AMLA Just Published Two Major Documents in Two Days. Here Is What KYB Teams Need to Know.

AMLA does not move slowly. In the space of 48 hours, the EU Anti-Money Laundering Authority published a reporting package for identifying which cross-border institutions qualify for direct supervision, and released the findings from Chair Bruna Szego's 2025 pan-European Roadshow across all 27 Member States. Read together, these two documents tell a clear story: the era of inconsistent AML enforcement across the EU is ending, and the window to get your house in order is shorter than most teams realise.

If you are responsible for KYB, counterparty verification, or UBO due diligence at a cross-border institution, here is what matters.

The supervision timeline is now operational

The first publication is the reporting package that national supervisors will use to identify which institutions provisionally qualify for AMLA direct supervision from 2028. This is not a consultation document or a discussion paper. It is a standardised template set with an interpretive note, designed to produce actual lists of actual entities.

The timeline: data collection closes 15 August 2026. A provisional list of eligible entities is expected by end of September.

That is four months away.

If you lead compliance at a cross-border institution, you should be asking whether your organisation falls within scope, and whether your current KYB and verification infrastructure can withstand the scrutiny that comes with direct supervision. AMLA direct oversight applies a single standard consistently. That means the verification processes that worked under fragmented national enforcement may not hold up under centralised, standardised review.

The standard is not harder. It is more consistent. And consistency is where gaps become visible.

The roadshow findings tell you where the gaps are

The second publication is a summary of Chair Szego's engagement with supervisors, FIUs, banks, and crypto firms across all 27 Member States throughout 2025. It is honest about what it found.

AML and CFT readiness varies enormously across the EU. Some Member States have sophisticated supervisory frameworks with strong data infrastructure. Others have fragmented oversight and inconsistent enforcement. The report does not name names, but if you operate across multiple jurisdictions, you already know where the soft spots are.

For KYB teams, three specific findings deserve attention.

AI-enabled fraud and deepfakes are now among the fastest-growing predicate offences for money laundering. This is not a future threat. It is a present operational reality. The business your team verifies today may not look the same six months from now if the individuals behind it are using synthetic identity techniques. Ongoing monitoring is not optional; it is the control.

Instant payments are compressing detection windows. The time between a suspicious transaction occurring and funds becoming difficult to trace has shortened significantly. For compliance teams doing counterparty verification, this increases the pressure on real-time risk signals and continuous monitoring, not just point-in-time checks at onboarding.

Sanctions circumvention, particularly Russia-linked, has become a central AML concern in Eastern and Northern Europe. If your business operates in these regions or onboards counterparties with connections there, the ownership structure review cannot stop at the first layer. AMLA's findings make clear that beneficial ownership obscuration is being actively exploited.

What this means for UBO verification specifically

AMLA direct supervision will apply a single, consistent standard to the largest cross-border institutions. In practice, that means beneficial ownership verification will be judged against the same bar in Frankfurt, Warsaw, and Lisbon. The question is not whether your UBO discovery process meets local norms. It is whether it meets the standard.

A few things become non-negotiable under this model.

You need to be able to show your work. Explainability is not a UX consideration; it is a supervisory requirement. If your ownership structure mapping cannot be documented clearly, with a traceable record of which sources were used and what decisions were made and why, that is a gap that direct supervision will surface.

You need to cover the full ownership chain, across jurisdictions, in a way that is reusable. Verifying a German subsidiary without understanding the French parent or the offshore holding company it sits beneath is not verification. The entire structure needs to be mapped, and that map needs to hold up across every market where the counterparty operates.

And the verification cannot be static. The roadshow findings on AI fraud and deepfakes are a direct signal that beneficial ownership can change in ways that point-in-time checks will not catch. A corporate structure verified at onboarding and never revisited is a liability, not an asset.

The non-financial sector warning

The Roadshow report is direct about non-financial obliged entities: real estate agents, accountants, and notaries are significantly less prepared than banks. For teams at financial institutions that onboard counterparties from these sectors, that is relevant information. The businesses you verify may themselves have weaker AML controls, which makes your own due diligence more important, not less.

This also raises the bar on how thoroughly you verify the businesses behind the businesses. Shell structures, opaque intermediaries, and multi-layered ownership are not solely the domain of financial crime specialists. They appear in entirely ordinary commercial relationships.

What strong KYB infrastructure looks like in this context

The picture AMLA is drawing is one where verification needs to be consistent, explainable, and continuous. Not because that makes compliance teams feel better, but because that is what withstands scrutiny under a centralised supervisory model.

For compliance teams evaluating their KYB infrastructure right now, the honest questions are:

Can you map the full ownership structure of a counterparty, including UBOs, across multiple jurisdictions, from a single workflow? Or does cross-border verification mean starting from scratch in each market?

Can you produce a clear, documented audit trail for every verification decision? Not a summary, but a record that shows what data was used, what the decision was, and why it was defensible at the time it was made?

Are you monitoring counterparties continuously, or only at onboarding and periodic review? And when something changes in an ownership structure, how quickly does that trigger a reassessment?

Is your verification fast enough to keep pace with the business? Under instant payment rails and compressed settlement windows, a KYB process that takes days creates bottlenecks that push the business to move faster than compliance can follow.

These are not aspirational questions. They are operational ones. AMLA's publications this week confirm that they will become supervisory ones too.

The bottom line

AMLA is moving from architecture to operations. The direct supervision model, a single standard applied consistently to the largest cross-border institutions, will create a clear division between organisations whose verification infrastructure is built for scrutiny and those whose is not.

The data collection window closes in August. The provisional list of eligible entities follows in September. If your institution might qualify, now is the time to assess where your KYB, UBO discovery, and ongoing monitoring processes stand.

Verification that is clear, explainable, and reusable across borders is not a compliance aspiration. It is the standard that is coming.