BizLegal-AIStart Free
jurisdiction

AML 6AMLD Compliance EU: MiCA Regulatory Guide 2024

BizLegal-AI Intelligence Deskeu

AML 6AMLD Compliance EU: MiCA Regulatory Guide 2024

What is 6AMLD Compliance in the European Union (MiCA)?

The Sixth Anti-Money Laundering Directive (6AMLD) is the European Union's most expansive legislative effort to combat money laundering, terrorist financing, and predicate offences across member states. Enacted in December 2020 and directly intersecting with the EU's Markets in Crypto-Assets Regulation (MiCA), 6AMLD establishes a harmonised, stringent compliance framework that applies to financial institutions, crypto-asset service providers (CASPs), and virtual asset operators operating within the EU's jurisdiction.

For crypto projects, DeFi platforms, token issuers, and digital asset exchanges, the convergence of 6AMLD compliance and MiCA licensing creates a dual-layered obligation. MiCA governs market conduct, reserve requirements, and CASP authorisation, while 6AMLD governs criminal liability, corporate accountability, and predicate offence definitions. Understanding both is not optional — it is a condition of lawful operation in the EU market as of 2024.

The primary regulator overseeing AML compliance at the EU level is the European Banking Authority (EBA), working alongside national competent authorities (NCAs) such as BaFin in Germany, the AMF in France, and the Central Bank of Ireland. The future EU Anti-Money Laundering Authority (AMLA), set to become operational by 2025-2026, will assume direct supervisory power over high-risk obliged entities, including major CASPs.

Legal Requirements and Regulatory Framework

The 6AMLD expanded the AML EU directive architecture in five critical areas. First, it standardised 22 predicate offences across all EU member states, including cybercrime and environmental crime — categories directly relevant to crypto-asset fraud and illicit blockchain activity. Second, it extended criminal liability to legal persons (corporations), meaning a CASP or token issuer can face prosecution as an entity, not just its individual officers.

Third, 6AMLD introduced minimum criminal sanctions of at least four years imprisonment for serious money laundering offences, replacing the previous two-year minimum under 5AMLD. Fourth, it broadened the definition of aiding and abetting to include negligent facilitation — a standard that significantly raises the bar for compliance officers and legal counsel. Fifth, it strengthened mutual legal assistance mechanisms between EU member states, enabling cross-border prosecution coordination.

Under MiCA (Regulation EU 2023/1114), CASPs must obtain authorisation from a national competent authority before offering crypto-asset services in the EU. This authorisation process includes demonstrating robust AML/CFT (Counter-Financing of Terrorism) frameworks that are consistent with 6AMLD standards. The Travel Rule under the Transfer of Funds Regulation (TFR), which applies to crypto transfers as of December 2024, further requires CASPs to collect and transmit originator and beneficiary data for all crypto-asset transfers regardless of value threshold.

Anti-money laundering Europe obligations for MiCA-licensed entities also derive from the Financial Action Task Force (FATF) Recommendation 15, which the EU has incorporated into its AML package. Entities must implement risk-based approaches, conduct enhanced due diligence (EDD) for high-risk jurisdictions, and maintain transaction monitoring systems capable of detecting suspicious activity in real time.

Key Clauses and Requirements Under 6AMLD and MiCA

  • Predicate Offence Alignment: All 22 predicate offences under 6AMLD must be reflected in your internal AML risk assessments, including cybercrime, tax offences, and insider dealing — each of which has direct crypto-asset analogues.
  • Corporate Criminal Liability: Legal entities must implement governance structures that prevent criminal liability under Article 7 of 6AMLD, including clear board-level AML ownership and accountability chains.
  • Customer Due Diligence (CDD): MiCA Article 72 requires CASPs to apply CDD measures consistent with 4AMLD/5AMLD/6AMLD, including KYC verification, beneficial ownership identification, and ongoing monitoring.
  • Travel Rule Compliance: Under the revised TFR, all crypto transfers must carry originator/beneficiary information. CASPs must use FATF-compliant Travel Rule solutions such as TRUST, OpenVASP, or Sygna Bridge.
  • Suspicious Transaction Reporting (STR): Obliged entities must file STRs with national Financial Intelligence Units (FIUs) such as Germany's Financial Intelligence Unit (FIU) or France's Tracfin within prescribed timelines.
  • Record Retention: AML records, transaction data, and CDD documentation must be retained for a minimum of five years under EU AML directives, with some jurisdictions extending this to seven years.
  • Risk-Based Approach (RBA): Entities must conduct and document Business-Wide Risk Assessments (BWRA) and Customer Risk Assessments (CRA), updated at minimum annually or upon material business change.
  • PEP and Sanctions Screening: Real-time screening against EU Consolidated Sanctions List, OFAC, UN Security Council lists, and Politically Exposed Person (PEP) databases is mandatory.

Step-by-Step Process for 6AMLD and MiCA AML Compliance

Step 1: Conduct a Comprehensive Risk Assessment. Begin with a Business-Wide Risk Assessment that maps your product, customer base, geography, and transaction types against the 22 predicate offences under 6AMLD. This document forms the foundation of your compliance programme and will be reviewed by your NCA during MiCA authorisation.

Step 2: Draft and Implement AML Policies and Procedures. Develop a formal AML/CFT Policy aligned with 6AMLD requirements, incorporating CDD, EDD, simplified due diligence (SDD), record-keeping, and STR procedures. Ensure the policy is approved at board level and reviewed at least annually.

