Brussels, 20.7.2021

COM(2021) 421 final

2021/0240(COD)

Proposal for a

REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism and amending Regulations (EU) No 1093/2010, (EU) 1094/2010, (EU) 1095/2010

(Text with EEA relevance)

{SWD(2021) 190, 191}
{SEC(2021) 391}


EXPLANATORY MEMORANDUM

1.CONTEXT OF THE PROPOSAL

Reasons for and objectives of the proposal

Money laundering and terrorism financing (ML/TF) pose a serious threat to the integrity of the EU economy and financial system and the security of its citizens. Europol has estimated that around 1% of the EU’s annual Gross Domestic Product is ‘detected as being involved in suspect financial activity’ 1 . In July 2019, following a number of prominent cases of alleged money laundering taking place at EU credit institutions, the Commission adopted a set of document 2 analysing the effectiveness and efficiency of the EU Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) regime as it stood at that time, and concluding that reforms were necessary, including in the areas of supervision and of cooperation between Financial Intelligence Units (FIUs). In this context, the EU’s Security Union Strategy for 2020-2025 3 highlighted the importance of enhancing the EU’s framework for anti-money laundering and countering terrorist financing in order to protect Europeans from terrorism and organised crime.

On 7 May 2020, the Commission presented an Action Plan for a comprehensive Union policy on preventing money laundering and terrorism financing 4 . In that Action Plan, the Commission committed to take measures in order to strengthen the EU’s rules on combating money laundering and terrorism financing and defined six priorities or pillars:

1.Ensuring effective implementation of the existing EU AML/CFT framework;

2.Establishing an EU single rulebook on AML /CFT;

3.Bringing about EU-level AML/CFT supervision;

4.Establishing a support and cooperation mechanism for Financial Intelligence Units;

5.Enforcing EU-level criminal law provisions and improving information exchange; and

6.Strengthening the international dimension of the EU AML/CFT framework.

This legislative proposal aims to implement actions 3 and 4 of that Action Plan, while two accompanying legislative proposals aim to implement action 2, and contribute to action 6. Actions 1 and 5 do not require legislative action.

The creation of an EU-level AML/CFT supervision and a support and coordination mechanism for Financial Intelligence Units has received support from the European Parliament and the Council:

The European Parliament in its resolution of 10 July 2020 on a comprehensive Union policy on preventing money laundering and terrorist financing 5 welcomed the Commission’s Action Plan and its intention to present an EU-level AML/CTF supervisor and an EU coordination and support mechanism for FIUs. The European Parliament further called upon the Commission to consider creating the EU coordination and support mechanism in the form of an EU FIU, to ensure that the responsibilities of the AML/CTF supervisor cover financial and non-financial obliged entities with direct supervision powers over certain obliged entities depending on their size or the risk they present, as well as supervision of the application of EU rules by national supervisors, a clear division of the respective powers of the EU and national supervisors and for the EU-level AML/CTF supervisor and EU FIU to be given budgetary and functional independence. In this context, the European Parliament observed that the proposed budgetary and human resources are not sufficient to provide full support to AML-related investigations and the existing coordination mechanisms and concluded that more human and financial resources should be allocated to the fight against money laundering.

The Council is equally supportive of the Commission’s Action Plan in its Conclusions on anti-money laundering and countering the financing of terrorism of 5 November 2020 6 . Among others, the Council invited the Commission to prioritise the establishment of EU level AML/CFT supervision and the coordination and support mechanism for FIUs. The EU AML/CFT supervisor should be equipped with competencies triggered on a purely risk-sensitive basis 7 . The authority should be enabled to support national authorities and to promote supervisory convergence, also in the non-financial sector. To fulfil its task of direct supervision, the authority should establish joint supervisory teams, undertake general inspections and impose supervisory measures and administrative sanctions, while respecting the specificities of national systems and enforcement set-ups. The new supervisor should have an independent and autonomous governance structure and cooperate with other relevant EU and national authorities. For the establishment of a FIU coordination and support mechanism, the Council suggests giving the new authority a central role in strengthening and facilitating joint analysis between FIUs, supporting the FIUs’ analyses and promoting exchanges and capacity building among FIUs and also with other competent authorities. The governance of the coordination and support mechanism should be based on a governance that fully involves FIUs and respects FIUs’ core roles and responsibilities in operational independence and autonomy as well as security and confidentiality of financial intelligence. 

This proposal establishes the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (‘AMLA’ or ‘the Authority’). This new European authority is essential to address the current shortcomings in AML/CFT supervision in the Union: AML/CFT supervision within the EU is currently Member State-based. Its quality and effectiveness are uneven, due to significant variations in resources and practices across Member States. 8 As recent cases of alleged money laundering involving EU credit institutions show, the approach to cross-border situations is not consistent. The report of the European Banking Authority (EBA) on approaches of competent authorities to AML/CFT supervision 9 confirmed that despite progress, not all competent authorities are able to cooperate effectively with domestic and international stakeholders. The methods to identify risks and to apply the risk-based approach to supervision also diverge. While some risks remain national in nature, others are of horizontal nature or may impact the entire Union financial system. Member States stressed the need for a common, consistent methodology to assess and identify risks in reply to the targeted questionnaire circulated by the Commission as part of the public consultation launched when adopting the Action Plan on 7 May 2020 10 . In addition to the divergences in supervisory powers already described, the EBA also noted that national AML/CFT supervisors might not always be willing to use the full set of powers available. This leads not only to inadequate supervision at national level, but also to insufficient supervision of professionals providing services across borders, which create risks for the whole single market. These findings were also broadly reaffirmed by the latest report of the European Court of Auditors. 11

In order to address those shortcomings, the Authority will become a centrepiece of an integrated AML/CFT supervisory system, consisting of the Authority itself and the national authorities with an AML/CFT supervisory mandate (hereinafter ‘the supervisor authorities’). By directly supervising and taking decisions towards some of the riskiest cross-border financial sector obliged entities, the Authority will contribute directly to preventing money laundering and terrorism financing in the Union. During the last years, several incidents of a lack of proper implementation by firms and/or of adequate countermeasures taken by supervisors have been for discussion in the public domain. The establishment of direct European supervision of those entities that bear a high ML/FT risk will close these loopholes in particular for cross-border supervision. At the same time, it will coordinate national supervisory authorities and assist them to increase their effectiveness in enforcing the single rulebook and ensuring homogenous and high quality supervisory standards, approaches and risk assessment methodologies

All recent major money laundering cases reported in the EU had a cross-border dimension. The detection of these financial movements is however left to the national FIUs and to cooperation among them. While this reflects the operational independence and autonomy of FIUs, the absence of a common structure to underpin this cooperation leads to situations where joint analyses are not performed for lack of common tools or resources. These divergences hamper cross-border cooperation, and thereby reduce the capacity to detect money laundering and terrorism financing early and effectively. This results in a fragmented approach that is exposed to misuse for money laundering and terrorist financing and that cannot timely identify trends and typologies at Union level. 12  

The new Authority should also play a vital role in improving the exchange of information and cooperation between FIUs. The Authority will serve as a support and coordination hub assisting their work on, inter alia, joint analyses of Suspicious Transaction Reports and Suspicious Activity Reports with significant cross-border footprint, and providing stable hosting of the FIU.net platform. Moreover, the Authority will enable a development of common reporting templates and standards to be used by EU FIUs.

Last but not least, the Authority will have powers to draft regulatory and implementing technical standards, guidelines and recommendations within the scope of its tasks, as well as to provide advice and input to the Commission and co-legislators on many aspects of AML/CFT policy, including on risks linked to jurisdictions outside the Union.

   Consistency with existing policy provisions in the policy area

The current legal framework for AML/CFT in the Union consists of the AML/CFT Directive 13 and the Funds Transfer Regulation 14 . This proposal is accompanied by three other proposals to amend the applicable EU law on AML/CFT:

i.A new Regulation establishing a single rulebook for AML/CFT;

ii.A new AML/CFT Directive, complementing the Regulation; and

iii.A recast of Regulation 2015/847 on information accompanying transfers of funds.

This package of four legislative proposals is considered as one coherent whole, in implementation of the Commission Action Plan on AML/CFT of 7 May 2020, creating a new and more stringent enforcement framework for AML/CFT rules in the Union.

Having directly applicable AML/CFT rules in a regulation, with more detail than in the existing AML/CFT Directive, will not only promote convergence of supervisory and enforcement practices in Member States, but also provide rules for the Authority to apply itself as a direct supervisor of certain selected obliged entities. In the area of indirect supervision, and of coordination and support of FIUs, the proposals accompanying this proposal contain provisions empowering the Authority to draft various regulatory and implementing technical standards and to adopt guidelines and recommendations, thus laying down a defined role and function of the Authority. Support by the Authority on risk assessments and analyses to supervisory authorities and FIUs will also be a key function in the new AML/CFT enforcement architecture. The Authority will also support the Union’s policy on third countries as regards ML/TF threats from outside the Union. The Authority will cooperate in this respect with relevant Commission services, the European External Action Service (EEAS), EU bodies and agencies.

   Consistency with other Union policies

While the competence of the Authority will be limited to the scope of EU legislation on AML/CFT, that legislation itself interacts and is coherent with other legislation in the financial services and criminal law areas. This includes EU legislation on payments and transfers of funds (e.g. the Payment Services Directive, Payment Accounts Directive, and Electronic Money Directive 15 ). Regarding FIUs, the Directive facilitating the use of financial information for the prevention, detection, investigation or prosecution of certain criminal offences 16 has also been taken into account. The competences of the Authority in the area of virtual assets are coherent with the Digital Finance Package published by the Commission on 24 September 2020.

Good cooperation between the Authority and other relevant EU decentralised agencies and other EU and national bodies is provided for by provisions in the draft Regulation to this effect; these include the European Union Agency for Law Enforcement Cooperation (Europol), the European Anti-Fraud Office (OLAF), the European Public Prosecutor's Office (EPPO), the Single Supervisory Mechanism (SSM) at Union level and various national authorities, including prudential supervisors of financial institutions. To improve supervision and law enforcement across sectors, the Authority should enable effective information exchange between aforementioned authorities and create synergergies with these authorities where this could improve successful combatting of money laundering and terrorism financing.

2.LEGAL BASIS, SUBSIDIARITY AND PROPORTIONALITY

   Legal basis

The proposal is based on Article 114 TFEU, the same legal basis as the current AML/CFT legal framework. Article 114 has been found appropriate for AML/CFT legislation considering, on the one hand, that a divergent development of national laws could disrupt the orderly functioning of the internal market; on the other hand, that money laundering and terrorism financing activities could try to take advantage of the free movement of capital and of the freedom to provide financial services, thereby causing economic losses, disruption of functioning of the single market, and reputational damage at the level of the Union.

It is settled law that the EU legislature, acting under Article 114 TFEU, may deem it necessary to provide for the establishment of an EU body responsible for contributing to the implementation of a process of harmonisation 17 .

   Subsidiarity (for non-exclusive competence) 

The 2019 Commission AML/CFT package 18 , composed of a Communication and four reports highlighted how criminals exploited the differences in the national implementation of the European AML/CFT regime across Member States. The cross-border nature of money laundering and terrorism financing makes good cooperation between national supervisors and FIUs essential to prevent these crimes. Many entities subject to AML/CFT obligations have cross-border activities, and different approaches by supervisory authorities and FIUs hinder the relevant entities in applying optimal AML/CFT practices at group level. Greater coordination at Union level, including a component of direct EU supervision of some of the riskiest entities, is needed to deal with these cross-border issues and to maximise the EU’s financial system capacity to both prevent and detect ML/TF.

   Proportionality

The cross-border nature of ML/TF requires enhanced action at Union level in order to bring about greater cooperation between supervisors and FIUs. However, as described in the Impact Assessment accompanying the present proposal, the options of subjecting all large or cross-border financial institutions to EU-level AML/CFT supervision, and of creating an FIU at EU level, have been rejected as disproportionate.

   Choice of the instrument

A Regulation of the European Parliament and of the Council is the required instrument for the creation of a new EU agency.

3.RESULTS OF EX-POST EVALUATIONS, STAKEHOLDER CONSULTATIONS AND IMPACT ASSESSMENTS

   Ex-post evaluations/fitness checks of existing legislation

A full ex-post evaluation of the current EU AML/CFT regime, and of the exercise by the European Banking Authority of the AML/CFT competences which it assumed at the beginning of 2020 19 , has not yet taken place, against the background of a number of recent legislative developments. The fourth AML Directive was adopted on 20 May 2015, with a transposition deadline for Member States of 26 June 2017. The fifth AML Directive 20 was adopted on 30 May 2018, with a transposition deadline of 10 January 2020. Transposition control is still ongoing. However, the Commission Communication of July 2019 and accompanying reports referred to above serve as an evaluation of the effectiveness of the EU AML/CFT regime as it stood at that point in time.

   Stakeholder consultations

The consultation strategy on the Commission AML/CFT Action Plan was composed of a number of components:

-A consultation on the roadmap announcing the Commission’s Action Plan. The consultation, on the Commission’s Have Your Say portal, ran between 11 February and 12 March 2020, and received 42 contributions from a range of stakeholders;

-A public consultation on the actions put forward in the Action Plan, open to the general public and all stakeholder groups, launched on 7 May 2020, and open until 26 August. The consultation received 202 official contributions;

-A targeted consultation of Member States and competent AML/CFT authorities. Member States had the opportunity to give their views in various meetings of the Expert Group on Money Laundering and Terrorist Financing, and EU FIUs made input in meetings of the FIU Platform and via written papers;

-A request for advice from the European Banking Authority, made in March 2020; the EBA provided its opinion on 10 September 2020;

-On 23 July 2020, the European Data Protection Supervisor issued an opinion on the Commission’s Action Plan;

-On 30 September 2020, the Commission organised a high-level conference, bringing together representatives from national and EU authorities, MEPs, private sector and civil society representatives and academia.

Stakeholder feedback on the Action Plan was broadly very positive, with majority support for an EU supervisor with competence for all obliged entities, financial and non-financial, and with direct supervisory powers over at least certain financial sector obliged entities.

   Collection and use of expertise

In preparing this proposal, the Commission relied on qualitative and quantitative evidence collected from recognised sources, including technical advice from the European Banking Authority. Information on enforcement of AML rules was also obtained from Member States via questionnaires and in the Expert Group on Money Laundering and Terrorist Financing.

   Impact assessment

This proposal is accompanied by an impact assessment 21 , which was submitted to the Regulatory Scrutiny Board (RSB) on 6 November 2020 and approved on 4 December 2020. The same impact assessment also accompanies the two other legislative proposals which are presented together with the present proposal, a draft Regulation on AML/CFT, and a recast of Directive 2015/849 on AML/CFT. The RSB proposed various presentational improvements to the impact assessment in its positive opinion; these have been made.

In the impact assessment the Commission considered separately the policy options regarding improving the effectiveness and consistency of anti-money laundering supervision, and increasing the level of cooperation and exchange of information among FIUs.

Regarding supervision, the options considered are:

(1)Anti-money laundering supervision would continue to be performed at national level, with the European Banking Authority in charge of overseeing this supervision in the financial sector (baseline scenario);

(2)Establish indirect oversight over all obliged entities:

(3)Direct supervisory powers over selected risky obliged entities in the financial sector subject to AML/CFT requirements and indirect oversight over all other entities;

(4)Direct EU-level anti-money laundering supervision of all obliged entities.

Based on the outcome of the impact assessment, the preferred option is option 3, a combination of direct and indirect supervisory powers in an EU-level supervisory body in the form of a decentralised agency.

Regarding cooperation and exchange of information among FIUs, the options considered are:

(1)Financial intelligence units would continue to cooperate in the context of the EU FIUs’ Platform, which would be classed as a network (baseline scenario);

(2)Transform the EU FIUs’ Platform into a comitology committee leaving it to the Commission to adopt implementing acts defining standards for FIUs;

(3)The EU FIUs’ Platform would become an EU mechanism with power to issue guidelines and technical standards and to organise joint analyses and training, carry out trends and risks analysis;

(4)The EU FIUs’ Platform would become an EU-level FIU, replacing national FIUs.

Option 3, an EU-level coordination and support mechanism for FIUs, as part of an EU body, is the preferred option.

The bundling of all these tasks in a new authority is an essential step to ensure the proper functioning of the new body as it shall cooperate with various stakeholders from the financial and the non-financial sector and coordinate the distinct functions of supervision and financial intelligence. After careful analysis 22 , the option to assign the new tasks to existing bodies (for example the European Banking Authority) was dismissed for several reasons: Difficulties have been encountered with regard to exercising some of EBA’s current powers, especially those related to enforcement, due to specificities of the EBA governance model: EBA would need to have a dual decision-making model – one for existing functions other than AML, and another for AML tasks only Moreover, the synergy effects would be very limited as EBA has no experience with direct supervision of entities and would have to build up the relevant expertise, not only for the financial but also for the non-financial sector. This is also in line with the findings of the public consultation revealing low support for the European Banking Authority becoming the future EU AML/CFT supervisor. While one third of respondents did not express any opinion, only 19% of those who did supported the EBA.

In addition, due to the novel nature of the tasks of the FIU support and coordination mechanism and the fact that no existing Union body has an appropriate legal mandate to carry out such tasks, a new specific agency for FIU support and coordination mechanism would likely be required. 23 Combining both functions (supervision and FIU coordination) in a new authority should produce cost savings compared with two agencies and synergies can be anticipated. Having one AML Authority at Union level bringing under the same institutional umbrella different stages and elements for countering effectively money laundering and terrorist financing seems the only policy response that can account for the call for a comprehensive EU AML/CFT policy.

   Regulatory fitness and simplification

This proposal is an initiative to create a new EU agency, and does not repeal or simplify any existing legislation. It was examined whether existing EU agencies would be able to take up the full range of tasks proposed for the new AML Authority, and it was concluded that for legal and other reasons, this was not the case. Regarding simplification, it may be noted that those high-risk cross-border financial entities which will be directly supervised by the EU AML Authority will no longer have to deal with multiple AML supervisors in different Member States, which will simplify AML supervision for them. Also, the creation of an FIU coordination mechanism will simplify and facilitate cooperation between FIUs.

   Fundamental rights

The EU is committed to ensuring high standards of protection of fundamental rights. As an EU body, the Authority will be subject to the relevant data protection regulation 24 in so far as it may handle any personal data.

4.BUDGETARY IMPLICATIONS

The Authority will be a newly-created decentralised agency of the Union, funded partly from the EU budget and partly from fees levied from obliged entities that will be directly or indirectly supervised by the Authority. The methodology for selection of the entities subject to fees, and for the determination of the fees themselves, will be laid down in a Commission Delegated Act.

The necessary human and budgetary resources of the Authority are determined by its tasks. Apart from central administration and management tasks, these fall into three main categories:

i.direct supervision of certain selected financial sector obliged entities;

ii.indirect supervision of both financial sector and non-financial sector obliged entities through oversight of supervisors or self-regulatory bodies; and

iii.a Coordination and Support Mechanism for Financial Intelligence Units of the EU.

When staffed at full operational level, it is envisaged that the staff level of the Authority, all categories of staff combined, will be 250.

The Authority will also take over the management of two existing infrastructures: i. the AML/CFT database, currently managed by the European Banking Authority 25 and ii. the secure communication network for FIUs, FIU.net. 26 These two infrastructures are already financed by the EU budget. Their overall incidence on the EU budget should thus only change to the extent that additional functionalities and other improvements are developed.

The total annual expenditure of the Authority when fully operational has been calculated as EUR 45.6 million, of which approximately three quarters are expected to be financed from fees from obliged entities. The Authority will be established at the beginning of 2023, direct supervision will begin early 2026, and the Authority will therefore reach full resourcing at the end of 2025; 2026 will be the first year in which the Authority is fully resourced for a complete calendar year.

The financial and budgetary impacts of this proposal are explained in detail in the legislative financial statement annexed to this proposal.

5.OTHER ELEMENTS

   Implementation plans and monitoring, evaluation and reporting arrangements

The Authority will be a newly-created decentralised agency of the Union, funded partly from the EU budget and partly from fees levied from obliged entities that will be directly or indirectly supervised by the Authority. The methodology for selection of the entities subject to fees, and for the determination of the fees themselves, will be laid down in a Commission Delegated Act.

The necessary human and budgetary resources of the Authority are determined by its tasks. Apart from central administration and management tasks, these fall into three main categories:

direct supervision of certain selected financial sector obliged entities;

indirect supervision of both financial sector and non-financial sector obliged entities through oversight of supervisors or self-regulatory bodies; and

a Coordination and Support Mechanism for Financial Intelligence Units of the EU.

When staffed at full operational level, it is envisaged that the staff level of the Authority, all categories of staff combined, will be 250.

The Authority will also take over the management of two existing infrastructures: i. the AML/CFT database, currently managed by the European Banking Authority 27 and ii. the secure communication network for FIUs, FIU.net. 28 These two infrastructures are already financed by the EU budget. Their overall incidence on the EU budget should thus only change to the extent that additional functionalities and other improvements are developed.

The total annual expenditure of the Authority when fully operational has been calculated as EUR 45.6 million, of which approximately three quarters are expected to be financed from fees from obliged entities. The Authority will be established at the beginning of 2023, direct supervision will begin early 2026, and the Authority will therefore reach full resourcing at the end of 2025; 2026 will be the first year in which the Authority is fully resourced for a complete calendar year.

The financial and budgetary impacts of this proposal are explained in detail in the legislative financial statement annexed to this proposal.

   Detailed explanation of the specific provisions of the proposal

The Authority will be a body with legal personality, in the form of an EU decentralised agency. It will act within the scope of EU legislation on AML/CFT, including a new AML/CFT Regulation which the Commission is proposing alongside the present proposal, amendments to the existing Directive (EU) 2015/849 and amendments to Regulation (EU) 2015/847. Its objective is the prevention of money laundering and terrorism financing in the Union, by contributing to enhanced supervision and improved cooperation between FIUs and supervisory authorities. The decision on the seat of the Authority should be taken in accordance with the relevant provisions of the Common Approach of the European Parliament, the Council of the EU and the European Commission on decentralised agencies 29 .

   Tasks and powers of the Authority (Articles 5 to Articles 44) 

The tasks of the Authority can be divided in five areas:

i.With respect to selected obliged entities, the Authority shall ensure group-wide compliance with the requirements laid down in AMLD/R and any other legally binding Union acts that impose AML/CFT-related obligations on financial institutions. It shall carry out supervisory reviews and assessments at individual entity and group-wide basis, participate in group-wide supervision, and develop and maintain up-to-date a system to assess the risks and vulnerabilities of the selected obliged entities.

ii.With respect to financial supervisors, the Authority shall carry out periodic reviews to ensure that all financial supervisors have adequate resources and powers necessary for the performance of their tasks. It shall facilitate the functioning of the colleges and contribute to convergence of supervisory practices and promotion of high supervisory standards. It shall coordinate staff and information exchanges among financial supervisors in the Union and provide assistance to supervisors.

iii.With respect to non-financial supervisors, including Self-Regulatory Bodies where appropriate, the Authority shall coordinate peer reviews of supervisory standards and practices and request non-financial supervisors to investigate possible breaches of requirements applicable to obliged entities and to consider imposing sanctions or remedial actions in respect of such breaches. It shall carry out periodic reviews and provide assistance to supervisors. Where supervision of specific sectors is delegated at the national level to self-regulatory bodies, the Authority shall exercise the tasks set out in the first subparagraph in relation to public bodies overseeing the activity of such self-regulatory bodies.

iv.With respect to FIUs in the Member States, the Authority shall play a significant role in the conduct of joint analyses by FIUs, i.e. in the identification of relevant cases and the development of appropriate methods for the joint analyses of cross-border cases. Further, it shall make available to FIUs IT and artificial intelligence services and tools for secure information sharing, including through hosting of FIU.net. It shall promote expert knowledge on detection, analysis, and dissemination methods of suspicious transactions, provide specialised training and assistance to FIUs and prepare and coordinate threat assessments.

v.The general powers of the Authority which relate to all aforementioned tasks will include the power to adopt regulatory technical standards and implementing technical standards where this is provided for in the applicable AML/CFT legislation, and a broad power to adopt guidelines or recommendations addressed to obliged entities, AML/CFT supervisors or FIUs. In the context of direct supervision, the Authority shall have the powers to adopt binding decisions, administrative measures, and pecuniary sanctions towards directly supervised obliged entities. In the context of indirect supervision, with respect to financial and non-financial supervisory authorities, the Authority shall have the powers to, inter alia, issue requests to act and instructions relating to the exercise of their own supervisory powers.

   Direct supervision of selected financial sector obliged entities (Articles 12 to 27)

The Authority will be the supervisor of a limited number of the riskiest cross-border financial sector obliged entities (‘selected obliged entities’). In addition, there is a procedure for it to take over from a national supervisory authorities supervision of any financial sector obliged entity in emergency circumstances if there are indications of breaches of AML/CFT legislation which are not being efficiently and adequately dealt with by a supervisory authority. A periodic selection of entities for direct supervision will take place every three years, on the basis of objective criteria. For the selection, entities must have activities in a minimum number of Member States, and in at least a certain number of these Member States, they must be categorised in the highest risk category by the supervisory authority, based on a harmonised risk assessment methodology.

The Authority may take over supervision of an individual financial sector obliged entity where there have been problems related to compliance with applicable requirements at the level of the entity, and the relevant supervisory authority has not taken adequate measures to address non-compliance in a timely manner. The takeover can take place only following a procedure ending with a Commission Decision confirming the takeover. Before this, the Authority would enjoin the supervisory authority to take a specific action to remedy identified failings at the level of the obliged entity, the national authority would have failed to take such action within a provided timeframe, and the Authority would have brought the matter before the Commission, requesting a decision transferring supervisory competence. Supervision of directly supervised selected obliged entities will be undertaken by Joint Supervisory Teams led by the Authority but including staff of national supervisory authorities. On-site visits will be a part of supervision. The Authority will have the power to address binding decisions to such selected obliged entities and to impose administrative sanctions on legal entities up to a maximum of 10% of turnover or €10 million, whichever is higher.

   Indirect supervision of non-selected obliged entities (Articles 25 to 27) and non-    financial obliged entities (Articles 28 to 29)

The indirect supervisory role of the Authority will be one of coordination and oversight of national AML/CFT supervisors, including self-regulatory bodies (SRBs) in certain Member States for certain non-financial Obliged Entities. Peer reviews and thematic reviews will be important tools to identify good and less good practices and ensure the high supervisory standards across the Union. The Authority will have the power to address guidelines opinions and recommendations to national supervisors and SRBs.

   Coordination and Support Mechanism for Financial Intelligence Units (Articles 33-37)

The Authority will have the power to adopt, via Implementing Technical Standards, binding templates and models for reporting of suspicious transactions and suspicious activity from obliged entities to FIUs, thus facilitating speedier and more efficient cooperation and information exchange between FIUs. It will promote and participate in organising joint analyses of certain cross-border suspicious transactions and activities. It will carry out reviews of the conduct, methods, and procedures for carrying out such joint analyses with an objective of constantly improving their effectiveness. Finally, it will host and manage FIU.net, a secure communication network between FIUs.

   Organisation and governance of the Authority (Articles 45 to 63)

The Authority will comprise of two collegial governing bodies, namely an Executive Board of five independent full time members and the Chair of the Authority and of a General Board composed of representatives of Member States. In order to deal with various tasks granted to the Authority, the General Board will have two alternative compositions – a supervisory composition with heads of public authorities responsibile for AML supervision, and FIU composition, with heads of FIUs in the Member States. Both compositions of the General Board shall be chaired by the Chair of the Authority.

The General Board will, in appropriate composition depending on the subject-matter, adopt all regulatory instruments, draft Regulatory and Technical Implementing Standards, Guidelines and Recommendations. The General Board in supervisory composition may also provide its opinion on any decision vis-à-vis directly supervised selected obliged entities prepared by the Joint Supervisory team before the adoption of the final decision by the Executive Board.

The Executive Board will be the governing body of the Authority. It will take all decisions towards individual obliged entities or individual supervisory authorities where the Authority is acting as a direct supervisor of selected obliged entities or as an indirect supervisor of non-selected obliged entities or non-financial obliged entities, having specific oversight powers towards their supervisory authorities. The Executive Board will also take the decisions regarding the draft budget and other matters relating to the administration, operations and functioning of the Authority. With respect to these particular decisions, a representative of the Commission shall have a right to vote.

The Authority will have a Chair and an Executive Director. The Chair will shall represent the Authority and shall be responsible for preparing the work of the General Board and the Executive Board. The Executive Director will be in charge of the day-to-day management of the Authority and be administratively responsible as regards budget implementation, resources, staff and procurement in the Authority. The Chair of the Authority and the Executive Director will be selected following their individual selection procedures.

There will be an Administrative Board of Review to deal with appeals against binding decisions of the Authority addressed to obliged entities under its direct supervision; decisions of the Administrative Board of Review will be appealable to the Court of Justice of the European Union. The Administrative Board of Review will be composed of individuals of high repute who will be tasked with hearing the administrative appeals of the selected obliged entities with regard to the binding decisions addressed to them by the Authority. The Administrative Board of Review Board may propose to alter or substitute the original decision by the Executive Board that is subject to an administrative appeal. The Executive Board shall take into account the opinion of the Administrative Board of Review Board, but shall not be bound by it.

   Financial provisions (Articles 64 to 72)

The Authority will draw up an annual budget, which must be balanced, for adoption by the Budgetary Authority. It will adopt an internal Financial Regulation and anti-fraud measures. The Court of Auditors will comment on the draft budget and be competent to audit the Authority. The European Parliament will grant budgetary discharge, as for other decentralised agencies.

The Authority’s revenues will come both from the EU budget and from fees levied on certain financial sector selected and non-selected obliged entities. The fees levied from selected and non-selected obliged entities will correspond to the costs incurred by the Authority for direct and indirect supervision of the financial sector obliged entities. A Commission delegated act will specify the sub-set of obliged entities subject to fees and will lay down the methodology for calculation of fees per obliged entity.

   Staff regulation (Articles 73 to 76) and cooperation (Articles 77 to 81) 

The Authority will apply Staff Regulations (SR) and the Conditions of Employment of Other Servants (CEOS), including on professional secrecy and privleges and immunities. The rules on data protection and access to documents will set up an obligation to work closely with the European Data Protection Supervisor and Board.

