Released on October 8th, 2025, the European Banking Authority’s final implementation review lands as both a progress report and a wake-up call for Europe’s fight against financial crime. The document closes a six-year cycle of assessments into how national authorities supervise anti-money-laundering and counter-terrorist-financing risks within the banking sector. Its findings reveal a continent gradually converging toward more consistent, risk-based oversight, yet still wrestling with uneven capabilities, resource gaps, and the challenge of turning regulatory design into real-world deterrence.

AML supervision in the European banking system

At the center of this transformation is a simple but powerful premise: AML supervision must become more risk-based, more consistent, and more cooperative. Between 2018 and 2024, the EBA reviewed forty supervisory authorities across the European Economic Area. What began as a fragmented landscape of uneven approaches has matured into a structured framework where risk assessment, supervisory planning, and cross-border collaboration are beginning to converge.

The review confirmed that most regulators now possess clearer AML strategies and have built dedicated teams for financial-crime supervision. Supervisory manuals are increasingly standardized, procedures are documented, and risk categorization is more consistent. Yet even as the baseline improves, a number of persistent challenges threaten the durability of these reforms. Staffing shortages, coordination frictions, and resource constraints continue to slow progress. The transition from the EBA’s oversight role to the direct and indirect supervision by AMLA will test whether the EU’s new architecture can translate better governance into measurable reductions in laundering and terror-financing exposure.

The report therefore acts as both a scorecard and a warning. It captures how much regulators have learned from high-profile failures such as Danske Bank and Pilatus Bank, but it also exposes the limits of institutional learning in the absence of sustainable funding and political will.

Risk-based supervision and regulatory convergence

The EBA’s implementation reviews focused on three structural pillars: supervisory strategy, planning, and manuals. These components determine how each national authority interprets and applies the risk-based approach mandated under Directive (EU) 2015/849. By 2025, the majority of supervisors had moved from ad-hoc enforcement toward coherent multi-year strategies. Roughly seven in ten regulators that previously lacked a defined AML supervision framework have now adopted one. This change signals a shift from reactive rule-checking to proactive risk management.

Supervisory strategies increasingly define measurable objectives, identify risk tiers among obliged entities, and link those tiers to inspection cycles. The EBA’s insistence on aligning national plans with its own risk-based supervision guidelines has yielded tangible consistency. Authorities are not only assessing compliance but evaluating the effectiveness of internal controls, governance arrangements, and customer-due-diligence practices in proportion to each institution’s exposure.

Alongside strategy came planning. Most regulators now issue annual or bi-annual supervisory plans that outline the frequency and intensity of reviews, on-site visits, and off-site analyses. These plans are now explicitly tied to risk assessments and include contingency measures for emerging threats, such as new digital assets or sanctions-evasion schemes. Supervisory manuals have also become more detailed, serving as both a playbook and a training reference for new staff. The EBA found that more than four-fifths of authorities updated their manuals to incorporate explicit instructions on how to evaluate AML systems and adjust intrusiveness based on findings.

The use of supervisory tools has similarly evolved. Where regulators once relied almost exclusively on questionnaires and desk-based reviews, they now deploy a broader arsenal: thematic inspections, targeted testing, data-analytics modules, and structured follow-up measures. Some have even engaged external experts for specific technical tasks, improving coverage without overstretching internal capacity. By early 2025, two-thirds of all national authorities had implemented these recommendations to a satisfactory level. The others were still mid-transition, often due to the late timing of their review cycles.

These improvements reflect a gradual maturation of supervisory culture across Europe. Regulators that once viewed AML as a legal obligation are now treating it as a strategic component of prudential oversight. However, the EBA’s final report also revealed an uneven geography of progress. A minority of countries still operate without fully compliant supervisory strategies or manuals, leaving pockets of systemic vulnerability that criminals can exploit. The success of AMLA’s indirect supervision model will therefore depend on how effectively it can elevate those laggards to the new EU standard.

Domestic and international cooperation challenges

If supervision is the engine of AML enforcement, cooperation is the oil that keeps it running. The EBA devoted significant attention to how national authorities share information with domestic and foreign counterparts. The picture that emerges is one of steady improvement but persistent fragmentation.

At the national level, the review identified three key dimensions of cooperation: coordination among multiple AML supervisors, collaboration with financial intelligence units and tax authorities, and engagement with prudential supervisors. Countries where more than one agency oversees banks have often struggled to align their actions, resulting in inconsistent risk assessments. By 2025, nearly all such jurisdictions had established memoranda of understanding clarifying task allocation and setting regular meeting schedules. Still, several authorities provided insufficient evidence of practical implementation, implying that formal agreements are not always matched by operational follow-through.

The relationship between supervisors and FIUs remains particularly sensitive. Most regulators now have cooperation agreements in place, yet half still use them inefficiently. The EBA’s data show that only about four in ten national authorities have built effective, ongoing information exchange mechanisms with their FIUs. Others continue to rely on informal, case-by-case interactions that limit strategic insight. The situation with tax authorities mirrors this trend: while most countries have now formalized cooperation, the frequency and quality of data sharing vary widely.

Cooperation with prudential supervisors has historically been one of the most difficult areas. The final review confirmed improvement, with over half of the authorities that once struggled in this area now maintaining regular exchanges. Training for prudential staff, joint inspections, and internal policies defining escalation pathways are increasingly common. Yet about a quarter of regulators still fall short of full integration between prudential and AML oversight, which remains problematic because money-laundering risk often manifests through governance and capital-adequacy weaknesses rather than through transaction monitoring alone.

