Last reviewed · Version 1.0.0 · Evidence cutoff
The AMLR/AMLA implementation pathway tracker maps the supervisory perimeter, not the regulated population. Every node on the canvas is a regulator, a jurisdiction, a binding EU instrument, a status anchor, or an AMLA-issued standard; no private bank, crypto-asset service provider, casino, trust-and-company-service provider, or professional-services firm is scored or ranked. The graph is deliberately evidence-led: a national supervisor receives a transposition/readiness status only where the status can be tied to a regulator-side, ministry-side, parliamentary, gazette, or EUR-Lex primary source at the 2026-05-07 cut-off. Where that threshold is not met, the node is marked needs-verification, not guessed from silence. AMLA itself is mapped as the central EU authority under Regulation (EU) 2024/1620 (accessed 2026-05-07), and the national supervisor/FIU nodes are mapped only to show the route through which AMLR, AMLD6 and TFR obligations will be supervised. This is a regulator-tracker, not a forensic register or a league table.
The architecture is four instruments, not one reform label. AMLR — Regulation (EU) 2024/1624 (accessed 2026-05-07) is the directly applicable single rulebook for obliged entities and applies from 10 July 2027 for the core framework. AMLD6 — Directive (EU) 2024/1640 (accessed 2026-05-07) requires Member States to build the national supervisory, FIU, beneficial-ownership and cooperation machinery that surrounds the directly applicable Regulation, with the main transposition deadline aligned to 10 July 2027. The AMLA Regulation — Regulation (EU) 2024/1620 (accessed 2026-05-07) created the Anti-Money Laundering Authority, in force from 26 June 2024, and provides the legal route to direct AMLA supervision from 1 January 2028. TFR — Regulation (EU) 2023/1113 (accessed 2026-05-07) is already in application for the transfer-of-funds and crypto-asset “travel rule” perimeter. The graph therefore separates directly applicable obligations, national transposition work, EU-level institutional build-out and transfer-data controls instead of flattening them into one “AML package” label.
AMLA’s institutional build-out is encoded as a central EU-authority node, not as a national status class. The Council and Parliament selected Frankfurt am Main as AMLA’s seat on 22 February 2024, and AMLA’s public site identifies the authority at MesseTurm, Frankfurt (Council seat decision (accessed 2026-05-07) and AMLA home (accessed 2026-05-07)). AMLA’s governance page records that the Council appointed Bruna Szego as Chair on 21 January 2025 and that she joined AMLA on 17 February 2025; it also describes an Executive Board composed of the Chair and five full-time members, plus a General Board that meets in supervisory and FIU compositions (AMLA governance (accessed 2026-05-07)). The public timeline shows 2026 ramp-up, 40 obliged entities selected during 2027, and direct supervision starting in 2028 (AMLA about (accessed 2026-05-07)). AMLA’s January 2026 data-collection notice says its risk models will inform the 2027 selection of up to 40 entities or groups for direct supervision from 2028 (AMLA data-collection notice (accessed 2026-05-07)).
The graph distinguishes the two supervisory tiers that matter under the new regime. The first tier is direct AMLA supervision: AMLA’s own explainer says that, from 2028, it will directly supervise up to 40 of the most impactful financial institutions or groups operating in the EU, selected on residual-risk and significant-presence criteria (AMLA direct-supervision explainer (accessed 2026-05-07)). The second tier is indirect supervision: all other obliged entities remain under national supervisors, while AMLA coordinates convergence, risk methodology, data collection, colleges and supervisory-system cooperation. The tracker therefore draws edges between AMLA and each national NCA/FIU, but it does not create entity-level nodes. At the cut-off, AMLA had not published the first direct-supervision selection list; the January 2026 notice instead says AMLA will establish the final eligible list after model testing and national-supervisor data collection in early 2027 (AMLA data-collection notice (accessed 2026-05-07)). The reserved direct-supervision-selected status-class is therefore not populated.