The Authority is required to cooperate in good faith with relevant external bodies, including EU bodies (Europol, European Supervisory Authorities, Single Supervisory Mechanism and the European Public Prosecutors’ Office), other relevant national competent authorities, such as prudential, resolution and DGS authorities, and third country authorities as appropriate.

   Final provisions (Articles 82 to 93) 

The competences of the European Banking Authority in the area of AML/CFT are removed and transferred to the Authority.

The Authority will be established at the beginning of 2023 and the activity of direct supervision will commence at the beginning of 2026. An evaluation will take explace by December 2029.

2021/0240 (COD)

Proposal for a

REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism and amending Regulations (EU) No 1093/2010, (EU) 1094/2010, (EU) 1095/2010

(Text with EEA relevance)

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national parliaments,

Having regard to the opinion of the European Economic and Social Committee 30 ,

Having regard to the opinion of the European Data Protection Supervisor 31 ,

Acting in accordance with the ordinary legislative procedure,

Whereas:

(1)Experience with the current Anti-Money Laundering and Countering the Financing of Terrorism (AML/CTF) framework, which heavily relies on the national implementation of AML/CFT measures, has disclosed weaknesses not only with regard to the efficient functioning of the AML/CFT framework of the Union but also with regards to integrating international recommendations. Those weaknesses lead to the emergence of new obstacles to the proper functioning of internal market both due to the risks within the internal market as well as external threats facing the internal market.

(2)Cross-border nature of crime and criminal proceeds endanger Union financial system efforts relating to prevention of money laundering and financing of terrorism. Those efforts have to be tackled at Union level through the creation of an Authority responsible for contributing to the implementation of harmonised rules. In addition, the Authority should pursue a harmonised approach to strengthen the Union’s existing AML/CFT preventive framework, and specifically AML supervision and cooperation between FIUs. That approach should reduce divergences in national legislation and supervisory practices and introduce structures that benefit the smooth functioning of the internal market in a determined manner and should, consequently, be based on Article 114 TFEU.

(3)Therefore, a European Authority for anti-money laundering and countering the financing of terrorism, the Anti-Money Laundering Authority (‘the Authority’) should be established. The creation of this new Authority is crucial to ensure efficient and adequate supervision of obliged entities having high inherent Money Laundering/Terrorist Financing (ML/TF) risk, strengthening common supervisory approaches for non-selected obliged entities and facilitating joint analyses and cooperation between Financial Investigation Units (FIUs).

(4)This new instrument is part of a comprehensive package aiming at strengthening the Union’s AML/CFT framework. Together, this instrument, Directive [please insert reference – proposal for 6th Anti-Money Laundering Directive], Regulation [please insert reference – proposal for a recast of Regulation (EU) 2015/847] and Regulation [please insert reference – proposal for the Anti-Money Laundering Regulation] will form the legal framework governing the AML/CFT requirements to be met by obliged entities and underpinning the Union’s AML/CFT institutional framework.

(5)To bring AML/CFT supervision to an efficient and uniform level across the Union, it is necessary to provide the Authority with the following powers: direct supervision of a certain number of selected obliged entities of the financial sector; monitoring, analysis and exchange of information concerning ML/TF risks affecting internal market; coordination and oversight of AML/CFT supervisors of the financial sector; coordination and oversight of AML/CFT supervisors of the non-financial sector, including self-regulatory bodies and the coordination and support of FIUs.

(6)Combining both direct and indirect supervisory competences over obliged entities, and also functioning as a support and cooperation mechanism for FIUs, is the most appropriate means of bringing about supervision and cooperation between FIUs at Union level. This should be achieved by creating an Authority which should combine independence and a high level of technical expertise and which should be established in line with the Joint Statement and Common Approach of the European Parliament, the Council of the European Union and the European Commission on decentralised agencies 32 .

(7)A seat agreement should be established between the Authority and the host Member State, stipulating the conditions of establishment of the seat and advantages conferred by the Member State on the Authority and its staff.

(8)The powers of the Authority should allow it to improve AML/CFT supervision in the Union in various ways. With respect to selected obliged entities, the Authority should ensure group-wide compliance with the requirements laid down in the AML/CFT framework and any other legally binding Union acts that impose AML/CFT-related obligations on financial institutions. Furthermore, the Authority should carry out periodic reviews to ensure that all financial supervisors have adequate resources and powers necessary for the performance of their tasks. It should facilitate the functioning of the AML supervisory colleges and contribute to convergence of supervisory practices and promotion of high supervisory standards. With respect to non-financial supervisors, including self-regulatory bodies where appropriate, the Authority should coordinate peer reviews of supervisory standards and practices and request non-financial supervisors to investigate possible breaches of AML/CFT requirements. In addition, the Authority should coordinate the conduct of joint analyses by FIUs and make available to FIUs IT and artificial intelligence services and tools for secure information sharing, including through hosting of FIU.net.

(9)With the objective to strengthen AML/CFT rules at Union level and to enhance their clarity while ensuring consistency with international standards and other legislation, it is necessary to establish the coordinating role of the Authority at Union level in relation to all types of obliged entities to assist national supervisors and promote supervisory convergence, in order to increase the efficiency of the implementation of AML/CFT measures, also in the non-financial sector. Consequently, the Authority should be mandated to prepare regulatory technical standards, to adopt guidelines, recommendations and opinions with the aim that where supervision remains at national level, the same supervisory practices and standards apply in principle to all comparable entities. The Authority should be entrusted, due to its highly specialised expertise, with the development of a supervisory methodology, in line with a risk-based approach. Certain aspects of the methodology, which can incorporate harmonised quantitative benchmarks, such as approaches for classifying the inherent risk profile of obliged entities should be detailed in directly applicable binding regulatory measures – regulatory or implementing technical standards. Other aspects, which require wider supervisory discretion, such as approaches to assessing residual risk profile and internal controls in the obliged entities should be covered by non-binding guidelines, recommendations and opinions of the Authority. The harmonised supervisory methodology should take due account of, and where appropriate, leverage the existing supervisory methodologies relating to other aspects of supervision of the financial sector obliged entities, especially where there is interaction between AML/CFT supervision and prudential supervision. Specifically, the supervisory methodology to be developed by the Authority should be complementary to guidelines and other instruments developed by the European Banking Authority detailing approaches of prudential supervisory authorities with respect to factoring ML/TF risks in prudential supervision, in order to ensure effective interaction between prudential and AML/CFT supervision.

(10)The Authority should be empowered to develop regulatory technical standards in order to complete the harmonised rulebook established in the [please insert references – proposal for 6th Anti-Money Laundering Directive, Anti-money laundering Regulation and proposal for a recast of Regulation (EU) 2015/847]. The Commission should endorse draft regulatory technical standards by means of delegated acts pursuant to Article 290 TFEU in order to give them binding legal effect. They should be subject to amendment only in very restricted and extraordinary circumstances, since the Authority is the actor in close contact with and knowing best the AML/CFT framework. To ensure a smooth and expeditious adoption process for those standards, the Commission’s decision to endorse draft regulatory technical standards should be subject to a time limit.

(11)The Commission should also be empowered to adopt implementing technical standards by means of implementing acts pursuant to Article 291 TFEU.

(12)Since there are no sufficiently effective arrangements to handle AML/CFT incidents involving cross-border aspects it is necessary to put in place an integrated AML/CFT supervisory system at Union level that ensures consistent high-quality application of the AML/CFT supervisory methodology and promotes efficient cooperation between all relevant competent authorities. For these reasons, the Authority and national AML/CFT supervisory authorities (‘supervisory authorities’) should constitute an AML/CFT supervisory system. This would also benefit supervisory authorities when facing specific challenges, for example vis-à-vis an enhanced AML/CFT risk or due to a lack of resources, as within that system mutual assistance should be possible on request. This could involve exchange and secondments of personnel, training activities and exchanges of best practices. Furthermore, the Commission could provide technical support to Member States under Regulation (EU) 2021/240 of the European Parliament and of the Council to promote reforms aimed at reinforcement of the fight against money laundering. 33

(13)Considering the important role of thematic reviews in AML/CFT supervision across the Union as they enable to identify and compare the level of exposure to risks and trends in relation to obliged entities under supervision, and that currently supervisors in different Member States do not benefit from these reviews, it is necessary that the Authority identifies national thematic reviews that have a similar scope and time-frame and ensures their coordination at the level of the Union. To avoid situations of possibly conflicting communications with supervised entities, the coordination role of the Authority should be limited to interaction with relevant supervisory authorities, and should not include any direct interaction with non-selected obliged entities. For the same reason, the Authority should explore the possibility of aligning or synchronising the timeframe of the national thematic reviews and facilitate any activities that the relevant supervisory authorities may wish to carry out jointly or similarly.

(14)The efficient usage of data leads to better monitoring and compliance of firms. Therefore, both direct and indirect supervision by the Authority and supervisory authorities of all obliged entities across the system should rely on expedient access to relevant data and information about the obliged entities themselves and the supervisory actions and measures taken towards them. To that end, the Authority should establish a central AML/CFT database with information collected from all supervisory authorities, and should make such information selectively available to any supervisory authority within the system. This data should also cover withdrawal of authorisation procedures, fit and proper assessments of shareholders and members of individual obliged entities as this will enable relevant authorities to duly consider possible shortcomings of specific entities and individuals that might have materialised in other Member States. The database should also include statistical information about supervisory and other public authorities involved in AML/CFT supervision. Such information would enable effective oversight by the Authority of the proper functioning and effectiveness of the AML/CFT supervisory system. The information from the database would enable the Authority to react in a timely manner to potential weaknesses and cases of non-compliance by non-selected obliged entities. Pursuant to Article 24 of Council Regulation (EU) 2017/1939 34 , the Authority will without undue delay report to the EPPO any criminal conduct in respect of which it could exercise its competence in accordance with Article 22 and Article 25(2) and (3) of that Regulation. Pursuant to Article 8 of Regulation 883/2013 35 , the Authority will transmit to OLAF without delay any information relating to possible cases of fraud, corruption or any other illegal activity affecting the financial interests of the Union.

(15)With the objective of ensuring a more effective and less fragmented protection of the Union’s financial framework, a limited number of the riskiest obliged entities should be directly supervised by the Authority. As ML/TF risks are not proportional to the size of the supervised entities, other criteria should be applied to identify the most risky entities. In particular, two categories should be considered: high-risk cross-border credit and financial institutions with activity in a significant number of Member States, selected periodically; and, in exceptional cases, any entity whose material breaches of applicable requirements are not sufficiently or in a timely manner addressed by its national supervisor. Those entities would fall under the category of ‘selected obliged entities’.

(16)The first category of credit and financial institutions, or groups of such institutions should be assessed every three years, based on a combination of objective criteria related to their cross-border presence and activity, and criteria related to their inherent ML/FT risk profile. Only large complex financial groups present in a number of Member States that could be more efficiently supervised at Union level should be included in the selection process. With respect to credit institutions, minimal cross-border presence for inclusion in the selection process should be based on the number of subsidiaries and branches in different Member States, because risky banking activities of significant volume require a local presence in a form of an establishment. Other financial sector entities may, in contrast, carry out activities that can be sufficiently risky from an ML/TF perspective by means of direct provision of services, for example via a network of agents, but may not have established subsidiaries or branches in a large number of Member States. Therefore, applying the same cross-border criteria, that is to say the one related to freedom of establishment, would result in scoping out large financial sector entities that can have a significant risk profile in a number of Member States, without being established there. Since the volume of activities via direct provision of services is generally smaller than the volume of activities carried out in a branch or a subsidiary, it is appropriate to consider only groups that are established in at least two Member States, but provide services directly or via a network of agents in at least eight more Member States.

(17)In order to ensure that only the riskiest obliged entities among those with significant cross-border operations are supervised directly at the level of the Union, the assessment of their inherent risk should be harmonised. Currently, there are various national approaches and supervisory authorities use distinct benchmarks for assessment and classification of inherent ML/TF risk of obliged entities. Using these national methodologies for selection of entities for direct supervision at Union level could lead to a different playing field among them. Therefore, the Authority should be empowered to develop regulatory technical standards laying out a harmonised methodology and benchmarks for categorising the inherent ML/TF risk as low, medium, substantial, or high. The methodology should be tailored to particular types of risks and therefore should follow different categories of obliged entities which are financial institutions in accordance with the Regulation of the European Parliament and of the Council on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing [OP please insert the next number for COM(2021)420]. That methodology should be sufficiently detailed and should establish specific quantitative and qualitative benchmarks considering at least the risk factors related to types of customers served, products and services offered, and geographical areas, including third country jurisdictions that obliged entities operate in or are related to. Specifically, each assessed obliged entity would have its inherent risk profile classified in each Member State where it operates in a manner consistent with the classification of any other obliged entity in the Union. The quantitative and qualitative benchmarks would allow such classification to be objective and not dependent on the discretion of a given supervisory authority in a Member State, or the discretion of the Authority.

(18)The final selection criterion should warrant a level playing field among directly supervised obliged entities, and to that end, no discretion should be left to the Authority or supervisory authorities in deciding on the list of obliged entities that should be subject to direct supervision. Therefore, where a given assessed obliged entity operates cross-border and falls within the high risk category in accordance with the harmonised methodology in a minimum number of Member States, it should be deemed a selected obliged entity. In case of credit institutions, the cross-border aspect should be addressed by including those credit institutions that are classified as high risk in at least four Member States and where in at least one Member State of those four the entity has been under supervisory or other public investigation for material breaches of AML/CFT requirements. In case of other financial institutions, the cross-border aspect should be addressed by including those financial institutions that are classified as high risk in at least one Member State where they are established and at least five other Member States where they operate by means of direct provision of services.

(19)To provide transparency and clarity to the relevant institutions, the Authority should publish a list of the selected obliged entities within one month of commencement of a selection round, after verifying the correspondence of information provided by the financial supervisors to the cross-border activities criteria and the inherent risk methodology. Therefore it is important that at the beginning of each selection period, the relevant financial supervisors provide the Authority with up-to-date statistical information to determine the list of financial institutions eligible for assessment in accordance with the assessment entry criteria relating to their cross-border operations. In this context, the financial supervisors should inform the Authority about the inherent risk category that a financial institution falls into in their jurisdictions in accordance with the methodology laid down in the regulatory technical standards. The Authority should then assume the tasks related to direct supervision five months after the publication of the list. That time is needed to appropriately prepare the transfer of supervisory tasks from national to Union level, including the formation of a joint supervisory team, and adopting any relevant working arrangements with the relevant financial supervisors.

(20)To ensure legal certainty and a level playing field among selected entities, any selected entity should remain under direct supervision of the Authority for at least three years, even if since the moment of selection and in the course of the three years it ceases to meet any of the cross-border activity or risk-related criteria due to e.g. potential consolidation, expansion or re-allocation of activities carried out via establishments or freedom to provide services. The Authority should also ensure that sufficient time is allocated to preparation by the obliged entities and their supervisory authorities to the transfer of supervision from national to Union level. Therefore, each subsequent selection should commence six months before the end-date of the three year period of supervision of the previously selected entities.

(21)The relevant actors involved in the application of the AML/CFT framework should cooperate with each other in accordance with the duty of sincere cooperation enshrined in the Treaties. In order to ensure that the AML supervisory system composed of the Authority and supervisory authorities functions as an integrated mechanism, and that jurisdiction-specific risks and local supervisory expertise are duly taken into account and well utilised, direct supervision of selected obliged entities should take place in the form of joint supervisory teams. These teams should be led by a staff member of the Authority coordinating all supervisory activities of the team. To ensure an adequate understanding of possible national specificities, the team leader (‘JST coordinator’) should be stationed in the Member State where a selected entity has its headquarter. The Authority should be in charge of establishment and composition of the joint supervisory team, and the local supervisors should ensure that a sufficient number of their staff members are appointed to the team, taking into account the risk profile of the selected entity in their jurisdiction.

(22)To ensure that the Authority can fulfil its supervisory obligations in an efficient manner with regard to selected obliged entities, the Authority should be able to obtain any internal documents and information necessary for the exercise of its tasks and for that purpose have general investigation powers afforded to all supervisory authorities under national administrative law.

(23)The Authority should have the power to require actions, internal to the entity, to enhance the compliance of obliged entities with the AML/CFT framework, including reinforcement of internal procedures and changes in the governance structure, going as far as removal of members of the management body, without prejudice to the powers of other relevant supervisory authorities of the same selected entity. Following relevant findings related to non-compliance or partial compliance with applicable requirements by the obliged entity, it should be able to impose specific measures or procedures for particular clients or categories of clients who pose high risks. On-site inspections should be a regular feature of such supervision. If a specific type of on-site inspection requires an authorisation by the national judicial authority, such authorisation should be applied for by the Authority.

(24)The Authority should have a full range of supervisory powers in relation to directly supervised entities in order to ensure compliance with applicable requirements. These powers should apply in cases where the selected entity does not meet its requirements, in cases where certain requirements are not likely to be met, as well as in cases where internal process and controls are not appropriate to ensure sound management of selected obliged entity’s ML/FT risks. The exercise of these powers could be done by means of binding decisions addressed to selected individual obliged entities.

(25)In addition to supervisory powers and in order to ensure compliance, in cases of material breaches of directly applicable requirements, the Authority should be able to impose administrative pecuniary sanctions on the selected obliged entities. Such sanctions should be proportionate and dissuasive, should have both punitive and deterrent effect, and should comply with the principle of ne bis in idem. The maximum amounts of pecuniary sanctions should be in line with those established by [please insert reference – 6th Anti-Money Laundering Directive] and available to all supervisory authorities across the Union. The basic amounts of these sanctions should be determined within the limits established by the AML/CFT framework, taking into account the nature of the requirements that have been breached. In order for the Authority to take aggravating or mitigating factors adequately into account, adjustments to the relevant basic amount should be possible. With the objective to achieve a timely change of the damaging business practice, the Executive Board of the Authority should be empowered to impose periodic penalty payments to compel the relevant legal or natural person to cease the relevant conduct. With the aim to heighten awareness of all obliged entities, by encouraging them to adopt business practices in line with the AML/CFT framework, the sanctions and penalties should be disclosed. The Court of Justice should have jurisdiction to review the legality of decisions adopted by the Authority, the Council and the Commission, in accordance with Article 263 TFEU, as well as for determining their non-contractual liability.

(26)In order for the Authority and financial supervisors to communicate swiftly and efficiently within AML/CFT supervisory system and to enable more coherent decision-making processes, it is necessary to have specific arrangements for communication within that system.

(27)For non-selected obliged entities, the AML/CFT supervision is to remain primarily at national level, with national competent authorities retaining full responsibility and accountability for direct supervision. The Authority should be granted adequate indirect supervisory powers to ensure that supervisory actions at national level are consistent and of a high quality across the Union. Therefore, it should carry out assessments of the state of supervisory convergence and publish reports with its findings. It should be empowered to issue guidelines and recommendations, addressed to both obliged entities as well as supervisory authorities, with a view to ensuring harmonised and high level supervisory practices across the Union.

(28)Certain obliged entities in the financial sector that do not meet the requirements for regular selection might still have a high inherent profile from the money laundering and terrorism financing perspective, or might take on, change or expand activities that entail high risk, not mitigated with a commensurate level of internal controls, thus leading to material breaches of its AML/CFT requirements. If there are indications of possible material breaches of applicable AML/CFT requirements, they may be a sign of gross negligence on part of the obliged entity. The supervisory authority should in most cases be able to adequately respond to any possible breaches and prevent the risks from materialising and leading to gross negligence of AML/CFT requirements. However, in certain cases a national level response might not be sufficient or timely, especially when there are indications that material breaches at the level of the entity have already occurred. In those cases, the Authority should be able to request the local supervisor to take specific measures to remedy the situation, including requesting to issue financial sanctions. To prevent money laundering and terrorism risks from materialising, the deadline for action at national level should be sufficiently short.

(29)The Authority should have the opportunity to request a transfer of supervisory tasks and powers relating to a specific obliged entity on its own initiative in case of inaction or failure to follow its instructions within the provided deadline. Since the transfer of tasks and powers over an obliged entity without the specific request of the financial supervisor to the Authority would require a discretionary decision on the part of the Authority, the Authority should address a specific request to that end to the Commission. In order for the Commission to be able to take a decision coherent with the framework of the tasks allocated to the Authority within the AML/CFT framework, the request of the Authority should enclose an appropriate justification, and should indicate a precise duration of the reallocation of tasks and powers towards the Authority. The timeframe for the reallocation of powers should correspond to the time the Authority requires to deal with the risks at entity level, and should not exceed three years. The Commission should adopt a decision transferring powers and tasks for supervising the entity to the Authority swiftly, and in any case within a month.

(30)In order to improve supervisory practices in the non-financial sector, the Authority should carry out peer reviews of supervisory authorities in the non-financial sector, including public authorities overseeing self-regulatory bodies (SRBs), and publish reports with its findings; those could be accompanied by guidelines or recommendations addressed to the relevant public authorities, including public authorities overseeing SRBs. SRBs should be able to participate in peer reviews on a case-by-case basis where they have expressed their willingness to participate.

(31)With the objective to increase the efficiency of the implementation of AML/CFT measures also in the non-financial sector, the Authority should also be able to investigate possible breaches or incorrect application of Union law by supervisory authorities in that sector, including public authorities overseeing SRBs.

(32)In order to analyse suspicious activity affecting multiple jurisdictions, the relevant FIUs that received linked reports should be able to efficiently conduct joint analyses of cases of common interest. To this end, the Authority should be able to propose, coordinate and support with all appropriate means the joint analyses of cross-border suspicious transactions or activities. The joint analyses should be triggered where there is a need to conduct just such joint analyses pursuant to the relevant provisions in Union law. Upon the explicit consent of the FIUs participating in the joint analyses, the staff of the Authority supporting the conduct of joint analyses should be able to receive and process all necessary data and information, including the data and information pertaining to the analysed cases.

(33)In order to improve the effectiveness of the joint analyses, the Authority should be able to initiate reviews of methods, procedures and conduct of the joint analyses, with the aim of determining the lessons learnt and of improving and promoting these analyses. The feedback on the joint analysis should enable the authority to issue conclusions and recommendations which would ultimately lead to the regular refinement and improvement of the methods and procedures for the conduct of joint analyses.

(34)In order to facilitate and improve cooperation between FIUs and the Authority, including for the purposes conducting joint analyses, the FIUs should be able to delegate one staff member per FIU to the Authority on a voluntary basis. The national FIU delegates should support the Authority’s staff in carrying out all the tasks relating to FIUs, including the conduct of joint analyses and the preparation of threat assessments and strategic analyses of money laundering and terrorist financing threats, risks and methods. Apart from the joint analyses, the Authority should encourage and facilitate various forms of mutual assistance between FIUs, including training and staff exchanges in order to improve capacity building and enable the exchange of knowledge and good practices amongst FIUs.

(35)The Authority should manage, host, and maintain FIU.net, the dedicated IT system allowing FIUs to cooperate and exchange information amongst each other and, where appropriate, with their counterparts from third countries and third parties. The Authority should, in cooperation with Member States, keep the system up-to-date. To this end, the Authority should ensure that at all times the most advanced available state-of-the-art technology is used for the development of the FIU.net, subject to a cost-benefit analysis.

(36)In order to establish consistent, efficient and effective supervisory and FIU-related practices and ensure common, uniform and coherent application of Union law, the Authority should be able to issue guidelines and recommendations addressed to all or category of obliged entities and all or a category of supervisory authorities and FIUs. The guidelines and recommendations could be issued pursuant to a specific empowerment in the applicable Union acts, or on the own initiative of the Authority, where there is a need to strengthen the AML/CFT framework at Union level.

(37)The establishment of a solid governance structure within the Authority is essential for ensuring effective exercise of the tasks granted to the Authority, and for an efficient and objective decision-making process. Due to the complexity and variety of the tasks conferred on the Authority in both the supervision and FIU areas, the decisions cannot be taken by a single governing body, as is often the case in decentralised agencies. Whereas certain types of decisions, such as decisions on adoption of common instruments, need to be taken by representatives of appropriate authorities or FIUs, and respect voting rules of the TFEU, certain other decisions, such as the decisions towards individual selected obliged entities, or individual authorities, require a smaller decision-making body, whose members should be subject to appropriate accountability arrangements. Therefore, the Authority should comprise a General Board, and an Executive Board composed of five full-time independent members and of the Chair of the Authority.

(38)In order to ensure the relevant expertise, the General Board should have two compositions. For all the decisions on the adoption of acts of general application such as the regulatory and implementing technical standards, guidelines, recommendations, and opinions relating to FIUs, it should be composed of the heads of FIUs of Member States (‘General Board in FIU composition’). For the same types of acts related to direct or indirect supervision of financial and non-financial obliged entities, it should be composed of the heads of AML/CFT supervisors which are public authorities (‘General Board in supervisory composition’). All parties represented in the General Board should make efforts to limit the turnover of their representatives, in order to ensure continuity of the Board's work. All parties should aim to achieve a balanced representation between men and women on the General Board.

(39)For a smooth decision making process, the tasks should be clearly divided: the General Board in FIU composition should decide on the relevant measures for FIUs, the General Board in supervisory composition should decide on delegated acts, guidelines and similar measures for obliged entities. The General Board in supervisory composition should also be able to provide its opinion and advice to the Executive Board on all draft decisions towards individual selected obliged entities proposed by the Joint Supervisory Teams. In absence of such opinion or advice, the decisions should be taken by the Executive Board. Whenever the Executive Board deviates from the advice provided by the General Board in supervisory composition in the final decision, it should explain the reasons thereof in writing.

(40)For the purposes of voting and taking decisions, each Member State should have one voting representative. Therefore, the heads of public authorities should appoint a permanent representative as the voting member of the General Board in supervisory composition. Alternatively, depending on the subject-matter of the decision or agenda of a given General board meeting, public authorities of a Member State may decide on an ad-hoc representative. The practical arrangements related to decision-making and voting by the General Board members in supervisory composition should be laid down in the Rules of Procedure of the General Board, to be developed by the Authority.

(41)The Chair of the Authority should chair the General Board meetings and have a right to vote when decisions are taken by simple majority. The Commission should be a non-voting member on the General Board. To establish good cooperation with other relevant institutions, the General Board should also be able to admit other non-voting observers, such as a representative of the Single Supervisory Mechanism and of each of the three European Supervisory Authorities (EBA, EIOPA and ESMA) for the General Board in its Supervisory Composition and Europol, the EPPO and Eurojust for the General Board in its FIU composition, where matters that fall under their respective mandates are discussed or decided upon. To allow a smooth decision making process, decisions of the General Board should be taken by a simple majority, except for decisions concerning draft regulatory and implementing technical standards, guidelines and recommendations which should be taken by a qualified majority of Member State representatives in accordance with voting rules of the TFEU.

(42)The governing body of the Authority should be the Executive Board composed of the Chair of the Authority and of five full time members, appointed by the General Board based on the shortlist by the Commission. With the aim of ensuring a speedy and efficient decision making process, the Executive Board should be in charge of planning and execution of all the tasks of the Authority except where specific decisions are explicitly allocated to the General Board. In order to ensure objectivity and appropriate rapidity of the decision-making process in the area of direct supervision of the selected obliged entities, the Executive Board should take all binding decisions addressed to selected obliged entities. In addition, together with a representative of the Commission the Executive Board should be collectively responsible for the administrative and budgetary decisions of the Authority. The consent of the Commission should be required when the Executive Board is taking decisions related to the budget administration, procurement, recruitment, and audit of the Authority, given that a portion of funding of the Authority will be provided from Union budget.

(43)To allow for swift decisions, all decisions of the Executive Board, including the decision where the Commission has a right to vote, should be taken by simple majority, with the Chair holding a casting vote in case of a tied vote. To ensure sound financial management of the Authority, the Commission’s consent should be required for decisions related to budget, administration and recruitment. The voting members of the Executive Board other than the Chair should be selected by the General Board, based on a short-list established by the Commission.

(44)To ensure the independent functioning of the Authority the five Members of the Executive Board and the Chair of the Authority should act independently and in the interest of the Union as a whole. They should behave, both during and after their term of office, with integrity and discretion as regards the acceptance of certain appointments or benefits. To avoid giving any impression that a Member of the Executive Board might use its position as a Member of the Executive Board of the Authority to get a high-ranking appointment in the private sector after his term of office and to prevent any post-public employment conflicts of interests, a cooling-off period for the five Members of the Executive Board, including the Chair of the Authority, should be introduced.

(45)The Chair of the Authority should be appointed based on objective criteria by the Council after approval by the European Parliament. He or she should represent the Authority externally and should report on the execution of Authority’s tasks.

(46)The Executive Director of the Authority should be appointed by the Executive Board based on a shortlist from the Commission. The Executive Director of the Authority should be a senior administrative official of the Authority, in charge of the day-to-day management of the Authority, and responsible for budget administration, procurement, and recruitment and staffing.

(47)To protect effectively the rights of parties concerned, for reasons of procedural economy and to reduce the burden on the Court of Justice of the European Union, the Authority should provide natural and legal persons with the possibility to request a review of decisions taken under the powers related to direct supervision and conferred on the Authority by this Regulation and addressed to them, or which are of direct and individual concern to them. The independence and objectivity of the decisions taken by the Administrative Board of Review should be, among others, ensured by its composition of five independent and suitably qualified persons. Decisions of the Administrative Board of Review should be in turn appealable before the Court of Justice of the European Union.

(48)To guarantee the proper functioning of the Authority, funding should be provided by a combination of fees levied on certain obliged entities and a contribution from the Union budget, depending on the tasks and functions. The budget of the Authority should be part of the Union budget, confirmed by the Budgetary Authority on the basis of a proposal from the Commission. The Authority should submit to the Commission a draft budget and an internal financial regulation for approval.

(49)To ensure that the Authority can also fulfil its tasks as direct and indirect supervisor of obliged entities, an adequate mechanism for the determination and the collection of the fees should be introduced. As regards the fees levied on selected obliged entities and certain non-selected obliged entities, the methodology for their calculation and the process of collection of fees should be developed in a delegated act of the Commission. The methodology should be based on the risk of the directly and indirectly supervised entities as well as their turnover or revenue.

