Policy Briefing — EU Sixth AML Directive Deadline
EU Member States faced the December 2020 deadline to transpose Directive (EU) 2018/1673 (6AMLD), which broadens predicate offences, strengthens corporate liability, and raises sanctions for money laundering across the Union.
Executive briefing: On December 3, 2020, EU Member States reached the transposition deadline for Directive (EU) 2018/1673 on combating money laundering by criminal law (6AMLD). The directive requires national legislators to criminalise a wider set of predicate offences, codify corporate liability, and calibrate sanctions to higher thresholds. Compliance officers should now verify whether domestic statutes, supervisory expectations, and enforcement practices fully reflect the directive and later amendments introduced through the EU’s 2024 Anti-Money Laundering Package.
6AMLD is narrower than the subsequent single EU AML rulebook proposal, but it marked a decisive shift from purely preventive obligations toward harmonised criminalisation standards. It obliges Member States to prosecute aiding, abetting, inciting, and attempting money laundering; to establish liability for legal persons where a lack of supervision enables offences; and to empower courts to impose tougher custodial sentences and monetary fines. Because transposition quality differs across jurisdictions, cross-border institutions need a jurisdiction-by-jurisdiction inventory of statutory changes, supervisory circulars, prosecutorial guidance, and case law issued after the deadline.
Key obligations
Expanded predicate offences. Article 2 of 6AMLD lists 22 categories of predicate offences, including cybercrime, environmental crime, tax crimes relating to both direct and indirect taxes, and organised migrant smuggling. Firms must align customer due diligence (CDD) and transaction monitoring scenarios to capture typologies associated with each predicate. For example, cyber-enabled fraud proceeds may be layered through prepaid instruments, cryptocurrency exchanges, or money mule networks, while environmental crimes often involve trade-based money laundering through misdeclared shipments and under-invoicing.
Participation offences. Articles 3 and 4 require Member States to criminalise aiding, abetting, and attempting money laundering. Case management procedures should therefore record facilitation indicators—such as repeated onboarding of shell companies without commercial rationale or employees ignoring internal red flags—because these behaviours can trigger criminal exposure for natural and legal persons.
Liability of legal persons. Article 7 mandates criminal or non-criminal liability for legal persons when offences are committed for their benefit by individuals in leading positions, or when a lack of supervision made the conduct possible. Boards and senior managers must evidence “adequate supervision” through approved risk appetites, escalation paths, whistleblowing protections, and documented challenge of unusual activity. Internal investigations should be able to show how second-line compliance and third-line audit activities tested AML controls tied to new predicates.
Higher sanction framework. Article 5 establishes a maximum imprisonment term of at least four years for natural persons, while Article 9 allows fines of up to €5 million or higher value-based penalties for legal persons. Some Member States, such as France and Germany, exceeded these minima in their national laws. Institutions should map national sanction ranges, settlement tools, and confiscation regimes so that disciplinary matrices and budgetary provisions remain proportionate.
Liability triggers for enabling conduct. Repeated failure to file suspicious transaction reports (STRs), inadequate customer risk assessments, or ignoring unusual patterns in correspondent banking can all be viewed as enabling conduct under prosecutorial guidance issued in several jurisdictions after 2020. Firms should ensure their policies clarify when failure to act could constitute aiding or abetting and that staff can distinguish between reporting thresholds under AML laws and parallel obligations under sectoral regimes (e.g., Markets in Financial Instruments Directive or Payment Services Directive).
Enforcement risk
Prosecutorial alignment. Although 6AMLD harmonises definitions, enforcement intensity varies. For instance, Italy’s 2021 decree introduced detailed confiscation rules, while Ireland refined corporate liability tests through subsequent case law. Multinational firms must therefore track not only statutory text but also prosecutorial circulars, deferred prosecution agreement (DPA) frameworks, and investigative powers available to financial intelligence units (FIUs) and specialised anti-mafia or anti-corruption offices.
Supervisory coordination. Banking supervisors, including the European Central Bank for significant institutions, now expect evidence that AML systems incorporate newly criminalised predicates. Joint Supervisory Teams often request mapping tables that link typologies to monitoring scenarios, scenario thresholds to empirical alert-to-SAR conversion data, and governance over model validation. Institutions that cannot demonstrate this lineage risk findings under the Capital Requirements Directive’s internal governance provisions.
Cross-border investigations. Eurojust and Europol support joint investigation teams where predicate offences span multiple jurisdictions, particularly cybercrime and VAT carousel fraud. Firms with operations in several Member States should assume that information sharing between FIUs will accelerate after an STR in one jurisdiction, raising the likelihood of parallel investigations. Legal teams must prepare mutual legal assistance treaty (MLAT) playbooks and ensure data retention schedules preserve records needed for evidence.
Sector-specific exposure. Payment institutions, e-money issuers, crypto-asset service providers, and high-value dealers face elevated scrutiny because their products can quickly move proceeds across borders. Where Member States have implemented the Transfer of Funds Regulation (including its crypto-asset travel rule updates) in parallel, supervisors expect technical capability to attach originator and beneficiary information at speed, making technology backlogs an enforcement vulnerability.
Compliance steps
Update risk assessments. Refresh enterprise-wide and business-line AML risk assessments to incorporate 6AMLD predicates, emphasising cyber-enabled fraud, environmental crime, and tax offences. Quantify inherent risk by geography, product, and channel; document control effectiveness; and link residual risk to specific mitigation actions with target dates.
