AMLR explained: What financial services need to know now to stay ahead of the game.

How you comply with anti-money laundering measures, and conduct identity verification is about to change forever. Are you ready for the Anti-Money Laundering Regulation?

The regulatory landscape for financial services will undergo the biggest change to date, when the Anti-Money Laundering Regulation (AMLR) replaces the current directive-based approach in 2027.  

Unlike previous approaches, where Anti-Money Laundering Directives (the most recent being AMLD 6) required national implementation, the AMLR will apply directly across all EU member states, resulting in a more harmonized approach to combating financial crime. 

For financial institutions, AMLR represents both a significant compliance challenge and a strategic opportunity to modernize, and perhaps more importantly, harmonize identity verification processes. With implementation less than two years away, understanding the key changes and beginning preparations now is essential for a smooth transition.

5 main changes under AMLR: What’s new?

The AMLR brings several fundamental shifts in how financial institutions must approach customer identification and verification:

1. From directive to regulation.

Current approach: The AMLDs require implementation through national legislation, which leads to variations in interpretation and therefore different requirements across EU member states. 

AMLR approach: AMLR will apply to all member states without national implementation, which, in theory, will create a single, consistent rulebook for AML compliance across the EU.

2. Enhanced due diligence requirements.

Current approach: European financial services adhere to a risk-based approach to enhanced due diligence (EDD), with some flexibility in implementation. In practice, this means that EDD is required for high-risk customers, such as politically exposed persons (PEPs) or those from high-risk jurisdictions. 

AMLR approach: There will be more prescriptive requirements for customer due diligence, with specific mandates for identification methods and verification processes.

3. Stricter beneficial ownership rules.

Current approach: Varied thresholds and requirements for identifying beneficial owners. 

AMLR approach: Standardized approach with clearer definitions and lower thresholds for beneficial ownership identification.

4. Expanded scope to include crypto.

Current approach: Anti-money laundering directives were focused primarily on traditional financial institutions. 

AMLR approach: Broader coverage including crypto-asset service providers and other previously exempted entities.

5. Stronger enforcement mechanisms.

Current approach: Varied enforcement penalties, fines and punishments across member states. 

AMLR approach: More consistent penalties and enforcement mechanisms, with greater coordination through the new Anti-Money Laundering Authority. Due to start operations from summer 2025, the AMLA will have a staff of 400 and will centralize AML efforts, coordinate national authorities and conduct cross-border investigations.

eIDAS 2.0 – A simple update or fundamental change?

The second iteration of the Electronic Identification, Authentication, and Trust Services (eIDAS) lays the groundwork and sets the technical standards of how a pan-European digital wallet ecosystem will work. Download to discover what changes businesses can expect from eIDAS 2.0.

Read now

The 3 pillars of AMLR-compliant identification.

At the heart of AMLR is a fundamental shift in how financial institutions verify customer identities. It’s worth noting that AMLR will not be regulating KYC methods per se but merely adhering to the eIDAS 2.0 identity framework. AMLR prescribes three compliant identification methods:

1. EUDI Wallet.

The European Digital Identity Wallet (EUDIW) represents a significant advancement in digital identity management. This user-controlled mobile application will allow EU citizens to store, and share verified identity credentials securely. The EUDI Wallet must meet either substantial or high assurance levels. 

What it means for financial institutions: 

• Customers will be able to prove their identity using government-issued digital credentials 

• Verification can happen remotely in an instant 

• Higher levels of assurance for digital onboarding 

• Reduced manual verification processes
  

2. Notified eID systems.

Notified Electronic Identification (eID) systems provide secure digital identity verification through nationally recognized schemes. There are more than 27 eID systems across Europe, each with varying levels of assurance. Under the eIDAS 2.0 regulation and the upcoming AMLR, these systems are being brought under a single, interoperable EU framework to support cross-border KYC and customer onboarding. 

To be accepted for KYC purposes, eID systems must meet at least a “substantial” or “high” level of assurance, as defined by EU technical standards. This ensures that financial institutions and other obliged entities can rely on trusted digital identity methods for remote onboarding and customer due diligence. 

What it means for financial institutions: 

• Recognition of national eID schemes across borders 

• Standardized levels of assurance 

• Simplified customer onboarding for customers with existing eIDs 

• Reduced document verification requirements
  

3. Trust Services.

Trust Services, as defined under eIDAS, provide the foundation for secure and authentic digital transactions through Qualified Electronic Signatures (QES), electronic seals, timestamps, and other regulated services. These play a key role in enabling secure identification under AMLR, particularly via QES and Qualified Electronic Attestations of Attributes (QEAA), which allow trusted identity and attribute information to be shared digitally across the EU. 

To enable these services, a Qualified Trust Service Provider (QTSP) is responsible for verifying the individual’s identity — whether through notified eID, an EUDI Wallet, or traditional documents such as a passport. This identity proofing must comply with high-assurance standards, which may involve video identification, automated verification, or in-person validation, as set out in eIDAS 2.0 implementing acts and ETSI technical standards. 