(50)The rules on establishment and implementation of the budget of the Authority, as well as the presentation of annual accounts of the Authority, should follow the provisions of Commission Delegated Regulation (EU) 2019/715 36 as regards cooperation with the European Public Prosecutor’s Office and the effectiveness of the European Anti-Fraud Office investigations.

(51)In order to prevent and effectively combat internal fraud, corruption or any other illegal activity within the Authority, it should be subject to Regulation (EU, Euratom) No 883/2013as regards cooperation with the European Public Prosecutor’s Office and the effectiveness of the European Anti-Fraud Office investigations. The Authority should accede to Interinstitutional Agreement concerning internal investigations by OLAF, which should be able, to carry out on-the-spot checks within the area of its competence.

(52)As stated in the Cybersecurity Strategy for the European Union 37 , it is essential to ensure a high level of cyber resilience in all EU institutions, bodies and agencies due to the increasingly hostile threat environment. The Executive Director must thus ensure appropriate IT risk management, a strong internal IT governance and sufficient IT security funding. The Authority shall work closely with the Computer Emergency Response Team of the European Union Institutions, Bodies and Agencies and report major incidents with 24 hours to CERT EU as well as to the Commission.

(53)The Authority should be accountable to both the European Parliament and the Council for the execution of its tasks and implementation of this Regulation. The Chair of the Authority should present a respective report to the European Parliament, the Council and the Commission on a yearly basis.

(54)The staff of the Authority should be composed of temporary agents, contractual agents and seconded national experts as well as national delegates placed at the disposition of the Authority by Union FIUs. The Authority, in agreement with the Commission, should adopt the relevant implementing measures in accordance with the arrangements provided for in Article 110 of the Staff Regulations 38 .

(55)To ensure that confidential information is treated accordingly, all members of the governing bodies of the Authority, all staff of the Authority, including seconded staff and staff placed at the disposition of the Authority, as well as any persons carrying out tasks for the Authority on a contractual basis, should be subject to obligation of professional secrecy, including any confidentiality restrictions and obligations stemming from the relevant provisions of Union legislation, and related to the specific tasks of the Authority. However, confidentiality and professional secrecy obligations should not prevent the Authority from cooperating with, exchanging or disclosing information to other relevant national or Union authorities or bodies, where it is necessary for the performance of their respective tasks and where such cooperation and exchange of information obligations are envisaged in Union law.

(56)Without prejudice to the confidentiality obligations that apply to the Authority’s staff and representatives in accordance with the relevant provisions in Union law, the Authority should be subject to Regulation (EC) No 1049/2001 of the European Parliament and of the Council. 39 In line with the confidentiality and professional secrecy restrictions related to supervisory and FIU support and coordination tasks of the Authority, such access should not be extended to confidential information handled by the staff of the Authority. In particular, any operational data or information related to such operational data of the Authority and of the EU FIUs that is in the possession of the Authority due to carrying out the tasks and activities related to support and coordination of FIUs should be deemed as confidential. With regard to supervisory tasks, access to information or data of the Authority, the financial supervisors, or the obliged entities obtained in the process of carrying out the tasks and activities related to direct supervision should in principle also be treated as confidential and not subject to any disclosure. However, confidential information listed that relates to a supervisory procedure can be fully or partially disclosed to the obliged entities which are parties to such supervisory procedure, subject to the legitimate interest of legal and natural persons other than the relevant party, in the protection of their business secrets.

(57)Without prejudice to any specific language arrangements that could be adopted within AML supervisory system and with selected obliged entities, Council Regulation No 1 40 should apply to the Authority and any translation services which may be required for the functioning of the Authority should be provided by the Translation Centre for the Bodies of the European Union.

(58)Without prejudice to the obligations of the Member States and their authorities, the processing of personal data on the basis of this Regulation for the purposes of the prevention of money laundering and terrorist financing should be considered necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Authority under Article 5 of Regulation (EU) 2018/1725 of the European Parliament and of the Council 41 and Article 6 of Regulation 2016/679of the European Parliament and of the Council 42 . When developing any instruments or taking any decisions that may have a significant impact on the protection of personal data, the Authority should closely cooperate, where relevant, with the European Data Protection Board established by Regulation (EU) 2016/679 and with the European Data Protection Supervisor established by Regulation (EU) 2018/1725 to avoid duplication.

(59)The Authority should establish cooperative relations with the relevant Union agencies and bodies, including Europol, Eurojust, the EPPO, and the European Supervisory Authorities, namely the European Banking Authority, the European Securities and Markets Authority and the European Insurance and Occupational Pensions Authority. To improve cross-sectoral supervision and a better cooperation between prudential and AML/CFT supervisors the Authority should also establish cooperative relations with the authorities competent for prudential supervision of financial sector obliged entities, including the European Central Bank with regard to matters relating to the tasks conferred on it by Council Regulation (EU) No 1024/2013 43 , as well as with resolution authorities as defined in Article 3 of Directive (EU) 2014/59/EU of the European Parliament and the Council 44 and designated Deposit Guarantee Schemes authorities as defined in Article 2 (1), point 18 of Directive 2014/49/EU of the European Parliament and the Council 45 . To this end, the Authority should be able to conclude agreements or memoranda of understanding with such bodies, including with regard to any information exchange which is necessary for the fulfilment of the respective tasks of the Authority and these bodies. The Authority should make its best efforts to share information with such bodies on their request, within the limits posed by legal constraints, including data protection legislation. In addition, the Authority should enable effective information exchange between all financial supervisors in the AML/CFT supervisory system and the aforementioned authorities, such cooperation and information exchanges should take place in a structured and efficient way.

(60)Public-private partnerships (‘PPPs’) have become increasingly important cooperation and information exchange fora between FIUs, various national supervisory and law enforcement authorities and obliged entities in some Member States. Where the Authority would act as direct supervisor of selected obliged entities which are part of a PPP in any Member State, it could be beneficial for the Authority to also participate therein, on conditions determined by the relevant national public authority or authorities that set up such PPP, and with their explicit agreement.

(61)Considering that cooperation between supervisory, administrative and law enforcement authorities is crucial for successful combatting of money laundering and terrorism financing, and certain Union authorities and bodies have specific tasks or mandates in that area, the Authority should make sure that it is able to cooperate with such authorities and bodies, in particular OLAF, Europol, Eurojust, and the EPPO. If there is a need to establish specific working arrangements or conclude Memoranda of Understanding between the Authority and these bodies and authorities, the Authority should be able to do so. The arrangement should be of strategic and technical nature, should not imply sharing of any confidential or operational information in possession of the Authority and should account for tasks already carried out by the other Union institutions, bodies, offices or agencies as regards the prevention of and fight against money laundering and terrorist financing.

(62)Since both predicate offenses as well as the crime of money laundering itself often are of global nature, and given that the Union obliged entities also operate with and in third countries, effective cooperation with all the relevant third country authorities in the areas of both supervision and functioning of FIUs are crucial for strengthening the Union AML/CFT framework. Given the Authority’s unique combination of direct and indirect supervision and FIU cooperation-related tasks and powers, it should be able to take an active role in such external cooperation arrangements. Specifically, the Authority should be empowered to develop contacts and enter into administrative arrangements with authorities in third countries that have regulatory, supervisory and FIU-related competences. The Authority’s role could be particularly beneficial in cases where the interaction of several Union public authorities and FIUs with third country authorities concerns matters within the scope of the Authority’s tasks. In such cases, the Authority should have a leading role in facilitating this interaction.

(63)Since the Authority will have a full range of powers and tasks related to direct and indirect supervision and oversight of all obliged entities, it is necessary that these powers remain consolidated within one Union body, and do not give rise to conflicting competences with other Union bodies. Therefore, the European Banking Authority should not retain its tasks and powers related to anti-money laundering and countering the financing of terrorism, and the respective articles in Regulation (EU) No 1093/2010 of the European Parliament and of the Council 46 should be deleted. The resources allocated to the European Banking Authority for the fulfilment of those tasks should be transferred to the Authority. Considering that all three European Supervisory Authorities (EBA, ESMA and EIOPA) will be cooperating with the Authority, and may attend the meetings of the General Board in supervisory composition as observers, the same possibility should be afforded to the Authority in respect of meetings of the Board of Supervisors of the European Supervisory Authorities. In cases where the respective Boards of Supervisors discuss or decide on matters that are relevant for the execution of the Authority’s tasks and powers, the Authority should be able to participate in their meetings as an observer. The articles on the compositions of the Board of Supervisors in Regulation (EU) No 1093/2010, Regulation (EU) 1094/2010 of the European Parliament and the Council 47 , and Regulation (EU) 1095/2010 of the European Parliament and the Council 48 should therefore be amended accordingly.

(64)The Authority should be fully operation by the beginning of 2024. This should give the Authority sufficient time to establish its headquarter in the Member State as determined by this Regulation.

(65)The European Data Protection Supervisor has been consulted in accordance with Article 42 of Regulation (EU) 2018/1725 [and delivered an opinion on ...],

HAVE ADOPTED THIS REGULATION:

CHAPTER I

ESTABLISHMENT, LEGAL STATUS AND DEFINITIONS

Article 1

Establishment and scope of action

1.The Authority for Anti-Money Laundering and Countering the Financing of Terrorism (‘the Authority’) is established as of 1 January 2023.

2.The Authority shall act within the powers conferred by this Regulation, in particular those set out in Article 6, and within the scope of Regulation (EU) 2015/847 of the European Parliament and of the Council 49 , the Directive on the mechanisms to be put in place by the Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU)2015/849 [OP: please insert the next number of COM(2021)423] and the Regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing [OP: please insert the next number of COM(2021)422], including all directives, regulations and decisions based on those acts, of any further legally binding Union act which confers tasks on the Authority and of national legislation implementing the Anti-Money Laundering Directive [OP: please insert the next number of COM(2021)423] or other Directives conferring tasks on supervisory authorities.

3.The objective of the Authority shall be to protect the public interest, the stability of the Union’s financial system and the good functioning of the internal market by:

(a)preventing the use of the Union’s financial system for the purposes of money laundering and terrorist financing;

(b)contributing to identify and assess risks of money laundering and terrorist financing across the internal market, as well as risks and threats originating from outside the Union that are impacting, or have the potential to impact the internal market;

(c)ensuring high-quality supervision in the area of anti-money laundering and countering the financing of terrorism (‘AML/CFT’) across the internal market;

(d)contributing to supervisory convergence in the area of anti-money laundering and countering the financing of terrorism across the internal market;

(e)contributing to the harmonisation of practices in the detection of cross-border suspicious flows of monies or activities by Financial Intelligence Units (‘FIUs’);

(f)supporting and coordinating the exchange of information between FIUs and between FIUs and others competent authorities.

The provisions of this Regulation are without prejudice to the powers of the Commission, in particular pursuant to Article 258 TFEU, to ensure compliance with Union law.

Article 2

Definitions

1.For the purposes of this Regulation, in addition to the definitions set out in Article 2 of [OP: please insert the reference to Anti-Money Laundering Regulation COM(2021)420] and Article 2 [OP: please insert the reference to 6th Anti-Money Laundering Directive COM(2021)423], the following definitions apply:

(1)‘selected obliged entity’ means a credit institution, a financial institution, or a group of credit or financial institutions at the highest level of consolidation in the Union, which is under direct supervision by the Authority pursuant to Article 13;

(2)‘non-selected obliged entity’ means a credit institution, a financial institution, or a group of credit institutions or financial institutions at the highest level of consolidation in the Union, other than a selected obliged entity;

(3)‘AML/CFT supervisory system’ means the Authority and the supervisory authorities in the Member States;

(4)‘non-financial supervisor’ means a supervisor in charge of obliged entities listed in Article 3 of [AMLR], other than credit and financial institutions.

(5)‘non-AML/CFT authority’ means:

(a)a competent authority as defined in Article 4(1), point (40) of Regulation (EU) No 575/2013 of the European Parliament and of the Council 50 ;

(b)the European Central Bank when it carries out the tasks conferred on it by Council Regulation (EU) No 1024/2013;

(c)a resolution authority designated in accordance with Article 3 of Directive 2014/59/EU of the European Parliament and of the Council;

(d)a deposit guarantee schemes (‘DGS’) designated authority as defined in Article 2(1), point (18) of Directive 2014/49/EU of the European Parliament and of the Council.

Article 3

Legal Status

1.The Authority shall be a Union body with legal personality.

2.In each Member State, the Authority shall enjoy the most extensive legal capacity accorded to legal persons under national law. It may, in particular, acquire or dispose of movable and immovable property and be a party to legal proceedings.

3.The Authority shall be represented by its Chair.

Article 4

Seat

The Authority shall have its seat in […]

CHAPTER II

TASKS AND POWERS OF THE AUTHORITY

SECTION 1

Tasks and powers

Article 5

Tasks

1.The Authority shall perform the following tasks with respect to money laundering/ terrorist financing (‘ML/TF’) risks facing the internal market:

(a)monitor developments across the internal market and assess threats, vulnerabilities and risks in relation to ML/TF;

(b)monitor developments in third countries and assess threats, vulnerabilities and risks in relation to their AML/CFT systems;

(c)collect information from its own supervisory activities and those of the supervisors and supervisory authorities on weaknesses identified in the application of AML/CFT rules by obliged entities, their risk exposure, the sanctions administered and the remedial actions applied;

(d)establish a central AML/CFT database of information collected from supervisors and supervisory authorities and keep up to date;

(e)analyse the information collected in the central database and share these analyses with supervisors and supervisory authorities on a need-to-know and confidential basis;

(f)monitor and support the implementation of asset freezes under the Union restrictive measures across the internal market;

(g)support, facilitate and strengthen cooperation and exchange of information between obliged entities and public authorities in order to develop a common understanding of ML/TF risks and threats facing the internal market;’

(h)undertake any other specific tasks set out in this Regulation and in other legislative acts.

2.The Authority shall perform the following tasks with respect to selected obliged entities:

(a)ensure group-wide compliance with the requirements applicable to the selected obliged entities pursuant to legislative acts referred to in Article 1(2), and any other legally binding Union acts that impose AML/CFT-related obligations on financial institutions;

(b)carry out supervisory reviews and assessments on individual entity and group-wide level in order to determine whether the arrangements, strategies, processes and mechanisms put in place by the selected obliged entities are adequate to mitigate their risks related to money laundering and terrorist financing, and on the basis of those supervisory reviews impose specific requirements, supervisory measures and administrative pecuniary sanctions pursuant to Articles 20, 21 and 22;

(c)participate in group-wide supervision, in particular in colleges of supervisors, including where a selected obliged entity is part of a group that has headquarters, subsidiaries or branches outside the Union;

(d)develop and maintain up to date a system to assess the risks and vulnerabilities of the selected obliged entities to inform the supervisory activities of the Authority and supervisory authorities, including through the collection of data from these entities.

3.The Authority shall perform the following tasks with respect to financial supervisors:

(a)maintain an up-to-date list of financial supervisors within the Union;

(b)carry out periodic reviews to ensure that all financial supervisors have adequate resources and powers necessary for the performance of their tasks in the area of AML/CFT;

(c)perform assessments of the strategies, capacities and resources of financial supervisors in the area of AML/CFT and make the results of such assessments available to all financial supervisors;

(d)facilitate the functioning of the colleges of financial supervisors in the area of AML/CFT;

(e)contribute to convergence of supervisory practices and promotion of high supervisory standards in the area of AML/CFT;

(f)coordinate staff and information exchanges among financial supervisors in the Union;

(g)provide assistance to financial supervisors, following their specific requests, including the requests to settle any disagreements on the measures to be taken in relation to an obliged entity.

4.The Authority shall perform the following tasks with respect to non-financial supervisors:

(a)maintain an up-to-date list of non-financial supervisors within the Union;

(b)coordinate peer reviews of supervisory standards and practices in the area of AML/CFT;

(c)request non-financial supervisors to investigate possible breaches of requirements applicable to obliged entities and to consider imposing sanctions or remedial actions in respect of such breaches;

(d)carry out periodic reviews to ensure that all non-financial supervisors have adequate resources and powers necessary for the performance of their tasks in the area of AML/CFT;

(e)contribute to convergence of supervisory practices and promotion of high supervisory standards in the area of AML/CFT;

(f)provide assistance to non-financial supervisors, following their specific requests, including the requests to settle any disagreements on the measures to be taken in relation to an obliged entity.

Where supervision of specific sectors is delegated at national level to self-regulatory bodies (‘SRBs’), the Authority shall exercise the tasks set out in the first subparagraph in relation to supervisory authorities overseeing the activity of SRBs.

5.The Authority shall perform the following tasks with respect to FIUs and their activities in the Member States:

(a)support and coordinate the work of FIUs and contribute to improved cooperation between FIUs;

(b)contribute to the identification and the selection of relevant cases for the conduct of joint analyses by FIUs;

(c)develop appropriate methods and procedures for the conduct of such joint analyses of cross-border cases;

(d)set up, coordinate, organise and facilitate the conduct of joint analyses carried out by FIUs;

(e)develop and make available to FIUs IT and artificial intelligence services and tools for secure information sharing, including by hosting FIU.net;

(f)develop, share and promote expert knowledge on detection, analysis, and dissemination methods of suspicious transactions;

(g)provide specialised training and assistance to FIUs, including through the provision of financial support, within the scope of its objectives and in accordance with the staffing and budgetary resources at its disposal;

(h)support the interaction of FIUs with obliged entities by providing specialised training to obliged entities, including improving their awareness and procedures to detect suspicious activities and financial operations and their reporting to the FIUs;

(i)prepare and coordinate threat assessments, strategic analyses of money laundering and terrorism financing threats, risks and methods identified by FIUs.

6.For the purpose of carrying out the tasks conferred on it by this Regulation, the Authority shall apply all relevant Union law, and where this Union law is composed of Directives, the national legislation transposing those Directives. Where the relevant Union law is composed of Regulations and where currently those Regulations explicitly grant options for Member States, the Authority shall apply also the national legislation exercising those options.

Article 6

Powers of the Authority

1.With respect to the selected obliged entities, the Authority shall have the supervisory and investigative powers as specified in Articles 16 to 20 and the power to impose administrative pecuniary sanctions and periodic penalty payments as specified in Articles 21 and 22.

For the purposes of exercising those powers, the Authority may issue binding decisions addressed to individual selected entities. The Authority shall have the power to impose administrative pecuniary sanctions for non-compliance with the decisions taken in the exercise of powers laid down in Article 20 in accordance with Article 21.

2.With respect to supervisors and supervisory authorities, the Authority shall have the following powers:

(a)to require the submission of any information or document, including written or oral explanations, necessary for the performance of its functions, including statistical information and information concerning internal processes or arrangements of national authorities;

(b)to issue guidelines and recommendations;

(c)to issue requests to act and instructions on measures that should be taken towards non-selected obliged entities pursuant to Section 4 of Chapter II.

3.With respect to FIUs in the Member States, the Authority shall have the following powers:

(a)to request data and analyses from FIUs that are relevant to the assessment of threats, vulnerabilities and risks facing the internal market in relation to money laundering and terrorist financing;

(b)to collect information and statistics in relation to the tasks and activities of the FIUs;

(c)to obtain and process information and data required for the coordination of joint analyses as specified in Article 33;

(d)to issue guidelines and recommendations.

4.For the purposes of carrying out the tasks set out in Article 5(1), the Authority shall have the following powers:

(a)to develop draft regulatory technical standards in the specific cases referred to in Article 38;

(b)to develop draft implementing technical standards in the specific cases referred to in Article 42;

(c)to issue guidelines and recommendations, as provided in Article 43;

(d)to issue opinions to the European Parliament, to the Council, or to the Commission as provided for in Article 44.

SECTION 2

AML/CFT supervisory system

Article 7

Cooperation within the AML/CFT supervisory system

1.The Authority shall be responsible for the effective and consistent functioning of the AML/CFT supervisory system.

2.The Authority and supervisory authorities shall be subject to a duty of cooperation in good faith, and to an obligation to exchange information.

Article 8

AML/CFT supervisory methodology 

1.The Authority shall develop and maintain an up-to-date and harmonised AML supervisory methodology detailing the risk-based approach to supervision of obliged entities in the Union. The methodology shall comprise guidelines, recommendations and other measures and instruments as appropriate, including in particular draft regulatory and implementing technical standards, on the basis of the empowerments laid down in the acts referred to in Article 1(2).

2.When developing the supervisory methodology the Authority shall make a distinction between obliged entities based on the sectors in which they operate. The supervisory methodology shall contain at least the following elements:

(a)benchmarks and methodology for classification of obliged entities into risk categories on the basis of their residual risk profile, separately for each category of obliged entities;

(b)approaches to supervisory review of money laundering risk self-assessments of obliged entities;

(c)approaches to supervisory review of obliged entities’ internal policies and procedures of obliged entities, including customer due diligence policies;

(d)approaches to supervisory evaluation of risk factors inherent in, or related to, customers, business relationships, transactions and delivery channels of obliged entities, as well as geographical risk factors.

3.The methodology shall reflect high supervisory standards at Union level and shall build on relevant international standards and guidance. The Authority shall periodically review and update its supervisory methodology, taking into account the evolution of risks affecting the internal market.

Article 9

Thematic reviews 

1.By 31 October each year, supervisory authorities shall submit to the Authority their annual work programmes for the following year. Where those work programmes include supervisory reviews carried out on a thematic basis with the aim of assessing ML/TF risks or a specific aspect of such risks which multiple obliged entities are exposed to at the same time, the supervisory authorities shall provide the following information:

(a)the scope of each planned thematic review in terms of category and number of obliged entities included and the subject matter(s) of the review;

(b)the time-frame of each planned thematic review;

(c)the planned types, nature and frequency of supervisory activities to be performed in relation to each thematic review, including any on-site inspections or other types of direct interaction with obliged entities, where applicable.

2.By the end of each year, the Chair of the Authority shall present to the General Board in supervisory composition as referred to in Article 46(2) a consolidated planning of the thematic reviews that supervisory authorities intend to undertake during the following year.

3.Where the scope and Union-wide relevance of thematic reviews justify coordination at Union level, they shall be carried out jointly by the relevant supervisory authorities and shall be coordinated by the Authority. The General Board in supervisory composition shall draw up a list of joint thematic reviews. The General Board in supervisory composition shall draw up a report relating to the conduct, subject-matter and outcome of each joint thematic review. The Authority shall publish that report on its website.

4.The Authority shall coordinate the activities of the supervisory authorities and facilitate the planning and execution of the selected joint thematic reviews referred to in paragraph 3. Any direct interaction with non-selected obliged entities in the context of any thematic review shall remain under the exclusive responsibility of the supervisory authority responsible for supervision of the non-selected obliged entities and shall not be construed as a transfer of tasks and powers related to those entities within the AML/CFT supervisory system.

5.Where planned thematic reviews at national level are not subject to a coordinated approach at the level of the Union, the Authority shall, jointly with the supervisory authorities, explore the need for and the possibility of aligning or synchronising the timeframe of those thematic reviews, and shall facilitate information exchange and mutual assistance between supervisory authorities carrying out those thematic reviews. The Authority shall also facilitate any activities that the relevant supervisory authorities may wish to carry out jointly or in similar manner in the context of their respective thematic reviews.

6.The Authority shall ensure the sharing with all supervisory authorities of the outcomes and conclusions of thematic reviews conducted at national level by several supervisory authorities, with the exception of confidential information pertaining to individual obliged entities. The sharing of information shall include any common conclusions resulting from exchanges of information or any joint or coordinated activities among several supervisory authorities.

Article 10

Mutual assistance in AML/CFT supervisory system

1.The Authority may, as appropriate, develop:

(a)new practical instruments and convergence tools to promote common supervisory approaches and best practices;

(b)practical tools and methods for mutual assistance following:

(i)specific requests from supervisory authorities;

(ii)referral of disagreements between supervisory authorities on the measures to be taken jointly by several supervisory authorities in relation to an obliged entity.

2.The Authority shall facilitate and encourage at least the following activities:

(a)sectoral and cross-sectoral training programmes, including with respect to technological innovation;

(b)exchanges of staff and the use of secondment schemes, twinning and short-term visits;

(c)exchanges of supervisory practices between supervisory authorities, when one authority has developed expertise in a specific area of AML/CFT supervisory practices.

3.Each supervisory authority may submit a request for mutual assistance related to its supervisory tasks to the Authority, specifying the type of assistance that can be provided by the staff of the Authority, the staff of one or more supervisory authorities, or a combination thereof. If the request concerns activities that relate to the supervision of specific obliged entities, the requesting supervisory authority shall ensure that access to any information and data necessary for the provision of assistance may be granted. The Authority shall keep and regularly update the information on specific areas of expertise and on the capacities of supervisory authorities to provide mutual assistance.

4.Where the Authority is requested to provide assistance for the performance of specific supervisory tasks at national level towards non-selected obliged entities, the requesting supervisory authority shall detail the tasks for which support is sought in its request. The assistance shall not be construed as the transfer of supervisory tasks, powers, or accountability for supervision of the non-selected obliged entities from the requesting supervisory authority to the Authority.

5.The Authority shall make every effort to provide the requested assistance, including by mobilising own human resources as well as by ensuring mobilisation of resources at supervisory authorities on a voluntary basis.

6.By the end of each year, the Chair of the Authority shall inform the General Board in supervisory composition of the resources that the Authority will allocate to providing such assistance.

7.Any interaction between the staff of the Authority and the obliged entity shall remain under the exclusive responsibility of the supervisory authority responsible for the supervision of that entity, and shall not be construed as a transfer of tasks and powers related to individual obliged entities within the AML/CFT supervisory system.

Article 11

Central AML/CFT database

1.The Authority shall establish and keep up to date a central database of information collected pursuant to paragraph 2. The Authority shall analyse the information received and ensure that it is made available to supervisory authorities on a need-to-know and confidential basis. The Authority may share the results of its analysis on its own initiative with supervisory authorities for the purposes of facilitating their supervisory activities.

2.The supervisory authorities shall transmit to the Authority at least the following information, including the data related to individual obliged entities:

(a)a list of all supervisory authorities and self-regulatory bodies entrusted with supervision of obliged entities, including information about their mandate, tasks and powers;

(b)statistical information about the type and number of supervised obliged entities in each Member State and basic information about the risk profile;

(c)binding measures and sanctions taken in the course of supervision of individual obliged entities;

(d)any advice provided to other national authorities in relation to authorisation procedures, withdrawal of authorisation procedures, and fit and proper assessments of shareholders or members of the management body of individual obliged entities;

(e)reports on outcomes of supervisory activities;

(f)results from supervisory inspections of files concerning politically exposed persons, their family members and their associates;

(g)statistical information regarding performed supervisory activities over the past calendar year, including the number of off-site and on-site inspections;

(h)statistical information about staffing and other resources of public authorities.

3.The Authority may request supervisory authorities to provide other information in addition to that referred to in paragraph 2. The supervisory authorities shall update any provided information.

4.Any supervisory authority or any non-AML authority may address to the Authority a reasoned request for information collected pursuant to paragraph 2 that is relevant for its supervisory activities. The Authority shall assess those requests and provide the information requested by the supervisory authorities or non-AML authorities on a need-to-know basis and confidential basis and in a timely manner. The Authority shall inform the authority that has initially provided the requested information, of the identity of the requesting supervisory or other authority, the identity of an obliged entity concerned, the reason for the information request as well as whether the information has been provided to the requesting authority.

SECTION 3

Direct supervision of selected obliged entities

Article 12

Assessment of obliged entities for the purposes of selection for direct supervision

1.For the purposes of carrying out the tasks listed in Article 5(2), the Authority shall carry out a periodic assessment of the following obliged entities, based on criteria and following the process specified in paragraphs 2 to 6 of this Article and in Article 13:

(a)credit institutions that are established in at least seven Member States, including the Member State of establishment and the Member States where they are operating via subsidiaries or branches;

(b)other financial institutions that operate in at least ten Member States, including the Member State of establishment, another Member State where they are operating via a subsidiary or a branch, and all other Member States where they are operating by means of direct provision of services or via a network of representative agents.

2.The inherent risk profile of the assessed obliged entities referred to in paragraph 1, point (a) or (b) shall be classified as low, medium, substantial or high in each jurisdiction they operate in, based on the benchmarks and following the methodology set out in the regulatory technical standard referred to in paragraph 5.

3.The methodology for classifying the inherent risk profile shall be established separately for at least the following categories of obliged entities:

(a)credit institutions;

(b)bureaux de change;

(c)undertaking for collective investment in transferable securities and alternative investment funds;

(d)credit providers other than credit institutions;

(e)e-money institutions;

(f)investment firms;

(g)payments service providers;

(h)life insurance undertakings;

(i)life insurance intermediaries;

(j)other financial institutions.

4.For each category of obliged entities referred to in paragraph 4, the benchmarks in the assessment methodology shall be based on the risk factor categories related to customer, products, services, transactions, delivery channels and geographical areas. The benchmarks shall be established for at least the following indicators of inherent risk in any Member State they operate in:

(a)with respect to customer-related risk: the share of non-resident customers, the presence and share of customers identified as Politically Exposed persons (‘PEPs’);

(b)with respect to products and services offered:

(i)the significance and the trading volume of products and services identified as the most potentially vulnerable to money laundering and terrorist financing risks at the level of the internal market in the supra-national risk assessment or at the level of the country in the national risk assessment;

(ii)the volume of the deposit and payment account services provided under the freedom to provide services;

(iii)for money remittance service providers, the significance of aggregate annual emission and reception activity of each remitter in a jurisdiction;

(c)with respect to geographical areas:

(i)the annual volume of correspondent banking services provided by Union financial sector entities in third countries;

(ii)the number and share of correspondent banking clients from third countries with structural weaknesses in their AML systems identified by global standard setting bodies;

(iii)the volume of activity of virtual assets service providers registered or licensed in third countries and operating as financial institutions in the Union.

5.The Authority shall develop draft regulatory technical standards setting out the methodology with the benchmarks referred to in paragraph 4 for classifying the inherent risk profile of any cross-border credit or financial institution in each Member State it operates in as low, medium, substantial or high.

The Authority shall submit the draft regulatory technical standards to the Commission by [1 January 2025].

The Commission is empowered to adopt the regulatory technical standards referred to in the first subparagraph in accordance with Article 38 of this Regulation.