Recalibrate monitoring and screening. Align transaction monitoring thresholds, scenarios, and tuning frequencies with patterns tied to new predicate offences. For cybercrime, incorporate indicators such as rapid velocity payments to newly onboarded merchants, frequent chargebacks, or funds flowing to high-risk cryptocurrency exchanges. For environmental crime, integrate customs anomaly data, inconsistent Harmonised System codes, and unusual trade routes.
Enhance KYC/KYB standards. Expand beneficial ownership verification for corporates in sectors linked to environmental or tax offences, and require enhanced due diligence where customers operate in free-trade zones or high-risk third countries listed by the European Commission. Verify customer purpose and source of funds with documentary evidence that aligns to business profiles.
Strengthen governance and accountability. Record board approval of 6AMLD-aligned policies, and assign named accountable executives for each control pillar (screening, monitoring, reporting, training, third-party oversight). Minutes should show how the board challenged management on scenario coverage, backlog remediation, and resource adequacy. Document escalation paths and disciplinary actions for willful blindness or repeated control failures.
Train front-line and control staff. Deliver jurisdiction-specific training that distinguishes 6AMLD obligations from the preventive focus of earlier AMLDs. Include case studies on aiding and abetting, such as employees overlooking obvious red flags in correspondent banking or trade finance. Track completion rates and knowledge checks; require refreshed training for high-risk roles such as relationship managers and onboarding analysts.
Improve STR quality. Align suspicious transaction report narratives with predicate offence indicators, ensuring timelines, counterparties, and transactional flows are well documented. Embed quality control reviews to reduce rejection rates by FIUs, and create feedback loops so monitoring teams learn from FIU feedback and law-enforcement requests.
Third-party oversight. Evaluate correspondent banks, fintech partners, agents, and outsourced service providers for their readiness to address 6AMLD obligations. Contracts should require adherence to EU and local AML laws, data sharing to support investigations, and timely notification of law-enforcement inquiries. Conduct thematic reviews where high-risk partners process payments for e-commerce, remittances, or digital assets.
Evidence supervision and audit. Maintain inventories of models, scenarios, and rules tied to each predicate offence, with version control and validation evidence. Internal audit should test effectiveness of controls mitigating participation offences, such as dual approvals for high-risk payments, post-event reviews of declined transactions, and oversight of employee conduct in high-pressure sales environments.
Implementation tracking and emerging developments
Member State trackers. Maintain a regularly updated tracker summarising national transposition measures, supervisory expectations, and relevant case law. Include dates of criminal code amendments, thresholds for corporate fines, and any sector-specific guidance issued after 2020. This tracker should feed into country risk scoring and influence decisions on market entry, product launches, or de-risking strategies.
Interaction with the 2024 AML package. The European Parliament and Council reached political agreement in early 2024 on a new AML Regulation and Directive replacing the current framework. The forthcoming directive will repeal 6AMLD once transposed, expanding the list of predicate offences, formalising an EU Anti-Money Laundering Authority (AMLA), and imposing direct supervisory powers over certain obliged entities. Compliance teams should map gaps between existing 6AMLD implementations and draft rulebook requirements, especially around group-wide policies, data sharing, and cross-border supervision.
Law enforcement collaboration. Institutions should enhance cooperation protocols with FIUs, Europol’s European Financial and Economic Crime Centre (EFECC), and national law-enforcement agencies. This includes pre-agreed channels for urgent data requests, secure evidence transfer, and clarity on data protection safeguards under the General Data Protection Regulation (GDPR). Documented cooperation can mitigate penalties and demonstrate proactive risk management.
Metrics and board reporting. Boards should receive quarterly dashboards showing predicate-specific alert volumes, STR submission trends, false-positive rates, training completion, and remediation progress for identified gaps. Where enforcement actions in peer institutions expose control weaknesses, management should provide comparative analysis and action plans.
Authoritative references
- Directive (EU) 2018/1673 on combating money laundering by criminal law — Official Journal text detailing offences, liability, and sanctions.
- Council of the EU press release (18 January 2024) on political agreement for the new EU AML package — outlines forthcoming regulation and directive that will supersede 6AMLD upon transposition.
Zeph Tech supports AML teams with predicate-offence typology libraries, model governance templates, and jurisdictional trackers to evidence 6AMLD alignment and prepare for the incoming EU AML rulebook.
Follow-up: The Commission confirmed that Member States notified full transposition during 2022 monitoring, but firms must continue to evidence control updates as national prosecutors apply 6AMLD participation offences and prepare for the successor directive under the 2024 AML package.
Continue in the Policy pillar
Return to the hub for curated research and deep-dive guides.
Latest guides
-
Semiconductor Industrial Strategy Policy Guide — Zeph Tech
Coordinate CHIPS and Science Act, EU Chips Act, and Defense Production Act programmes with capital planning, compliance, and supplier readiness.
-
Digital Markets Compliance Guide — Zeph Tech
Implement EU Digital Markets Act, EU Digital Services Act, UK Digital Markets, Competition and Consumers Act, and U.S. Sherman Act requirements with cross-functional operating…
-
Export Controls and Sanctions Policy Guide — Zeph Tech
Integrate U.S. Export Control Reform Act, International Emergency Economic Powers Act, and EU Dual-Use Regulation requirements into trade compliance, engineering, and supplier…