EU AMLD6: What Changes for AML Compliance Teams in 2026

The European Union’s 6th Anti-Money Laundering Directive (AMLD6) represents a significant escalation in the EU’s approach to combating money laundering and terrorist financing. While it builds on the framework established by its predecessors — particularly AMLD4 and AMLD5 — the sixth directive introduces changes that materially alter the compliance landscape for financial institutions and other obliged entities operating across Europe.

For compliance teams, understanding what has changed is not optional. AMLD6 does not simply refine existing obligations. It expands who can be held criminally liable, harmonises the list of predicate offences across all member states, increases the severity of penalties, and strengthens cooperation requirements between jurisdictions. These are structural changes that demand corresponding adjustments to compliance programs, risk assessments, and monitoring frameworks.

The shift to harmonised predicate offences

One of the most consequential changes under AMLD6 is the harmonisation of predicate offences — the underlying criminal activities whose proceeds constitute money laundering when processed through the financial system.

Under previous directives, member states had significant discretion in defining which offences qualified as predicates for money laundering charges. This created an inconsistent patchwork across the EU. An activity that constituted a predicate offence in one jurisdiction might not in another, creating gaps that sophisticated laundering operations could exploit.

AMLD6 establishes a minimum list of 22 predicate offences that all member states must recognise. These include:

• Tax crimes (both direct and indirect taxation) — a significant expansion, as tax offences were not universally treated as predicates under prior frameworks
• Cybercrime, reflecting the growing role of digital criminal activity in generating illicit proceeds
• Environmental crimes, acknowledging that environmental offences generate substantial illicit profits
• Human trafficking and smuggling
• Fraud, corruption, and counterfeiting
• Organised crime participation
• Terrorism and terrorist financing
• Drug trafficking and arms trafficking
• Piracy, insider dealing, and market manipulation

The inclusion of tax crimes is particularly important for compliance teams. It means that proceeds from tax evasion must now be treated as potential money laundering across every EU jurisdiction, requiring transaction monitoring systems and suspicious activity reporting frameworks to account for tax-related red flags that may not have been previously prioritised.

What this means in practice: Compliance teams need to review their risk assessment methodologies and transaction monitoring rules to ensure they cover the full harmonised list. Customer risk profiles may need updating where customers operate in sectors or jurisdictions with elevated risk for newly harmonised predicates — particularly tax crimes and environmental crimes.

Expanded criminal liability

AMLD6 fundamentally changes who can be held criminally liable for money laundering offences, and this is where compliance teams need to pay the closest attention.

Under AMLD6, criminal liability extends explicitly to legal persons — not just individuals. This means that companies, partnerships, and other legal entities can face criminal prosecution for money laundering, not merely administrative sanctions or fines.

The conditions for corporate criminal liability are broad:

• Liability attaches when the offence is committed for the benefit of the legal person by any person who holds a leading position within it — whether through power of representation, authority to take decisions, or authority to exercise control.
• Crucially, liability also applies where lack of supervision or control by a person in a leading position made the commission of the offence possible. This extends liability to situations of negligent oversight, not just active participation.

For individuals, AMLD6 introduces liability for aiding, abetting, and inciting money laundering, as well as for attempting to launder money. The definition of laundering itself is broadened — “self-laundering” (laundering the proceeds of one’s own criminal activity) is now explicitly criminalised across all member states.

What this means in practice: The compliance function is directly implicated. If a money laundering offence occurs and it can be shown that inadequate supervision or control mechanisms contributed, the entity itself — and potentially senior individuals — face criminal liability. This elevates the importance of demonstrable compliance: not just having policies, but evidencing that controls are implemented, monitored, and effective.

Tougher and more consistent penalties

AMLD6 sets minimum penalty standards across the EU, reducing the disparity between jurisdictions:

• For natural persons: A minimum maximum imprisonment term of four years for money laundering offences. Member states can impose higher maximums, but cannot fall below this floor.
• Aggravating circumstances — such as laundering committed in the framework of a criminal organisation, or offences involving large amounts — can trigger significantly higher penalties.
• For legal persons: Penalties must include criminal or non-criminal fines, and may include exclusion from public benefits, judicial winding-up, temporary or permanent closure of establishments, and placement under judicial supervision.