International cooperation shows the most visible progress. AML/CFT colleges—joint platforms where supervisors from different jurisdictions exchange risk information—have become a central mechanism of cross-border AML governance. These colleges now operate effectively across most EU banking groups, enabling participants to share findings, align inspection priorities, and coordinate with third-country regulators. Bilateral cooperation beyond the EU, however, remains a weak link. Around half of the national authorities that needed to strengthen engagement with non-EU counterparts have done so, often by signing new memoranda of understanding or joining additional colleges. For the remainder, data-protection constraints, divergent legal frameworks, and resource limitations still impede real-time information exchange.

These patterns highlight a paradox of European AML policy: integration within the Union is improving, but external connectivity lags behind. As illicit funds increasingly flow through global networks involving correspondent banks, payment processors, and crypto-asset intermediaries, Europe’s inability to maintain continuous dialogue with third-country regulators could undermine its domestic gains.

Structural weaknesses and institutional pressure points

The EBA’s concluding section on challenges paints a sobering picture of the operational realities facing national supervisors. Despite notable progress, several structural weaknesses persist that could erode the sustainability of reform.

First is the problem of overlapping evaluations. Many authorities face simultaneous assessments from the EBA, the FATF, the IMF, and regional bodies such as Moneyval. Each uses different methodologies and timelines, creating duplication and conflicting priorities. Regulators must decide which recommendations to implement first, often under political pressure and with limited manpower. Without coordination among evaluators, resource strain is inevitable.

Second is the inherent difficulty of strengthening domestic cooperation in multi-agency systems. Building trust and aligning incentives between FIUs, tax administrations, and central banks takes time. Even where memoranda of understanding exist, cultural and technical barriers slow data sharing. In smaller jurisdictions, the same individuals may wear multiple supervisory hats, blurring lines of accountability.

Third is the moving target of EU legislation itself. The forthcoming AML Regulation and the creation of AMLA demand significant national input and adaptation. Supervisors must allocate staff to support legislative negotiations while simultaneously implementing prior reforms. This dual workload has delayed progress in some countries and will likely continue until AMLA becomes operational.

Fourth is the issue of human capital. Many authorities report shortages of experienced AML specialists. Recruiting and retaining qualified staff is difficult, particularly in smaller or lower-income Member States where public-sector pay cannot compete with the private market. The expansion of AML obligations into new domains such as crypto-asset services and sanctions compliance exacerbates these gaps. Without sustained investment in training and salary competitiveness, risk-based supervision risks remaining a theoretical concept.

Fifth, geopolitical factors have introduced new layers of complexity. The proliferation of sanctions against Russian and other actors since 2022 has forced AML departments to divert attention and resources. Supervisors are now expected to verify sanctions compliance, monitor evasion typologies, and assess exposure to sanctioned counterparties—all tasks that overlap but do not fully align with traditional money-laundering prevention. The report hints at the tension between these parallel mandates, especially where budgets remain static.

Despite these constraints, the EBA’s final synthesis suggests that overall effectiveness has improved. The steady institutionalization of risk-based approaches, the rise of AML/CFT colleges, and the gradual harmonization of supervisory tools mark real progress compared to the fragmented landscape of 2018. The challenge now is endurance: whether these reforms can survive leadership changes, political cycles, and the administrative reshuffling that the handover to AMLA will entail.

The path forward for AMLA and the banking sector

The transition from the EBA’s review function to AMLA’s supervisory role is not merely bureaucratic. It represents the most significant centralization of AML oversight in the EU’s history. The EBA’s report effectively provides AMLA with a baseline from which to build its risk-based supervision model. The next phase will require translating qualitative improvements into quantifiable outcomes, such as reduced laundering exposure and more consistent enforcement.

Three priorities stand out. First, AMLA must ensure that national strategies continue to evolve rather than stagnate. The temptation for regulators to declare victory after meeting minimum compliance standards is high. AMLA should establish performance metrics that tie supervisory quality to risk-reduction indicators, not just procedural completion.

Second, cooperation frameworks need institutional permanence. Information sharing with FIUs, tax bodies, and prudential supervisors must move from ad hoc exchanges to continuous digital pipelines. Establishing secure data-exchange infrastructures across Member States could eliminate the recurring friction the EBA identified. Similarly, collaboration with third-country regulators must expand through standardized memoranda of understanding that survive political changes.

Third, capacity building remains fundamental. The report’s reference to resource and skill gaps underlines the fragility of progress. AMLA’s indirect supervision model relies on competent national partners. Without investment in specialized training, competitive compensation, and technological modernization, disparities among Member States will persist. The creation of joint training programs and shared expert pools could help equalize competence levels across the Union.

Ultimately, the success of AMLA and its national counterparts will be judged by outcomes rather than structures. The European financial system will only be safer when the lessons from past scandals are fully internalized—when supervisors move from procedural compliance to predictive vigilance, and when information flows seamlessly between the institutions charged with defending financial integrity.

---

Related Links

• European Banking Authority – Anti-Money Laundering and Countering the Financing of Terrorism
• Directive (EU) 2015/849 – Prevention of the Use of the Financial System for Money Laundering or Terrorist Financing
• EBA Guidelines on Risk-Based Supervision 2024
• EBA Guidelines on Cooperation and Information Exchange 2021
• EU AML Authority (AMLA) – Official Page

Other FinCrime Central About the EBA and AMLA

• EU Banking Regulator Seeks Public Feedback on Crucial AML/CFT Rules
• High Hopes for AMLA Face Early Scrutiny from Professionals and Lawmakers

Source: EBA (PDF)

Some of FinCrime Central’s articles may have been enriched or edited with the help of AI tools. It may contain unintentional errors.

Want to promote your brand, or need some help selecting the right solution or the right advisory firm? Email us at info@fincrimecentral.com; we probably have the right contact for you.