6.The Authority shall review the benchmarks and methodology at least every three years. Where amendments are required, the Authority shall submit amended draft regulatory technical standards to the Commission.

Article 13

The process of listing selected obliged entities

1.The following obliged entities shall qualify as a selected obliged entity:

(a)each credit institution assessed pursuant to Article 12 that has a high inherent risk profile in at least four Member States and that has been under supervisory or other public investigation for material breaches of the acts referred to in Article 1(2) in at least one of those Member States in the previous three years;

(b)each financial institution assessed pursuant to Article 12 that has a high inherent risk in at least one Member States where it is established or operates via a subsidiary or a branch, and at least five other Member States where it operates via direct provision of services or via a network of representative agents.

2.The Authority shall commence the first selection process on 1 July 2025 and shall conclude the selection within one month. The selection shall be made every three years after the date of commencement of the first selection, and shall be concluded within one month in each selection period. The list of the selected obliged entities shall be published by the Authority without undue delay upon completion of selection process. The Authority shall commence the direct supervision of the selected obliged entities five months after publication of the list.

3.A selected obliged entity shall remain subject to direct supervision by the Authority until the Authority commences the direct supervision of selected obliged entities based on a list established for the subsequent selection round which no longer includes that obliged entity.

Article 14

Cooperation within the AML/CFT supervisory system for the purposes of direct supervision 

1.Without prejudice to the Authority’s power pursuant to Article 20(2), point (g), to receive directly, or have direct access to, information reported, on an ongoing basis, by selected obliged entities, financial supervisors shall provide the Authority with all information necessary for carrying out the tasks conferred on the Authority.

2.Where appropriate, financial supervisors shall be responsible for assisting the Authority with the preparation and implementation of any acts relating to the tasks referred to in Article 5(2), point (b), as regards all selected obliged entities, including assistance in verification activities. They shall follow the instructions given by the Authority when performing those tasks.

3.The Authority shall develop implementing technical standards specifying the conditions under which financial supervisors are to assist the Authority pursuant to paragraph 2.

4.The Authority shall submit the draft implementing technical standards to the Commission by 1 January 2025.

The Commission is empowered to adopt the implementing technical standards referred to in the first subparagraph in accordance with Article 42.

Article 15

Joint supervisory teams

1.A joint supervisory team shall be established for the supervision of each selected obliged entity. Each joint supervisory team shall be composed of staff from the Authority and from the financial supervisors responsible for supervision of the selected obliged entity at national level. The members of the joint supervisory team shall be appointed in accordance with paragraph 4 and shall work under the coordination of a designated staff member from the Authority (‘JST coordinator’).

2.The JST coordinator shall ensure the coordination of the work within the joint supervisory team. Joint supervisory team members shall follow the JST coordinator’s instructions as regards their tasks in the joint supervisory team. This shall not affect their tasks and duties within their respective financial supervisors. The JST coordinator shall be delegated from the Authority to the financial supervisor in the Member State where a selected obliged entity has its headquarters, upon agreement of the relevant financial supervisors. The duration of the delegation shall be limited to the time period during which the Authority carries out supervisory tasks with respect to the selected obliged entity.

3.The tasks of a joint supervisory team shall include the following:

(a)performing the supervisory reviews and assessments for the selected obliged entities;

(b)performing and coordinating on-site inspections at selected obliged entities and preparing the reports, including proposals for adoption of supervisory measures following such reports, where necessary;

(c)taking into account the reviews, assessments and on-site inspections referred to in points (a) and (b), participating in the preparation of draft decisions applicable to the respective selected obliged entity to be proposed to the General Board and Executive Board;

(d)liaising with financial supervisors where necessary for exercises of supervisory tasks in any Member State where a selected obliged entity is established.

4.The Authority shall be responsible for the establishment and the composition of joint supervisory teams. The respective financial supervisors shall appoint one or more persons from their staff as a member or members of a joint supervisory team. A financial supervisor staff member may be appointed as a member of more than one joint supervisory team.

5.The Authority and financial supervisors shall consult each other and agree on the use of staff with regard to the joint supervisory teams.

Article 16

Request for information

1.The Authority may require selected obliged entities and natural or legal persons belonging to them, and third parties to whom the selected obliged entities have outsourced operational functions or activities and natural or legal persons affiliated to them, to provide all information that is necessary in order to carry out the tasks conferred on it by this Regulation.

2.The persons referred to in paragraph 1 or their representatives and, in the case of legal persons or associations having no legal personality, the persons authorised to represent them by law or by their constitution, shall supply the information requested. Lawyers duly authorised to act may supply the information on behalf of their clients. The latter shall remain fully responsible if the information supplied is incomplete, incorrect or misleading.

3.Where the Authority obtains information directly from the natural or legal persons referred to in paragraph 1, it shall make that information available to the financial supervisor concerned.

Article 17

General investigations

1.In order to carry out the tasks conferred on it by this Regulation, the Authority may conduct all necessary investigations of any selected obliged entity or any natural or legal person employed by or belonging to a selected obliged entity and established or located in a Member State.

To that end, the Authority may:

(a)require the submission of documents;

(b)examine the books and records of the persons and take copies or extracts from the books and records;

(c)obtain access to internal audit reports, certification of accounts and any software, databases, IT tools or other electronic means of recording information;

(d)obtain written or oral explanations from any person referred to in Article 16 or their representatives or staff;

(e)interview any other person who consents to be interviewed for the purpose of collecting information relating to the subject-matter of an investigation.

2.The persons referred to in Article 16 shall be subject to investigations launched on the basis of a decision of the Authority. When a person obstructs the conduct of the investigation, the financial supervisor of the Member State where the relevant premises are located shall provide, in compliance with national law, the necessary assistance, including facilitating the access by the Authority to the business premises of the legal persons referred to in Article 16, so that the rights listed in paragraph 1 of this Article can be exercised.

Article 18

On-site inspections

1.In order to carry out the tasks conferred on it by this Regulation, the Authority may, subject to prior notification to the financial supervisor concerned, conduct all necessary on-site inspections at the business premises of the legal persons referred to in Article 16. Where the proper conduct and efficiency of the inspection so require, the Authority may carry out the on-site inspection without prior announcement to those legal persons.

2.The staff of the Authority and other persons authorised by the Authority to conduct an on-site inspection may enter any business premises and land of the legal persons subject to a decision on investigation adopted by the Authority and shall have all the powers provided in Article 20.

3.The legal persons referred to in Article 16 shall be subject to on-site inspections on the basis of a decision of the Authority.

4.Staff and other accompanying persons authorised or appointed by the financial supervisor of the Member State where the inspection is to be conducted shall, under the supervision and coordination of the Authority, actively assist the officials of and other persons authorised by the Authority. To that end, they shall enjoy the powers set out in paragraph 2. Staff of financial supervisors of the Member State concerned shall also have the right to participate in the on-site inspections.

5.Where the staff of and other accompanying persons authorised or appointed by the Authority find that a person opposes an on-site inspection ordered pursuant to this Article, the financial supervisor of the Member State concerned shall provide the necessary assistance in accordance with national law. To the extent necessary for the inspection, this assistance shall include the sealing of any business premises and books or records. Where that power is not available to the financial supervisor concerned, it shall use its powers to request the necessary assistance of other national authorities.

Article 19

Authorisation by a judicial authority

1.If an on-site inspection provided for in Article 18 requires authorisation by a judicial authority in accordance with national law, the Authority shall apply for such an authorisation.

2.Where an authorisation as referred to in paragraph 1 is applied for, the national judicial authority shall control that the decision of the Authority is authentic and that the coercive measures envisaged are neither arbitrary nor excessive having regard to the subject matter of the inspection. In its control of the proportionality of the coercive measures, the national judicial authority may ask the Authority for detailed explanations, in particular relating to the grounds the Authority has for suspecting that an infringement of the acts referred to in Article 1(2), first subparagraph has taken place, the seriousness of the suspected infringement and the nature of the involvement of the person subject to the coercive measures. However, the national judicial authority shall not review the necessity for the inspection or demand to be provided with the information on the Authority’s file. The lawfulness of the Authority’s decision shall be subject to review only by the Court of Justice of the European Union.

Article 20

Supervisory powers

1.For the purpose of carrying out its tasks referred to in Article 5(2), the Authority shall have the powers set out in paragraph 2 of this Article to require any selected obliged entity to take the necessary measures where:

(a)the selected obliged entity does not meet the requirements of Union acts and national legislation referred to in Article 1(2);

(b)the Authority has evidence that the selected obliged entity is likely to breach the requirements of Union acts and national legislation referred to Article 1(2) within the next 12 months;

(c)the arrangements, strategies, processes and mechanisms implemented by the selected obliged entity do not ensure, based on a determination by the Authority, a sound management and coverage of its risks.

2.For the purposes of Article 6(1) the Authority shall have, in particular, the following powers:

(a)to require the reinforcement of the arrangements, processes, mechanisms and strategies;

(b)to require a plan to restore compliance with supervisory requirements pursuant to Union acts and national legislation referred to in Article 1(2) and to set a deadline for its implementation, including improvements to that plan regarding its scope and deadline;

(c)to require to apply a specific policy or treatment of clients, transactions, or delivery channels;

(d)to restrict or limit the business, operations or network of institutions comprising the selected obliged entity, or to require the divestment of activities that pose excessive money laundering and terrorism financing risks;

(e)to require the implementation of measures to bring about the reduction of the money laundering and terrorism financing risks in the activities, products and systems of selected obliged entities;

(f)to require changes in the governance structure;

(g)to require the provision of any data or information necessary for the fulfilment of tasks listed in Article 5(2), to require submission of any document, or impose additional or more frequent reporting requirements;

(h)to impose specific requirements relating to individual clients, transactions or activities that pose high risks;

(i)to propose the withdrawal of licence of a selected obliged entity to the authority that has granted such license.

3.The Authority shall also have the powers and obligations which supervisory authorities have under the relevant Union law, unless otherwise provided for by this Regulation. To the extent necessary to carry out the tasks conferred on it by this Regulation, the Authority may require, by way of instructions, those supervisory authorities to make use of their powers, under and in accordance with the conditions set out in national law, where this Regulation does not confer such powers on the Authority, in particular where such powers stem from Article 41(1) (a) to (f), (2) and (3) [OP please insert the next number to the AMLD, COM(2021)423]. Those supervisory authorities shall fully inform the Authority about the exercise of those powers.

Article 21

Administrative pecuniary sanctions

1.For the purpose of carrying out the tasks conferred on it by this Regulation, where a selected obliged entity intentionally or negligently breaches a requirement listed in Annex II under directly applicable acts of Union law referred to in Article 1(2), or does not comply with a binding decision referred to in Article 6(1), the Authority may impose administrative pecuniary sanctions, under the conditions specified in paragraphs 2 to 7 of this Article.

2.Where the Executive Board of the Authority finds that a selected obliged entity has, intentionally or negligently, committed a material breach of directly applicable requirements contained in [OP please insert the next number to the AMLR, COM (2021)420] or [OP please insert the next number to the TFR, COM(2021)422], it shall adopt a decision imposing administrative pecuniary sanctions, in accordance with paragraph 3. Administrative pecuniary sanctions shall, depending on the circumstances of each individual case, be imposed in addition to, or instead of, the requests referred to in Article 20(2).

3.The basic amount of the administrative pecuniary sanctions referred to in paragraph 1 shall be included within the following limits:

(a)for material breaches of one or more requirements related to customer due diligence, group policies and procedures and/or reporting obligations that have been identified in two or more Member States where a selected obliged entity operates, the sanction shall amount to at least EUR 1 000 000 and shall not exceed EUR 2 000 000 or 1% of the annual turnover, whichever is higher;

(b)for material breaches of one or more requirements related to customer due diligence, internal policies, controls and procedures and/or reporting obligations that have been identified one Member State where a selected obliged entity operates, the sanction shall amount to at least EUR 500 000 and shall not exceed EUR 1 000 000 or 0,5% of the annual turnover, whichever is higher;

(c)for material breaches of all other requirements that have been identified in two or more Member States where a selected obliged entity operates, the sanction shall amount to at least EUR 1 000 000 and shall not exceed EUR 2 000 000;

(d)for material breaches of all other requirements that have been identified in one Member State the sanction shall amount to at least EUR 500 000 and shall not exceed EUR 1 000 000;

(e)for material breaches of the decisions of the Authority referred to in Article 6(1), the sanction shall amount to at least EUR 100 000 and shall not exceed EUR 1 000 000.

4.The basic amounts defined within the limits set out in paragraph 3 shall be adjusted, where needed, by taking into account aggravating or mitigating factors in accordance with the relevant coefficients set out in Annex I. The relevant aggravating coefficients shall be applied one by one to the basic amount. If more than one aggravating coefficient is applicable, the difference between the basic amount and the amount resulting from the application of each individual aggravating coefficient shall be added to the basic amount. Where the benefit derived from the breach by the natural or legal person held responsible or the losses to third parties caused by the breach can be determined, they shall be added to the total amount of the sanction, after application of the coefficients.

5.The relevant mitigating coefficients shall be applied one by one to the basic amount. If more than one mitigating coefficients is applicable, the difference between the basic amount and the amount resulting from the application of each individual mitigating coefficient shall be subtracted from the basic amount.

6.The maximum amount of a sanction for material breaches referred to in paragraph 2, points (a) and (b) shall not exceed 10 % of the total annual turnover of the obliged entity in the preceding business year, after application of the coefficients referred to in paragraphs 4 and 5.

7.The maximum amount of a sanction for material breaches referred to in paragraph 2, points (c) and point (d) shall not exceed EUR 10 000 000 or, in the Member States whose currency is not the Euro, the corresponding value in the national currency, after application of the coefficients referred to in paragraphs 4 and 5.

8.Where the selected obliged entity is a parent undertaking or a subsidiary of a parent undertaking which is required to prepare consolidated financial accounts in accordance with Article 22 of Directive 2013/34/EU of the European Parliament and the Council 51 , the relevant total annual turnover shall be the total annual turnover or the corresponding type of income in accordance with applicable accounting standards according to the last available consolidated accounts approved by the management body of the ultimate parent undertaking.

9.In the cases not covered by paragraph 1 of this Article, where necessary for the purpose of carrying out the tasks conferred on it by this Regulation, the Authority may require financial supervisors to open proceedings with a view to taking action in order to ensure that appropriate administrative pecuniary sanctions are imposed in accordance with the legislative acts referred to in Article 1(2) and any relevant national legislation which confers specific powers which are currently not required by Union law. The sanctions applied by financial supervisors shall be effective, proportionate and dissuasive.

The first subparagraph shall be applicable to administrative pecuniary sanctions to be imposed on selected obliged entities for breaches of national law transposing [OP please insert the next number to the AMLD, COM(2021)423] and to any administrative pecuniary sanctions to be imposed on members of the management board of selected obliged entities who under national law are responsible for a breach by an obliged entity.

10.The administrative pecuniary sanctions applied shall be effective, proportionate and dissuasive.

Article 22

Periodic penalty payments 

1.The Executive Board shall by decision impose a periodic penalty payment in order to compel:

(a)a selected obliged entity to put an end to a breach, in accordance with a decision taken pursuant to Article 6(1);

(b)a person referred to in Article 16(1) to supply complete information which has been required by a decision pursuant to Article 6(1);

(c)a person referred to in Article 16(1) to submit to an investigation and in particular to produce complete records, data, procedures or any other material required and to complete and correct other information provided in an investigation launched pursuant to Article 17.

2.The periodic penalty payment shall be effective and proportionate. The periodic penalty payment shall be imposed on a daily basis until the selected obliged entity or person concerned complies with the relevant decision referred to in paragraph 1.

3.Notwithstanding paragraph 2, the amount of a periodic penalty payment shall be 3 % of the average daily turnover in the preceding business year or, in the case of natural persons, 2 % of the average daily income in the preceding calendar year. It shall be calculated from the date set in the decision imposing the periodic penalty payment.

4.A periodic penalty payment may be imposed for a period of no more than six months following the notification of Authority’s decision.

Article 23

Hearing of persons subject to proceedings 

1.Before taking any decision imposing an administrative pecuniary sanction or periodic penalty payment under Articles 21 and 22, the Executive Board shall give the persons subject to the proceedings the opportunity to be heard on Authority’s findings. The Executive Board shall base its decisions only on findings on which the persons subject to the proceedings have had the opportunity to comment.

2.The rights of defence of the persons subject to the proceedings shall be fully respected during the proceedings. They shall be entitled to have access to the Authority’s file, subject to the legitimate interest of other persons in the protection of their business secrets. The right of access to the file shall not extend to confidential information or internal preparatory documents of the Authority.

Article 24

Disclosure, nature, enforcement and allocation of administrative pecuniary sanctions and periodic penalty payments

1.The Authority shall disclose to the public every administrative pecuniary sanction and periodic penalty payment that has been imposed on a selected obliged entity pursuant to Articles 21 and 22, unless such disclosure to the public would cause disproportionate damage to the parties involved.

2.Administrative pecuniary sanctions and periodic penalty payments imposed pursuant to Articles 21 and 22 shall be enforceable.

Enforcement shall be governed by the rules of civil procedure in force in the State in the territory of which it is carried out. The order for its enforcement shall be appended to the decision without other formality than verification of the authenticity of the decision by the authority which the government of each Member State shall designate for that purpose and shall make known to the Authority and to the Court of Justice of the European Union.

When those formalities have been completed on application by the party concerned, the latter may proceed to enforcement in accordance with national law, by bringing the matter directly before the competent body.

Enforcement may be suspended only by a decision of the Court of Justice of the European Union. However, the courts of the Member State concerned shall have jurisdiction over complaints that enforcement is being carried out in an irregular manner.

3.The amounts of the fines and periodic penalty payments shall be allocated to the general budget of the European Union.

Article 25

Procedural rules for taking supervisory measures and imposing administrative pecuniary sanctions

1.Where, in carrying out its duties under this Regulation, the Authority finds that there are serious indications of the possible existence of facts liable to constitute one or more of the breaches listed in Annex II, the Authority shall appoint an independent investigatory team within the Authority to investigate the matter. The investigatory team shall not be involved or have been involved in the direct supervision of the selected obliged entity concerned and shall perform their functions independently from the Authority’s Executive Board.

2.The investigatory team shall investigate the alleged breaches, taking into account any comments submitted by the persons subject to investigation, and shall submit a complete file with their findings to the Authority’s Executive Board.

In order to carry out their tasks, the investigatory team may exercise the power to require information in accordance with Article 16 and to conduct investigations and on-site inspections in accordance with Articles 17 and 18.

Where carrying out their tasks, the investigatory team shall have access to all documents and information gathered by the joint supervisory team in its supervisory activities.

3.Upon completion of their investigation and before submitting the file with their findings to Authority’s Executive Board, the investigatory team shall give the persons subject to investigation the opportunity to be heard on the matters being investigated. The investigatory team shall base their findings only on facts on which the persons subject to investigation have had the opportunity to comment.

The rights of defence of the persons concerned shall be fully respected during investigations under this Article.

4.When submitting the file with their findings to the Authority’s Executive Board, the investigatory team shall notify that fact to the persons subject to investigation. The persons subject to investigation shall be entitled to have access to the file, subject to the legitimate interest of other persons in the protection of their business secrets. The right of access to the file shall not extend to confidential information affecting third parties.

5.On the basis of the file containing the investigatory team’s findings and, when requested by the persons concerned, after having heard the persons subject to investigation in accordance with Article X, the Executive Board shall decide if one or more of the breaches listed in Annex II have been committed by the persons who have been subject to investigation, and in such case, shall take a supervisory measure in accordance with Article 20 and impose an administrative pecuniary sanction in accordance with Article 21.

6.The investigatory team shall not participate in the deliberations of the Executive Board or in any other way intervene in the decision-making process of the Executive Board.

7.The Commission shall adopt further rules of procedure for the exercise of the power to impose administrative pecuniary sanctions or periodic penalty payments, including provisions on rights of defence, temporal provisions, and the collection of administrative pecuniary sanctions or periodic penalty payments, and shall adopt detailed rules on the limitation periods for the imposition and enforcement of penalties.

The rules referred to in the first subparagraph shall be adopted by means of delegated acts in accordance with Article 85.

8.The Authority shall refer matters for criminal prosecution to the relevant national authorities where, in carrying out its duties under this Regulation, it finds that there are serious indications of the possible existence of facts liable to constitute criminal offences. In addition, the Authority shall refrain from imposing administrative pecuniary sanctions or periodic penalty payments where a prior acquittal or conviction arising from identical facts, or from facts which are substantially the same, has acquired the force of res judicata as the result of criminal proceedings under national law.

Article 26

Review by the Court of Justice of the European Union

The Court of Justice of the European Union shall have unlimited jurisdiction to review decisions of the Authority imposing an administrative pecuniary sanction or a periodic penalty payment. It may annul, reduce or increase the fine or periodic penalty payment imposed.

Article 27

Language arrangements in direct supervision

1.The Authority and the financial supervisors shall adopt arrangements for their communication within the AML/CFT supervisory system, including the language(s) to be used.

2.Any document which a selected obliged entity or any other natural or legal person individually subject to the Authority’s supervisory procedures submits to the Authority may be drafted in any of the official languages of the Union, chosen by the selected obliged entity or natural or legal person concerned.

3.The Authority, selected obliged entities and any other legal or natural person individually subject to the Authority’s supervisory procedures may agree to exclusively use one of the official languages of the Union in their written communication, including with regard to the Authority’s supervisory decisions.

4.The revocation of such agreement on the use of one language shall only affect the aspects of the Authority’s supervisory procedure which have not yet been carried out.

5.Where participants in an oral hearing request to be heard in an official language of the Union other than the language of the Authority’s supervisory procedure, sufficient advance notice of this requirement shall be given to the Authority so that it can make the necessary arrangements.

SECTION 4

INDIRECT SUPERVISION OF NON-SELECTED OBLIGED ENTITIES

Article 28

Assessments of the state of supervisory convergence

1.The Authority shall perform periodic assessments of some or all of the activities of one, several, or all financial supervisors, including the assessment of their tools and resources to ensure high level supervisory standards and practices. The assessments shall include a review of the application of the AML/CFT supervisory methodology developed pursuant to Article 8 and shall cover all financial supervisors in a single assessment cycle. The length of each assessment cycle shall be determined by the Authority and shall not exceed seven years.

2.The assessments shall be carried out by the staff of the Authority with voluntary involvement of the staff of financial supervisors that are not subject to review, upon agreement on such involvement by the Executive Board. The assessments shall take due account of all the relevant evaluations, assessments or reports drawn up by international organisations and intergovernmental bodies with competence in the field of preventing money laundering and terrorist financing.

3.The Authority shall produce a report setting out the results of each assessment. That report shall be prepared by the staff of the Authority, or by the staff of the Authority jointly with the staff of the financial supervisors where the staff of financial supervisors were involved in the review on an ad-hoc basis. The report shall be adopted by the Executive Board, taking into account the observations of the General Board in supervisory composition. The report shall explain and indicate any specific follow-up measures required to be taken by the financial supervisor or financial supervisors subject to the assessment that are deemed appropriate, proportionate and necessary as a result of the assessment. The follow-up measures may be adopted in the form of guidelines and recommendations pursuant to Article 43 including recommendations addressed to all or several financial supervisors or to any specific financial supervisor, as appropriate.

4.Financial supervisors shall make every effort to comply with the specific follow-up measures addressed to them as a result of the assessment.

Article 29

Coordination and facilitation of work of the AML colleges

1.The Authority shall ensure, within the scope of its powers and without prejudice to the powers of the relevant financial supervisors pursuant to Article 36 [OP please insert the next number to the AMLD, COM(2021)423], that AML supervisory colleges are established and functioning consistently for non-selected obliged entities operating in several Member States in accordance with Article 36 [OP please insert the next number to the AMLD, COM(2021)423]. To that end, the Authority may:

(a)establish colleges, convene and organize the meetings of colleges, where such college has not been established although the relevant conditions for its establishment set out in Article 36 [OP please insert the next number to the AMLD, COM(2021)423] are met;

(b)assist in the organisation of college meetings, where requested by the relevant financial supervisors;

(c)assist in the organisation of joint supervisory plans and joint examinations;

(d)collect and share all relevant information in cooperation with the financial supervisors in order to facilitate the work of the college and make such information accessible to the authorities in the college;

(e)promote effective and efficient supervisory activities, including evaluating the risks to which obliged entities are or might be exposed;

(f)oversee, in accordance with the tasks and powers specified in this Regulation, the tasks carried out by the financial supervisors.

2.For the purposes of paragraph 1, the staff of the Authority shall have full participation rights in the AML supervisory colleges and shall be able to participate in their activities, including on-site inspections, carried out jointly by two or more financial supervisors.

Article 30

Requests to act in exceptional circumstances

1.Financial supervisors shall notify the Authority where the situation of any non-selected obliged entity with regard to its compliance with applicable requirements and its exposure to money laundering and terrorism financing risks deteriorates rapidly and significantly, especially where such deterioration could lead to significant harm to the reputation of the Member State where that entity operates, several Member States or of the Union as a whole.

2.The Authority may, where it has indications of material breaches by a non-selected obliged entity, request its financial supervisor to:

(a)investigate possible breaches of Union law, and where such Union law is composed of Directives or explicitly grants options for Member States, breaches of national law to the extent that it transposes Directives or exercises options granted to Member States by Union law, by a non-selected obliged entity; and

(b)consider imposing sanctions in accordance with directly applicable Union law or national law transposing Directives on that entity in respect of such breaches.

Where necessary, the Authority may also request a financial supervisor to adopt an individual decision addressed to that entity requiring it to undertake all necessary actions to comply with its obligations under directly applicable Union law or under national law, to the extent that it transposes Directives or exercises options granted to Member States by Union law, including the cessation of any practice.

3.The financial supervisor concerned shall comply with any request addressed to it in accordance with paragraph 2 and shall inform the Authority, as soon as possible and within ten working days from the day of the notification of such request at the latest, of the steps it has taken or intends to take to comply with that request.

4.Where the financial supervisor concerned does not comply with the request referred to in paragraph 2 and does not inform the Authority of the steps it has taken or intends to take to comply with the request within ten days from the day of the notification of the request, the Authority may request the Commission to grant permission to transfer the relevant tasks and powers referred to in Article 5(2) and Article 6(1) related to direct supervision of the non-selected obliged entity from the financial supervisor concerned to the Authority.

5.The request from the Authority shall contain:

(a)a description of the material breaches of the directly applicable requirements by an identified non-selected obliged entity and a justification that such breaches fall within the scope of competence of the Authority, pursuant to paragraph 2;

(b)a justification why the request to the financial supervisor referred to in paragraph 2 did not result in any action taken within the time-limit set in paragraph 3;

(c)a time limit, which shall not exceed three years, for the requested transfer of the relevant tasks and powers;

(d)a description of the measures that the Authority intends to take in relation to the non-selected obliged entity upon the transfer of the relevant tasks and powers to address the material breaches referred to in paragraph 2.

6.The Commission shall have one month from the date of receipt of the request from the Authority to adopt a decision whether to authorise the transfer of the relevant tasks and powers or to oppose it. The decision shall be notified to the Authority, which shall immediately inform the financial supervisor and the non-selected obliged entity thereof.

7.On the tenth working day after the notification of the decision authorising the transfer of tasks and powers in relation to the non-selected obliged entity, the non-selected obliged entity referred to in paragraph 2 shall be deemed a selected obliged entity for the purposes of the exercise of the tasks referred to in Article 5(2) and the powers referred to in Article 6(1) and Articles 16 to 22. The Commission decision shall set a time-limit for the exercise of these tasks and powers, upon the expiry of which they shall be automatically transferred back to the financial supervisor concerned.

SECTION 5

OVERSIGHT OF NON-FINANCIAL SECTOR

Article 31

Peer reviews

1.The Authority shall periodically conduct peer reviews of some or all of the activities of non-financial supervisors to strengthen consistency and effectiveness in supervisory outcomes. To that end, the Authority shall develop methods to allow for an objective assessment and comparison between non-financial supervisors reviewed. When planning and conducting peer reviews, existing information and evaluations already available with regard to the non-financial supervisor concerned, including any relevant information provided to the Authority in accordance with Article 11, assessments or reports drawn up by international organisations and intergovernmental bodies competent in the field of preventing money laundering or terrorist financing and any relevant information from stakeholders shall be taken into account.

2.For the purposes of this Article, the Authority shall establish ad hoc peer review committees, which shall be composed of staff from the Authority and members of the non-financial supervisors. The peer review committees shall be chaired by a member of the Authority’s staff. The Chair of the Authority shall, following a call for proposals, propose the chair and the members of a peer review committee which shall be approved by the Executive Board.

3.The peer review shall include an assessment of, but shall not be limited to:

(a)the adequacy of powers and financial, human and technical resources, the degree of independence, the governance arrangements and professional standards of non-financial supervisor to ensure the effective application of Chapter IV [OP please insert the next number to the AMLD, COM(2021)423];

(b)the effectiveness and the degree of convergence reached in the application of Union law and in supervisory practice, and the extent to which the supervisory practice achieves the objectives set out in Union law;

(c)the application of best practices developed by non-financial supervisors whose adoption might be of benefit for other non-financial supervisors;

(d)the effectiveness and the degree of convergence reached with regard to the enforcement of the provisions adopted in the implementation of Union law, including the administrative sanctions and other administrative measures imposed against persons responsible where those provisions have not been complied with.

4.The Authority shall produce a report setting out the results of the peer review. That peer review report shall be prepared by the peer review committee and adopted by the Executive Board, having received the observations of the General Board in supervisory composition as to the consistency of application of the methodology with other peer review reports. The report shall explain and indicate the follow-up measures that are deemed appropriate, proportionate and necessary as a result of the peer review. Those follow-up measures may be adopted in the form of guidelines and recommendations pursuant to Article 3 and opinions pursuant to Article 44. The non-financial supervisors shall make every effort to comply with any guidelines and recommendations issued, in accordance with Article 43.

5.The Authority shall publish the findings of the peer review on its website and submit an opinion to the Commission where, having regard to the outcome of the peer review or to any other information acquired by the Authority in carrying out its tasks, it considers that further harmonisation of Union rules applicable to obliged entities in the non-financial sector or to non-financial supervisors would be necessary from the Union’s perspective.

