Legal and regulatory perspectives of the 6th Directive

The current and the future AML framework: what’s in it for you?

In the last 20 years, financial institutions have disbursed several billions of dollars in anti-money laundering (“AML”) related fines, which shows that while efforts to contain money laundering have been significant, especially with the enactments of the various Anti Money Laundering and Combatting the Financing of Terrorism (“AML-CFT”) directives from 1991 onwards, the initiatives still seem insufficient to deter the scourge.

The Directive (EU) 2018/1673 of the European Parliament and of the Council of 23 October 2018 on combating money laundering with criminal law[1], commonly referred to as the 6th Anti Money Laundering Directive (“6AMLD”), is the continuation of the European Union’s increasing willingness to strengthen AML related actions, by complementing the application and widening the scope of the 4th Anti Money Laundering Directive (EU) 2015/849 as amended by the 5th Anti Money Laundering Directive.

The 6AMLD’s aim is to further enhance the criminalization of AML offenses by harmonizing their definitions, transposing them into each Member State’s criminal legislation. Entities within the scope of the directive must be compliant since June 3rd, 2021.


What are the key takeaways from the newly applicable 6AMLD?

The 6AMLD imposes stricter requirements on organizations to address financial crime and maximize penalties through stronger criminal liability. The directive’s main provisions include the following:


  • Harmonized definitions of money laundering and its 22 predicate offenses (i.e., an extended list of “prior” crimes that generate the funds which are then laundered), ranging from corruption, human trafficking, to terrorism, environmental crimes, and cybercrime, which is a newly included offense, due to its growing financial impact and the nature of the schemes involving not only information systems but also payments via cryptocurrencies.


  • Extension of criminal liability from natural persons to legal persons. A company can be held responsible for the actions of its subordinates and for the lack of supervision or control demonstrated by the legal entity. Furthermore, third-party facilitators such as accountants, lawyers, consultants who may assist money launderers in their criminal activity are liable as well, given that aiding and abetting money laundering, as well as inciting and attempting such crimes are now also a punishable offense.


  • Greater penalties for individuals (e.g., a minimum prison term of 4 years instead of 1 year as set out in the 4th AML directive) and severe sanctions applied to corporations on top of the fines (from the confiscation of assets to the temporary or permanent closure of business), are a few indicators of how far the European Union is willing to go in order to strengthen AML tools and fill previous gaps in the existing framework.


  • Criteria such as the location where the offense took place, the nationality or residency of the offender, shall be taken into consideration in order to determine which EU Member will have jurisdiction in case of cross-border investigations. Member States must ensure efficient cooperation and coordination between each other to centralize proceedings in one country, especially if the offense is of multinational reach.

What is coming up next in the AML-CFT landscape?

Although the effectiveness and impact of the latest AML-CFT installments remain to be evaluated within the next couple of years, the fight against money laundering and terrorist financing is far from over and continues to be a major concern at the EU Commission, which is currently reinforcing its arsenal via a number of regulatory efforts.

To consolidate and reinforce the AML-CFT existing measures, as of July 20, 2021, the Commission has issued an AML-CFT legislative framework containing 4 proposals[2]:


  • The creation of an EU centralized AML Authority (“AMLA”) which should:

o   Be operational in 2024;

o   Help optimize supervision on financial institutions presenting the highest risk;

o   Enhance coordination between national supervisory authorities responsible for overseeing financial and non-financial organizations;

o   Ensure better cooperation among Financial Intelligence Units in Member States, to monitor potentially illegal cross-border financial flows.

The provisions on the AMLA will be embedded in a new regulation – the “AMLA Regulation”


  • A new regulation on AML-CFT (“on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing”) imposing clearer requirements directly applicable to “obliged entities”, which:

o   From now on include additional types of organizations subject to the EU AML-CFT rules, such as, all crypto-asset and some crowdfunding services providers, mortgage credit and consumer credit providers and intermediaries, which are not financial institutions, as well as operators working on behalf of nationals of third countries;

o   Must adopt a risk-based approach when establishing internal processes and controls, with a risk management procedure focusing on the risks of money laundering and terrorist financing;

o   Must appoint a Compliance/AML officer and adopt a series of policies at management level to ensure proper control;

o   Must understand and comply with the more granular measures provided in the regulation around customer due diligence, taking into account risk factors to help evaluate whether a simplified or enhanced customer due diligence is more appropriate. A customer due diligence should be conducted whenever a business relationship is established; when an occasional transaction of more than EUR 10 000 is carried out; when a suspicion of money laundering or terrorist financing arises; or when there are doubts about the veracity or adequacy of the provided data.

In addition to the customer due diligence measures, obliged entities must have in place appropriate risk management systems, including risk-based procedures, to determine whether the customer or the beneficial owner of the customer is a politically exposed person.

At the minimum, customer identification via a verification of the customer’s identity should be conducted, not to mention the verification of the identity of beneficial owners and understanding the customer’s control structure; albeit when the risk is higher, the enhanced diligence would require examining the origin and destination of funds involved in a transaction as well as obtaining further information on the business relationship, nature, and purpose of the transaction.

The Commission also introduces a Union-wide limit to large cash payments over EUR 10 000, although EU Members may adopt lower thresholds depending on the local specificities.


