EU AML 2027 & UBO: What Compliance Teams Must Do Now

The new EU AML package for 2027 harmonizes anti-money laundering rules across Europe. What this means in practice for compliance teams, the role of the beneficial owner, and why manual processes are no longer an option
March 27, 2026
Dr. Camillo Werdich

Key Takeaways

  • The EU Anti-Money Laundering Regulation takes effect in July 2027 and replaces the previous directive-based system with a directly applicable regulation across all EU member states
  • The term "beneficial owner" is being redefined with significantly stricter requirements around identification, verification, and documentation
  • A new EU supervisory authority (AMLA) is operational and setting the standard for national regulators across Europe
  • 76% of compliance professionals in our webinar expect a significant or very strong increase in UBO requirements
  • High-risk customers must be reassessed under the new rules by mid-2028; all other existing customers by 2032
  • Manual processes are no longer viable: on-demand auditability and evidence defensibility are becoming regulatory obligations

It is five minutes to midnight. Not figuratively, literally. The new EU Anti-Money Laundering Regulation comes into force in July 2027, and institutions that wait will struggle. That was the clear message from our live webinar on 26 March 2026, held together with Sebastian Glaab, Partner at Annerton and one of the leading experts in financial market regulation in the German-speaking world.

What struck us: awareness of the scale of change is high. Preparation is lagging behind. This post summarises the key insights and gives compliance leaders a clear picture of what to do next.

What's Changing: The EU AML Package Explained

The EU AML package consists of four components that collectively reshape the foundations of anti-money laundering compliance in Europe:

  1. EU Anti-Money Laundering Regulation (AMLR): The central change. Instead of a directive that each member state could transpose into national law in its own way, there is now a directly applicable regulation. The same rules in Lisbon as in Hamburg, in Riga as in Milan.
  2. 6th Anti-Money Laundering Directive (AMLD6): Complements the regulation at the supervisory level. Its goal is to extend harmonisation to national supervisory authorities and make beneficial ownership registers accessible across Europe.
  3. New Supervisory Authority (AMLA): The Anti-Money Laundering Authority began operations in Frankfurt in summer 2025. It directly supervises the largest and highest-risk institutions, but as standard-setter and trendsetter, it defines the benchmark all national authorities will follow.
  4. Transfer of Funds Regulation (TFR): Tightens requirements on the traceability of payment flows, including crypto assets.

The practical consequence: the regulatory arbitrage that once made a Luxembourg or Dutch licence structurally more attractive than a German one is gone. Europe is harmonising, and the market is already feeling it.

Why the Beneficial Owner Is Now at the Centre

From "Beneficial Owner" to "Economic Owner"

The terminology is shifting, and so is the substance. The "economic owner" (wirtschaftlicher Eigentümer) will be more precisely defined under the new regulation. It is always and exclusively a natural person — never a legal entity. But the requirements around who qualifies as an economic owner, how they must be identified, what must be known about them, and how that must be documented are changing substantially.

The Radiating Effect on the Counterparty

Anyone entering into a business relationship with a legal entity must in future check not just the direct counterparty but also the economic owner behind it. That means:

  • PEP screening: The economic owner must be screened for politically exposed person (PEP) status — not just the direct counterparty
  • Sanctions lists: Screening against sanctions and terrorist lists extends to the economic owner
  • Source of wealth: In certain risk scenarios, the origin of the economic owner's assets must be established
  • Continuous monitoring: Changes in ownership structure must be detected promptly and reassessed

A Real-World Example

We recently encountered this situation: a customer classified as low-risk, unchanged in the portfolio for years. Then the shareholder structure changes quietly — 51% is acquired — and behind it sits a connection to Russia, only visible through trade register monitoring. The customer had notified the institution as required by the general terms. But between receiving that notification and actually reviewing and reassessing the risk, there was a gap. Under the new regulation, gaps like that are no longer acceptable.

What the Market Is Saying: Live Survey Results

We ran three polls during the webinar. The results paint an honest picture of where the industry stands today.

Poll 1: How confident are you in identifying beneficial owners today?

Very confident 23%
Fairly confident 46%
Partially uncertain 29%
Frequently uncertain 2%

At first glance, encouraging: nearly 70% feel fairly or very confident. Sebastian Glaab's read was more nuanced — that confidence in the current methodology likely reflects the existing rules, not the incoming ones. Anyone who is confident today should check whether that confidence will hold after 2027.

Poll 2: Where is your biggest challenge with UBO data right now?

Identifying the ownership structure 39%
Verifying the information 36%
Ongoing monitoring 11%
Documentation for auditors 9%
Integration into existing KYC processes 5%

75% of respondents cite identification and verification as their biggest pain point. That is exactly what we hear in conversations with compliance teams every day. Capturing basic master data is solvable. Working through complex, multi-layered international ownership structures and arriving at a defensible conclusion about who actually controls the entity — that is the real effort driver.

Poll 3: How strongly do you expect UBO requirements to increase?

Very strong increase 15%
Significant increase 61%
Slight increase 24%
Barely any change 0%

Not a single participant expects barely any change. 76% anticipate a significant or very strong increase in UBO-related requirements. This is a clear signal from people who deal with these issues operationally every day.

