6AMLD: Key Changes in the EU's Sixth Anti-Money-Laundering Directive

The 6AMLD, or Sixth Anti-Money-Laundering Directive, significantly broadened the scope of activities that trigger financial crime compliance obligations across the EU. The directive expanded the list of predicate offences—crimes whose proceeds flow into the financial system—added aiding-and-abetting liability for compliance failures, and raised penalties for non-compliance, making it one of the EU’s most consequential financial regulation updates in a decade.

The push to expand predicate offences

Under the Fifth AML Directive (5AMLD), the list of crimes whose proceeds warrant financial compliance scrutiny was narrower and largely focused on drug trafficking, terrorism, and organized crime. The 6AMLD expanded this dramatically. The directive now explicitly lists environmental crimes, human trafficking, exploitation of children, firearms smuggling, art theft, and corporate tax evasion as predicate offences.

This shift meant that banks, payment services, and other financial intermediaries could no longer operate under the assumption that their AML systems only needed to catch “traditional” organized crime. A transaction that might previously have sailed through—say, a wire transfer involving timber stolen from a protected forest—now triggers a compliance obligation to identify and report it.

The expansion also introduced a critical principle: any crime carrying a sentence of at least 4 years in the relevant member state automatically counts as a predicate offence. This effectively closed gaps and meant the list remains dynamic as national criminal codes evolve.

Aiding-and-abetting liability: The personal exposure

Perhaps the most consequential change for financial institutions is the introduction of aiding-and-abetting liability. Before 6AMLD, an institution could be sanctioned for failing to report suspicious activity. The directive went further: it made senior management and board members personally liable if they knowingly or with “grossly negligent” oversight allowed the institution to facilitate money laundering or terrorist financing.

This shift transformed compliance from a back-office function into a board-level governance issue. A bank’s chief compliance officer or executive director could face personal criminal liability—not just the institution itself. The bar is high (“knowingly” or “grossly negligent”), but the exposure is real.

National regulators interpreted this with varying stringency. Some EU jurisdictions treated “gross negligence” as requiring demonstrated indifference to red flags; others took a broader view of systemic failure. The practical effect has been a tightening of internal controls and a sharp rise in insurance premiums for directors’ and officers’ liability coverage.

Expanded penalties and enforcement

The 6AMLD raised minimum prison sentences for natural persons from 2 to 4 years, with higher sentences for aggravated cases. For legal entities, member states must impose penalties of at least 5% of annual turnover or €10 million, whichever is higher. Some jurisdictions set the bar even higher (e.g., 20% of turnover for repeat offenders).

These penalties apply not only to deliberate laundering but also to the failure to report, the failure to conduct due diligence, or the failure to implement proper governance. A bank discovered to have inadequate AML controls—even absent evidence of active money laundering—faces material financial exposure.

The enforcement environment tightened correspondingly. The directive mandated that member states establish specialized financial intelligence units (FIUs) with dedicated staffing and resources, ensuring that suspicious activity reports (SARs) filed by regulated institutions actually received serious investigation.

Practical compliance responses

Banks and financial institutions reacted by significantly raising their transaction monitoring thresholds and tightening customer onboarding. Many implemented automated screening against expanded watchlists that now include environmental crimes and tax evasion, not just sanctions and terrorism.

The directive also prompted wider adoption of third-party compliance due diligence. Institutions began outsourcing AML screening to specialized vendors, partly to distribute liability and partly to access more sophisticated detection models. Similarly, the scope of beneficial ownership investigations widened to catch criminals using complex corporate structures that might have slipped through 5AMLD checks.

A secondary effect has been the creation of compliance “over-compliance”—financial institutions deliberately setting their detection thresholds above the legal minimum to reduce exposure to gross negligence claims. This sometimes results in an uptick in false-positive SARs, placing burden on regulators and law enforcement to filter signal from noise.

The trade-off between coverage and false positives

The expansion of predicate offences and the personal liability framework have created a genuine tension for financial institutions. Casting a wider net catches more illicit activity, but it also increases the false-positive rate. A transaction flagged as potentially involving environmental crime proceeds might simply be legitimate timber sales with incomplete documentation.

This friction is acknowledged but largely accepted as the cost of stronger enforcement. Regulators argue that precision is secondary to ensuring that institutions take money laundering seriously at the executive level. The presumption is that better governance and stronger controls—even if they generate some friction—reduce the institution’s actual exposure to criminal proceeds.

Ongoing evolution

The 6AMLD is not final. The EU continues to refine guidance through the Financial Action Task Force (FATF) and through case law from member-state courts interpreting the scope of “aiding and abetting” and “gross negligence.” The directive also prompted discussion about a potential seventh directive (7AMLD), focused on areas like crypto-asset regulation and beneficial ownership transparency, though formal proposals have been slow to materialize.

Institutions should treat 6AMLD compliance as a foundation, not a ceiling. Member state regulators continue to raise enforcement expectations beyond the minimum standards, and criminal prosecutors in some jurisdictions have become more aggressive in pursuing individual executives for AML failures.

See also