Step 3: Appoint a Qualified MLRO. Designate a Money Laundering Reporting Officer (MLRO) with sufficient seniority, resources, and independence. Under MiCA, the MLRO's qualifications and experience will be assessed by the NCA. The MLRO is legally responsible for internal STR escalations and FIU filings.

Step 4: Implement Technology and Screening Infrastructure. Deploy a transaction monitoring system capable of blockchain analytics (e.g., Chainalysis, Elliptic, TRM Labs) alongside a sanctions and PEP screening solution. Integrate Travel Rule compliance tooling to meet TFR obligations from day one of CASP operations.

Step 5: Train All Relevant Staff. 6AMLD imposes criminal liability on individuals who negligently facilitate money laundering. All staff with client-facing, compliance, or financial roles must complete documented AML/CFT training at onboarding and annually thereafter.

Step 6: Register with Your National FIU and NCA. File registration with your relevant national FIU and submit your MiCA CASP authorisation application with full AML/CFT documentation. In Germany, this involves BaFin; in the Netherlands, De Nederlandsche Bank (DNB); in France, the AMF and ACPR jointly.

Step 7: Establish Ongoing Monitoring and Audit Cycles. Implement quarterly compliance reviews, annual independent AML audits, and real-time transaction monitoring. Document all findings and remediation actions. Maintain an audit trail accessible to regulators on request.

Common Mistakes to Avoid

  • Treating 6AMLD and MiCA as Separate Workstreams: Many founders build MiCA compliance in isolation and address AML as a secondary consideration. Regulators expect an integrated framework from day one of authorisation.
  • Inadequate Travel Rule Implementation: Assuming the Travel Rule only applies above €1,000 is incorrect. Under the revised TFR effective December 2024, there is no de minimis threshold for crypto transfers — all transfers require originator/beneficiary data.
  • Generic Risk Assessments: Submitting a template Business-Wide Risk Assessment without product-specific, customer-specific, and jurisdiction-specific analysis will result in NCA rejection or requests for significant revision.
  • Insufficient MLRO Resourcing: Appointing a compliance officer as MLRO without ring-fencing dedicated time and resources is a red flag for regulators and creates genuine personal liability exposure for the individual.
  • Failure to Screen Against EU Consolidated Sanctions List: Many CASPs screen only against OFAC and UN lists. EU law requires screening against the EU Consolidated Sanctions List — an omission that constitutes a direct regulatory breach.
  • Neglecting Beneficial Ownership Identification: For corporate clients and institutional counterparties, failing to identify ultimate beneficial owners (UBOs) to the 25% ownership threshold is a persistent and commonly cited AML deficiency in NCA examinations.

Frequently Asked Questions

Does 6AMLD apply to crypto-asset service providers under MiCA?

Yes. CASPs authorised under MiCA are explicitly classified as obliged entities under EU AML directives. This means full 6AMLD compliance obligations apply, including CDD, STR filing, record-keeping, and exposure to corporate criminal liability for AML failures. The EBA's Guidelines on AML/CFT for the crypto sector, updated to align with MiCA, provide detailed implementation standards that CASPs must follow.

What is the difference between 5AMLD and 6AMLD for crypto businesses?

5AMLD brought crypto exchanges and custodian wallet providers within the scope of EU AML obligations for the first time. 6AMLD built on this by standardising predicate offences, introducing corporate criminal liability, raising minimum sanctions, and criminalising negligent facilitation of money laundering. For crypto businesses, 6AMLD's corporate liability provisions represent the most significant operational change, as they require board-level accountability structures that go beyond mere compliance officer appointments.

What role does the new EU AMLA play in 6AMLD enforcement?

The EU Anti-Money Laundering Authority (AMLA), established under Regulation EU 2024/1620, will assume direct supervisory responsibility over selected high-risk obliged entities — including major CASPs — from approximately 2025-2026. AMLA will have powers to conduct direct inspections, impose fines, and issue binding technical standards. For large crypto platforms operating across multiple EU member states, AMLA supervision will replace fragmented national supervision, creating a single point of AML accountability at the EU level.

How does the FATF Travel Rule interact with 6AMLD under MiCA?

The FATF Travel Rule, implemented in EU law through the revised Transfer of Funds Regulation (TFR), requires CASPs to collect and transmit originator and beneficiary information for all crypto-asset transfers. This obligation operates alongside 6AMLD rather than replacing any part of it. Non-compliance with the Travel Rule is treated as an AML breach under EU law, exposing CASPs to supervisory sanctions, licence suspension under MiCA, and potential criminal liability under 6AMLD for senior management if failures are systemic or negligent.

Can a CASP be criminally liable as a company under 6AMLD?

Yes. Article 7 of 6AMLD explicitly provides for criminal liability of legal persons where money laundering offences are committed for their benefit by any person acting in a leading position within the entity. Penalties can include fines, temporary or permanent exclusion from public benefits, judicial supervision, and winding-up orders. This is a material risk for CASPs and requires genuine board-level AML governance, not delegated compliance structures where leadership remains uninformed of AML obligations and programme status.

6AMLD complianceAML EU directiveanti-money laundering Europeeuropean-union
Turn this guide into a plan

Get your jurisdiction-specific compliance risk score

BizLegal-AI maps your structure against this exact regulation and tells you what's missing — before a regulator does. Free preview, no card required.

Run my free risk check →

Used by founders & counsel across 50+ jurisdictions · Not legal advice

Related

Regulatory changes, before they cost you

One email when a rule that affects crypto, fintech, or cross-border deals actually changes. No noise. Unsubscribe anytime.

Disclaimer: BizLegal-AI produces regulatory intelligence and working drafts. It is not legal, financial, or tax advice. Consult qualified counsel for specific situations.