6.The Authority shall provide a follow-up report two years after the publication of the peer review report. The follow-up report shall be prepared by the peer review committee and adopted by the Executive Board, having received the observations of the General Board in supervisory composition on the consistency with other peer review reports. The follow-up report shall include an assessment of the adequacy and effectiveness of the actions undertaken by the non-financial supervisors that were subject to the peer review in response to the follow-up measures of the peer review report. The Authority shall publish the findings of the follow-up report on its website.

7.For the purposes of this Article, the Executive Board shall adopt a peer review work plan every two years, which shall reflect the lessons learnt from the past peer review processes and discussions held in the General Board in supervisory composition. The peer review work plan shall constitute a separate part of the annual and multiannual working programme and shall be included in the Single Programming Document. In case of urgency or unforeseen events, the Authority may decide to carry out additional peer reviews.

8.When supervision is performed by SRBs, the peer review exercise shall include the assessment of the adequacy and effectiveness of measures pursuant to Article 38 of [OP please insert the next number to the AMLD, COM(2021)423] that are taken by the public authority in charge of overseeing these bodies to ensure that they perform their function to the standards required under Union law.

9.On a case by case basis, when SRBs indicate an interest to participate in a peer review exercise, representatives of such bodies entrusted with supervisory functions may be invited to participate in that peer review.

Article 32

Powers over supervisory authorities in the non-financial sector

1.Where a supervisory authority in the non-financial sector has not applied the Union acts or the national legislation referred to in Article 1(2), or has applied them in a way which appears to be a breach of Union law, in particular by failing to ensure that an entity under its supervision or oversight satisfies the requirements laid down in those acts or in that legislation, the Authority shall act in accordance with the powers set out in paragraphs 2, 3, 4, 6 and 7 of this Article.

2.Upon request from one or more supervisory authorities in the non-financial sector, the European Parliament, the Council, the Commission, or on its own initiative, including when this is based on well-substantiated information from natural or legal persons, and after having informed the supervisory authority in the non-financial sector concerned, the Authority shall outline how it intends to proceed with the case and, where appropriate, investigate the alleged breach or non-application of Union law.

The supervisory authority shall, without delay, provide the Authority with all information which the Authority considers necessary for its investigation including information on how the Union acts or in that legislation referred to in Article 1(2) are applied in accordance with Union law.

Whenever requesting information from the supervisory authority concerned has proven, or is deemed to be, insufficient to obtain the information that is deemed necessary for the purposes of investigating an alleged breach or non-application of Union law, the Authority may, after having informed the supervisory authority, address a duly justified and reasoned request for information directly to other supervisory authorities.

The addressee of such a request shall provide the Authority with clear, accurate and complete information without undue delay.

3.The Authority may, not later than six months from initiating its investigation, address a recommendation to the supervisory authority in the non-financial sector concerned setting out the action necessary to comply with Union law.

Before issuing such a recommendation, the Authority shall engage with the supervisory authority concerned, where it considers such engagement appropriate in order to resolve a breach of Union law, in an attempt to reach agreement on the actions necessary for compliance with Union law.

The supervisory authority in the non-financial sector shall, within ten working days of receipt of the recommendation, inform the Authority of the steps it has taken or intends to take to ensure compliance with Union law.

4.Where the supervisory authority in the non-financial sector has not complied with Union law within one month from receipt of the Authority’s recommendation, the Commission may, after having been informed by the Authority, or on its own initiative, issue a formal opinion requiring the supervisory authority in the non-financial sector to take the action necessary to comply with Union law. The Commission’s formal opinion shall take into account the Authority’s recommendation.

The Commission shall issue such a formal opinion within three months after the adoption of the recommendation. The Commission may extend this period by one month.

The Authority and the supervisory authority in the non-financial sector shall provide the Commission with all necessary information.

5.The supervisory authority in the non-financial sector shall, within ten working days of receipt of the formal opinion referred to in paragraph 5, inform the Commission and the Authority of the steps it has taken or intends to take to comply with that formal opinion.

6.Where the formal opinion referred to in paragraph 4 is addressed to a supervisory authority which is a public authority overseeing a SRB, and where it does not comply with the formal opinion within the period specified therein, to remedy such non-compliance in a timely manner, the Authority may adopt an individual decision addressed to an SRB requiring it to take all necessary action to comply with its obligations under Union law.

The decision of the Authority shall be in conformity with the formal opinion issued by the Commission pursuant to paragraph 4.

7.Decisions adopted in accordance with paragraph 6 shall prevail over any previous decision adopted by the supervisory authority on the same matter.

When taking action in relation to issues which are subject to a formal opinion pursuant to paragraph 5 or to a decision pursuant to paragraph 7, supervisory authorities shall comply with the formal opinion or the decision, as the case may be.

SECTION 6

FIUs SUPPORT AND COORDINATION MECHANISM

Article 33

Conduct of joint analyses

1.Where, pursuant to Article 25 of [OP please insert the next number to the AMLD, COM(2021)423], a FIU of a Member State identifies a potential need to conduct a joint analysis with one or several FIUs in other Member States, it shall notify the Authority thereof. The Authority shall inform the FIUs in all the relevant Member States and invite them to take part in the joint analysis within five days of the initial notification. To this end, the Authority shall use secured channels of communication. The FIUs in all the relevant Member States shall consider taking part in the joint analysis. The Authority shall ensure that the joint analysis is launched within 20 days of the initial notification.

2.Any FIU that declines to participate in the conduct of the joint analysis shall provide the reasons thereof in writing to the Authority, within five days of the receipt of the invitation. The Authority shall provide such explanation without delay to the FIU having identified the need for a joint analysis.

3.Upon explicit consent of the FIUs participating in the joint analysis, the staff of the Authority supporting the joint analysis shall be granted access to all the data pertaining to the subject-matter of the joint analysis and shall be able to process those data.

4.The Authority shall provide all the necessary tools and operational support required for the conduct of the particular joint analysis, in accordance with the developed methods and procedures. In particular, the Authority shall set up a dedicated, secured channel of communication for the performance of the joint analysis, and shall provide the appropriate technical coordination, including IT support, budgetary and logistical support.

Article 34

Review of the methods, procedures and conduct of the joint analyses

1.The Authority shall ensure that the methods and procedures established for the conduct of the joint analyses are periodically reviewed and updated where necessary.

2.The FIUs that participated or were otherwise involved in one or more joint analyses may provide their feedback on the conduct of the analysis, including feedback on the operational support provided by the Authority in the process of the joint analysis, as well as feedback on the outcome of the analysis working methods and arrangements in place, the tools available and the coordination between the participating FIUs. The feedback may be labelled as confidential, in which case it will not be shared with other FIUs.

3.On the basis of the feedback referred to in paragraph 2, or on its own initiative, the Authority may issue follow-up reports relating to the conduct of joint analyses, including specific suggestions on adjustments regarding the methods and procedures for the conduct of the joint analyses, and conclusions on the outcome of the joint analyses. The procedural and operational aspects of the follow-up report shall be shared with all FIUs, without disclosing confidential or restricted information on the case. The conclusions and recommendations relating to the conduct of the joint analyses shall be shared with the FIUs that participated in the relevant joint analyses, and with all the other FIUs insofar as these conclusions do not contain confidential or restricted information.

Article 35

National FIU delegates

1.The FIU of each Member State may delegate one staff member to the Authority. The national FIU delegate shall have his or her regular place of work at the seat of the Authority.

2.FIU delegates shall have the status of staff personnel of the delegating FIU at the time of their appointment and for the entire duration of their delegation. Member States shall appoint their FIU delegate on the basis of a proven high level of relevant, practical experience in the field of FIU tasks. The salaries and emoluments of the FIU delegate shall be borne by the delegating FIU.

3.The term of office of the FIU delegates shall be three years, renewable once with consent of the delegating FIU.

4.FIU delegates shall support the Authority in carrying out the tasks set out in Article 5(5). To that end, the national FIU delegates shall be granted access to the Authority’s data and information necessary for the performance of their tasks for the duration of the delegation. 

5.FIU delegates may be granted access to any data accessible by their delegating FIU for the purposes of carrying out the tasks referred to in paragraph 4, subject to consent of their delegating FIU.

6.The Executive Board shall determine the rights and obligations of the FIU delegates in relation to the Authority.

Article 36

Mutual assistance in the area of cooperation between FIUs

1.In the context of promoting cooperation and support of the work of the FIUs, the Authority shall organise and facilitate at least the following activities:

(a)training programmes, including with respect to technological innovation;

(b)personnel exchanges and secondment schemes, including secondment of FIU staff from a Member State to the Authority;

(c)exchanges of practices between FIUs, including sharing expertise in a specific area.

2.Any FIU may submit to the Authority a request for assistance related to the tasks of the FIU, specifying the type of assistance that can be provided by the staff of the Authority, the staff of one or more than one FIU, or a combination thereof. The FIU requesting assistance shall ensure the access to any information and data necessary for the provision of such assistance. The Authority shall keep and regularly update information on specific areas of expertise and capacity of FIUs to provide mutual assistance.

3.The Authority shall make every effort to provide the requested assistance, including by considering the support to be provided with its own human resources as well as coordinating and facilitating the provision of any form of assistance by other FIUs on a voluntary basis.

4.At the beginning of each year, the Chair of the Authority shall inform the General Board in FIU composition of the human resources that the Authority can allocate to providing the assistance referred to in the previous paragraph. When changes occur to the availability of human resources due to performance of tasks referred to in Article 5(5), the Chair of the Authority shall inform the General Board in FIU composition thereof.

Article 37

FIU.net

1.The Authority shall ensure adequate and uninterrupted hosting, management, maintenance, and development of the FIU.net. The Authority shall, in cooperation with the Member States, ensure that the most advanced available technology is used for the FIU.net, subject to a cost-benefit analysis.

2.The Authority shall ensure uninterrupted functioning of the FIU.net and keep it and up to date. Where necessary to support or strengthen the exchange of information and cooperation between the FIUs and based on the needs of FIUs, the Authority shall design and implement, or otherwise make available, upgraded or additional functionalities of FIU.net.

3.The Authority shall be responsible for the following tasks relating to the FIU.net:

(a)ensure the required level of security of the system, including the implementation of the appropriate technical and organizational measures to address and mitigate data protection risks;

(b)coordinate, manage and support any testing activities;

(c)ensure adequate financial resources;

(d)provide training on the technical use of FIU.net by end-users.

4.For the purposes of carrying out the tasks referred to in paragraphs 1, 2 and 3, the Authority shall be empowered to conclude or enter into legally binding contracts or agreements with third party service providers.

5.The Authority shall adopt and implement the measures necessary for fulfilment of the tasks referred to in this Article, including a security plan, a business continuity plan and a disaster recovery plan for the FIU.net.

SECTION 7

COMMON INSTRUMENTS

Article 38

Regulatory technical standards

1.Where the European Parliament and the Council delegate power to the Commission to adopt regulatory technical standards by means of delegated acts pursuant to Article 290 TFEU in order to ensure consistent harmonisation in the areas specifically set out in the legislative acts referred to in Article 1(2) of this Regulation, the Authority may develop draft regulatory technical standards. The Authority shall submit its draft regulatory technical standards to the Commission for adoption. At the same time, the Authority shall forward those draft regulatory technical standards for information to the European Parliament and to the Council.

Regulatory technical standards shall be technical, shall not imply strategic decisions or policy choices and their content shall be delimited by the legislative acts on which they are based.

Before submitting them to the Commission, the Authority shall conduct open public consultations on draft regulatory technical standards and shall analyse the potential related costs and benefits, unless those consultations and analyses are highly disproportionate in relation to the scope and impact of the draft regulatory technical standards concerned or in relation to the particular urgency of the matter.

Within three months of receipt of a draft regulatory technical standard, the Commission shall decide whether to adopt it. The Commission shall inform the European Parliament and the Council in due time where the adoption cannot take place within the three-month period. The Commission may adopt the draft regulatory technical standard in part only, or with amendments, where the Union’s interests so require.

Where the Commission intends not to adopt a draft regulatory technical standard or to adopt it in part or with amendments, it shall send the draft regulatory technical standard back to the Authority, explaining why it does not adopt it or explaining the reasons for its amendments.

The Commission shall send a copy of its letter to the European Parliament and to the Council. Within a period of six weeks, the Authority may amend the draft regulatory technical standard on the basis of the Commission’s proposed amendments and resubmit it in the form of a formal opinion to the Commission. The Authority shall send a copy of its formal opinion to the European Parliament and to the Council.

If, on the expiry of that six-week period, the Authority has not submitted an amended draft regulatory technical standard, or has submitted a draft regulatory technical standard that is not amended in a way consistent with the Commission’s proposed amendments, the Commission may adopt the regulatory technical standard with the amendments it considers relevant, or reject it.

The Commission may not change the content of a draft regulatory technical standard prepared by the Authority without prior coordination with the Authority, as set out in this Article.

2.Where the Authority has not submitted a draft regulatory technical standard within the time limit set out in the legislative acts referred to in Article 1(2), the Commission may request such a draft within a new time limit. The Authority shall inform the European Parliament, the Council and the Commission, in due time, that it will not comply with the new time limit.

3.Only where the Authority does not submit a draft regulatory technical standard to the Commission within the time limits in accordance with paragraph 2, may the Commission adopt a regulatory technical standard by means of a delegated act without a draft from the Authority.

The Commission shall conduct open public consultations on draft regulatory technical standards and analyse the potential related costs and benefits, unless such consultations and analyses are disproportionate in relation to the scope and impact of the draft regulatory technical standards concerned or in relation to the particular urgency of the matter.

The Commission shall immediately forward the draft regulatory technical standard to the European Parliament and the Council.

The Commission shall send its draft regulatory technical standard to the Authority. Within a period of six weeks, the Authority may amend the draft regulatory technical standard and submit it in the form of a formal opinion to the Commission. The Authority shall send a copy of its formal opinion to the European Parliament and to the Council.

If on the expiry of the six-week period referred to in the fourth subparagraph, the Authority has not submitted an amended draft regulatory technical standard, the Commission may adopt the regulatory technical standard.

If the Authority has submitted an amended draft regulatory technical standard within the six-week period, the Commission may amend the draft regulatory technical standard on the basis of the Authority’s proposed amendments or adopt the regulatory technical standard with the amendments it considers relevant. The Commission shall not change the content of the draft regulatory technical standard prepared by the Authority without prior coordination with the Authority, as set out in this Article.

4.The regulatory technical standards shall be adopted by means of regulations or decisions. The words ‘regulatory technical standard’ shall appear in the title of such regulations or decisions. Those standards shall be published in the Official Journal of the European Union and shall enter into force on the date stated therein.

Article 39

Exercise of the delegation

1.The power to adopt regulatory technical standards referred to in Article 38 shall be conferred on the Commission for a period of four years from [OP please insert the date = from the date of entry into force of this Regulation]. The Commission shall draw up a report in respect of the delegated power not later than 6 months before the end of the 4-year period. The delegation of power shall be automatically extended for periods of an identical duration. .

2.As soon as it adopts a regulatory technical standard, the Commission shall notify it simultaneously to the European Parliament and to the Council.

3.The power to adopt regulatory technical standards is conferred on the Commission subject to the conditions laid down in Articles 38, 40 and 41.

Article 40

Objections to regulatory technical standards

1.The European Parliament or the Council may object to a regulatory technical standard within a period of three months from the date of notification of the regulatory technical standard adopted by the Commission. At the initiative of the European Parliament or the Council that period shall be extended by three months.

2.If, on the expiry of the period referred to in paragraph 1, neither the European Parliament nor the Council has objected to the regulatory technical standard, it shall be published in the Official Journal of the European Union and shall enter into force on the date stated therein.

The regulatory technical standard may be published in the Official Journal of the European Union and enter into force before the expiry of that period if the European Parliament and the Council have both informed the Commission of their intention not to raise objections.

3.If either the European Parliament or the Council objects to a regulatory technical standard within the period referred to in paragraph 1, it shall not enter into force. In accordance with Article 296 TFEU, the institution which objects shall state the reasons for objecting to the regulatory technical standard.

Article 41

Non-endorsement or amendment of draft regulatory technical standards

1.In the event that the Commission does not endorse a draft regulatory technical standard or amends it as provided for in Article 35, the Commission shall inform the Authority, the European Parliament and the Council, stating its reasons.

2.Where appropriate, the European Parliament or the Council may invite the responsible Commissioner, together with the Chairperson of the Authority, within one month of the notice referred to in paragraph 1, for an ad hoc meeting of the competent committee of the European Parliament or the Council to present and explain their differences.

Article 42

Implementing technical standards

1.Where the European Parliament and the Council confer implementing powers on the Commission to adopt implementing technical standards by means of implementing acts pursuant to Article 291 TFEU, in the areas specifically set out in the legislative acts referred to in Article 1(2) of this Regulation, the Authority may develop draft implementing technical standards. Implementing technical standards shall be technical, shall not imply strategic decisions or policy choices and their content shall be to determine the conditions of application of those acts. The Authority shall submit its draft implementing technical standards to the Commission for adoption. At the same time, the Authority shall forward those technical standards for information to the European Parliament and to the Council.

Before submitting draft implementing technical standards to the Commission, the Authority shall conduct open public consultations and shall analyse the potential related costs and benefits, unless such consultations and analyses are highly disproportionate in relation to the scope and impact of the draft implementing technical standards concerned or in relation to the particular urgency of the matter.

Within three months of receipt of a draft implementing technical standard, the Commission shall decide whether to adopt it. The Commission may extend that period by one month. The Commission shall inform the European Parliament and the Council in due time where the adoption cannot take place within the three-month period. The Commission may adopt the draft implementing technical standard in part only, or with amendments, where the Union’s interests so require.

Where the Commission intends not to adopt a draft implementing technical standard or intends to adopt it in part or with amendments, it shall send it back to the Authority explaining why it does not intend to adopt it or explaining the reasons for its amendments. The Commission shall send a copy of its letter to the European Parliament and to the Council. Within a period of six weeks, the Authority may amend the draft implementing technical standard on the basis of the Commission’s proposed amendments and resubmit it in the form of a formal opinion to the Commission. The Authority shall send a copy of its formal opinion to the European Parliament and to the Council.

If, on the expiry of the six-week period referred to in the fourth subparagraph, the Authority has not submitted an amended draft implementing technical standard, or has submitted a draft implementing technical standard that is not amended in a way consistent with the Commission’s proposed amendments, the Commission may adopt the implementing technical standard with the amendments it considers relevant or reject it.

The Commission shall not change the content of a draft implementing technical standard prepared by the Authority without prior coordination with the Authority, as set out in this Article.

2.Where the Authority has not submitted a draft implementing technical standard within the time limit set out in the legislative acts referred to in Article 1(2), the Commission may request such a draft within a new time limit. The Authority shall inform the European Parliament, the Council and the Commission, in due time, that it will not comply with the new time limit.

3.Only where the Authority does not submit a draft implementing technical standard to the Commission within the time limits in accordance with paragraph 2, may the Commission adopt an implementing technical standard by means of an implementing act without a draft from the Authority.

The Commission shall conduct open public consultations on draft implementing technical standards and analyse the potential related costs and benefits, unless such consultations and analyses are disproportionate in relation to the scope and impact of the draft implementing technical standards concerned or in relation to the particular urgency of the matter.

The Commission shall immediately forward the draft implementing technical standard to the European Parliament and the Council.

The Commission shall send the draft implementing technical standard to the Authority. Within a period of six weeks, the Authority may amend the draft implementing technical standard and submit it in the form of a formal opinion to the Commission. The Authority shall send a copy of its formal opinion to the European Parliament and to the Council.

If, on the expiry of the six-week period referred to in the fourth subparagraph, the Authority has not submitted an amended draft implementing technical standard, the Commission may adopt the implementing technical standard.

If the Authority has submitted an amended draft implementing technical standard within that six-week period, the Commission may amend the draft implementing technical standard on the basis of the Authority’s proposed amendments or adopt the implementing technical standard with the amendments it considers relevant.

The Commission shall not change the content of the draft implementing technical standards prepared by the Authority without prior coordination with the Authority, as set out in this Article.

4.The implementing technical standards shall be adopted by means of regulations or decisions. The words ‘implementing technical standard’ shall appear in the title of such regulations or decisions. Those standards shall be published in the Official Journal of the European Union and shall enter into force on the date stated therein.

Article 43

Guidelines and recommendations

1.The Authority shall, with a view to establishing consistent, efficient and effective supervisory and FIU-related practices, and to ensuring the common, uniform and consistent application of Union law, issue guidelines addressed to all supervisory authorities, FIUs, or all obliged entities and issue recommendations to one or more supervisory authorities or to one or more obliged entities.

2.The Authority shall, where appropriate, conduct open public consultations regarding the guidelines and recommendations which it issues and analyse the related potential costs and benefits of issuing such guidelines and recommendations. Those consultations and analyses shall be proportionate in relation to the scope, nature and impact of the guidelines or recommendations. Where the Authority does not conduct open public consultations, the Authority shall provide its reasons.

3.The supervisory authorities and obliged entities shall make every effort to comply with those guidelines and recommendations.

Within two months of the issuance of a guideline or recommendation, each supervisory authority shall confirm whether it complies or intends to comply with that guideline or recommendation. In the event that a supervisory authority does not comply or does not intend to comply, it shall inform the Authority, stating its reasons.

The Authority shall publish the fact that a supervisory authority does not comply or does not intend to comply with that guideline or recommendation. The Authority may also decide, on a case-by-case basis, to publish the reasons provided by the supervisory authority for not complying with that guideline or recommendation. The supervisory authority shall receive advanced notice of such publication.

If required by that guideline or recommendation, obliged entities shall report, in a clear and detailed way, whether they comply with that guideline or recommendation.

Article 44

Opinions

1.The Authority may, upon a request from the European Parliament, from the Council or from the Commission, or on its own initiative, provide opinions to the European Parliament, to the Council and to the Commission on all issues related to its area of competence.

2.The request referred to in paragraph 1 may include a public consultation or a technical analysis.

3.The Authority may, upon a request from the European Parliament, from the Council or from the Commission provide technical advice to the European Parliament, the Council and the Commission in the areas set out in the legislative acts referred to in Article 1(2).

CHAPTER III

ORGANISATION OF THE AUTHORITY

Article 45

Administrative and management structure

The Authority’s structure shall comprise:

(1)a General Board, which shall exercise the tasks set out in Article 49;

(2)an Executive Board, which shall exercise the tasks set out in Article 53:

(3)a Chair of the Authority, who shall exercise the tasks set out in Article 57;

(4)an Executive Director, who shall exercise the tasks set out in Article 59;

(5)an Administrative Board of Review which shall exercise the functions listed in Article 62.

SECTION 1

GENERAL BOARD

Article 46

Composition of the General Board

1.The General Board shall have, alternatively, the supervisory composition as laid down in paragraph 2 or the FIU composition as laid down in paragraph 3.

2.The General Board in supervisory composition shall be composed of:

(a)the Chair of the Authority with a right to vote;

(b)the heads of supervisory authorities of obliged entities in each Member State with a right to vote;

(c)one representative of the Commission, without the right to vote.

The heads of the supervisory authorities referred to in the first subparagraph, point (b) in each Member State shall share a single vote and shall agree on a single common representative for each meeting and voting procedure. That common representative shall be the ad-hoc voting member for the purposes of that meeting or voting procedure. The public authorities in a Member State may also agree on a single permanent common representative who shall be a permanent voting member. Where items to be discussed by the General Board in supervisory composition concern the competence of several public authorities, the ad-hoc or permanent voting member may be accompanied by a representative from up to two other public authorities, who shall be non-voting.

Each public authority that has a voting member under ad-hoc or permanent agreement shall be responsible for nominating a high-level alternate from its authority, who may replace the voting member of the General Board referred to in the second sub-paragraph where that person is prevented from attending.

3.The General Board in FIU composition shall be composed of:

(a)the Chair of the Authority with a right to vote;

(b)the heads of FIUs with the right to vote;

(c)one representative of the Commission, without the right to vote.

4.The General Board may decide to admit observers. In particular, the General Board in FIU composition shall admit as an observer a representative of OLAF, Europol, Eurojust and the EPPO to meetings when matters fall under their respective mandates. The General Board in supervisory composition shall admit a representative nominated by the Supervisory Board of the European Central Bank and a representative of each of the European Supervisory Authorities, where matters within the scope of their respective mandates are discussed.

5.The members of the Executive Board may participate in the meetings of the General Board in both compositions, without the right to vote, where the items covered by their areas of responsibility as determined by the Chair of the Authority and referred to in Article 55(2), are discussed.

Article 47

Internal committees of the General Board

The General Board, on its own initiative or at the request of the Chair of the Authority, may establish internal committees for specific tasks attributed to it. The General Board may provide for the delegation of certain clearly defined tasks and decisions to internal committees, to the Executive Board or to the Chair. The General Board may revoke such delegation at any time.

Article 48

Independence of the General Board

1.When carrying out the tasks conferred upon them by this Regulation, the members of the General Board in both compositions referred to in Article 46(2) points (a) and (b) and (3) points (a) and (b) shall act independently and objectively in the sole interest of the Union as a whole and shall neither seek nor take instructions from Union institutions, bodies, offices nor agencies from any government or any other public or private body.

2.Member States, Union institutions, agencies, offices or bodies, and any other public or private body, shall not seek to influence the members of the General Board in the performance of its tasks.

3.The General Board shall lay down, in its Rules of Procedure, the practical arrangements for the prevention and the management of conflict of interest.

Article 49

Tasks of the General Board

1.The General Board in supervisory composition shall take the decisions relating to tasks referred to in Articles 7 to 10 as well as any decisions explicitly provided by this Regulation for the General Board in supervisory composition.

2.The General Board in supervisory composition may provide its advice and opinion on any draft decisions prepared by the Executive Board towards selected obliged entities in accordance with Section 3 of Chapter II.

3.The General Board in FIU composition shall perform the tasks and adopt the decisions pursuant to Section 6 of Chapter II.

4.The General Board shall adopt the draft regulatory and implementing technical standards, opinions, recommendations, guidelines and decisions of the Authority referred to in Section 7 of Chapter II, in an appropriate composition, depending on the subject-matter of the instrument. Where a given instrument concerns both FIU and supervision-related matters, adoption shall be required by both compositions of the General Board independently. The draft regulatory and implementing technical standards, opinions, recommendations, and guidelines shall be adopted based on a proposal of the relevant internal committee.

5.The General Board in either composition shall be consulted on the draft decisions to be taken by the Executive Board pursuant to Article 53(4), points (a), (c), (e) and (m). Where the subsequent decision taken by the Executive Board deviates from the opinion of the General Board, the Executive Board shall provide the reasons thereof in writing.

6.The General Board shall adopt and make public its Rules of Procedure.

7.Without prejudice to Articles 52 (3) and (4) and Article 56 (1) and (2), the appointing authority powers over the Chair and the five permanent members of the Executive Board throughout their mandate shall be exercised by the General Board.

Article 50

Voting rules of the General Board

1.Decisions of the General Board shall be taken by a simple majority of its members. Each voting member as determined by Article 47(2) shall have one vote. In case of a tied vote, the Chair of the Authority shall have a casting vote.

2.With regard to the acts referred to in Articles 38, 42, 43 and 44 of this Regulation, and by way of derogation from paragraph 1, the General Board shall take decisions on the basis of a qualified majority of its members, as defined in Article 16(4) TEU.

The Chair of the Authority shall not vote on the decisions referred to in the first subparagraph and the decisions related to the evaluation of the performance of the Executive Board referred to in Article 52 (4).

3.The non-voting members and the observers shall not attend any discussions within the General Board in supervisory composition relating to individual obliged entities, unless otherwise provided for in the legislative acts referred to in Article 1(2).

4.Paragraph 3 shall not apply to the Executive Board members and the European Central Bank representative nominated by its Supervisory Board.

5.The Chair of the Authority shall have the prerogative to call a vote at any time. Without prejudice to that power and to the effectiveness of the Authority’s decision-making procedures, the General Board shall strive for consensus when taking its decisions.

Article 51

Meetings of the General Board

1.The Chair of the Authority shall convene the meetings of the General Board.

2.The General Board shall hold at least two ordinary meetings a year. In addition, it shall meet on the initiative of its Chair, at the request of the Commission, or at the request of at least one-third of its members.

3.The General Board may invite any person whose opinion may be of interest to attend its meetings as an observer.

4.The members of the General Board and their alternates may, subject to its Rules of Procedure, be assisted at the meetings by advisers or experts.

5.The Authority shall provide the secretariat for the General Board.

6.The Chair of the Authority and the permanent five members of the Executive Board shall not attend those meetings of the General Board where matters concerning the performance of their mandate are discussed or decided upon.

SECTION 2

EXECUTIVE BOARD

Article 52

Composition and appointment of the Executive Board

1.The Executive Board shall be composed of:

(a)the Chair of the Authority;

(b)five full-time members;

(c)a representative of the Commission where the Executive Board carries out the tasks referred to in Article 53(4) point (a) to (l). The representative of the Commission shall be entitled to participate in the debates and shall have access to the documents pertaining to these tasks only.

2.The Executive Director shall participate in meetings of the Executive Board without the right to vote.

3.The five members of the Executive Board referred to in paragraph 1, point (b), shall be selected following an open selection procedure which shall be published in the Official Journal of the European Union. They shall be appointed by the General Board based on the shortlist drawn by the Commission. The selection shall respect the principles of experience, qualification, and, to the extent possible, gender and geographical balance.

4.The term of office of the five members of the Executive Board shall be four years. In the course of the 12 months preceding the end of the four-year term of office of the Chair of the Authority and five members of the Executive Board, the General Board in both compositions or a smaller committee selected among General Board members including a Commission representative shall carry out an assessment of performance of the Executive Board. The assessment shall take into account an evaluation of the Executive Board members’ performance and the Authority’s future tasks and challenges. Based on the assessment, the General Board in both compositions may extend their term of office once.

5.The Executive Board members referred to in paragraph 1, point (a) and (b) shall act independently and objectively in the interest of the Union as a whole and shall neither seek nor take instructions from the Union institutions, Union decentralised agencies and other Union bodies from any government or from any other public or private body. The institutions, bodies, offices and agencies of the Union and the governments of the Member States and any other bodies shall respect that independence.

