EU AMLA: What Australian Firms with EU Operations Need to Know

The European Union's new Anti-Money Laundering Authority — known as AMLA — became operational on 1 July 2025, marking the most significant restructuring of EU financial crime enforcement in a generation. For Australian financial institutions that operate branches, subsidiaries, or maintain material EU client exposure, this development is far from a distant European concern. The EU's directly applicable Anti-Money Laundering Regulation (AMLR), Regulation (EU) 2024/1624, enters into force across all EU member states on 10 July 2027, and it makes no distinction between EU-headquartered firms and foreign institutions operating within the bloc.

This article explains what AMLA is, what the AMLR will require, how it compares with Australia's domestic AML/CTF framework administered by AUSTRAC, and what practical steps Australian compliance officers should take now.

---

What Is AMLA and Does It Apply to Australian Firms?

AMLA — the Anti-Money Laundering Authority established by Regulation (EU) 2024/1620 — is a new EU supervisory body headquartered in Frankfurt (Messeturm). It commenced operations on 1 July 2025 and will begin directly supervising up to 40 of the highest-risk financial entities operating across the EU from 1 January 2028.

To be direct: AMLA does not directly govern the Australian domestic operations of Australian firms. Australian banks, credit unions, remittance providers, and other reporting entities remain subject to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) and are regulated domestically by AUSTRAC (Australian Transaction Reports and Analysis Centre).

However, the picture changes materially for any Australian financial institution with EU operations. Where an Australian bank operates a branch in Frankfurt, Amsterdam, or Dublin — or where an Australian fund manager services EU-based clients through an EU-licensed entity — the AMLR applies in full to those EU operations. The AMLR is directly applicable EU law, meaning it does not require transposition by individual member states; it applies uniformly and automatically from 10 July 2027.

Australian firms therefore face a dual compliance reality: AUSTRAC and the AML/CTF Act govern domestic operations, while AMLR (overseen by AMLA and national competent authorities) governs their EU-facing activities. Managing both frameworks simultaneously — with their differing thresholds, obligations, and supervisory expectations — is the central compliance challenge for the next two years.

---

AMLA vs AUSTRAC/AML/CTF Act: Key Differences

The table below sets out the principal structural differences between the two frameworks that Australian compliance teams need to internalise.

---

Timeline: Key AMLA Dates Australian Compliance Officers Should Track

Australian compliance officers should use the period before July 2027 to conduct a gap analysis of EU-facing operations against AMLR requirements, update policies, and ensure technology systems can handle the AMLR's reporting and verification obligations.

---

AMLR Obligations for EU-Based Operations of Australian Firms

From 10 July 2027, the AMLR will impose the following obligations on any entity within its scope — including EU branches and subsidiaries of Australian groups.

Customer Due Diligence (CDD). Obliged entities must verify customer identity and beneficial ownership. The AMLR introduces a €3,000 threshold for occasional transactions in certain sectors, below which simplified CDD may be available. Enhanced due diligence is mandatory for high-risk scenarios, politically exposed persons (PEPs), and high-risk third countries.

Beneficial Ownership. This is one of the most significant divergences for Australian firms to understand. Unlike Australia's AML/CTF Act — which does not specify a fixed beneficial ownership percentage threshold and instead requires a risk-based approach under the AML/CTF Rules — the AMLR sets a uniform 25% or more threshold directly applicable across all EU member states from 10 July 2027. Source: Regulation (EU) 2024/1624, Art. 62. Australian firms operating in the EU will need to update their beneficial ownership policies to capture this fixed threshold for their EU operations, even if their domestic Australian policies operate on a different risk-based methodology.

Cash Payment Cap. A uniform EU-wide cap of €10,000 applies to cash payments by consumers in commercial transactions. This is a material change for sectors such as luxury goods, real estate, and high-value dealers. Australian domestic law does not currently impose an equivalent universal cash cap, though AUSTRAC's TTR regime captures large cash transactions.

Suspicious Transaction Reporting. EU FIUs (Financial Intelligence Units) must receive reports of suspicious transactions. Obliged entities are required to respond to FIU information requests within 5 working days. This is structurally analogous to AUSTRAC's SMR regime, but the AMLR's timelines and formats differ.