  • A new directive (“on the mechanisms to be put in place by the Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing directive (EU) 2015/849”) which shall be transposed into national law, imposing rules to national supervisors and financial intelligence units in each Member State and thus recognizing the need for flexibility for in the application of certain measures; for instance, currency exchange or cheque cashing offices as well as trust or company service providers or gambling service providers must be regulated (licensed or registration).

Moreover, to confirm the provisions within current AML frameworks, the directive highlights the probity, the “fit and proper” requirements to apply to senior managers of obliged entities, and the applicability of some rules to beneficial owners.

Persons convicted of money laundering, or of any of its predicate offenses, are prohibited to operate.

National supervisory authorities are granted certain powers to rule over certain obliged entities’ senior management or beneficial owners, where a conviction takes place.


  • A revision of the regulation 2015/847/EU on transfers of funds to include the traceability of transfers of crypto-assets made by crypto-assets service providers, whenever the transactions involve a standard wire transfer or a crypto-asset transfer between a crypto-asset service provider and another obliged entity.

For regulated entities who may need to take necessary steps to improve their AML-CFT program, time is of the essence as the new AML-CFT framework will be soon discussed by the European Parliament and the Council, the Commission aiming for an expedited legislative process to get the AMLA up and running.

What obliged entities need to do?

Financial and non-financial institutions need to show proactivity and effective action to review their AML compliance, to avoid criminal and non-criminal fines they could face. These prevention measures may include:

  • Conducting a widened risk assessment in light of the new expanded list of predicate offenses and the criminal liability for legal persons, and review current risk scoring methodologies applies within the organization;

  • Reviewing and implementing robust due diligence, automated KYC/KYB processes (including ID verifications with MRZ and OCR technology), adverse media screenings, third party monitoring and machine learning tools, tailored to the fast regulatory changes;

  • Providing updated training of staff with respect to the new AML rules, to educate on the identification and reporting of suspicious activities relating to the predicate offenses;

  • Insufflating an ethical mindset by promoting a culture of accountability and transparency at senior management level. Establishing integrity screenings (i.e., “fit and proper”) towards decision-making staff can go a long way;

  • Updating AML policies and procedures to adapt to the new risk environment;

  • Keeping an audit trail of the conducted due diligence processes to demonstrate your compliance and mitigate risks in the event of a regulator’s investigation.


“Square Facts” refers to one or more entities of the iCOVER Group, a French limited private company, and its network of subsidiaries, each of which is a legally separate and independent entity. This publication has been written in general terms and, therefore, cannot be relied on to cover specific situations. Application of the principles set out in the publication will depend on the circumstances of a situation, and we recommend that you obtain professional advice before acting or refraining from action on any of the contents of this publication. Square Facts would be pleased to advise you on how to apply the principles set out in this publication to your specific circumstances. Square Facts accepts no duty of care or liability for any loss occasioned to any person acting or refraining from action as a result of any material in this publication.


Les régimes de contrôle à l’exportation et de sanctions décrits ci-dessus sont complexes, avec une variété de considérations qui se chevauchent et des aléas juridictionnels qui peuvent varier d’un pays à l’autre, d’une transaction à l’autre, et qui sont sujets à des modifications périodiques.

Les sanctions internationales étant en constant changement, la due diligence raisonnable ne doit être ni un processus statique ni un processus générique. Au contraire, elle doit être menée de manière adaptée et flexible, et devra tenir compte des considérations locales et internationales, y compris des lois et des cadres réglementaires des pays tiers, et par rapport aux développements géopolitiques contemporains.

Les entreprises qui espèrent les utiliser avec succès doivent avoir une bonne compréhension des produits et de la technologie avec lesquels elles traitent, ainsi que des chaînes d’approvisionnement et clients avec lesquelles elles opèrent à travers une due diligence raisonnable et un filtrage adéquat des parties tierces.

Un des services de conformité que nous fournissons à nos clients consiste à effectuer une due diligence raisonnable et globale et à filtrer notamment les parties tierces sur plus de 1,400 listes de sanctions et surveillance afin que la décision d’effectuer des transactions avec ces personnes ou entités soit une décision informée.


Square Facts propose des solutions dédiées à la conformité vous permettant de passer en revue grâce à une externalisation, à un expert métier, l’ensemble de vos relations d’affaires et ainsi faciliter votre mission de due diligence en France et à l’international.

Nos packages de conformité simplifiés, renforcées et d’investigation améliorés sont adoptés par les responsables juridiques, responsables de la conformité, responsables de la sécurité, conseillers juridiques, directeurs généraux et conseils d’administration.

Nous tirons parti de toute notre expertise, de notre réseau et de nos capacités technologiques pour améliorer votre compréhension de votre exposition aux risques. Nous préparons des rapports consolidés et analysés dans un format clair et concis, livrés au sein d’une plateforme SaaS sécurisée et centralisée pour permettre une traçabilité et un audit complet.



Retrouvez-nous sur LinkedIn

Profitez dès à présent d’une démonstration de la solution Risk & Compliance !


Katia Lyubimova / Square Facts Compliance Manager – August 2021

Discover more

This is a staging enviroment

Secure Your Spot for Our Exclusive Risk & Compliance Masterclass!

Don’t let this opportunity pass you by!

Join us on February 29, 2024, at 11 AM CET for a deep dive into Risk & Compliance Management. Our expert-led webinar will provide you with the essential knowledge and tools to conquer compliance challenges confidently.