6.If one or more of the members of the Executive Board, except for the Chair of the Authority, no longer fulfil the conditions required for the performance of his or her duties or has been guilty of serious misconduct, the General Board may, following a proposal by the Commission, remove any of the members of the Executive Board from office.

7.During a period of one year after ceasing to hold office, the former members of the Executive Board, including the Chair of the Authority, are prohibited from engaging in a gainful occupational activity with

(a)a selected obliged entity;

(b)any other entity where a conflict of interest exists or could be perceived to exist.

In its rules for the prevention and management of conflicts of interest in respect of its members referred to in Article 53 (4) point (e), the Executive Board shall specify the circumstances under which such a conflict of interest exists or could be perceived to exist.

Article 53

Tasks of the Executive Board

1.The Executive Board shall be responsible for the overall planning and the execution of the tasks conferred on the Authority pursuant to Article 5. The Executive Board shall adopt all the decisions of the Authority with the exception of the decisions that shall be taken by the General Board in accordance with Article 49.

2.The Executive Board shall adopt all the decisions addressed to selected obliged entities following the proposal of the selected obliged entity’s Joint Supervisory Team referred to in Article 15, and taking into account the opinion provided by the General Board on that proposed decision. Where the Executive Board deviates from such an opinion, it shall provide the reasons thereof in writing.

3.The Executive Board shall adopt all the decisions addressed to individual public authorities pursuant to Articles 28, 31, and 32.

4.In addition, the Executive Board shall have the following tasks:

(a)adopt, by 30 November of each year, on the basis of a proposal by the Executive Director, the draft Single Programming Document, and shall transmit it for information to the European Parliament, the Council and the Commission by 31 January the following year, as well as any other updated version of the document ;

(b)adopt the draft annual budget of the Authority and exercise other functions in respect of the Authority’s budget;

(c)assess and adopt a consolidated annual activity report on the Authority's activities, including an overview of the fulfilment of its tasks and send it, by 1 July each year, to the European Parliament, the Council, the Commission and the Court of Auditors and make the consolidated annual activity report public;

(d)adopt an anti-fraud strategy, proportionate to fraud risks taking into account the costs and benefits of the measures to be implemented;

(e)adopt rules for the prevention and management of conflicts of interest in respect of its members, as well as the members of the Administrative Board of Review;

(f)adopt its rules of procedure;

(g)exercise, with respect to the staff of the Authority, the powers conferred by the Staff Regulations on the Appointing Authority and by the Conditions of Employment of Other Servants on the Authority Empowered to Conclude a Contract of Employment ("the appointing authority powers");

(h)adopt appropriate implementing rules for giving effect to the Staff Regulations and the Conditions of Employment of Other Servants in accordance with Article 110(2) of the Staff Regulations;

(i)appoint the Executive Director and remove him/her from office, in accordance with Article 58;

(j)appoint an Accounting Officer, who may be the Commission's Accounting Officer, subject to the Staff Regulations and the Conditions of Employment of other servants, who shall be totally independent in the performance of his/her duties;

(k)ensure adequate follow-up to findings and recommendations stemming from the internal or external audit reports and evaluations, as well as from investigations of OLAF;

(l)adopt the financial rules applicable to the Authority;

(m)take all decisions on the establishment of the Authority's internal structures and, where necessary, their modification.

5.The Executive Board shall select a Vice-Chair of the Authority among its voting members. The Vice-Chair shall automatically replace the Chair, if the latter is prevented from attending to his/her duties.

6.With respect to the powers mentioned in paragraph 4 point (h), the Executive Board shall adopt, in accordance with Article 110(2) of the Staff Regulations, a decision based on Article 2(1) of the Staff Regulations and Article 6 of the Conditions of Employment, delegating relevant appointing authority powers to the Executive Director. The Executive Director shall be authorised to sub-delegate those powers.

7.In exceptional circumstances, the Executive Board may by way of a decision temporarily suspend the delegation of the appointing authority powers to the Executive Director and any sub-delegation by the latter and exercise them itself or delegate them to one of its members or to a staff member other than the Executive Director.

Article 54

Annual and multiannual programming

1.By 30 November each year the Executive Board shall adopt a Single Programming Document containing multiannual and annual programming, based on a draft put forward by the Executive Director, taking into account the opinion of the Commission and in relation to multiannual programming after consulting the European Parliament. It shall forward it to the European Parliament, the Council and the Commission.

The programming document shall become final after final adoption of the general budget and if necessary shall be adjusted accordingly.

2.The annual work programme shall comprise detailed objectives and expected results including performance indicators. It shall also contain a description of the actions to be financed and an indication of the financial and human resources allocated to each action, in accordance with the principles of activity-based budgeting and management. The annual work programme shall be coherent with the multi-annual work programme referred to in paragraph 4. It shall clearly indicate tasks that have been added, changed or deleted in comparison with the previous financial year.

3.The Executive Board shall amend the adopted annual work programme when a new task is given to the Authority.

Any substantial amendment to the annual work programme shall be adopted by the same procedure as the initial annual work programme. The Executive Board may delegate the power to make non-substantial amendments to the annual work programme to the Executive Director.

4.The multiannual work programme shall set out overall strategic programming including objectives, expected results and performance indicators. It shall also set out resource programming including multiannual budget and staff.

The resource programming shall be updated annually. The strategic programming shall be updated where appropriate.

Article 55

Voting rules of the Executive Board

1.The Executive Board shall take decisions by simple majority of its members. Each member of the Executive Board shall have one vote. The Chair of the Authority shall have a casting vote in case of a tie.

2.A representative of the Commission shall have a right to vote whenever matters pertaining to Article 53(4) points (a) to (l) are discussed and decided upon. For the purposes of taking the decisions referred to in Article 53(4), points (f) and (g), the representative of the Commission shall have one vote. The decisions referred to in Article 53(4), points (b) to (e) and (h) to (l) may only be taken if the representative of the Commission casts a positive vote. For the purposes of taking the decisions referred to in Article 53(4), point (a), the consent of the representative of the Commission shall only be required on the elements of the decision not related to the annual and multi-annual working programme of the Authority.

3.The Executive Board's rules of procedure shall establish more detailed voting arrangements, in particular the circumstances in which a member may act on behalf of another member.

SECTION 3

THE CHAIR OF THE AUTHORITY

Article 56

Appointment of the Chair of the Authority

1.The Chair of the Authority shall be selected on the basis of merit, skills, knowledge, recognised standing and experience in the area of anti-money laundering and countering the financing of terrorism and other relevant qualification, following an open selection procedure which shall be published in the Official Journal of the European Union. The Commission shall draw up a shortlist of two qualified candidates for the position of the Chair of the Authority. The Council, after approval by the European Parliament, shall adopt an implementing decision to appoint the Chair of the Authority.

2.If the Chair of the Authority no longer fulfils the conditions required for the performance of his or her duties or has been guilty of serious misconduct, the Council may, following a proposal by the General Board in either composition, adopt an implementing decision to remove the Chair of the Authority from office. The Council shall act by qualified majority.

3.Should the Chair resign or be unable to attend to his or her duties for any other reason, the functions of the Chair shall be performed by the Vice-Chair.

Article 57

Responsibilities of the Chair of the Authority

1.The Chair of the Authority shall represent the Authority and shall be responsible for preparing the work of the General Board and the Executive Board, including setting the agenda, convening and chairing all the meetings and tabling items for decision.

2.The Chair shall assign to the five members of the Executive Board specific areas of responsibility within the scope of tasks of the Authority for the duration of their mandate.

SECTION 4

THE EXECUTIVE DIRECTOR

Article 58

Appointment of the Executive Director

1.The Executive Director shall be engaged as a temporary agent of the Authority under Article 2(a) of the Conditions of Employment of Other Servants.

2.The Executive Director shall perform his duties in the interests of the Union, and independently of any specific interests.

3.The Executive Director shall manage the Authority. The Executive Director shall be accountable to the Executive Board. Without prejudice to the powers of the Commission and of the Executive Board, the Executive Director shall be independent in the performance of his or her duties and shall neither seek nor take instructions from any government or from any other body.

4.The Executive Director shall be selected on the grounds of merit and documented high-level administrative, budgetary and management skills, following an open selection procedure which shall be published in the Official Journal of the European Union, and, as appropriate, other press or internet sites. The Commission shall draw up a shortlist of two qualified candidates for the position of the Executive Director. The Executive Board shall appoint the Executive Director.

5.The term of office of the Executive Director shall be five years. In the course of the nine months preceding the end of the Executive Director’s term of office, the Executive Board shall undertake an assessment that takes into account an evaluation of the Executive Director's performance and the Agency's future tasks and challenges. The Executive Board, taking into account the evaluation referred to in the first subparagraph, may extend the term of office of the Executive Director once.

The Executive Director may be removed from office by the Executive Board on proposal by the Commission.

6.An Executive Director whose term of office has been extended may not participate in another selection procedure for the same post at the end of the extended term of office.

Article 59

Tasks of the Executive Director

1.The Executive Director shall be in charge of the day-to-day management of the Authority and shall aim to ensure gender balance within the Authority. In particular, the Executive Director shall be responsible for:

(a)implementing decisions adopted by the Executive Board;

(b)preparing the draft Single Programming Document and submitting it to the Executive Board after consulting the Commission;

(c)implementing the Single Programming Document and reporting to the Executive Board on its implementation;

(d)preparing the draft consolidated annual report on the Authority’s activities and presenting it to the Executive Board for assessment and adoption;

(e)preparing an action plan following up conclusions of internal or external audit reports and evaluations, as well as investigations by the European Anti-fraud Office (OLAF) and reporting on progress twice a year to the Commission and regularly to the Gene4ral Boards and the Executive Board;

(f)protecting the financial interests of the Union by applying preventive measures against fraud, corruption and any other illegal activities, without prejudicing the investigative competence of OLAF by effective checks and, if irregularities are detected, by recovering amounts wrongly paid and, where appropriate, by imposing effective, proportionate and dissuasive administrative, including financial penalties;

(g)preparing an anti-fraud strategy for the Authority and presenting it to the Executive Board for approval;

(h)preparing draft financial rules applicable to the Authority;

(i)preparing the Authority’s draft statement of estimates of revenue and expenditure and implementing its budget;

(j)preparing and implementing an IT security strategy, ensuring appropriate risk management for all IT infrastructure, systems and services, which are developed or procured by the Authority as well as sufficient IT security funding.

(k)implementing the annual work programme of the Authority under the control of the Executive Board;

(l)drawing up a draft statement of estimates of the Authority’s revenue and expenditure as part of Authority’s Single Programming Document pursuant to Article 66 and shall implement the budget of the Authority pursuant to Article 67;

(m)preparing a draft report describing all activities of the Authority with a section on financial and administrative matters.

2.The Executive Director shall take other necessary measures, notably the adoption of internal administrative instructions and the publication of notices, to ensure the functioning of the Authority, in accordance with this Regulation.

3.The Executive Director shall decide whether it is necessary to locate one or more staff in one or more Member States for the purpose of carrying out the Authority's tasks in an efficient and effective manner. Before deciding to establish a local office, the Executive Director shall obtain the prior consent of the Commission, the Executive Board and the Member State(s) concerned. The decision shall specify the scope of the activities to be carried out at the local office in a manner that avoids unnecessary costs and duplication of administrative functions of the Authority. A headquarters agreement with the Member State(s) concerned shall be concluded.

SECTION 5

ADMINISTRATIVE BOARD OF REVIEW

Article 60

Creation and Composition of the Administrative Board of Review

1.The Authority shall establish an Administrative Board of Review for the purposes of carrying out an internal administrative review of the decisions taken by the Authority in the exercise of the powers listed in Articles 20, 21 and 22. The scope of the internal administrative review shall pertain to the procedural and substantive conformity with this Regulation of such decisions.

2.The Administrative Board of Review shall be composed of five individuals of high repute, having a proven record of relevant knowledge and professional experience, including supervisory experience in the area of anti-money laundering and countering the financing of terrorism, excluding current staff of the Authority, as well as current staff of AML/CFT supervisory authorities and FIUs or other national or Union institutions, bodies, offices and agencies who are involved in the carrying out of the tasks conferred on the Authority by this Regulation. The Administrative Board of Review shall have sufficient resources and expertise to assess the exercise of the powers of the Authority under this Regulation.

3.The Administrative Board of Review shall decide on the basis of a majority of at least three of its five members.

Article 61

Members of the Administrative Board of Review

1.The members of the Administrative Board of Review and two alternates shall be appointed by the General Board in supervisory composition for a term of five years, which may be extended once, following a public call for expressions of interest published in the Official Journal of the European Union. They shall not be bound by any instructions.

2.The members of the Administrative Board of Review shall act independently and in the public interest and shall not perform any other duties within the Authority. For that purpose, they shall make a public declaration of commitments and a public declaration of interests indicating any direct or indirect interest which might be considered prejudicial to their independence or the absence of any such interest.

3.The members of the Administrative Board of Review shall not be removed from office or from the list of qualified candidates during their term of office, unless there are serious grounds for such removal and the General Board in supervisory composition takes a decision to that effect, acting on a proposal from the Commission.

Article 62

Decisions subject to review

1.A request for review may be brought before the Administrative Board of Review against decisions taken by the Authority pursuant to Articles 6(1), 20, 21 and 22 by any natural or legal person to whom the decision is addressed, or to whom it is of a direct and individual concern.

2.Any request for review shall be made in writing, including a statement of grounds, and shall be lodged at the Authority within one month of the date of notification of the decision to the person requesting the review, or, in the absence thereof, of the day on which it came to the knowledge of the latter, as the case may be.

3.After ruling on the admissibility of the review, the Administrative Board of Review shall express an opinion within a period appropriate to the urgency of the matter and no later than two months from the receipt of the request and remit the case for preparation of a new draft decision to the Executive Board. The Executive Board shall take into account the opinion of the Administrative Board of Review and shall promptly adopt a new decision. The new decision shall abrogate the initial decision, replace it with a decision of identical content, or replace it with an amended decision.

4.A request for review pursuant to paragraph 2 shall not have suspensive effect. However, the Executive Board, on a proposal by the Administrative Board of Review, may, if it considers that circumstances so require, suspend the application of the contested decision.

5.The opinion expressed by the Administrative Board of Review, and the new decision adopted by the Executive Board pursuant to this Article, shall be reasoned and notified to the parties.

6.The Authority shall adopt a decision establishing the Administrative Board of Review’s operating Rules of Procedure.

Article 63

Exclusion and objection

1.The members of the Administrative Board of Review shall not take part in any review proceedings if they have any personal interest in the proceedings, if they have previously been involved as representatives of one of the parties to the proceedings, or if they participated in the adoption of the decision under review.

2.If, for one of the reasons listed in paragraph 1 or for any other reason, a member of the Administrative Board of Review considers that he/she should not take part in any review proceeding, he/she shall inform the Administrative Board of Review accordingly.

3.Any party to the review proceedings may object to any member of the Administrative Board of Review on any of the grounds listed in paragraph 1, or if the member is suspected of partiality. Any such objection shall not be admissible if, while being aware of a reason for objecting, the party to the review proceedings has taken a procedural step. No objection may be based on the nationality of members.

4.The Administrative Board of Review shall decide as to the action to be taken in the cases referred to in paragraphs 2 and 3 without the participation of the member concerned. For the purposes of taking that decision, the member concerned shall be replaced on the Administrative Board of Review by his/her alternate.

CHAPTER IV

FINANCIAL PROVISIONS

Article 64

Budget

1.Estimates of all revenue and expenditure for the Authority shall be prepared each financial year, corresponding to the calendar year, and shall be shown in the Authority’s budget.

2.The Authority’s budget shall be balanced in terms of revenue and of expenditure.

3.Without prejudice to other resources, the Authority's revenue shall consist of a combination of the following:

(a)a contribution from the Union entered in the general budget of the European Union;

(b)the fees paid by the selected and non-selected obliged entities in accordance with Article 65, for tasks mentioned in Article 5(1), points (b) and (c).

(c)any voluntary financial contribution from the Member States.

4.The expenditure of the Authority shall include staff remuneration, administrative and infrastructure expenses and operating costs.

Article 65

Fees levied on selected and non-selected obliged entities

1.The Authority shall levy an annual supervisory fee on all selected obliged entities referred to in Article 13 and on the non-selected obliged entities that meet the criteria of Article 12(1) and do not meet the criteria in Article 13(1) by one Member State. The fees shall cover expenditure incurred by the Authority in relation to the tasks related to supervision and referred to in Sections 3 and 4 of Chapter II. Those fees shall not exceed the expenditure relating to these tasks. Where these criteria are not fully respected in any given year, the necessary adjustments shall be made when calculating the fees for the two following years.

2.The amount of the fee levied on each obliged entity referred to in paragraph 1 shall be calculated in accordance with the arrangements established in the delegated act referred to in paragraph 6.

3.The fees shall be calculated at the highest level of consolidation in the Union.

4.The basis for calculating the annual supervisory fee for a given calendar year shall be the expenditure relating to the direct and indirect supervision of the selected and non-selected obliged entities subject to fees in that year. The Authority may require advance payments in respect of the annual supervisory fee, which shall be based on a reasonable estimate. The Authority shall communicate with the relevant financial supervisor before deciding on the final fee level so as to ensure that supervision remains cost-effective and reasonable for all financial sector obliged entities. The Authority shall communicate to respective financial sector obliged entities the basis for the calculation of the annual supervisory fee. Member States shall ensure that the obligation to pay the fees specified in this Article is enforceable under national law, and that due fees are fully paid.

5.This Article is without prejudice to the right of financial supervisors to levy fees in accordance with national law, to the extent supervisory tasks have not been conferred on the Authority, or in respect of costs of cooperating with and assisting the Authority and acting on its instructions, in accordance with relevant Union law.

6.The Commission is empowered to adopt a delegated act in accordance with Article 86 to supplement this Regulation by specifying the methodology for calculating the amount of the fee levied on each selected and non-selected obliged entity subject to fees in accordance with paragraph 1, and the procedure for collecting these fees. When developing the methodology for determining the individual amount of fees the Commission shall take into account the following:

(a)the total annual turnover or the corresponding type of income of the obliged entities at the highest level of consolidation in the Union in accordance with the relevant accounting standards;

(b)the inherent AML/CFT risk profile classification of the obliged entities in accordance with the methodology referred to in Article 12(5);

(c)the importance of the obliged entity to the stability of the financial system or economy of one or more Member States or of the Union;

(d)the amount of fee to be collected from any non-selected obliged entity in proportion to its income or turnover referred to in point (a) , which shall not exceed 1/5 of the amount of fee to be collected from any selected obliged entity relative to same level of income or turnover.

The Commission shall adopt the delegated acts referred to in the first subparagraph by 1 January 2025.

Article 66

Establishment of the budget

1.Each year, the Executive Director shall draw up a draft statement of estimates of the Authority’s revenue and expenditure for the following financial year, including the establishment plan, and send it to the Executive Board.

2.The Executive Board shall, on the basis of that draft, adopt a provisional draft estimate of the Authority’s revenue and expenditure for the following financial year.

3.The final draft estimate of the Authority’s revenue and expenditure shall be sent to the Commission by 31 January each year.

4.The Commission shall send the statement of estimates to the budgetary authority together with the draft general budget of the European Union.

5.On the basis of the statement of estimates, the Commission shall enter in the draft general budget of the Union the estimates it considers necessary for the establishment plan and the amount of the subsidy to be charged to the general budget, which it shall place before the budgetary authority in accordance with Articles 313 and 314 TFEU.

6.The budgetary authority shall authorise the appropriations for the contribution to the Authority.

7.The budgetary authority shall adopt the Authority’s establishment plan.

8.The Authority’s budget shall be adopted by the Executive Board. It shall become final following final adoption of the general budget of the Union. Where necessary, it shall be adjusted accordingly.

Article 67

Implementation of the budget

1.The Executive Director shall implement the Authority’s budget respecting the principles of economy, efficiency, effectiveness and sound financial management.

2.Each year, the Executive Director shall send to the budgetary authority all information relevant to the findings of evaluation procedures.

Article 68

Presentation of accounts and discharge

1.By 1 March of the following financial year (year N+1) the Authority’s accounting officer shall send the provisional accounts for the financial year (year N) to the Commission's Accounting Officer and to the Court of Auditors.

2.By 31 March of the following financial year, the Authority shall send the report on the budgetary and financial management to the European Parliament, the Council and the Court of Auditors.

By 31 March of the following financial year, the Commission's accounting officer shall send the Authority’s provisional accounts, consolidated with the Commission's accounts, to the Court of Auditors.

3.On receipt of the Court of Auditors' observations on the Authority’s provisional accounts pursuant to Article 246 Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council 52 , the Executive Board shall deliver an opinion on the Authority’s final accounts.

4.The accounting officer shall, by 1 July of year N+1, send the final accounts to the European Parliament, the Council, the Commission and the Court of Auditors, together with the Executive Board's opinion.

5.A link to the pages of the website containing the final accounts of the Authority shall be published in the Official Journal of the European Union by 15 November of year N + 1.

6.The Executive Director shall send the Court of Auditors a reply to its observations by 30 September of year N+1. The Executive Director shall also send this reply to the Executive Board.

7.The Executive Director shall submit to the European Parliament, at the latter's request, any information required for the smooth application of the discharge procedure for the financial year N, in accordance with Article 261(3) of Regulation (EU, Euratom) 2018/1046.

8.On a recommendation from the Council acting by a qualified majority, the European Parliament shall, before 15 May of year N + 2, give a discharge to the Executive Director in respect of the implementation of the budget for year N.

Article 69

Financial rules

The financial rules applicable to the Authority shall be adopted by the Executive Board after consulting the Commission. They shall not depart from Commission Delegated Regulation (EU) 2019/715unless such a departure is specifically required for the Authority's operation and the Commission has given its prior consent.

Article 70

Anti-fraud measures

1.For the purposes of combating fraud, corruption and any other illegal activity, Regulation (EU, Euratom) No 883/2013 of the European Parliament and of the Council as well as Article 86 of Regulation (EU) 2019/715 shall apply to the Authority without any restriction.

2.The Authority shall accede to the Interinstitutional Agreement concerning internal investigations by OLAF and shall immediately adopt appropriate provisions for all staff of the Authority.

3.The funding decisions, the agreements and the implementing instruments resulting from them shall explicitly stipulate that the Court of Auditors and OLAF may, where necessary, carry out on-the-spot checks on the beneficiaries of monies disbursed by the Authority.

Article 71

IT Security

1.The Authority shall establish an internal IT governance at the level of the Executive Director which establishes and manages the IT budget and ensures regular reporting to the Executive Board on the compliance with applicable IT security rules and standards.

2.The agency shall ensure that at least 10% of its IT expenditure is transparently allocated to direct IT security. The contribution to the Computer Emergency Response Team of the European Institutions, Bodies and Agencies (CERT-EU) may be counted in this minimum expenditure requirement.

3.An adequate IT security monitoring, detection and response service shall be established, using the services of CERT-EU. Major Incidents must be reported to CERT-EU as well as to the Commission within 24 hours of detection.

Article 72

Accountability and reporting

1.The Authority shall be accountable to the European Parliament and to the Council for the implementation of this Regulation.

2.The Authority shall submit on an annual basis to the European Parliament, to the Council, and to the Commission a report on the execution of the tasks conferred on it by this Regulation, including information on the planned evolution of the structure and amount of the supervisory fees referred to in Article 66. The Chair of the Authority shall present that report in public to the European Parliament.

3.At the request of the European Parliament, the Chair of the Authority shall participate in a hearing on the execution of its tasks by the competent committees of the European Parliament.

4.The Authority shall reply orally or in writing to questions put to it by the European Parliament.

CHAPTER V

GENERAL AND FINAL PROVISIONS

SECTION 1

STAFF

Article 73

General provision

1.The Staff Regulations and the Conditions of Employment of Other Servants and the rules adopted by agreement between the institutions of the Union for giving effect to those Staff Regulations and the Conditions of Employment of Other Servants shall apply to the staff of the Authority for all matters not covered by this Regulation.

2.By way of derogation from paragraph 1, the Chair of the Authority, and the five members of the Executive Board referred to in Article 53 shall, respectively, be on a par with a Member and the Registrar of the General Court regarding emoluments and pensionable age, as defined in Council Regulation (EU) 2016/300 53 . For aspects not covered by this Regulation or by Regulation (EU) 2016/300, the Staff Regulations and the Conditions of Employment shall apply by analogy.

3.The Executive Board, in agreement with the Commission, shall adopt the necessary implementing measures, in accordance with the arrangements provided for in Article 110 of the Staff Regulations.

4.The Authority may make use of seconded national experts or other staff not employed by the Authority including FIU delegates.

5.The Executive Board shall adopt rules related to staff from Member States to be seconded to the Authority and update them as necessary. Those rules shall include, in particular, the financial arrangements related to those secondments, including insurance and training. Those rules shall take into account the fact that the staff is seconded and to be deployed as staff of the Authority. They shall include provisions on the conditions of deployment. Where relevant, the Executive Board shall aim to ensure consistency with the rules applicable to reimbursement of the mission expenses of the statutory staff.

Article 74

Privileges and immunities

Protocol (No 7) on the privileges and immunities of the TEU and to the TFEU shall apply to the Authority and its staff.

Article 75

Obligation of professional secrecy

1.Members of the General Board and the Executive Board, and all members of the staff of the Authority, including officials seconded by Member States on a temporary basis, and all other persons carrying out tasks for the Authority on a contractual basis, shall be subject to the requirements of professional secrecy pursuant to Article 339 TFEU and Article 50 [OP please insert the next number to the AMLD, COM(2021)423], even after their duties have ceased.

2.The Executive Board shall ensure that individuals who provide any service, directly or indirectly, permanently or occasionally, relating to the tasks of the Authority, including officials and other persons authorised by the Executive Board or appointed by the public authorities and FIUs for that purpose, are subject to requirements of professional secrecy equivalent to those in paragraph 1.

3.For the purpose of carrying out the tasks conferred on it by this Regulation, the Authority shall be authorised, within the limits and under the conditions set out in the acts referred to in Article 1(2), to exchange information with national or Union authorities and bodies in the cases where these acts allow financial supervisors to disclose information to those entities or where Member States may provide for such disclosure under the relevant Union law.

4.The Authority shall establish practical arrangements for implementing the confidentiality rules referred to in paragraphs 1 and 2.

5.The Authority shall apply Commission Decision (EU, Euratom) 2015/444 54 .

Article 76
Security rules on the protection of classified and sensitive non-classified information

1.The Authority shall adopt its own security rules equivalent to the Commission’s security rules for protecting European Union Classified Information (EUCI) and sensitive non-classified information, as set out in Commission Decisions (EU, Euratom) 2015/443 55 and (EU, Euratom) 2015/444. The security rules of the Authority shall cover, inter alia, provisions for the exchange, processing and storage of such information. The Executive Board shall adopt the Authority’s security rules following approval by the Commission.

2.Any administrative arrangement on the exchange of classified information with the relevant authorities of a third country or, in the absence of such arrangement, any exceptional ad-hoc release of EUCI to those authorities, shall be subject to the Commission’s prior approval.

SECTION 2

COOPERATION

Article 77

Cooperation with European Supervisory Authorities and the European Data Protection Board

1.The Authority shall establish and maintain a close cooperation with the European Banking Authority, the European Insurance and Occupational Pensions Authority and the European Securities and Markets Authority.

2.When drafting guidelines and recommendations in accordance with Article 43, having a significant impact on the protection of personal data, the Authority shall closely cooperate with the European Data Protection Board established by Regulation (EU) 2016/679 to avoid duplication, inconsistencies and legal uncertainty in the sphere of data protection.

Article 78

Cooperation with non-AML/CFT authorities 

1.Where necessary for the fulfilment of its tasks listed in Article 5, the Authority shall cooperate, as appropriate, with the non- AML/CFT authorities.

2.Where necessary, the Authority shall conclude a memorandum of understanding with theauthorities referred to in paragraph 1 setting out in general terms how they will cooperate and exchange information in the performance of their supervisory tasks under Union law in relation to selected obliged entities.

3.The Authority shall ensure effective cooperation and information exchange between all financial supervisors in the AML/CFT supervisory system and the relevant non-AML/CFT authorities referred to in paragraph 1, including with regard to access to any information and data in central AML/CFT database referred to in Article 11.

Article 79

Cooperation in the context of public-private partnerships (PPPs)

Where relevant for the fulfilment of the tasks referred to in Sections 3 and 6 of Chapter II, the Authority may participate in existing cooperation arrangements established in one or across several Member States by supervisory authorities or FIUs, where such arrangements involve, inter alia, cooperation and information exchange between the aforementioned authorities and selected obliged entities. Participation of the Authority shall be subject to consent of the relevant national authority that has established such arrangement.

Article 80

Cooperation with OLAF, Europol, Eurojust and the EPPO

1.The Authority may conclude working arrangements with Union institutions, Union decentralised agencies and other Union bodies, acting in the field of law enforcement and judicial cooperation. Those working arrangements may be of a strategic or technical nature, and shall in particular aim to facilitate cooperation and the exchange of information between the parties thereto. The working arrangements shall neither form the basis for allowing the exchange of personal data nor shall bind the Union or its Member States.

2.The Authority shall establish and maintain a close relationship with OLAF, Europol, Eurojust, and the EPPO. To that end, the Authority shall conclude separate working arrangements with OLAF, Europol, Eurojust, and the EPPO setting out the details of their cooperation. The relationship shall aim in particular to ensure the exchange of strategic information and trends in relation to money laundering and terrorist financing threats facing the Union.

Article 81

Cooperation with third countries and international organisations

1.In order to achieve the objectives set out in this Regulation, and without prejudice to the respective competences of the Member States and the Union institutions, the Authority may develop contacts and enter into administrative arrangements with AML/CFT authorities in third countries that have regulatory, supervisory and FIU-related competences in the field of anti-money laundering and counter terrorism financing as well as with international organisations and third-country administrations. Those arrangements shall not create legal obligations in respect of the Union and its Member States nor shall they prevent Member States and their competent authorities from concluding bilateral arrangements with those third countries.

2.The Authority may develop model administrative arrangements, with a view to establishing consistent, efficient and effective practices within the Union and to strengthening international coordination and cooperation in the fight against money laundering and terrorist financing. The public authorities and FIUs shall make every effort to follow such model arrangements.