The Challenges by Business Model

Payment Providers and High-Volume Institutions

The core tension here is the simultaneous demand for volume, speed, and compliance quality:

  • Data at scale: How do you obtain ownership data in the required quality across a high volume of onboardings?
  • Onboarding expectations: Merchants today expect a seamless, instant onboarding experience — not days of back-and-forth email requesting shareholder lists as PDFs
  • Conversion pressure: Compliance has become a competitive differentiator in this segment. Fast and clean wins. Slow loses customers
  • Harmonisation effect: Some institutions have historically benefited from regulatory differences across member states. That advantage disappears

Banks with Complex Corporate Structures

Banks active in international shipping or other sectors with multi-layer holding structures know the challenge well:

  • Documentation at scale: Making every decision traceable across countries, systems, and layers of complexity
  • Evidence defensibility: Every case must be documented such that internal audit, external auditors, or supervisory reviewers can immediately see how a risk decision was reached
  • IT bottlenecks: The desire to build documentation processes in-house regularly hits IT capacity limits
  • Existing customer migration: Existing customer files must be brought up to new standards — at significant effort for large portfolios

On-Demand Auditability as a New Compliance Obligation

Regulators no longer expect answers in three weeks. They expect them now.

Sebastian Glaab cited a concrete example: the question that AML officers are already being asked today — what risk does the current geopolitical environment pose to your institution? What about exposure in the Middle East? What about potential Iran connections via crypto or other product channels?

These are not hypothetical scenarios. They are real examination questions that require a substantiated, data-backed answer. That demands the ability to run risk simulations:

  • What happens if I reclassify a particular product group as higher risk?
  • How many customers in my portfolio would be affected?
  • What additional audit workload would that generate?
  • How does my overall risk profile change?

These questions can only be answered with structured data and a compliance infrastructure capable of modelling scenarios. Manual processes cannot deliver this.

Compliance Is a Board-Level Issue

One point from the webinar that is often underestimated: responsibility for AML compliance does not sit solely with the Money Laundering Reporting Officer. It sits at the top of the organisation.

The new regulation reinforces this: the management board is responsible for ensuring that operational structures meet regulatory requirements. The MLRO can support and delegate tasks, but strategic accountability is non-transferable.

The practical implications: compliance budgets, IT investment decisions, and hiring decisions around KYC must be made and owned at board and executive level.

What Compliance Teams Should Do Right Now

Sebastian Glaab summarised the action plan in one phrase: "Get ahead of the wave." Waiting until July 2027 to start is too late.

Step 1: Conduct a Gap Analysis

An honest gap analysis should address:

  • What data is missing for a complete ownership identification process?
  • Where are the weaknesses in verifying documents and ownership information?
  • How does current documentation depth compare against the incoming requirements?
  • Are existing calculation methodologies for beneficial ownership already aligned with the new definitions?
  • How is ongoing monitoring of existing customers currently set up?

Step 2: Plan the Existing Customer Migration

The new requirements apply not only to new customers. Existing customers must be reassessed under the new rules:

  • High-risk customers: Must be reviewed and documented under the new regime by mid-2028
  • All other existing customers: By 2032

That may sound distant. But compliance system migrations are rarely straightforward. Data gaps need closing, IT systems need adjusting, teams need training, and processes need rebuilding. Starting this process in early 2027 means missing the deadlines.

Step 3: Bring in External Expertise

The regulatory complexity of the EU AML package is substantial. Many of the new requirements are still being specified in regulatory technical standards (RTS) currently under development. Structured engagement with legal experts who know the requirements in depth saves time and prevents costly misjudgements.

Important caveat: external experts can support, but the institution must be able to explain and defend its own risk analysis methodology and decision logic. Pointing to a service provider without being able to explain the underlying approach is not an acceptable answer to a regulator.

Step 4: Make Technology the Foundation

Sebastian Glaab was direct: "Manual processes are, in my view, finished."

What a robust compliance infrastructure must deliver:

  • Automated identification of ownership structures down to the natural person
  • Verification against trade registers, shareholder lists, and structured data sources
  • Audit-proof documentation of every step, every decision, and its rationale
  • Continuous monitoring of existing customers for changes in ownership structure
  • Scenario capability: what happens when risk parameters change?
  • Immediate auditability for regulators and auditors

In short: the platform must be able to answer the question "Who is behind this entity, and how did we establish that?" in seconds, not hours.

Conclusion: Acting Now Is a Competitive Advantage

The EU AML package is not an abstract regulatory project for lawyers. It is an operational transformation project for every institution that enters into business relationships with corporate entities. The requirements around identifying, verifying, and documenting the economic owner are increasing substantially. Supervisory scrutiny is intensifying. Tolerance for manual processes and incomplete documentation is approaching zero.

The good news: institutions that start now still have enough time to get their processes right. And those that deploy the right technology will find that compliance and growth are not in opposition — they reinforce each other. Onboarding speed and regulatory robustness are not a trade-off. Done well, they are the same thing.

If you would like to assess where your organisation stands today, or find out how Sinpex can support your team, we would be glad to talk. Book a demo with us.

Further Reading from Sinpex

Compliance You
Can Bank on

Struggling with onboarding, KYC/KYB processes and/or compliance complexities? 



Get the clarity and confidence you deserve with Sinpex today.
Book a Demo
Book a Demo
Check your compliance
Check your compliance

What’s new at Sinpex?

Discover the latest trends and developments around Sinpex as well as KYC/KYB, AML. compliance and fintech.
Blog

From Hours to Minutes: How to Automate UBO Identification in Your KYC Onboarding

March 16, 2026
Read more
Blog

Raising the Bar: Supervisory Expectations for AML and KYC Quality

February 27, 2026
Read more
Blog

Top AML, KYC, and KYB Trends to Expect This Year

January 16, 2026
Read more
Blog

EU AML Package 2025: A Wake-Up Call for Europe’s Compliance Landscape

December 8, 2025
Read more
Blog

To-Do Management: Bringing Accountability to Automated KYC/KYB

November 14, 2025
Read more
Blog

Between Speed & Security: How Banks Are Future-Proofing Their KYC/KYB Processes

October 23, 2025
Read more
View all
View all