What Is AML and What Does It Mean for Your Business?
Anti-money laundering (AML) compliance is no longer a concern limited to banks and financial institutions. In fact, the European Union’s new regulatory framework tightens the rules significantly and extends obligations to a much broader range of businesses. As a result, companies that want to operate smoothly in the financial system need to prove who they are — quickly and reliably. The LEI code is one of the most practical tools available for exactly that purpose.
AML (Anti-Money Laundering) is the regulatory framework that requires businesses in financial and other sectors to identify their customers, monitor transactions, and report suspicious activity. The underlying logic is straightforward: when every party to a financial transaction carries a reliable identifier, it becomes much harder to move illicit funds through the system undetected.
Until recently, the EU operated on a directive-based system, where each member state transposed the shared rules in its own way. This created fragmentation. Some countries interpreted the requirements more strictly, others more leniently. Consequently, a company operating across multiple countries had to navigate a different set of rules in each jurisdiction. The result was uneven enforcement and regulatory gaps that bad actors could exploit.
A Single Rulebook: The AMLR and AMLA Explained
That changes on 10 July 2027, when the AMLR (Anti-Money Laundering Regulation), formally Regulation (EU) 2024/1624, comes into force. This is the first directly applicable AML regulation in the European Union. No national transposition is required. Therefore, the same rules will apply in the same way in Tallinn, Frankfurt, and Lisbon.
Alongside the new regulation, AMLA (the Authority for Anti-Money Laundering and Countering the Financing of Terrorism) has been operational since 1 July 2025, headquartered in Frankfurt. AMLA was established to address a structural weakness that cases such as the Danske Bank scandal exposed clearly: large cross-border banking groups were able to operate under multiple national supervisors simultaneously — each seeing only part of the picture, with no single authority accountable for the whole.
From 2028, AMLA will directly supervise approximately 40 of the highest-risk financial institutions and groups in the EU. These are credit institutions and financial entities operating in at least six member states, whose cross-border scale creates the greatest money laundering risk. In most cases, this means large European banking groups and certain payment and crypto-asset service providers.
All other obliged entities will continue to fall under national authorities. In Germany, for example, BaFin (Bundesanstalt für Finanzdienstleistungsaufsicht, the Federal Financial Supervisory Authority) carries out this role alongside the national FIU (Zentralstelle für Finanztransaktionsuntersuchungen, the Financial Intelligence Unit). AMLA coordinates their work, sets common methodologies, and operates the FIU.net platform through which national FIUs (Financial Intelligence Units) across member states exchange information on suspicious transactions.
What Does the AMLR Require in Practice?
The AMLR expands the scope of obliged entities — the businesses and professions with statutory AML obligations. In addition to banks, insurance companies, notaries, auditors, and real estate agents, the new regulation now explicitly covers:
- crypto-asset service providers (CASPs) in full
- crowdfunding platforms
- certain merchants whose transactions exceed EUR 10,000 in cash
All obliged entities must apply CDD (Customer Due Diligence) measures. This means they must identify their customer, verify the ownership structure, and monitor transactions on an ongoing basis. The LEI code is a standard part of business partner verification precisely because it delivers all the necessary information from a single, authoritative source.
Moreover, the AMLR lowers the transaction threshold that triggers CDD obligations. The previous EU-wide limit of EUR 15,000 drops to EUR 10,000. For occasional cash transactions, limited CDD applies from EUR 3,000. For crypto-asset service providers, the thresholds are lower still.
How Does the LEI Code Fit Into This Framework?
Article 22 of the AMLR addresses the identification and verification of customers and beneficial owners for legal persons. GLEIF, the Global Legal Entity Identifier Foundation confirms that the AMLR references the LEI as a recognised identifier in the CDD process for legal entities.
In practice, this means the following. When a bank, auditor, notary, or any other obliged entity needs to identify your company, the LEI code offers the most standardised and reliable way to do so. A single LEI lookup returns:
- the company’s registered legal name and legal form
- registered address
- legal jurisdiction
- ownership structure (Level 2 data)
- the current status of the code
Furthermore, all of this data is freely available in GLEIF’s public database — or directly through the LEI System search tool. It does not need to be requested from the company itself or manually cross-checked across different national registries.
The LEI Code and AML Rules Already in Force
The AMLR is not the only change in the AML landscape worth noting. In fact, one significant measure is already in effect. The TFR (Transfer of Funds Regulation), formally Regulation (EU) 2023/1113, has applied since 30 December 2024.
The TFR requires that international fund transfers carry information about the payer and the payee. Where the payer is a legal entity, the LEI code must accompany the transfer if one exists. The same requirement applies to crypto-asset transfers involving CASPs. Our article on ISO 20022 explains in more detail what the international payments network expects from the LEI code. Importantly, companies with a valid LEI code satisfy this TFR requirement automatically.
Why Getting an LEI Code Makes Sense Today
Regulatory pressure to adopt the LEI is growing steadily. The AMLR adds another layer to that picture. However, waiting is not the best approach, because the value of the LEI code extends well beyond regulatory compliance.
Companies with a valid LEI code are more easily identifiable across the financial system. This simplifies negotiations with international partners, speeds up the opening of bank accounts in new markets, and reduces friction whenever someone needs to verify your company through a KYB (Know Your Business) process. Additionally, it is worth remembering that an expired LEI code can quickly undo those advantages.
The LEI code is practical today. By 2027, it will be the standard.
If your company does not yet have an LEI code, you can register in just a few minutes and the LEI is issued almost immediately.
If your existing LEI code needs to be renewed, the process is equally straightforward.
Frequently Asked Questions
Does the AMLR require companies to have an LEI code?
The AMLR (Regulation (EU) 2024/1624) references the LEI as a recognised identifier in the customer due diligence process for legal entities under Article 22. This means that obliged entities such as banks, auditors, and notaries can use the LEI to verify your company’s identity. As a result, having an LEI code makes that process faster and more straightforward. The regulation applies from 10 July 2027.
Is the LEI code already required under any AML-related regulation?
Yes. The TFR (Transfer of Funds Regulation, Regulation (EU) 2023/1113), which has applied since 30 December 2024, requires that international fund transfers carry the LEI code of the payer where the payer is a legal entity and an LEI exists. This obligation is in force today.
What is AMLA and when does it start supervising companies?
AMLA (Authority for Anti-Money Laundering and Countering the Financing of Terrorism) became operational on 1 July 2025 and is headquartered in Frankfurt. From 2028, it will directly supervise approximately 40 of the highest-risk cross-border financial institutions in the EU. All other obliged entities remain under national supervisory authorities, which AMLA coordinates.
Does an LEI code expire?
Yes. The LEI code must be renewed annually. An expired LEI code is no longer valid in regulatory reporting and compliance checks. You can verify the status of any LEI code at search.gleif.org.