The selection methodology that produces the 40 directly-supervised institutions has a public methodology layer and a confidential application layer. AMLA’s regulatory instruments page lists the draft Regulatory Technical Standard on the methodology for selection criteria — defining what “significant presence” and residual ML/TF risk mean operationally — alongside the draft ITS that scaffolds the application of those criteria across the supervisory system (AMLA regulatory instruments (accessed 2026-05-07)). The supervisor-side input is the institution-level inherent-risk, mitigating-control-quality and residual-risk score that each NCA will supply to AMLA’s risk-assessment models, tested against quantitative thresholds for cross-border activity, asset volume and product mix; the January 2026 data-collection notice is the model-test exercise that calibrates those thresholds before live use, and AMLA’s notice says it will establish the final eligible list after national-supervisor data collection in early 2027 (AMLA data-collection notice (accessed 2026-05-07)). The output of the selection model is the institution-level eligible list; the final 40 are drawn from that list against the significant-presence criterion under AMLA Regulation Article 12. Until that list is published, the conservative editorial position is that no entity, group or jurisdiction can be inferred to be inside or outside the perimeter from public commentary alone, and the reserved direct-supervision-selected status-class stays empty by design.
The transposition layer is intentionally conservative. The v1 graph encodes transposition-bill-published for Germany, France and the Netherlands, and transposition-consultation-open for Spain; all other EU/EEA national supervisor and FIU nodes are needs-verification until a regulator-side, ministry-side, parliamentary or gazette source is tied to the exact AMLD6 implementation status. Germany is classified on Bundestag Drucksache 21/2507, whose explanatory schedule says Article 51 amending the German Money Laundering Act serves, among other things, to implement Directive (EU) 2024/1640 (Bundestag Drucksache 21/2507 (accessed 2026-05-07)). France is classified on the Senate legislative report and Assembly bill record: the Senate perimeter lists transposition of Directive (EU) 2024/1640 and adaptation to Regulations (EU) 2024/1624 and 2024/1620, while the Assembly page records the bill deposited on 20 February 2026 (Sénat report (accessed 2026-05-07) and Assemblée nationale bill (accessed 2026-05-07)). The Netherlands is classified on the official internet consultation for the Implementatiewet ter voorkoming van witwassen en terrorismefinanciering, which states that the Iwt implements Directive (EU) 2024/1640 and replaces the Wwft (Dutch consultation (accessed 2026-05-07)). Spain is classified on the Treasury public consultation for transposition of Directive (EU) 2024/1640 (Tesoro consultation (accessed 2026-05-07)). No node is put into transposition-adopted or transposition-not-started in v1, because full adoption and source-cited absence were not established across the 30 jurisdictions.
Gold-plating is kept out of the status axis and appears only as a tag. The graph marks Belgium, France, Spain and the Netherlands with gold-plating-signalled because a primary source indicates a cash-payment restriction below the AMLR cash ceiling or a proposed national cash rule below that ceiling. Belgium’s FPS Economy page states that, outside listed exceptions, payment or acceptance of one or more linked debts cannot exceed EUR 3,000 in cash (FPS Economy Belgium (accessed 2026-05-07)). France’s Service Public page states that cash payments from an individual to a professional, or between professionals, are limited to EUR 1,000, with higher limits for certain non-residents (Service Public France (accessed 2026-05-07)). Spain’s Tax Agency page states that operations where one party acts as entrepreneur or professional may not be paid in cash at EUR 1,000 or above, subject to a EUR 10,000 non-resident exception (Agencia Tributaria (accessed 2026-05-07)). The Dutch consultation says the new implementation package includes a prohibition on cash payments above EUR 3,000 for goods and services, and notes that a law for goods had already passed the Senate for effect from 1 January 2026 (Dutch consultation (accessed 2026-05-07)). The tracker does not infer expanded obliged-entity perimeters or sectoral coverage from commentary; those tags require the same primary-source threshold.