Record Keeping. The AMLR mandates retention of CDD documentation and transaction records for a minimum of five years.

Data and Privacy. EU operations must comply with GDPR for any personal data processed for AML purposes. Australian firms are accustomed to the Privacy Act 1988 and the Australian Privacy Principles (APPs) administered by the Office of the Australian Information Commissioner (OAIC). GDPR's requirements — including data subject rights, lawful bases for processing, and breach notification timelines — differ materially and will require dedicated attention for EU-facing data flows.

---

Australia's AML/CTF Tranche 2 Reforms and AMLA Alignment

Australia is in the process of significantly expanding the scope of its AML/CTF framework through what are commonly called the "Tranche 2" reforms. These reforms will extend AML/CTF obligations under the AML/CTF Act to professional services firms — specifically lawyers, accountants, real estate agents, and trust and company service providers — a cohort long excluded from Australia's framework and frequently criticised by the Financial Action Task Force (FATF).

This expansion mirrors the AMLR's own broad obliged entity scope, which covers legal professionals, accountants, auditors, notaries, tax advisors, and real estate agents within the EU. The convergence is significant: Australian professional services firms with EU operations will, for the first time, face AML/CTF obligations on both sides of the world simultaneously.

For compliance teams, this convergence creates a genuine opportunity. Firms that must build AML/CTF compliance programmes from scratch to satisfy Tranche 2 can design those programmes with AMLR compatibility in mind from the outset, avoiding costly retrofitting later. Common programme elements — client risk assessments, CDD procedures, staff training, and record-keeping frameworks — can be structured to satisfy both AUSTRAC's requirements and the AMLR's standards, even where the specific thresholds or formats differ.

---

New Obliged Entities: Crypto and Beyond

The AMLR brings crypto-asset service providers (CASPs) — as defined under the Markets in Crypto-Assets Regulation (MiCA) — fully within the EU AML framework. Any Australian crypto firm, digital asset exchange, or blockchain-based payments provider that operates within the EU, or that provides services to EU-based clients, will need to register as a CASP under MiCA and comply with AMLR's CDD, transaction monitoring, and reporting obligations.

AUSTRAC already requires digital currency exchange (DCE) providers operating in Australia to register with AUSTRAC and comply with the AML/CTF Act. Australian crypto firms expanding into the EU should treat AMLR compliance as a layer on top of their existing AUSTRAC obligations, not a replacement. The two frameworks share common principles — risk-based CDD, transaction monitoring, suspicious matter reporting — but differ in their specific thresholds, formats, and supervisory contacts.

---

Practical Steps for Australian Firms with EU Exposure

Australian compliance officers should consider the following actions in the lead-up to July 2027.

1. Map your EU footprint. Identify every entity, branch, and service relationship within the EU that brings you within AMLR scope. Do not assume that a small EU operation falls below the threshold of concern.

2. Conduct a gap analysis. Compare your current AML/CTF programme — built for AUSTRAC and the AML/CTF Act — against AMLR requirements. Pay particular attention to beneficial ownership thresholds, cash reporting triggers, and FIU response timelines.

3. Update beneficial ownership policies. For EU-facing operations, adopt the AMLR's 25% fixed threshold as a floor, even where your domestic Australian policy uses a risk-based approach without a fixed percentage.

4. Review data governance. Ensure your EU operations have GDPR-compliant data processing arrangements for AML data. This is separate from your Australian Privacy Act obligations and requires dedicated legal review.

5. Train EU-based staff. AMLR obligations fall on the legal entities operating within the EU. Local staff must understand their obligations under the new framework, including CDD procedures, suspicious transaction reporting to the relevant national FIU, and record-keeping requirements.

6. Engage with ASIC and AUSTRAC. The Australian Securities and Investments Commission (ASIC) and AUSTRAC are the primary domestic regulators. Both have indicated awareness of international AML developments. Firms with significant EU exposure should consider proactive engagement to explain their dual-framework compliance approach.

