Art. 40 Risk-based supervision | Sixth anti-money laundering (AML 6) directive | AML

1. Member States shall ensure that supervisorsmeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620; apply a risk-based approach to supervision. To that end, Member States shall ensure that they:
  1. have a clear understanding of the risks of money launderingmeans the conduct set out in Article 3, paragraphs 1 and 5, of Directive (EU) 2018/1673 including aiding and abetting, inciting and attempting to commit that conduct, whether the activities which generated the property to be laundered were carried out on the territory of a Member State or on that of a third country; knowledge, intent or purpose required as an element of that conduct may be inferred from objective factual circumstances; and terrorist financingmeans the conduct set out in Article 11 of Directive (EU) 2017/541 including aiding and abetting, inciting and attempting to commit that conduct, whether carried out on the territory of a Member State or on that of a third country; knowledge, intent or purpose required as an element of that conduct may be inferred from objective factual circumstances; present in their Member State;
  2. assess all relevant information on the specific domestic and international risks associated with customers, products and services of the obliged entitiesmeans a natural or legal person listed in Article 3 of Regulation (EU) 2024/1624 that is not exempted in accordance with Article 4, 5, 6 or 7 of that Regulation;;
  3. base the frequency and intensity of on-site, off-site and thematic supervision on the risk profile of obliged entitiesmeans a natural or legal person listed in Article 3 of Regulation (EU) 2024/1624 that is not exempted in accordance with Article 4, 5, 6 or 7 of that Regulation;, and on the risks of money launderingmeans the conduct set out in Article 3, paragraphs 1 and 5, of Directive (EU) 2018/1673 including aiding and abetting, inciting and attempting to commit that conduct, whether the activities which generated the property to be laundered were carried out on the territory of a Member State or on that of a third country; knowledge, intent or purpose required as an element of that conduct may be inferred from objective factual circumstances; and terrorist financingmeans the conduct set out in Article 11 of Directive (EU) 2017/541 including aiding and abetting, inciting and attempting to commit that conduct, whether carried out on the territory of a Member State or on that of a third country; knowledge, intent or purpose required as an element of that conduct may be inferred from objective factual circumstances; in that Member State.
2. For the purposes of point (c) of the first subparagraph of this paragraph, supervisorsmeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620; shall draw up annual supervisory programmes, which shall take into account the timing and resources needed to react promptly in the event of objective and significant indications of breaches of Regulations (EU) 2024/1624 and (EU) 2023/1113.
1. By 10 July 2026, AMLA shall develop draft regulatory technical standards and submit them to the Commission for adoption. Those draft regulatory technical standards shall set out the benchmarks and a methodology for assessing and classifying the inherent and residual risk profile of obliged entitiesmeans a natural or legal person listed in Article 3 of Regulation (EU) 2024/1624 that is not exempted in accordance with Article 4, 5, 6 or 7 of that Regulation;, as well as the frequency at which such risk profile shall be reviewed. Such frequency shall take into account any major events or developments in the management and operations of the obliged entitymeans a natural or legal person listed in Article 3 of Regulation (EU) 2024/1624 that is not exempted in accordance with Article 4, 5, 6 or 7 of that Regulation;, as well as the nature and size of the business.
2. Power is delegated to the Commission to supplement this Directive by adopting the regulatory technical standards referred to in the first subparagraph in accordance with Articles 49 to 52 of Regulation (EU) 2024/1620.
1. By 10 July 2028, AMLA shall issue guidelines addressed to supervisorsmeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620; on:
  1. the characteristics of a risk-based approach to supervision;
  2. the measures to be put in place within supervisorsmeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620; to ensure adequate and effective supervision, including to train their staff;
  3. the steps to be taken when conducting supervision on a risk-sensitive basis.
2. Where relevant, the guidelines referred to in the first subparagraph shall take into account the outcomes of the assessments carried out pursuant to Articles 30 and 35 of Regulation (EU) 2024/1620.
1. Member States shall ensure that supervisorsmeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620; take into account the degree of discretion allowed to the obliged entitymeans a natural or legal person listed in Article 3 of Regulation (EU) 2024/1624 that is not exempted in accordance with Article 4, 5, 6 or 7 of that Regulation;, and appropriately review the risk assessments underlying this discretion, and the adequacy of its internal policies, procedures and controls.
1. Member States shall ensure that supervisorsmeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620; prepare a detailed annual activity report and that a summary of that report is made public. That summary shall not contain confidential information and shall include:
  1. the categories of obliged entitiesmeans a natural or legal person listed in Article 3 of Regulation (EU) 2024/1624 that is not exempted in accordance with Article 4, 5, 6 or 7 of that Regulation; under the supervision and the number of obliged entitiesmeans a natural or legal person listed in Article 3 of Regulation (EU) 2024/1624 that is not exempted in accordance with Article 4, 5, 6 or 7 of that Regulation; per category;
  2. a description of the powers with which the supervisorsmeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620; are entrusted and the tasks assigned to them and, where relevant, of mechanisms referred to in Article 37(4) in which they participate and, for the lead supervisormeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620;, a summary of the coordination activities carried out;
  3. an overview of the supervisory activities carried out.