3.In cases where the interaction of several Union public authorities and FIUs with third country authorities concerns matters falling within the scope of the Authority’s tasks as defined in Article 5, the Authority shall have a leading role in facilitating such interaction where necessary. This role of the Authority shall be without prejudice to the regular interactions by competent authorities with third-country authorities.

4.The Authority shall, within its powers pursuant to this Regulation and to the legislative acts referred to in Article 1(2), contribute to the united, common, consistent and effective representation of the Union’s interests in international fora, including by assisting the Commission in its tasks relating to Commission’s membership of the Financial Action Task Force and by supporting the work and objectives of the Egmont Group of Financial Intelligence Units.

SECTION 3

GENERAL AND FINAL PROVISIONS

Article 82

Access to documents

1.Regulation (EC) No 1049/2001 shall apply to documents held by the Authority.

2.Decisions taken by the Authority under Article 8 of Regulation (EC) No 1049/2001 may be the subject of a complaint to the Ombudsman or of an action before the Court of Justice of the European Union, under the conditions laid down in Articles 228 and 263 TFEU, respectively.

3.The right of access to documents shall not apply to confidential information comprising:

(a)information or data of the Authority, the financial supervisors, or the obliged entities obtained in the process of carrying out the tasks and activities referred to in Article 5(2) and Section 3 of Chapter II;

(b)any operational data or information related to such operational data of the Authority and of the FIUs that is in the possession of the Authority due to carrying out the tasks and activities referred to in Article 5(5) and Section 6 of Chapter II.

4.The confidential information referred to in paragraph 3, point (a), that relates to a supervisory procedure can be fully or partially disclosed to the obliged entities which are parties to that supervisory procedure, subject to the legitimate interest of natural and legal persons other than the relevant party, in the protection of their business secrets. This access shall not extend to internal documents of the Authority, financial supervisors, or correspondence between them.

5.The Executive Board shall adopt practical measures for applying Regulation (EC) No 1049/2001 and the rules regarding disclosure of information relating to supervisory procedures.

Article 83

General language arrangements

1.Council Regulation No 1 shall apply to the Authority.

2.The Executive Board shall decide on the internal language arrangements for the Authority, which shall be consistent with the language arrangements in direct supervision, adopted pursuant to Article 27.

3.The translation services required for the functioning of the Authority shall be provided by the Translation Centre for the Bodies of the European Union, as established by Council Regulation (EC) No 2965/94 56 .

Article 84

Data protection

1.The processing of personal data on the basis of this Regulation for the purposes of the prevention of money laundering and terrorist financing as referred to in Article 53 [OP please insert the next number to the AMLD, COM(2021)423] and Article 55 of [OP please insert the next number to the AMLR, COM(2021)420] shall be considered necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Authority under Article 5 of Regulation (EU) 2018/1725 and Article 6 of Regulation (EU) 2016/679.

When drafting guidelines and recommendations in accordance with Article 43, having a significant impact on the protection of personal data, the Authority shall, after being authorized by the Commission, consult the European Data Protection Supervisor established by Regulation (EU) 2018/1725. The Authority may also invite national data protection authorities as observers in the process of drafting such guidelines and recommendations.

2.In accordance with Article 25 of Regulation (EU) 2018/1725, the Authority shall adopt internal rules which may restrict the application of the rights of the data subjects where such restrictions are necessary to the performance of the tasks referred in Article 53 [AMLD] and Article 55 of [AMLR].

Article 85

Liability of the Authority 

1.In the case of non-contractual liability, the Authority shall, in accordance with the general principles common to the laws of the Member States, make good any damage caused by it or by its staff in the performance of their duties. The Court of Justice of the European Union shall have jurisdiction in any dispute over the remedying of such damage.

2.The personal financial liability and disciplinary liability of Authority staff towards the Authority shall be governed by the relevant provisions applying to the staff of the Authority.

Article 86

Delegated acts

1.The power to adopt delegated acts is conferred on the Commission subject to the conditions laid down in this Article.

2.The power to adopt delegated acts referred to in Article 25 and Article 65 shall be conferred on the Commission for an indeterminate period of time from [OP please insert the date = 6 months after the date of entry into force of this Regulation].

3.The power to adopt delegated acts referred to in Article 25 and Article 65 may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.

4.Before adopting a delegated act, the Commission shall consult experts designated by each Member State in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making.

5.As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to the Council.

6.A delegated act adopted pursuant to Article 25 and Article 65 shall enter into force only if no objection has been expressed either by the European Parliament or the Council within a period of one month of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by one month at the initiative of the European Parliament or of the Council.

Article 87

Headquarters Agreement and operating conditions

1.The necessary arrangements concerning the accommodation to be provided for the Authority in the Member State where its seat is located and the facilities to be made available by that Member State, as well as the specific rules applicable in that Member State to the staff of the Authority and members of their families, shall be laid down in a Headquarters Agreement between the Authority and that Member State which they conclude after obtaining the approval of the Executive Board.

2.The Authority’s host Member State shall provide the best possible conditions to ensure the proper functioning of the Authority, including multilingual, European-oriented schooling and appropriate transport connections.

Article 88

Evaluation and review

3.By 31 December 2029, and every five years thereafter, the Commission shall assess the Authority’s performance in relation to its objectives, mandate, tasks and location(s), in accordance with the Commission's guidelines. The evaluation shall, in particular, address:

(a)the possible need to amend the mandate of the Authority, and the financial implications of any such modification;

(b)the impact of all supervisory activities and tasks of the Authority on the interests of the Union as a whole, and specifically the effectiveness of:

(i)supervisory tasks and activities related to direct supervision of selected obliged entities;

(ii)indirect supervision of non-selected obliged entities;

(iii)indirect oversight of other obliged entities;

(c)the impact of the activities related to support and coordination of FIUs, and in particular the coordination of the joint analyses of cross-border activities and transactions conducted by FIUs;

(d)the impartiality, objectivity and autonomy of the Authority;

(e)the appropriateness of governance arrangements, including the composition of, and voting arrangements in, the Executive Board and its relation with the General Board,

(f)the cost effectiveness of the Authority, if appropriate, separately in relation to its distinct sources of funding;

(g)the effectiveness of the recourse mechanism against decisions of the Authority and the independence and accountability arrangements applicable to the Authority;

(h)the effectiveness of cooperation and information sharing arrangements between the Authority and non-AML authorities;

(i)the interaction between the Authority and the other Union supervisory authorities and bodies, including the EBA, the Europol, Eurojust, OLAF and the EPPO;

(j)the effectiveness of the Authority’s supervisory and sanctioning powers;

(k)effectiveness and convergence in supervisory practices reached by supervisory authorities and the role of the Authority therein.

4.The report referred to in paragraph 1 shall also examine whether:

(a)the resources of the Authority are adequate to carry out its responsibilities;

(b)it is appropriate to confer additional supervisory tasks regarding non-financial sector obliged entities, specifying, as appropriate, the types of entities that should be subject to additional supervisory tasks;

(c)it is appropriate to confer additional tasks in the area of support and coordination of the work of FIUs;

(d)it is appropriate to confer on the Authority additional sanctioning powers.

5.On the occasion of every second evaluation, there shall be an assessment of the results achieved by the Authority having regard to its objectives, mandate and tasks, including an assessment of whether the continuation of the Authority is still justified with regard to these objectives, mandate and tasks.

6.The report and any accompanying proposals, as appropriate, shall be forwarded to the European Parliament and to the Council.

Article 89

Amendments to Regulation (EU) No 1093/2010

Regulation (EU) No 1093/2010 is amended as follows:

(1)Article 1 is amended as follows:

(a)in paragraph 2, the second subparagraph is deleted;

(b)in paragraph 5, point (h) is deleted;

(2)Article 4 is amended as follows:

(a)point (1a) is deleted;

(b)In point (2), point (iii) is deleted;

(3)In Article 8(1), point (l) is deleted;

(4)Articles 9a and 9b are deleted;

(5)in Article 17, paragraph 6 is replaced by the following:

‘6. Without prejudice to the powers of the Commission pursuant to Article 258 TFEU, where a competent authority does not comply with the formal opinion referred to in paragraph 4 of this Article within the period specified therein, and where it is necessary to remedy, in a timely manner, such non-compliance in order to maintain or restore neutral conditions of competition in the market or ensure the orderly functioning and integrity of the financial system, the Authority may, where the relevant requirements of the legislative acts referred to in Article 1(2) of this Regulation are directly applicable to financial institutions, adopt an individual decision addressed to a financial institution [?] requiring it to take all necessary action to comply with its obligations under Union law, including the cessation of any practice.

The decision of the Authority shall be in conformity with the formal opinion issued by the Commission pursuant to paragraph 4.

(6)in Article 19, paragraph 4 is replaced by the following:

‘4. Without prejudice to the powers of the Commission pursuant to Article 258 TFEU, where a competent authority does not comply with the decision of the Authority, and thereby fails to ensure that a financial institution complies with requirements directly applicable to it by virtue of the legislative acts referred to in Article 1(2) of this Regulation, the Authority may adopt an individual decision addressed to that financial institution requiring it to take all necessary action to comply with its obligations under Union law, including the cessation of any practice.’;

(7)in Article 33(1), the second subparagraph is deleted;

(8)in Article 40(1), the following point (g) is added:

‘(g) one representative of the Authority for Anti-Money Laundering and Countering the Financing of Terrorism, who shall be non-voting.’;

(9) in Article 81, paragraph 2b is deleted.

Article 90

Amendments to Regulation (EU) No 1094/2010

Regulation (EU) No 1094/2010 is amended as follows:

(1)in Article 1(2), the second subparagraph is deleted;

(2)in Article 40(1), the following point is added:

‘(f) one representative of the Authority for Anti-Money Laundering and Countering the Financing of Terrorism, who shall be non-voting.’;

(3)In Article 54, paragraph 2a is deleted.

Article 91

Amendments to Regulation (EU) No 1095/2010

Regulation (EU) No 1095/2010 is amended as follows:

(1)in Article 1(2), the second subparagraph is deleted;

(2)in Article 40(1), the following point is added:

‘(f) one representative of the Authority for Anti-Money Laundering and Countering the Financing of Terrorism, who shall be non-voting.’

(3)In Article 54, paragraph 2a is deleted.

Article 92

Commencement of the Authority’s activities

The Commission shall be responsible for the establishment and initial operation of the Authority until the date on which the Authority becomes operational, which shall be 1 January 2024 in accordance with Article 93. For that purpose:

(a)the Commission may designate a Commission official to act as interim Executive Director and exercise the duties assigned to the Executive Director until the Authority has the capacity to implement its own budget and the Executive Director has taken up his or her duties following his or her appointment by the Executive Board in accordance with Article 58;

(b)by derogation from Article 53(4) and until the adoption of a decision as referred to in Article 58, the interim Executive Director shall exercise the appointing authority power;

(c)the Commission may offer assistance to the Authority, in particular by seconding Commission officials to carry out the activities of the Authority under the responsibility of the interim Executive Director or the Executive Director;

(d)the interim Executive Director may authorise all payments covered by appropriations entered in the Authority’s budget after approval by the Executive Board and may conclude contracts, including staff contracts, following the adoption of the Authority’s establishment plan.

Article 93

Entry into force and application

This Regulation shall enter into force the twentieth day following that of its publication in the Official Journal of the European Union.

It shall apply from 1 January 2024.

However, Articles 1, 4, 38, 42, 43, 44, 46, 56, 58, 86 and 87 shall apply from 1 January 2023.

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Done at Brussels,

For the European Parliament    For the Council

The President    The President

LEGISLATIVE FINANCIAL STATEMENT

1. FRAMEWORK OF THE PROPOSAL/INITIATIVE

1.1.Title of the proposal/initiative

Draft Regulation of the European Parliament and of the Council establishing an Agency for Anti-Money Laundering and Countering the Financing of Terrorism, hereafter “the Authority”

1.2.Policy area(s) concerned

Policy area: Financial stability, financial services and Capital Markets Union

Activity: Financial stability

1.3.The proposal relates to 

a new action

 a new action following a pilot project/preparatory action 57  

 the extension of an existing action 

 a merger of one or more actions towards another/a new action 

1.4.Objective(s)

1.4.1.General objective(s) 

2. An economy that works for people

1.4.2.Specific objective(s) 

Specific objective No 1.2

Financial stability is preserved and improved by efficient supervision and crisis management mechanisms, by means to absorb shocks and diversify risks, and a comprehensive approach is in place to fight money laundering and the financing of terrorist activities.

1.4.3.Expected result(s) and impact

Specify the effects which the proposal/initiative should have on the beneficiaries/groups targeted.

In the area of supervision, the Authority is intended to improve the overall quality of AML/CFT supervision taking place in the EU, partly by exercising itself direct supervision over a limited number of the riskiest cross-border financial sector entities (and possibly certain other entities for which it may take over supervisory responsibility in emergency circumstances), and partly by exercising oversight and coordination over national supervisors, regarding both financial and non-financial sector obliged entities under EU AML/CFT legislation.

In the area of Financial Intelligence Units (FIUs), the Authority will promote greater efficiency and cooperation between FIUs, including by adopting harmonised templates for reporting and exchange of information, by carrying out analyses jointly with FIUs, and by taking over hosting of an existing information exchange infrastructure, FIU.net.

Both of these objectives should indirectly contribute to an increase in the amount of money laundering and terrorism financing activity in the EU which is either detected or prevented from happening by deterrence and higher likelihood of detection.

1.4.4.Indicators of performance 

Specify the indicators for monitoring progress and achievements.

General indicators

• Ratio of proposed versus adopted final budget (per annum)

Indirect supervision and coordination of supervisors

• Number of adopted technical standards relative to those required to be developed

• Number of draft technical standards submitted to the Commission for endorsement within the deadlines

• Number of technical standards proposed but rejected by the Commission

• Number of adopted non-binding recommendations relative to those required to be developed

• Number of hours training for supervisors

• Number of staff participating in exchanges / secondments

• Number of peer reviews conducted

• Number of obstacles to convergence identified and removed

• New practical tools and instruments to promote convergence

• Number of populated databases

Direct supervision of certain obliged entities

• Number of on-site inspections and dedicated investigations

• Number of meetings with supervised entities

• Number of decisions addressed to supervised entities

• Number of sanctions imposed on supervised entities

• Number of complaints / appeals from supervised companies

Coordination and Support of Financial Intelligence Units

• Number of joint analyses carried out

• Number of technical standards adopted

• Amount of guidance/recommendations addressed to FIUs.

1.5.Grounds for the proposal/initiative 

1.5.1.Requirement(s) to be met in the short or long term including a detailed timeline for roll-out of the implementation of the initiative

As analysed in the impact assessment accompanying this legislative proposal, the two main problems which the initiative aims to tackle are inconsistent AML/CFT supervision across the internal market, and insufficient coordination and exchange of information among Financial Intelligence Units. Concerning supervision, enforcement varies in effectiveness across Member States, due to differences in resources and practices. FIUs currently lack common methods and harmonised templates which hinder joint analysis, resulting in suboptimal detection of transactions and activities potentially connected to money laundering and terrorism financing.

1.5.2.Added value of Union involvement (it may result from different factors, e.g. coordination gains, legal certainty, greater effectiveness or complementarities). For the purposes of this point 'added value of Union involvement' is the value resulting from Union intervention which is additional to the value that would have been otherwise created by Member States alone.

The 2019 AML Package adopted by the Commission highlighted how criminals have been able to exploit the differences among Member State’s AML/CFT regimes. The cross-border nature of much money laundering and terrorism financing (ML/TF) makes good cooperation between national supervisors and FIUs essential to prevent these crimes. Many entities subject to AML obligations have cross-border activities, and different approaches by national supervisors and FIUs hinder them in achieving optimal AML/CFT practices at group level. Greater EU-level coordination, including a component of direct EU supervision of the riskiest entities, is needed to deal with these cross-border issues and maximise the EU’s financial system capacity to both prevent and detect ML/TF.

The proposal for an EU AML Authority is being adopted in conjunction with a proposal for an EU AML/CFT rulebook in the form of an EU Regulation. Together, these two initiatives are intended to considerably increase the convergence of AML/CFT supervision and enforcement across Member States and to reinforce the intensity of supervision, in particular by establishing EU-level supervision for the riskiest cross-border entities. Better cross-border cooperation between FIUs and improved domestic practices, from generalisation of best practices, will be an appropriate response to the cross-border nature of ML and TF.

1.5.3.Lessons learned from similar experiences in the past

Relevant past experiences include the creation of the three European Supervisory Authorities for financial services (ESAs), the Single Supervisory Mechanism for banks (SSM, not an EU agency but a branch of the European Central Bank), and the European Public Prosecutor’s Office.

From the experience of the European Supervisory Authorities, the observation has been drawn that a combination of resources from the EU budget and directly from Member States via national supervisors is complicated to operate and can constitute a burden on supervisors from smaller Member States; it can also compromise the independence of an Authority. It is therefore not proposed to have direct funding of the Authority from Member States.

From the SSM it has been observed that supervision of directly supervised entities can be carried out effectively using Joint Supervisory Teams, led by staff of the EU supervisor based in the Member State of a directly supervised entity, but also involving staff of the national supervisor. This model has been applied to the direct supervision activity of the Authority.

From the EPPO it has been observed that a significant time can be needed before a new body achieves administrative and budgetary autonomy, and this must be planned for, with Commission support during this period, including a seconded interim Executive Director.

1.5.4.Compatibility with the Multiannual Financial Framework and possible synergies with other appropriate instruments

A new budget line will need to be created, corresponding to the establishment of a new EU agency. In addition, the Multiannual Financial Framework 2021-2027 will need to be programmed so that the required resources are provided for the implementation of this legislation

1.5.5.Assessment of the different available financing options, including scope for redeployment

In cases where an EU body supervises private sector entities directly, it is frequently the case that such supervision is financed by fees paid by the supervised entities. This is the case with the SSM and with supervision by ESMA (European Securities and Markets Authority) of EU central counterparties trade repositories and credit rating agencies. In the case of the SSM, such fees are supported not only by directly supervised banks, but by all banks above certain size and activity thresholds, not all of which are directly supervised by the SSM.

This draft regulation repeals the provision of Regulation EU 2019/2175, which attributed certain competences for AML/CFT to the European Banking Authority (EBA) by amending its founding Regulation (Regulation 2010/1093) and reattributes the same competences to the Authority. That Regulation was accompanied by a Legislative Financial Statement which allocated 4 temporary agents and 4 contract agents to EBA, and the corresponding required contribution of EUR 529 000, which given the funding model for the ESAs represented 40% of the cost [the other 60% of the cost being borne by Member State National Competent Authorities]. It is proposed to reallocate this budget from EBA to the AML Authority.

FIU.net is a communication network between EU FIUs which is currently hosted by Europol, but is due to be soon (before September 2021) transferred to the Commission on a temporary basis, pending the creation of the Authority; this follows a decision of December 2019 by the European Data Protection Supervisor that the hosting of FIU.net by Europol goes beyond its mandate in terms of processing of personal data. The annual cost of hosting of FIU.net in the Commission, after the completion of the transfer from Europol to the Commission, is budgeted as €2 million and is attributed to DG FISMA of the Commission. It is proposed to fund this activity from the EU budget, as the cost will no longer be borne by the Commission. The overall effect on the EU budget will not however be neutral exactly budget neutral as the AML Authority would further develop FIU.net resulting in an increased annual cost equivalent to EUR 3 million in 2021 prices.

1.6.Duration and financial impact of the proposal/initiative

 limited duration

   Proposal/initiative in effect from [DD/MM]YYYY to [DD/MM]YYYY

   Financial impact from YYYY to YYYY

unlimited duration

◻ Implementation with a start-up period from 2023 to 2025,

followed by full-scale operation.

1.7.Management mode(s) planned 58  

Direct management by the Commission through

◻ executive agencies

 Shared management with the Member States

Indirect management by entrusting budget implementation tasks to:

◻ international organisations and their agencies (to be specified);

◻the EIB and the European Investment Fund;

✓bodies referred to in Articles 70 and 71;

◻ public law bodies;

◻ bodies governed by private law with a public service mission to the extent that they provide adequate financial guarantees;

◻ bodies governed by the private law of a Member State that are entrusted with the implementation of a public-private partnership and that provide adequate financial guarantees;

◻ persons entrusted with the implementation of specific actions in the CFSP pursuant to Title V of the TEU, and identified in the relevant basic act.

Comments

None

2.MANAGEMENT MEASURES 

2.1.Monitoring and reporting rules 

Specify frequency and conditions.

In line with standard arrangements practiced in existing agencies, the AML Authority will prepare regular reports on its activity (including internal reporting to Senior Management, reporting to Boards and the production of the annual report), and will be subject to audits by the Court of Auditors and the Commission's Internal Audit Service on its use of resources and performance.

2.2.Management and control system(s) 

2.2.1.Justification of the management mode(s), the funding implementation mechanism(s), the payment modalities and the control strategy proposed

Management and control systems are provided for in Chapter IV of the draft Regulation establishing the AML Authority. The Authority will ensure that the appropriate standards are met in all areas of the internal control framework. In addition, every financial year, the European Parliament, following a recommendation from the Council, grants discharge to each EU agency for the implementation of its budget; this procedure will also apply to the AML Authority.

2.2.2.Information concerning the risks identified and the internal control system(s) set up to mitigate them

Establishment of an internal control framework will be a priority of the AML Authority immediately after its establishment.

Risks already identified prior to the adoption of the draft regulation creating the AML Authority include the following:

-    Failure to collect in a timely way fees due to the Authority by Obliged Entities;

-    Cases of money laundering occurring in Obliged Entities directly supervised by the AML Authority during the time of that supervision.

2.2.3.Estimation and justification of the cost-effectiveness of the controls (ratio of "control costs ÷ value of the related funds managed"), and assessment of the expected levels of risk of error (at payment & at closure) 

The estimations made here are based on the experience of DG FISMA with oversight of the three European Supervisory Agencies for financial services (EBA, EIOPA, ESMA), which are all decentralised regulatory agencies, as the future AML Authority is envisaged to be.

Costs of controls - Supervision of agencies

Historically DG FISMA’s costs of the overall supervision of the Authority have been estimated at 0.5% of the annual contributions paid to them. Such costs include, for example but not exclusively, the costs related to the assessment of the annual programming and budget, the participation of DG FISMA's representatives in Management Boards, Boards of Supervisors and related preparatory work.

Costs of controls - Payment of annual contributions

The costs of control strictly related to the processing of the annual payments made to the Authority are based on the methodology used to calculate the costs related to other financial transactions in DG FISMA. They represent a tiny and irrelevant fraction of the payments made.



2.3.Measures to prevent fraud and irregularities 

Specify existing or envisaged prevention and protection measures, e.g. from the Anti-Fraud Strategy.

For the purposes of combating fraud, corruption and any other illegal activity, the provisions of Regulation (EU, Euratom) No 883/2013 of the European Parliament and of the Council of 11 September 2013 concerning investigations conducted by the European Anti-Fraud Office (OLAF) will apply to the AML Authority without any restriction.

The Authority will have a dedicated anti-fraud strategy and resulting action plan. Its actions in the area of anti-fraud must be compliant with the rules and guidance provided by the Financial Regulation (anti-fraud measures as part of sound financial management), OLAF’s fraud prevention policies, the provisions provided by the Commission Anti-Fraud Strategy: enhanced action to protect the EU budget (COM(2019)196 final) as well as set out by the Common Approach on EU decentralised agencies (July 2012) and the related roadmap.

In addition, the proposed Regulation establishing AMLA sets out the provisions on implementation and control of its budget and applicable financial rules, including those aimed at preventing fraud and irregularities. Its future internal Financial Regulation will lay this out in more detail.

3.ESTIMATED FINANCIAL IMPACT OF THE PROPOSAL/INITIATIVE 

3.1.Heading(s) of the multiannual financial framework and expenditure budget line(s) affected 

·Existing budget lines

In order of multiannual financial framework headings and budget lines.

Heading of multiannual financial framework

Budget line

Type of
expenditure

Contribution

Number

Diff./Non-diff. 59

from EFTA countries 60

from candidate countries 61

from third countries

within the meaning of Article 21(2)(b) of the Financial Regulation

7

20.020101.01-C1-PMO(FISMA)

20.020601.01-C1-FISMA

Non-diff.

NO

NO

NO

NO

1

03.020106-C1-FISMA

Diff.

YES

NO

NO

NO

1

03.100200-C1-FISMA

Diff.

NO

NO

NO

NO

·New budget lines requested

In order of multiannual financial framework headings and budget lines.

Heading of multiannual financial framework

Budget line

Type of
expenditure

Contribution

Number

Diff./non-diff.

from EFTA countries

from candidate countries

from third countries

within the meaning of Article 21(2)(b) of the Financial Regulation

1

03.10.YY.YY – EU Anti Money-Laundering Agency

Diff

NO

NO

NO

NO

3.2.Estimated impact on expenditure 

3.2.1.Summary of estimated impact on expenditure 

EUR million (to three decimal places): Current Prices

Heading of multiannual financial
framework

Number

1 Single market, Innovation and Digital

03.10.YY.YY: EU Anti Money Laundering Authority (AMLA)

2023

2024

2025

2026

2027

TOTAL

2021 – 2027 MFF

Title 1:

Commitments

(1)

0.809

7.489

19.148

7.094

7.236

41.776

Payments

(2)

0.809

7.489

19.148

7.094

7.236

41.776

Title 2:

Commitments

(1a)

0.252

3.974

4.742

1.726

1.761

12.455

Payments

(2a)

0.252

3.974

4.742

1.726

1.761

12.455

Title 3:

Commitments

(3a)

4.245

6.522

4.030

4.110

18.907

Payments

(3b)

4.245

6.522

4.030

4.110

18.907

TOTAL appropriations
for AMLA

Commitments

=1+1a +3a

1.061

15.708

30.412

12.850

13.107

73.138

Payments

=2+2a

+3b

1.061

15.708

30.412

12.850

13.107

73.138



EUR million (to three decimal places): Current Prices

Details on the sources of redeployment of commitment appropriations

2023

2024

2025

2026

2027

TOTAL

2021 – 2027 MFF

03.02.01.06 Implementation and development of the internal market for financial services (current prices) – re. FIU.net

Commitments

4

1.000

2.000

2.000

5.000

03.10.02 European Banking Authority (EBA)

Commitments

5

0.550

0.561

0.573

0.584

2.268

Margin Heading 1

Commitments

6

1.061

15.158

28.851

10.277

10.523

65.870

TOTAL Redeployments

Commitments

=4+5+6

1.061

15.708

30.412

12.850

13.107

73.138





Heading of multiannual financial
framework

7

‘Administrative expenditure’

EUR million (to three decimal places): Constant 2021 Prices

2023

2024

2025

2026

2027

TOTAL

2021 -2027 MFF

DG: FISMA

• Officials

1.216

1.216

2.432

• Contract Staff

0.328

0.328

0.656

• Other administrative expenditure – Missions

0.040

0.090

0.130

TOTAL DG FISMA

Appropriations

1.584

1.634

3.218

TOTAL appropriations
under HEADING 7
of the multiannual financial framework
 

(Total commitments = Total payments)

1.584

1.634

3.218

The administrative appropriations required will be met by the appropriations which are already assigned to management of the action and/or which have been redeployed, together if necessary with any additional allocation which may be granted to the managing DG under the annual allocation procedure and in the light of existing budgetary constraints.

EUR million (to three decimal places):

2023 62

2024

2025

2026

2027

TOTAL

2021 – 2027 MFF

TOTAL appropriations
under HEADINGS 1 to 7
of the multiannual financial framework
 

Commitments

2.645

17.342

30.412

12.850

13.107

76.356

Payments

2.645

17.342

30.412

12.850

13.107

76.356

3.2.2.Estimated impact on AMLA's appropriations 

   The proposal/initiative does not require the use of operational appropriations

   The proposal/initiative requires the use of operational appropriations, as explained below:

Commitment appropriations in EUR million (to three decimal places): Current Prices

Indicate objectives and outputs

2023

2024

2025

2026

2027

TOTAL

2021 – 2027 MFF

OUTPUTS

Type 63

Average cost

No

Cost

No

Cost

No

Cost

No

Cost

No

Cost

Total cost

SPECIFIC OBJECTIVE No 1 64

- Databases and IT systems (including transitional costs)

Database / IT

2.918

3.951

3.312

3.379

13.560

- Translation

Translation

0.265

0.406

0.110

0.113

0.894

- Missions

Missions

1.062

1.624

0.442

0.450

3.578

- Legal representation

External counsel

0.541

0.166

0.168

0.875

TOTAL COST

4.245

6.522

4.030

4.110

18.907

3.2.3.Estimated impact on AMLA's human resources 

3.2.3.1.Summary 

   The proposal/initiative does not require the use of appropriations of an administrative nature

   The proposal/initiative requires the use of appropriations of an administrative nature, as explained below:

EUR million (to three decimal places): Current prices – Only the part that is Union funded

2023

2024

2025

2026

2027

TOTAL

2021 – 2027 MFF

Temporary agents (AD Grades)

0.518

5.682

14.354

5.362

5.468

31.384

Temporary agents (AST grades)

0.462

2.493

0.962

0.982

4.899

Contract staff

0.291

1.186

1.815

0.308

0.315

3.915

Seconded National Experts

0.159

0.486

0.462

0.471

1.578

TOTAL

0.809

7.489

19.148

7.094

7.236

41.776

Staff requirements (FTE): Total posts Union funded and funded from fees or charges

2023

2024

2025

2026 65

2027

TOTAL 66

Temporary agents (AD Grades)

8

58

155

180

180

180

Temporary agents (AST grades)

7

30

30

30

30

Contract staff

10

30

30

30

30

30

Seconded National Experts

5

10

10

10

10

TOTAL

18

100

225

250

250

250

It is assumed that all staff hired in 2023 work for 6 months, the recruitment procedure having been started before the legal establishment of the Agency so that contracts can be signed as soon as the agency is established. Similarly, 20 TAs taking up post in 2024 are assumed to work the full year, the recruitment having been undertaken in 2023.All other additional staff are assumed to be hired throughout the year and are accordingly on average costed at 50% of the posts. Full staffing is thus assumed to be reached by the middle of 2026.