The harmonisation of penalties removes the incentive for criminals to route laundering operations through jurisdictions with historically weaker enforcement. For compliance teams, it means that the consequences of a compliance failure are now more predictable and consistently severe across every EU market in which the firm operates.

Enhanced cooperation and information sharing

AMLD6 strengthens requirements for cross-border cooperation between member states in investigating and prosecuting money laundering offences. Key provisions include:

• Jurisdiction rules: Member states must establish jurisdiction over offences committed in their territory, by their nationals, or for the benefit of legal persons established in their territory. Where multiple jurisdictions have a claim, AMLD6 provides a framework for coordination.
• Mutual legal assistance: Enhanced requirements for timely cooperation between competent authorities across borders.
• Centralised registers: The directive reinforces the requirement for centralised bank account registries and beneficial ownership registers, enabling authorities to access information more rapidly during investigations.

For firms operating across multiple EU jurisdictions, this means that a compliance failure detected in one country is more likely to trigger investigation in others. The days of jurisdictional silos limiting the scope of enforcement are numbered.

Impact on compliance program design

These changes collectively require compliance teams to re-examine several core elements of their programs:

Risk assessment methodology must account for the expanded predicate offence list. Where a firm’s risk assessment previously excluded or de-prioritised certain offence types (particularly tax crimes and environmental crimes), it must now incorporate them. Risk scoring models should reflect the harmonised offence list.

Transaction monitoring rules and scenarios need review. Monitoring systems calibrated to detect traditional laundering typologies may not adequately cover patterns associated with tax-related money laundering or environmental crime proceeds. New scenarios or rule adjustments may be required.

Customer due diligence procedures should be evaluated against the expanded criminal liability provisions. Where CDD identifies customers or beneficial owners with exposure to newly harmonised predicates, enhanced due diligence measures must be applied consistently.

Training programs must be updated to cover the expanded scope of AMLD6. Staff across the first and second lines of defence need to understand what constitutes a predicate offence under the harmonised list, the expanded liability framework, and the elevated penalties.

Record keeping and evidence take on heightened importance. With criminal liability extending to legal persons for failures of supervision and control, firms must be able to demonstrate — through records, audit trails, and documented decision-making — that their compliance frameworks were adequate and actively maintained.

Board and senior management reporting should reflect the elevated risk profile created by AMLD6. The potential for corporate criminal liability makes AML compliance a board-level concern, not just an operational one.

Mapping AMLD6 obligations systematically

The challenge with AMLD6 — as with any complex directive — is that its obligations do not exist in isolation. They interact with existing national legislation, with other EU directives (including AMLD4 and AMLD5), and with the EU’s broader AML legislative package that includes the Anti-Money Laundering Regulation (AMLR) and the creation of AMLA (the EU Anti-Money Laundering Authority).

AuditDSS now covers EU AMLD6, mapping its obligations alongside other AML frameworks so that compliance teams can see where requirements overlap, where they diverge, and where gaps exist in their current programs. When a directive like AMLD6 introduces new predicate offences or expands liability, the downstream impact on risk assessment, monitoring, and CDD obligations needs to be traced systematically — not left to manual interpretation.

Looking ahead

AMLD6 is not the end of the EU’s AML reform effort. The establishment of AMLA as a central supervisory authority, combined with the directly applicable AML Regulation, signals a continuing shift toward centralised, harmonised enforcement. Compliance teams that treat AMLD6 as an isolated implementation exercise will find themselves playing catch-up as the regulatory architecture continues to evolve.

The firms best positioned for what comes next are those that understand their AML obligations at a granular level, can trace how new legislative requirements interact with existing ones, and maintain evidence that their programs are not just designed but actively functioning. AMLD6 raises the stakes. It also raises the standard of evidence expected when those stakes are tested.