In this way, QTSPs offer a legally recognized and privacy-preserving path to AML-compliant digital onboarding — even for users without a national eID or EUDI Wallet. 

What it means for financial institutions: 

• Enhanced security for digital transactions 

• Legal recognition equivalent to handwritten signatures 

• Improved document integrity and non-repudiation 

• Streamlined digital processes with legal certainty 

The significance of these three pillars cannot be overstated. Financial institutions that implement as many options as possible will provide customers with maximum flexibility while ensuring full compliance with AMLR requirements. As the majority joint venture partner of IDnow Trust Services AB – a Qualified Trust Service Provider (QTSP), IDnow is uniquely positioned to support all three identification methods as a single vendor, offering a comprehensive solution for full AMLR compliance.

Discover more about IDnow Trust Services AB here.

How businesses can prepare today for a more compliant tomorrow.

Although there are still two years until the 2027 deadline, the complexity of AMLR implementation means preparation should begin now. Here are key steps financial institutions should take:

1. Conduct a gap analysis. 

Assess your current AML processes against AMLR requirements to identify areas needing improvement. This includes: 

• Reviewing existing customer identification methods 

• Evaluating beneficial ownership identification processes 

• Assessing risk assessment methodologies 

• Examining transaction monitoring capabilities 

• Reviewing staff training programs
  

2. Budget planning. 

For many financial institutions, AMLR compliance will require investment in new technologies and processes. As such, they need to ensure they: 

• Allocate resources for technology upgrades 

• Budget for staff training and potential new hires 

• Consider consulting services for specialized expertise 

• Plan for ongoing compliance costs
  

3. Team training and awareness.

Begin building internal knowledge and expertise: 

• Educate compliance teams on AMLR requirements 

• Raise awareness among executive leadership 

• Develop training programs for customer-facing staff 

• Establish clear ownership of AMLR implementation
  

4. Technology assessment. 

Evaluate your current technology stack against future requirements. Do you have one of three AMLR-compliant ways of verifying identities implemented in your technology stack? Sooner rather than later, businesses should: 

• Assess identity verification systems for AMLR compatibility 

• Review customer due diligence technologies 

• Evaluate transaction monitoring capabilities 

• Consider integration requirements for new identification methods

IDnow’s unique position: Why being a QTSP matters.

A QTSP, such as IDnow Trust Services AB, is an organization that has been officially recognized by a national supervisory body to provide trust services that meet the strict requirements of the eIDAS regulation. This qualification involves rigorous assessment of security practices, technical capabilities and organizational reliability. 

As a QTSP since 2024, IDnow Trust Services AB holds a privileged position in the AMLR compliance landscape.  For financial institutions preparing for AMLR, working with IDnow and its QTSP offers several competitive advantages:

• Comprehensive compliance coverage: IDnow can provide all three prescribed identification methods (EUDI Wallet, eID, and Trust Services) 

• Legal certainty: Qualified trust services are considered critical infrastructure and have the highest level of legal recognition across the EU 

• Reduced compliance risk: Working with a qualified provider reduces the risk of non-compliance 

• Future-proof solutions: As regulations evolve, QTSPs tend to actively drive change and are the first to adapt and ensure continued compliance 

• Simplified vendor management: One single provider for multiple compliance requirements 

With a long history in enabling financial services customers to comply with AML regulations,  IDnow is actively preparing to support clients through the AMLR transition, with ongoing development of compliant solutions and close engagement with regulatory authorities.

Next steps: Your AMLR readiness checklist.

To begin your AMLR preparation journey, consider this initial checklist: 

1. Assign responsibility: Designate an AMLR implementation team or leader 
    

2. Stay informed: Subscribe to regulatory updates and industry guidance 
    

3. Assess current state: Document existing identification processes and technologies 
    

4. Identify gaps: Compare current capabilities with AMLR requirements 
    

5. Develop a roadmap: Create a phased implementation plan through 2027 
    

6. Engage with partners: Begin discussions with technology providers about AMLR solutions 
    

7. Budget for change: Ensure financial planning includes AMLR implementation costs 
    

8. Monitor developments: Stay alert for regulatory guidance and industry best practices

Prepare today to succeed tomorrow.

While for many, AMLR will pose a significant compliance challenge, it also offers an opportunity to modernize and future-proof identity verification processes, enhance security and improve customer experiences. Financial institutions that approach AMLR strategically, rather than as a compliance box to check, can gain competitive advantages while strengthening their defences against financial crime and fraud that is becoming more sophisticated by the day. 

To learn more about how IDnow can support your AMLR compliance journey, contact our team of experts today.

By

Jody Houton
Senior Content Manager chez IDnow
Connect with Jody on LinkedIn