Anti-Money Laundering System with Strong Focus on Data Protection


The Council and Parliament reached a preliminary agreement on parts of the anti-money laundering package aimed at protecting EU citizens and the EU financial system from money laundering and terrorist financing.

This agreement, as part of the EU’s new anti-money laundering system, promises not only to combat financial crime but also places strong emphasis on data protection. We will discuss the key elements of this agreement in this blog.


What preceded?  

On July 20, 2021, the Commission presented its package of legislative proposals to strengthen the EU’s rules to combat money laundering and terrorist financing. The package includes a regulation to establish a new EU anti-money laundering authority (AMLA) with powers to impose sanctions, as well as rules on crypto asset transfers and anti-money laundering requirements for the private sector, in addition to a directive on anti-money laundering mechanisms. 

Improving Organization and Cooperation 

These new measures will better organize and connect national systems against money laundering and terrorist financing. These improvements will ensure that fraudsters, organized crime and terrorists no longer have the ability to legitimize their proceeds through the financial system. 

Exhaustive Harmonization of Rules 

The preliminary agreement on the Anti-Money Laundering Regulation will for the first time exhaustively harmonize rules across the EU. This closes potential loopholes used by criminals to launder illicit proceeds or fund terrorist activities through the financial system. An important aspect of this harmonization is the protection of sensitive data involved in financial transactions. 

Expansion of Mandatory Entities. 

The agreement expands the list of required entities to new sectors, including the crypto sector. Crypto-asset service providers (CASPs) will now be required to conduct comprehensive due diligence on their clients, including verifying facts and information, as well as reporting suspicious activity. This expansion includes luxury goods dealers and the soccer industry, where data protection is a crucial issue. 

Enhanced Due Diligence and Cash Payments. 

Specific enhanced due diligence measures are introduced, particularly for cross-border correspondence relationships for crypto asset service providers. It also sets an EU-wide maximum limit on cash payments, making it harder for criminals to launder dirty money. In addition, the agreement requires obligated entities to verify the identity of individuals making occasional cash transactions between €3,000 and €10,000. 

Harmonization of Rules for Ultimate Ownership. 

The agreement makes the rules for ultimate ownership more harmonized and transparent. Identifying ultimate owners is refined based on ownership and control, with a clear threshold of 25%. This helps protect data by preventing criminals from hiding behind multiple layers of ownership. 

Protection of Data in Beneficial Ownership Registers. 

The agreed package also includes measures to ensure the protection of data in beneficial ownership registries. Information provided to the central registry must be verified. Registries are given the power to conduct inspections of entities subject to financial sanctions, and access to these registries is extended to individuals with legitimate interests, including press and civil society. 

Enhanced Access for Financial Intelligence Units (FIUs). 

The agreement strengthens the role of FIUs and gives them direct access to financial, administrative and law enforcement information. This improved access will enable FIUs to act more quickly and effectively in combating money laundering and terrorist financing. It also ensures respect for fundamental rights when making decisions. 

Effective Supervision and Risk Assessment 

Each member state will ensure that all obligated entities in their territory are subject to adequate and effective supervision. This supervision will follow a risk-based approach. Risk assessments at both EU and national levels remain an important tool, with an obligation for the Commission to conduct EU-wide risk assessments and make recommendations to member states. 

Next Steps 

The texts will now be finalized and submitted to representatives of member states in the Committee of Permanent Representatives and the European Parliament for approval. If approved, the Council and Parliament must formally adopt the texts before they are published in the Official Journal of the EU and enter into force. 


The preliminary agreement between the Council and Parliament on tougher anti-money laundering rules marks a crucial step in the fight against financial crime within the EU. In addition to strengthening the anti-money laundering system and protecting EU citizens, the agreement places significant emphasis on data protection.

Harmonization of rules at the EU level, with a focus on the crypto sector, provides uniformity and increases detection capacity for criminal activity. The expansion of mandatory entities to various sectors emphasizes a comprehensive approach to minimize risk.  

The emphasis on enhanced due diligence, EU-wide limits on cash payments and strengthened data protection in beneficial ownership registries contributes to a more robust system. Opening registries to legitimate stakeholders promotes transparency.  

The strengthening of financial intelligence units emphasizes the importance of proactive measures. The agreement promises a more effective, coherent and secure financial system with commitment to data protection and transparency to protect EU citizens and deter crime. 


Meer berichten

Onzichtbare Bedreiging Voor Privacy

Invisible Threat To Privacy

Introduction Companies use personal data to optimize their marketing campaigns, perform accurate analysis and improve their business strategies. But as the value

cyber security tips

10 Cyber Security Tips for SMEs

Cyber security is critical for SMEs. A cyber attack can have serious consequences, from data loss to financial and reputational damage. Here

de toekomst van GDPR

The Future of Data Protection

Introduction: Since its implementation in 2018, the General Data Protection Regulation (GDPR) has had a significant impact on how organizations worldwide collect,


©DPO Associates Alle rechten voorbehouden. Privacy verklaringCookie verklaring | Algemene voorwaarden