AMLA opens consultation on EU ongoing monitoring guidelines

What happened

The EU Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA) launched a public consultation on 3 June 2026. It covers draft guidelines on the ongoing monitoring of a business relationship. The guidelines sit under Article 26(5) of the Anti-Money Laundering Regulation (AMLR).

According to AMLA’s consultation paper, the draft has three parts. The first sets general principles that apply to both guidelines. Guideline 1 covers keeping customer information up to date through periodic and event-driven reviews. Guideline 2 covers the transaction and activity monitoring framework, specifically how obliged entities design, implement, and test monitoring to detect unusual or suspicious transactions and activities.

The consultation paper states that the core principles apply across both financial and non-financial sectors, on a risk-based and proportionate basis. The consultation closes on 3 September 2026. AMLA will hold a public hearing on 2 July 2026.

Why it matters

This consultation shapes the binding EU standard for what ongoing monitoring has to look like in practice. Read as analysis, the structure of Guideline 2 is the signal worth taking seriously. AMLA is not asking only whether a monitoring system exists. It asks for evidence that obliged entities design it, implement it, and test it.

That testing expectation is where many anti-money laundering (AML) programmes are thin. Plenty of firms can show a rule set and a case queue. Fewer can show how thresholds were tuned, what the testing found, and why the current settings are defensible against the institution’s own risk profile.

The event-driven dimension matters just as much. Guideline 1 pairs periodic review with event-driven review, which means a static refresh cycle on its own will not satisfy the draft. The intensity is meant to follow risk, so the higher-risk relationships should attract the closer look.

Practitioner angle

Treat the consultation period as a working window, not a reading exercise. The provisions that conflict with how your monitoring actually runs are easier to flag now than to retrofit later.

• Read Guideline 2 line by line against your current transaction-monitoring framework, and note every place where design, implementation, or testing evidence does not yet exist in a form you could hand a supervisor.
• Build the testing and tuning evidence AMLA will expect: threshold rationale, tuning history, sampling results, and the link from each rule back to a specific risk.
• Map your event-driven review triggers against Guideline 1, and check that they fire on real events, not only on the calendar.
• Confirm that monitoring intensity scales with risk, so higher-risk relationships get closer scrutiny and the proportionate approach is visible in your records.

File a comment before 3 September on any provision that clashes with how monitoring runs in your institution. That single step is the most valuable thing to do with this draft while it is still open to change.