7. Leverage technology for document verification. Managing identity and beneficial ownership documentation across multiple jurisdictions — each with different document types, languages, and regulatory standards — is one of the most operationally demanding aspects of dual-framework compliance. CheckFile supports 3,200+ document types across 32 jurisdictions, helping compliance teams verify identity documents efficiently whether they originate in Australia, Germany, France, or elsewhere. Explore KYC banking solutions or review CheckFile pricing and security standards to understand how automated document verification can reduce manual processing overhead. See also our document compliance guide for a broader overview of global KYC documentation standards.

---

Frequently Asked Questions

Does AMLA directly apply to Australian financial institutions?

No. AMLA is an EU supervisory authority and its jurisdiction is limited to entities operating within the EU. Australian financial institutions that operate solely in Australia remain subject exclusively to AUSTRAC and the AML/CTF Act 2006. However, Australian firms with EU branches, subsidiaries, or EU-licensed operations are subject to the AMLR (Regulation (EU) 2024/1624) for those EU activities. The AMLR applies directly and uniformly across all EU member states from 10 July 2027.

How does AUSTRAC's suspicious matter reporting compare to EU FIU requirements?

Under Australia's AML/CTF Act, reporting entities must submit Suspicious Matter Reports (SMRs) to AUSTRAC when they suspect a transaction is related to money laundering, terrorism financing, or other serious offences. There is no fixed monetary threshold for SMRs — suspicion is the trigger. Additionally, International Funds Transfer Instructions (IFTIs) of AUD $10,000 or more must be reported, and Threshold Transaction Reports (TTRs) are required for cash transactions of AUD $10,000 or more. Under the AMLR and EU FIU frameworks, obliged entities must report suspicious transactions to the relevant national FIU and are required to respond to FIU information requests within 5 working days. The underlying principle — report suspicion promptly — is consistent, but the specific formats, thresholds, and channels differ between the two frameworks.

What is the beneficial ownership threshold under AMLR vs the AML/CTF Act?

The AMLR sets a clear, uniform threshold: a beneficial owner is any natural person who ultimately owns or controls 25% or more of a legal entity. This threshold applies uniformly across all EU member states from 10 July 2027. Australia's AML/CTF Act and Rules do not specify a fixed statutory percentage threshold. Instead, AUSTRAC's framework requires a risk-based identification of beneficial owners, which in practice often leads firms to apply a 25% or similar threshold by policy — but this is not mandated by statute. Australian firms with EU operations will need to ensure their EU-facing policies explicitly adopt the AMLR's 25% threshold.

How do Australia's Tranche 2 AML reforms interact with AMLA?

Australia's Tranche 2 reforms expand the AML/CTF Act to cover professional services — lawyers, accountants, real estate agents, and trust and company service providers — which are not currently captured by Australian AML law. The AMLR covers equivalent professional services entities within the EU. While the two reform processes are legally independent, the practical effect is that professional services firms with both Australian and EU operations will face new AML/CTF obligations on both sides simultaneously. Firms in this position should design a single, adaptable compliance framework that satisfies both AUSTRAC's requirements and the AMLR's standards, rather than building two separate programmes.

How can CheckFile support Australian firms with EU AML document compliance?

Verifying identity documents, beneficial ownership records, and corporate documentation across multiple jurisdictions is one of the most resource-intensive aspects of dual-framework compliance. CheckFile supports 3,200+ document types across 32 jurisdictions, enabling compliance teams to verify passports, national IDs, utility bills, company registers, and other KYC documents from both Australian sources (e.g., Australian passports, driver's licences issued by state and territory authorities) and EU sources (e.g., German Personalausweis, French carte nationale d'identité) within a single platform. This reduces the operational burden of managing separate verification workflows for AUSTRAC and AMLR compliance. Visit CheckFile's KYC banking solutions or review our security standards for more information.

---

Regulated disclaimer: This article is provided for general informational purposes only and does not constitute legal or compliance advice. Australian financial institutions should seek independent legal advice regarding their specific obligations under the AML/CTF Act 2006, AUSTRAC requirements, and any applicable EU regulations. Regulatory frameworks referenced in this article are subject to change. CheckFile is not a legal or compliance advisory firm.

External references:

• Regulation (EU) 2024/1624 — AMLR full text (EUR-Lex)
• AMLA official website
• AUSTRAC — Australian Transaction Reports and Analysis Centre
• ASIC — Australian Securities and Investments Commission