RegRally Insights: Your Guide to AML/CTF Compliance, February 2026

Welcome to our monthly newsletter on Anti-Money Laundering and Counter-Terrorist Financing. It is dedicated to everyone who wants to understand the latest trends and developments, get tips from our experts and deepen their knowledge.

AMLA Takes Over EU AML/CFT Supervision from the EBA

As of 1 January 2026, the European Banking Authority has formally transferred all AML/CFT mandates and functions to the new EU Authority for Anti-Money Laundering and Countering the Financing of Terrorism. This ends the EBA’s stand-alone AML/CFT role introduced in 2020 and marks a structural shift in the EU’s anti-financial crime architecture. Existing EBA AML/CFT guidelines remain applicable until replaced, ensuring continuity, while AMLA assumes responsibility for completing the EU Single Rulebook, strengthening supervisory convergence, coordinating FIUs, and directly supervising 40 of the EU’s most complex financial institutions and groups. Key tools, including the EuReCa database and accumulated supervisory expertise, have been handed over. The EBA will continue addressing ML risks from a prudential perspective in coordination with AMLA, supported by a formal ESAs–AMLA Memorandum of Understanding to ensure structured cooperation and information exchange.

Financial institutions should assess how AMLA’s direct supervisory model may affect them, particularly if they fall within the group of 40 directly supervised entities, review internal AML/CFT frameworks against the evolving Single Rulebook standards, and monitor upcoming AMLA technical standards and guidance that will progressively replace the EBA framework.

Bank of Lithuania Publishes 2026 Inspection Plan with AML/CTF Focus

The Bank of Lithuania has announced its 2026 supervisory inspection plan, which includes approximately 20 planned inspections primarily focused on AML/CTF compliance. The inspections will cover two banks, one central credit union, one electronic money institution, one payment institution and one crowdfunding provider.

In addition, around 15 unplanned inspections are foreseen, targeting AML/CTF compliance, fraud prevention and the provision of payment services.

To enhance transparency and reduce administrative burden, the regulator has published standardised inspection templates, enabling supervised entities to better prepare for supervisory reviews.

AMLA to Launch EU-Wide Data Collection to Calibrate AML Risk Models

AMLA will begin a data-collection exercise in March 2026 to test and calibrate its financial-sector risk assessment models. These models will underpin two key objectives: ensuring consistent AML/CFT risk assessment across the EU and selecting up to 40 financial institutions for AMLA’s direct supervision starting in 2028 (with selection taking place in 2027).

The exercise, conducted in cooperation with national supervisors and the private sector, will involve two groups: institutions potentially eligible for AMLA’s direct supervision and a representative sample likely to remain under national oversight. Participating entities have already been notified. The initiative will allow firms to test their reporting systems before the formal 2027 data collection, which will determine the final list of directly supervised institutions.

Recommended actions:

  • Prepare data systems and internal controls to ensure accurate and timely submissions.
  • Use the exercise to assess data quality and strengthen AML/CFT risk assessment frameworks.
  • Institutions potentially subject to direct supervision should review governance, internal controls and compliance structures against anticipated AMLA standards.
  • Engage with national supervisors to clarify reporting expectations.
  • Monitor AMLA’s final methodology and selection criteria.
  • Even entities remaining under national supervision should anticipate greater harmonisation of risk assessment practices across the EU.

CJEU Clarifies Direct Liability of Companies for AML Breaches (Directive (EU) 2015/849)

The Court of Justice of the European Union ruled that companies may be sanctioned directly for breaches of the EU Anti-Money Laundering Directive (Directive (EU) 2015/849), without the prior formal accusation or conviction of a specific natural person.

The case concerned Austrian rules requiring authorities to first identify and prosecute an individual employee or manager before imposing a fine on the legal entity. The Court held that such a requirement is incompatible with EU law, as it undermines the effectiveness and deterrent purpose of AML sanctions.

The judgment confirms that:

  • Legal entities can bear autonomous administrative liability for AML violations.
  • Member States must ensure sanctions are effective, proportionate and dissuasive.
  • National procedural rules cannot create barriers that make enforcement excessively difficult.

At the same time, the Court accepted national limitation periods of three years for initiating proceedings and five years for imposing sanctions, provided they do not render enforcement practically impossible or excessively difficult.

The ruling strengthens supervisory authorities’ ability to pursue corporate AML enforcement directly, without procedural dependence on parallel individual liability proceedings.

Court practices within the EU may still differ; therefore, case-by-case analysis shall be applied.

Newsletter SubscriptionGet in touch
Free initial advice now!

Have a question or need more information?

Send us an e-mail message!