The crypto-asset dimension sits at the intersection of TFR, AMLR and MiCA. TFR supplies the transfer-data obligation for payment service providers and crypto-asset service providers, and the EBA’s travel-rule Guidelines specify the steps PSPs, intermediary PSPs, CASPs and intermediary CASPs should take to detect missing or incomplete transfer information, with an application date of 30 December 2024 (EBA travel-rule Guidelines page (accessed 2026-05-07)). AMLR supplies the broader obliged-entity AML/CFT perimeter for CASPs under the single rulebook (AMLR (accessed 2026-05-07)). ESMA’s MiCA transfer-services Guidelines sit next to, not inside, this AML graph, because they address crypto-asset transfer services under MiCA rather than AMLD6 transposition status (ESMA MiCA transfer-services Guidelines (accessed 2026-05-07)). AMLA had public draft or final standards on CDD, business relationships, sanctions, direct-supervision cooperation, risk-profile methodology, selection methodology, group-wide requirements and business-wide risk assessment at the cut-off, but no AMLA-issued CASP-specific RTS was encoded as a separate node unless it was published on AMLA’s own regulatory-products or consultation pages (AMLA regulatory instruments (accessed 2026-05-07)).
The supervisory cohort that holds the AMLR perimeter for crypto-asset service providers from 10 July 2027 is the same cohort that holds MiCA authorisation today. Under TFR Articles 14 and 15, every CASP must include originator and beneficiary information with each transfer, and intermediary CASPs must verify message integrity (TFR (accessed 2026-05-07)). Under AMLR, CASPs are listed as obliged entities subject to the full single-rulebook AML/CFT regime and to the EBA travel-rule Guidelines that apply since 30 December 2024. Under the MiCA Regulation, CASPs are authorised for the conduct-of-business and prudential perimeter, and the authorisation process explicitly requires the competent authority to assess AML/CFT risk in the application (MiCA (accessed 2026-05-07)). The same authority therefore carries the AML/CFT mandate from 10 July 2027 onward: BaFin in Germany, AFM in the Netherlands, ACPR and AMF in France, CSSF in Luxembourg, MFSA in Malta, CySEC in Cyprus, Banca d’Italia in Italy, CNMV in Spain and a number of smaller-market authorities. Each is tagged crypto-supervisor in the graph where its public website documents the CASP authorisation regime; the tag is structural, not a quality judgement.
The Financial Intelligence Unit perimeter is the reform’s other operational backbone, and AMLD6 is the directive layer that pairs with AMLR’s directly applicable obliged-entity duties. AMLD6 consolidates the Member State obligations on FIU establishment, autonomy, secure information-sharing channels, beneficial-ownership-register access and cross-border cooperation that previously sat across AMLD4 and AMLD5 (AMLD6 (accessed 2026-05-07)). The AMLA Regulation establishes a permanent FIU Support and Coordination Mechanism within AMLA, distinct from the supervisory-system cooperation tooling, and the AMLA General Board has separate supervisory and FIU compositions so that the two mandates do not bleed into each other at governance level (AMLA governance (accessed 2026-05-07)). FIU-to-FIU information exchange runs over secure EU channels and, for cases beyond EU borders, through Egmont Group membership; the graph carries the fiu-egmont-member tag on every regulator node where the public supervisor-side or FIU-side page identifies the institution as an Egmont member at the cut-off. Where Egmont membership is recorded by the FIU itself but not yet sourced to a primary page in this iteration, the regulator stays at needs-verification for that tag rather than carrying it speculatively.