Details on Redeployment from the European banking Authority

Staff requirements (FTE):

2023

2024

2025

2026

2027

TOTAL

Temporary agents (AD Grades)

4

4

4

4

4

Temporary agents (AST grades)

Contract staff

4

4

4

4

4

Seconded National Experts

TOTAL

8

8

8

The allocation for staffing of the European Banking Authority (Establishment Plan posts and allocations for Contract Agents) will be reduced by 4 Temporary Agents (AD7s) and 4 Contract Agents (FGIVs) as the Anti-Money Laundering tasks allocated to EBA in the context of the ESAs Review will be undertaken by AMLA.

3.2.3.2.Estimated requirements of human resources for the parent DG

   The proposal/initiative does not require the use of human resources.

   The proposal/initiative requires the use of human resources, as explained below:

Estimate to be expressed in full amounts (or at most to one decimal place)

2023

2024

2025

2026

2027

·Establishment plan posts (officials and temporary staff)

20 01 02 01 and 20 01 02 02 (Headquarters and Commission’s Representation Offices)

8

8

20 01 02 03 (Delegations)

01 01 01 01 (Indirect research)

10 01 05 01 (Direct research)

External staff (in Full Time Equivalent unit: FTE) 67

20 02 01 (AC, END, INT from the ‘global envelope’)

4

4

20 02 03 (AC, AL, END, INT and JPD in the Delegations)

Budget line(s) (specify)  68

- at Headquarters 69

- in Delegations

01 01 01 02 (AC, END, INT – Indirect research)

10 01 05 02 (AC, END, INT – Direct research)

Other budget lines (specify)

TOTAL

12

12

The human resources required will be met by staff from the DG who are already assigned to management of the action and/or have been redeployed within the DG, together if necessary with any additional allocation which may be granted to the managing DG under the annual allocation procedure and in the light of budgetary constraints.

Description of tasks to be carried out:

Officials and temporary staff

A ‘taskforce’ of 12 (of which 8 Officials or Temporary Agents and 4 Contract Agents) will need to be established in DG FISMA to ensure the rapid set-up and operationalisation of the EU Anti-Money Laundering Agency (AMLA). The taskforce will contribute to the rapid recruitment of AMLA staff as well as the establishment of the administrative, logistical, HR, budgetary and financial procedures as well as the systems necessary for ensuring that the required funding from fees/charges is available to AMLA at the times foreseen. Without the establishment of this taskforce, it would not be possible for AMLA to be fully established and ready to undertake all its supervisory tasks as well as its co-ordination tasks by the start of 2026.

External staff

A ‘taskforce’ of 12 (of which 8 Officials or Temporary Agents and 4 Contract Agents) will need to be established in DG FISMA to ensure the rapid set-up and operationalisation of the EU Anti-Money Laundering Agency (AMLA). The taskforce will contribute to the rapid recruitment of AMLA staff as well as the establishment of the administrative, logistical, HR, budgetary and financial procedures as well as the systems necessary for ensuring that the required funding from fees/charges is available to AMLA at the times foreseen. Without the establishment of this taskforce, it would not be possible for AMLA to be fully established and ready to undertake all its supervisory tasks as well as its co-ordination tasks by the start of 2026.

Description of the calculation of cost for FTE units should be included in the Annex V, section 3.

3.2.4.Compatibility with the current multiannual financial framework 

   The proposal/initiative is compatible the current multiannual financial framework.

   The proposal/initiative will entail reprogramming of the relevant heading in the multiannual financial framework.

Explain what reprogramming is required, specifying the budget lines concerned and the corresponding amounts.

A new budget line will need to be created, corresponding to the establishment of a new EU agency. In addition, the Multiannual Financial Framework 2021-2027 will need to be programmed so that the required resources are provided for the implementation of this legislation. In particular, as set out above, the proposed additional budget will be financed by a redeployment of a small part the Union contribution (and posts) from the European Banking Authority (EBA), a small redeployment from the allocation for the Single Market Programme (in relation to the cost of hosting the FIU.net IT system) and in the main by a utilisation of the margin under Heading 1.

   The proposal/initiative requires application of the flexibility instrument or revision of the multiannual financial framework 70 .

Explain what is required, specifying the headings and budget lines concerned and the corresponding amounts.

3.2.5.Third-party contributions 

   The proposal/initiative does not provide for co-financing by third parties.

   The proposal/initiative provides for the co-financing estimated below:

EUR million (to three decimal places)

2023

2024

2025

2026

2027

Total

2021 – 2027

Fees from directly supervised entities and fee/levies for indirect supervision of financial institutions 71

36.179

39.302

75.481

TOTAL appropriations co-financed

36.179

39.302

75.481


Estimated impact on revenue

   The proposal/initiative has no financial impact on revenue.

   The proposal/initiative has the following financial impact:

   on own resources

   on other revenue

◻ please indicate, if the revenue is assigned to expenditure lines

EUR million (to three decimal places)

Budget revenue line:

Appropriations available for the current financial year

Impact of the proposal/initiative 72

Year
N

Year
N+1

Year
N+2

Year
N+3

Enter as many years as necessary to show the duration of the impact (see point 1.6)

Article ………….

For miscellaneous ‘assigned’ revenue, specify the budget expenditure line(s) affected.

Specify the method for calculating the impact on revenue.



ANNEX - ASSUMPTIONS

1. General Assumptions

The AML Authority

Title I – Staff Expenditure

The following specific assumptions have been applied in the calculation of the staff expenditure based upon the identified staffing needs explained below:

·The date of legal establishment of the Authority will be immediately upon entry into force of this Regulation (probably early in 2023), but in 2023 the Authority will not carry out any operational tasks only administrative ones associated with its setting up. Staff recruited in 2023 (18 headcount) will be exclusively administrative and HR staff.

·Direct supervision of all selected entities will begin in 2026, therefore a full complement of the 100 staff for direct supervision will have to be in place by the end of 2025.

·By the middle of year 2025, the process of selection of entities for direct supervision, and determination of fees/levies, will be completed (the list of entities subject to fees/levies will be larger than those subject to direct supervision). From 2026 onwards, the Authority would be majority funded by fees/levies.

·Regarding operational activities other than direct supervision, the Authority will start to exercise its functions in 2024, and grow to full staffing over a three year period, with full staffing foreseen to be reached being reached by the end of 2026. Staff recruited during 2026 will work on indirect supervision of the non-financial sector and FIU support. 2027 will therefore be the first year in which the Authority is fully staffed over a full year.

·Newly hired staff in 2023 2024 2025 and 2026 are costed for 6 months given the assumed time needed to recruit the additional staff, however 20 new staff taking up post at the beginning of 2024 are costed for a full 12 months as the recruitment procedure would be conducted in 2023 ;

·The average annual cost for 2021 of a Temporary Agent is EUR 152 000, of a Contract Agent is EUR 82 000 and for a seconded national expert is EUR 86 000, all of which including EUR 25 000 of ‘habillage’ costs under Title II (Buildings, IT, etc.) and these figures have been indexed at 2% per annum from 2023 on so that the Legislative Financial Statement can be presented in current prices;

·No positive or negative correction coefficient is applied, since the seat of the Authority is unknown (it is conventional for a Commission proposal for the establishment of a new agency to be blank as regards the location of the seat);

·Employer’s pension contributions for Temporary Agents and Contract Agents have been based upon the standard basic salaries included in the standard average annual costs for 2021, i.e. EUR 96 724 and EUR 54 200 respectively, again indexed at 2% per annum from 2023 on to arrive at current prices.

Title II – Infrastructure and operating expenditure

Costs are based upon multiplying the number of staff by the proportion of the year employed by the standard cost for ‘habillage’, i.e. EUR 25 000 plus EUR 2 500 per staff member 73 to cover other administrative expenses, both amounts in 2021 prices and indexed to arrive at current prices.

However, during year 1 of effective operations (2024) office space sufficiently large for the full staffing of the Agency will need to be hired. Therefore in addition to the standard habillage calculation (EUR 25,000 multiplied by 82.5 staff FTEs) an additional EUR 2 million (in current prices) has been budgeted to allow for rental and potential building fit-out costs.

The Commission

Based on recent experience of setting up of new agencies, a fixed-duration Task Force of 12 persons (8 AD officials and 4 Contract Agents) will be needed for 2023 and 2024 in order to efficiently and rapidly set up the Authority, including an interim Executive Director seconded from the Commission, and a team of specialists in HR, IT, finance and procurement. These persons will be provided by redeployment internally within the European Commission. Some of the staff in the Task Force (four in this estimate) will need to be contract staff, due to the short-term nature of the Task Force. Missions will be required, especially after the Authority starts operations in its place of seat from 2024. The staff for this taskforce has been costed at the average for 2021 of EUR 152 000 per staff member for an Official (a rate that includes building and IT costs, so-called ‘habillage’) and EUR 82 000 for a Contract Agent.

2. Specific information

Staffing levels

The total staffing level for the Authority when fully resourced, as stated in Annex 5 of the impact assessment accompanying this proposal, is planned as 250, of which 100 staff engaged in direct supervision of certain Obliged Entities. However, if the Authority is located near to an existing EU Agency with which it can share support functions, then the total staffing level could be somewhat less than 250; if that is the case, this LFS should be amended during the legislative process.

The number of 100 staff engaged in direct supervision is based on an estimated number of entities under direct supervision by the Authority in the range of 12 to 20 and an average number of Authority staff working on each directly supervised entity in the range of 5 to 8. Almost all of the 100 staff will be based in Member States, not at the seat of the Authority, as they will be heading Joint Supervisory Teams with participation of staff members of national AML/CFT supervisors.

Regarding the 150 staff not engaged in direct supervision, this number is set at the minimum level needed to carry out the full range of tasks of the Authority. It is significantly under the average 2020 staffing level of the three ESAs. The 150 planned non-direct supervision staff of the Authority can be broken down into the following activities:

·Executive Board members, Executive Director and Chairperson (7 FTE);

·Central administration and support staff (budget, procurement, HR, IT legal etc.);

Indirect supervision (coordination and oversight of national supervisors) in the financial sector;

Indirect supervision (coordination and oversight of national supervisors) in the non-financial sector;

·Coordination and support to the work of FIUs.

The draft regulation establishing the Authority lays down the number of Executive Board members as 5, plus the Chair; they will not be permanent staff members of the Authority but independent full time public office holders. Based on experience at the ESAs, the number of necessary central administration and support staff can be estimated as 20 (less if support services are shared with another Agency). The exact allocation of the remaining 123 across the other activities will be entrusted to the Authority itself, but it is estimated that about 70 FTE will work on indirect supervision of the financial sector (this is relevant for fees/levies – see below).

Title III costs – operating expenditure

Costs are estimated subject to the following general assumptions:

·Translation costs at full operation are estimated as just over €0.5 million per year in 2021 prices and indexed to arrive at current prices. The rates assumed for 2024 and 2025 are assumed to be 50% and 75% thereof respectively;

·Transitional IT costs include: the one-off IT costs of transferring IT systems to AMLA and other IT start-up costs for AMLA assumed to be EUR 1 million in 2023 and EUR 400 000 in 2024 (both in 2021 prices).

·On-site supervision costs are EUR 2 500 per person per visit. The mission budget of €2 million (in 2021 prices) at full operation (i.e. from 2027 on) accounts for 800 individual missions (the mission budget for 2024 being 50% of that at full operation and 75% of full operation in 2025).

·Litigation expenses relate to the use of external counsel for litigation with directly supervised entities regarding decisions addressed to them, with entities subject to fees/levies regarding the level of fees/levies, and with national supervisors in cases where the Authority finds them to be deficient in supervision of an entity and proposes transfer of supervisory competence to the Authority. The annual litigation expense is estimated at €0.75 million at full operation (in 2021 prices).

The Authority will take over from EBA the AML database which EBA was mandated to produce by Regulation EU 2019/2175 (ESA review Regulation), referred to in article 9a of the EBA Regulation (see point 1.5.5. in the LFS), which first granted AML competences to EBA, together with the 8 posts allocated to EBA for AML in that legislation. The amount foreseen for EBA in the LFS of the Commission proposal granting those additional powers to EBA (COM(2018) 646 final), was €0.53 million per year from the Union budget on an ongoing basis (40% of the total cost, due to the mixed funding nature of the ESAs). This funding (appropriately indexed) would be transferred to the AML Authority.

The AML Authority will take also over from the Commission the hosting of the information exchange system for FIUs known as FIU.net. The hosting of this network is being transferred from Europol to the Commission in the course of 2021, but Commission hosting is envisaged as being temporary until the Authority can take over as permanent host. The cost of hosting FIU.net, independently of the transfer-related costs, consists essentially of IT costs (maintenance of secure hardware and software for cross-border exchange of sensitive information between FIUs). The annual cost of hosting FIU.net while in the Commission is approximately €2 million, but this is a conservative estimation to only secure a safe system for the moment. The Authority will need to develop additional functionalities to provide effective tools to exchange information between FIUs and the budget estimated for the FIU.net system here is therefore €3 million (in 2021 prices), of which about €2 million (in current prices) will correspond to a saving on the EU budget due to the transfer of FIU.net from the Commission to AMLA as from mid-2025 (the first year when the transfer of FIU.net from the Commission to the Authority is realistically possible).

Fee/levy revenue

The activities of the Authority to be funded by fee/levy revenue are costs related to direct supervision and indirect supervision of the financial sector. Regarding Title I and Title II, the total FTE staff numbers at full operation engaged in these two activities is estimated as 192. Regarding Title III, the costs which are considered to fall into this category are all Title III costs with the exclusion of the operation of FIU.net and 20% of costs for translation, missions and litigation. For a full year at full operation, these costs amount to €4.9 million out of €9 million on Title III (both amounts in current prices). Overall these estimations give fee revenue of approximately €40 million in a year of full operation, corresponding to approximately 75% of expenses of the Authority, leaving just over €13.3 million of expenses to the Union budget.

In years 1 and 2 of effective operations (2024 and 2025) zero fee/levy revenue is planned, as the Authority will not yet be in a position to levy fees/impose levies; the selection of entities subject to fees/levies will take up the first year and a half of activity of the Authority, the list of entities being published in August 2025 and invoices for ex-ante contributions for 2026 sent out immediately thereafter. The overall effect of these assumptions is that the cost of the Authority to the Union budget (excluding the cost of the temporary Commission taskforce that would need to be established to set-up the Authority) is of the order of just over €1 million in 2023, just under €16 million in 2024, and €30 million in 2025, then falling to €12.8 million in 2026 and just over €13 million in 2027 and thereafter.

Fees/levies corresponding to eligible expenditure in year N will be collected in year N-1 based on the draft budget for year N. If the estimated expenditure on direct supervision in a certain year is higher or lower than budgeted, the fees/levies levied in the following year should be adapted to correct for this.

Regarding the Obliged Entities subject to fees/levies, the draft regulation establishing the Authority excludes non-financial sector Obliged Entities, and limits fees/levies to a selection of financial sector entities, to be determined in a Commission delegated act.

The table below summarises the planned evolution of fee/levy revenue for the Authority.

EU Anti Money Laundering Authority (AMLA) – Fee & Levy Funding

2024

2025

2026

2027

TOTAL

2023 – 2027

Title 1: (including employer’s pension contributions)

Commitments

(1)

26.033

28.573

54.606

Payments

(2)

26.033

28.573

54.606

Title 2:

Commitments

(1a)

5.343

5.830

11.173

Payments

(2a)

5.343

5.830

11.173

Title 3:

Commitments

(3a)

4.803

4.899

9.702

Payments

(3b)

4.803

4.899

9.702

TOTAL Fee & Levy funded appropriations
for AMLA

Commitments

=1+1a +3a

36.179

39.302

75.481

Payments

=2+2a

+3b

36.179

39.302

75.481

(1)    Europol, ‘From suspicion to action: Converting financial intelligence into greater operational impact’, 2017.
(2)    Communication from the Commission - Towards better implementation of the EU's anti-money laundering and countering the financing of terrorism framework (COM/2019/360 final), Report from the Commission on the assessment of recent alleged money laundering cases involving EU credit institutions, (COM/2019/373 final), and other reports.
(3)    COM(2020) 605 final.
(4)    Communication from the Commission on an Action Plan for a comprehensive Union policy on preventing money laundering and terrorist financing 2020/C 164/06; C/2020/2800; OJ C 164, 13.5.2020, p. 21–33: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52020XC0513(03) .
(5)    European Parliament resolution of 10 July 2020 on a comprehensive Union policy on preventing money laundering and terrorist financing – the Commission’s Action Plan and other recent developments (2020/2686(RSP)), P9_TA(2020)0204; https://www.europarl.europa.eu/doceo/document/TA-9-2020-0204_EN.html .
(6)     https://data.consilium.europa.eu/doc/document/ST-12608-2020-INIT/en/pdf .
(7)    The scope of supervision for the EU AML/CFT supervisor should focus, at this stage, on: credit institutions, payment institutions, bureau de change, E money institutions, virtual asset service providers covered by FATF recommendations, amongst others, with the option of assessing an expansion of supervision to other risky obliged entities in the future, but also considering the more homogeneous nature of the financial sector and the high level of harmonisation with regard to prudential requirements compared with the non-financial sector. The EU risk-based supervision should take the following parameter into account: the risk arising from the nature of the obliged entity’s business – in particular its customer base, products, delivery channels, geographical exposure, and taking into account cross border aspects; emerging risks associated with the evolving distribution methods, especially the challenges to AML/CFT posed by the digitalisation of financial services as well as the consequences if these risks materialised.
(8)    For further detail see the accompanying impact assessment. [OP please insert the link to SWD(2021)190]
(9)    EBA/Rep/2020/06, available at https://eba.europa.eu/file/744071/download?token=Tf9XDqWX .
(10)    Not publicly available.
(11)    ECA special report ‘EU efforts to fight money laundering in the banking sector are fragmented and implementation is insufficient’: https://www.eca.europa.eu/Lists/ECADocuments/SR21_13/SR_AML_EN.pdf .
(12)    For further detail see the accompanying impact assessment [OP please insert the link to SWD(2021)190]
(13)    Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amended by Directive (EU) 2018/843 of the European Parliament and of the Council (OJ L 156, 19.6.2018, p. 43-74).
(14)    Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds and repealing Regulation (EC) No 1781/2006 (Text with EEA relevance), (OJ L 141, 5.6.2015, p. 1-18).
(15)    Directives (EU) 2015/2366, (EU) 2014/92, and (EU) 2009/110.
(16)    Directive (EU) 2019/1153.
(17)    Case C-217/04 United Kingdom v Parliament and Council EU:C:2006:279, paragraph 44, and Case C-270/12 United Kingdom v Parliament and Council EU:C:2014:18, paragraph 104.
(18)     https://ec.europa.eu/info/publications/190724-anti-money-laundering-terrorism-financing-communication_en .
(19)    Granted to EBA by Regulation EU 2019/2175 (ESA review regulation).
(20)    Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing.
(21)    Commission Staff Working Document SWD(2021)190 - Impact Assessment Report Accompanying the package of Commission legislative proposals regarding Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT), and law enforcement, including: Draft Regulation on AML/CFT, also amending the existing Transfer of Funds Regulation (Regulation 2015/847); Draft amendment of Directive 2015/849 on AML/CFT; Draft Regulation creating an EU Authority for AML/CFT, in the form of a regulatory agency; Draft amendment of Directive 2019/1153 facilitating the use of financial and other information for the prevention, detection, investigation or prosecution of certain criminal offences.
(22)    See accompanying Impact Assessment [OP please insert the link to SWD(2021)190]
(23)    For further reflections on the FIU support and coordination mechanism please see the accompanying Impact Assessment [OP please insert the link to SWD(2021)190]
(24)    Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the EU institutions, bodies, offices and agencies and on the free movement of such data.
(25)    This database was created by Regulation EU 2019/2175 (ESA review regulation) which at the same time extended the competence of EBA in the area of AML/CFT.
(26)    FIU.net has been hosted by Europol since 2016, but is due to be transferred to the Commission on a temporary basis before September 2021, pending the creation of the Authority. This follows a decision of the European Data Protection Supervisor from December 2019 according to which the hosting of FIU.net by Europol goes beyond the mandate of the latter in terms of processing of personal data.
(27)    This database was created by Regulation EU 2019/2175 (ESA review regulation) which at the same time extended the competence of EBA in the area of AML/CFT.
(28)    FIU.net has been hosted by Europol since 2016, but is due to be transferred to the Commission on a temporary basis before September 2021, pending the creation of the Authority. This follows a decision of the European Data Protection Supervisor from December 2019 according to which the hosting of FIU.net by Europol goes beyond the mandate of the latter in terms of processing of personal data.
(29)    https://europa.eu/european-union/sites/europaeu/files/docs/body/joint_statement_and_common_approach_2012_en.pdf.
(30)    OJ C , , p. .
(31)    [add reference] OJ C , , p. .
(32)     https://europa.eu/european-union/sites/default/files/docs/body/joint_statement_and_common_approach_2012_en.pdf .
(33)    Regulation (EU) 2021/240 of the European Parliament and of the Council of 10 February 2021 establishing a Technical Support Instrument (OJ L 57, 18.2.2021, p. 1).
(34)    Council Regulation (EU) 2017/1939 of 12 October 2017 implementing enhanced cooperation on the establishment of the European Public Prosecutor’s Office (‘the EPPO’) (OJ L 283, 31.10.2017, p. 1).
(35)    Regulation (EU, EURATOM) No 883/2013 of the European Parliament and of the Council of 11 September 2013 concerning investigations conducted by the European Anti-Fraud Office (OLAF) and repealing Regulation (EC) No 1073/1999 of the European Parliament and of the Council and Council Regulation (Euratom) No 1073/1999 (OJ L 248, 18.9.2013, p. 1).
(36)    Commission Delegated Regulation (EU) 2019/715 of 18 December 2018 on the framework financial regulation for the bodies set up under the TFEU and Euratom Treaty and referred to in Article 70 of Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council (OJ L 122, 10.5.2019, p. 1).
(37)     https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52013JC0001 .
(38)    Regulation No 31 (EEC), 11 (EAEC) laying down the Staff Regulations of Officials and the Conditions of Employment of Other Servants of the European Economic Community and the European Atomic Energy Community (OJ P 045 14.6.1962, p. 1385).
(39)    Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents (OJ L 145, 31.5.2001, p. 43).
(40)    Council Regulation No 1 determining the languages to be used by the European Economic Community ( OJ 17, 6.10.1958, p. 385).
(41)    Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).
(42)    Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1).
(43)    Council Regulation (EU) No 1024/2013 of 15 October 2013 conferring specific tasks on the European Central Bank concerning policies relating to the prudential supervision of credit institutions (OJ L 287, 29.10.2013, p. 63).
(44)    Directive 2014/59/EU of the European Parliament and of the Council of 15 May 2014 establishing a framework for the recovery and resolution of credit institutions and investment firms and amending Council Directive 82/891/EEC, and Directives 2001/24/EC, 2002/47/EC, 2004/25/EC, 2005/56/EC, 2007/36/EC, 2011/35/EU, 2012/30/EU and 2013/36/EU, and Regulations (EU) No 1093/2010 and (EU) No 648/2012 of the European Parliament and of the Council (OJ L 173, 12.6.2014, p. 190).
(45)    Directive 2014/49/EU of the European Parliament and of the Council of 16 April 2014 on deposit guarantee schemes (OJ L 173, 12.6.2014, p. 149).
(46)    Regulation (EU) No 1093/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Banking Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/78/EC (OJ L 331, 15.12.2010, p. 12).
(47)    Regulation (EU) No 1094/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Insurance and Occupational Pensions Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/79/EC (OJ L 331, 15.12.2010, p. 48).
(48)    Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (OJ L 331, 15.12.2010, p. 84).
(49)    Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds and repealing Regulation (EC) No 1781/2006 (OJ L 141, 5.6.2015, p. 1).
(50)    Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No 648/2012 (OJ L 176, 27.6.2013, p. 1)
(51)    Directive 2013/34/EU of the European Parliament and of the Council of 26 June 2013 on the annual financial statements, consolidated financial statements and related reports of certain types of undertakings, amending Directive 2006/43/EC of the European Parliament and of the Council and repealing Council Directives 78/660/EEC and 83/349/EEC (OJ L 182, 29.6.2013, p. 19).
(52)    Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council of 18 July 2018 on the financial rules applicable to the general budget of the Union, amending Regulations (EU) No 1296/2013, (EU) No 1301/2013, (EU) No 1303/2013, (EU) No 1304/2013, (EU) No 1309/2013, (EU) No 1316/2013, (EU) No 223/2014, (EU) No 283/2014, and Decision No 541/2014/EU and repealing Regulation (EU, Euratom) No 966/2012 (OJ L 193, 30.7.2018, p. 1).
(53)    Council Regulation (EU) 2016/300 of 29 February 2016 determining the emoluments of EU high-level public office holders (OJ L 58, 4.3.2016, p. 1).
(54)    Commission Decision (EU, Euratom) 2015/444 of 13 March 2015 on the security rules for protecting EU classified information (OJ L 72, 17.3.2015, p. 53).
(55)    Commission Decision (EU, Euratom) 2015/443 of 13 March 2015 on Security in the Commission (OJ L 72, 17.3.2015, p. 41)
(56)    Council Regulation (EC) No 2965/94 of 28 November 1994 setting up a Translation Centre for bodies of the European Union (OJ L 314, 7.12.1994, p. 1).
(57)    As referred to in Article 58(2)(a) or (b) of the Financial Regulation.
(58)    Details of management modes and references to the Financial Regulation may be found on the BudgWeb site: https://myintracomm.ec.europa.eu/budgweb/EN/man/budgmanag/Pages/budgmanag.aspx .
(59)    Diff. = Differentiated appropriations / Non-diff. = Non-differentiated appropriations.
(60)    EFTA: European Free Trade Association.
(61)    Candidate countries and, where applicable, potential candidates from the Western Balkans.
(62)    Approximation for 2023 and 2024 given the different bases (indicated above) required to be applied for heading 1 and heading 7 expenditure.
(63)    Outputs are products and services to be supplied (e.g.: number of student exchanges financed, number of km of roads built, etc.).
(64)    As described in point 1.4.2. ‘Specific objective(s)…’
(65)    From 2026 onwards, 192 of the total 250 posts (i.e. 77%) will be funded from fees/charges, of which 164 Temporary Agents (141 ADS and 23 ASTs), 25 Contract Agents and 3 Seconded National Experts
(66)    Total at foreseen full staffing.
(67)    AC = Contract Staff; AL = Local Staff; END = Seconded National Expert; INT = agency staff; JPD = Junior Professionals in Delegations.
(68)    Sub-ceiling for external staff covered by operational appropriations (former ‘BA’ lines).
(69)    Mainly for the EU Cohesion Policy Funds, the European Agricultural Fund for Rural Development (EAFRD) and the European Maritime Fisheries and Aquaculture Fund (EMFAF).
(70)    See Articles 12 and 13 of Council Regulation (EU, Euratom) No 2093/2020 of 17 December 2020 laying down the multiannual financial framework for the years 2021 to 2027.
(71)    Full cost of the staff (including associated title II costs and pension contributions) and the operational costs resulting from direct supervision activities and indirect supervision of financial institutions. 
(72)    As regards traditional own resources (customs duties, sugar levies), the amounts indicated must be net amounts, i.e. gross amounts after deduction of 20 % for collection costs.
(73)    In their budgets for 2021 the Title II costs of the ESAs excluding buildings and ICT vary from EUR 1 700 to nearly EUR 5 000 per employee.

Brussels, 20.7.2021

COM(2021) 421 final

ANNEXES

to the

Proposal for a
REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism and amending Regulations (EU) No 1093/2010, (EU) 1094/2010, (EU) 1095/2010





ANNEX I

List of the coefficients linked to aggravating and mitigating factors for the application of Article

List of the coefficients linked to aggravating and mitigating factors for the application of Article 20.

The following coefficients shall be applicable in a cumulative way to the basic amounts referred to in Article 20(6) on the basis of each of the following aggravating and mitigating factors:

I. Adjustment coefficients linked to aggravating factors:

1. If the breach has been committed repeatedly, for every time it has been repeated, an additional coefficient of 1,1 shall apply.

2. If the breach has been committed for more than six months, a coefficient of 1,5 shall apply.

3. If the infringement has revealed systemic weaknesses in the organisation of the selected obliged entity, in particular in its procedures, management systems or internal controls, a coefficient of 2,2 shall apply.

4. If the infringement has been committed intentionally, a coefficient of 3 shall apply.

5. If no remedial action has been taken since the breach has been identified, a coefficient of 1,7 shall apply.

6. If the selected obliged entity’s senior management has not cooperated with the Authority in carrying out its investigations, a coefficient of 1,5 shall apply.

II. Adjustment coefficients linked to mitigating factors:

1. If the selected obliged entity’s senior management can demonstrate that they have taken all the necessary measures to prevent the breach, a coefficient of 0,7 shall apply.

2. If the selected obliged entity has brought quickly, effectively and completely the breach to Authority’s attention, a coefficient of 0,4 shall apply.

3. If the selected obliged entity has voluntarily taken measures to ensure that similar breach cannot be committed in the future, a coefficient of 0,6 shall apply.

ANNEX II

List of directly applicable requirements referred to in Article 21(1) and 21(3)

1.Requirements related to customer due diligence referred to in Article 21(3), points (a) and (b) shall be those in : Articles 15, 16, 17, 18, 19, 20, 21, 27, 28, 30, 31, 32, 34, 36, and 37 of [AMLR].

2.Requirements related to group policies and procedures referred to in Article 21(3), point (a)shall be those in : Articles 13 and 14 of [AMLR].

3.Requirements related to reporting obligations referred to in Article 23(3), points (a) and (b)shall be those in : Articles 50, 51 and 52 of [AMLR] and Articles 9, 13 and 18 of [TFR recast].

4.Requirements related to internal policies, controls and procedures referred to in Article 23(3), point (b)shall be those in : Articles 7, 8, 9, 38, 39 and 40 of the [AMLR].

5.Other requirements referred to in Article 23(3), points (c) and (d)shall be those in: Articles 54, 56, 57 and 58 of [AMLR] and Articles 7, 8, 10, 11, 12, 14, 16, 17, 19, 21 of [TFR].