the fulcrum of an effective and responsive EU AML framework, there are a number of factors that are essential to its success[2].

  • First, AMLA must have a clear mandateand adequate powersthat allows it to have an effective Risk-Based Approach to achieve its regulatory outcomes.
  • Secondly, it needs to have strong Governance and operational independence to carry out its tasks free of outside pressures from a governance perspective.
  • Thirdly, AMLA has to have sufficient Skills and Capabilities so that it can identify, manage and mitigate the risks and vulnerabilities in the European system.
  • Fourthly, it can Build on Strong Foundations already laid around information sharing, data, technology & innovation

Risk-based Approach

In regulatory design, a simple but effective concept has been put forward by Malcolm Sparrow – “pick important problems and fix them”[3]. While this is easier said than done given the common challenges of implementation, it is fundamentally the issue for AMLA to consider.

The important problems faced by AMLA includes the increased complexity and prevalence of financial crime across the Union, the nature and scale of risk and the divergent approaches to mitigate those risks by different supervisors.

The establishment of a single central AML authority is seen as a key solution to these problems. AMLA needs to employ a risk-based approach from the outset, while tackling divergent approaches across jurisdictions. This is a big challenge.

We need to ensure that we strive to be holistic but not too homogenous in approach.

AMLA needs to tackle risks across the internal market on a pan-European basis but recognise that financial crime risks differ in different sectors, countries and regions in Europe. Undoubtedly, commonalities exists between financial crime risks but how they manifest in different markets is not the same.

Given the scale of the responsibilities and tasks for AMLA, there is a risk that an overly prescriptive approach to what supervisory tools to use could be employed early on to tackle fragmentation across different jurisdictions. This is understandable for a few reasons. First, one of the drivers for a single central AML authority was the divergent approaches across member states. Secondly, the quickest path to bring about supervisory convergence across the member states would be to prescribe a more rigid approach. Thirdly, in the short term it may be seen as more expedient to approach risks in firms not directly supervised by AMLA.

This would be a mistake as the danger with this approach is that we inadvertently introduce a rules-based approach to how we supervise that could equate to a tick-box approach, something that will mean we miss the risks, reduce the effectiveness of the system and goes against the intention of the global AML system. So while supervisory convergence and common methodologies, practices and approaches are necessary to improve the framework, we need to avoid a “one size fits all” approach.

The second issue from an effectiveness and efficiency perspective is that AMLA should be outcomes-focused when implementing its risk-based approach. A strong and robust supervisory framework will need to be designed that has clear processes. However, it is important that we learn the lessons in other regulatory and supervisory organisations where process can sometimes get in the way of effectiveness.

It goes to my previous point in that we need to have clear rules and guidance, but we must be pragmatic and flexible at times to ensure that we can achieve the right outcomes. We must not lose sight of outcomes and outputs not being the same thing.

A third issue is that AMLA’s risk-based approach must look at not only the risks today, but also the emerging risks into the longer term. This means AMLA will need to build in a way that allows it to be looking at the risks today but also be forward-looking and agile. This will allow it to pivot in its approach and focus when necessary to keep pace with change. Again, what aids this is not relying too heavily on prescription or process driven approaches but more on flexible approaches that allows one to follow the risks, wherever they might lead.

Finally, AMLA should be clear and confident in its approach allowing it to leverage off the support it has from policy-makers, national supervisors and other regulatory and supervisory authorities in discharging its mandate. As a new authority with a wide mandate created from scratch, it will need to be adaptable to pivot, iterate, and be humble in acknowledging it will learn-by-doing and that is okay.


Just touching on governance of AMLA briefly, it is a cornerstone of good regulatory governance that there is operational independence and technical expertise to oversee the discharge of the mandate.

It is very welcome that an independent and impartial Executive Board is being created to lead the authority with the Executive Director and General Boards. The empowerment of the Board to impose binding decisions on both NCAs and directly supervised entities will avoid the potential for conflicts of interest and bring about trust in the robustness and fairness of the decision making process.

The nature and composition of the Executive Board appears to place an emphasis on a strong leadership team with the requisite experience and expertise. While the Board will be accountable as a whole, the individual members of the Executive Board must have the necessary technical expertise in the area of financial crime. This is important as it will ensure that AMLA has the strategic leadership required for an organisation whose mandate incorporates financial sector supervision, oversight of the non-financial sector and coordination of FIUs.

Skills & Capabilities

AMLA will succeed or fail based on the skills and capabilities of its people. As regulators, we are in the business of making complex judgment calls that require a high degree of experience and expert judgment. AMLA will need to attract people with great skill and good judgment. 

The breath of AMLA’s mandate makes it unique in the eco-system of EU institutions. AMLA will require staff that are not only highly trained supervisors but will also require talented staff with expertise in the development of policy and enforcement investigations.

There are a number of key areas of responsibility where skills and capabilities around risk identification and data analytics, supervision, enforcement and regulatory development are critical and where planning needs to commence.

Building on Strong Foundations

While AMLA is a new authority it is not truly building from scratch as it can leverage off and build on the work already done at European and national level. There are a number of opportunities for AMLA across information sharing and cooperation, data analysis, innovation and technology.

AMLA will be responsible for the direct supervision of only a small number of highest risk firms. This means that responsibility for tackling the vast majority of the ML/TF risk to which the EU is exposed will continue to rest with national supervisors. In order for AMLA to have a meaningful impact in the fight against ML/TF, it will have to work in a spirit of cooperation and collaboration to build a common supervisory culture with national supervisors to ensure that firms not directly supervised are complying with their AML/CFT obligations. AMLA must foster with the NCAs an effective and responsive risk culture and be prepared to step and take swift action NCAs fail to meet its expectations in mitigating ML/TF risks. 

AMLA should not attempt to create everything from scratch and should work off existing initiatives[4]. For example, it should both leverage off existing and foster new relationships with law enforcement across the EU and with other EU institutions, which will be critical to its success.


In truth, AMLA’s success is not dependent on any single factor. The drivers of success are multifaceted. A harmonised rulebook, overseen by a single supervisor that raises standards and delivers increased alignment and cooperation across the regulatory landscape is certainly a good starting point. History has taught us that no system is entirely ‘future proof’ and vigilance, agility and innovation are constantly required. Since the first AML Directive was enacted in 1991, the legislative landscape has continuously developed in line with our awareness and understanding of the ML/TF risks.  AMLA will need to ensure that this process of evolution continues.

I greatly look forward to AMLA’s progress and the Central Bank of Ireland will play our part in meeting our shared objectives.


[1] With thanks to Jillian Fleming, Paul O’Brien and Tony Cahalan for their assistance preparing these remarks

[2] Some of these issues and considerations have been explored recently by the IMF. See

[3] The Regulatory Craft: Controlling Risks, Solving Problems, and Managing Compliance by Malcom K. Sparrow (2000)

[4] Such as the European Banking Authority’s guidelines on cooperation and information exchange between prudential supervisors, AML supervisors and financial intelligence units (FIUs).

AML Intelligence
We hope you enjoyed reading this article

If you would like unlimited access to AML Intelligence premium articles, newsletter delivered twice a week, access to our Global Bank Fines and Penalties database, free access to Boardroom Series events and much more, select one of our subscription options and become a subscriber!