Cross-border supervision is represented through standard nodes and complementary-to edges rather than by inventing private-sector group nodes. AMLA’s Regulatory Instruments page says it develops RTS, ITS, Guidelines and Recommendations to promote convergence and consistency in the EU AML/CFT framework, and lists the public instruments that had reached consultation, closed consultation or final-report stage by the cut-off (AMLA regulatory instruments (accessed 2026-05-07)). The group-wide consultation says the draft RTS under AMLR Articles 16(4) and 17(3) set minimum standards for group-wide AML/CFT frameworks, including cross-border situations and third-country operations (AMLA group-wide consultation notice (accessed 2026-05-07)). The draft ITS under AMLA Regulation Article 15(3) covers cooperation within the AML/CFT supervisory system for direct supervision, while the final-report RTS under AMLD6 Article 40(2) defines a common methodology for supervisors to assess inherent and residual ML/TF risk profiles (AMLA ITS consultation (accessed 2026-05-07) and AMLA risk-profile RTS final report (accessed 2026-05-07)). This is where cross-border colleges and Joint Supervisory Team operating detail belongs in the graph: as supervisor-to-supervisor coordination and AMLA standards, not as a list of supervised groups.
Beneficial-ownership transparency is the third pillar of the reform, and it sits inside AMLD6 rather than AMLR because the implementation depends on Member State register architecture. AMLD6 obliges Member States to maintain beneficial-ownership registers for legal entities and legal arrangements, with regulated access tiered between competent authorities, obliged entities for customer-due-diligence purposes, and persons or organisations demonstrating a legitimate interest (AMLD6 (accessed 2026-05-07)). The Beneficial Ownership Registers Interconnection System (BORIS) — the EU central platform that connects national beneficial-ownership registers — pre-dates AMLD6 but is reformed by it, including following the November 2022 Court of Justice judgment in Joined Cases C-37/20 and C-601/20 (WM and Sovim), which struck down the previous unrestricted public-access provision in AMLD5 and required the access architecture to move to the legitimate-interest regime that AMLD6 now codifies. BORIS is not encoded as a node in the graph because BORIS is an interconnection platform rather than a regulator with its own supervisory mandate; instead, beneficial-ownership-register operation is treated as part of the national supervisory machinery captured by the located-in regulator nodes. The transposition status classifications above therefore encompass both the AML/CFT supervisory machinery and the beneficial-ownership-register reform; at NCA level the two cannot be disentangled, and a regulator that has published a transposition bill has implicitly published the beneficial-ownership-register adjustments alongside it.
The United Kingdom is shown only as a comparator paragraph and is not encoded in the graph. The UK post-Brexit AML perimeter remains based on the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and subsequent amendments such as the 2024 high-risk-country amendment (UK MLR 2017 (accessed 2026-05-07) and UK MLR 2024 amendment (accessed 2026-05-07)). UK supervision is split across the FCA financial-crime perimeter, HMRC-supervised sectors and the Gambling Commission’s AML responsibilities, with JMLSG guidance providing industry-facing interpretive material (FCA financial crime (accessed 2026-05-07), HMRC AML supervision (accessed 2026-05-07), Gambling Commission AML (accessed 2026-05-07), and JMLSG current guidance (accessed 2026-05-07)). FATF’s UK country page at the cut-off still presented the 2018 mutual evaluation and 2022 follow-up material, not a separate UK 2026 mutual-evaluation result, so the tracker does not fabricate one (FATF United Kingdom country page (accessed 2026-05-07)). UK firms operating through EU subsidiaries should read this tracker as an EU-supervisor pathway map, not as a substitute for UK MLR compliance analysis.
Read the graph from the centre outward. The four red diamonds are the binding EU instruments; the amber standard nodes are only AMLA-issued RTS, ITS or Guidelines that had a public AMLA page or AMLA final-report document at the cut-off; the teal hexagons are AMLA, national supervisors and FIUs; and the orange diamonds are status anchors. needs-verification does not mean “no action”: it means the first evidence pass did not tie a status claim to the required primary source, so the conservative answer is to hold the node until the next refresh. The tracker is designed for quarterly refresh plus signal-event refreshes: AMLA standard adoptions, national transposition bills, gazette publication, supervisor restructuring, and the future first direct-supervision selection list. No recusal applies: Authority cluster artefact. Finray Technologies Ltd does not ship a product that competes with regulators.