Sanctions related AML what EU regulators are currently looking at

Nikita Veremeev

07.01.2026 | 6 min read

Updated: 07.01.2026

Greetings — I am the CEO and founder of COREDO. Over nine years, my team and I have helped hundreds of entrepreneurs from Europe, Asia, and the CIS register companies in key jurisdictions, obtain financial licenses and build robust compliance. Today the focus is on sanctions-related AML in the EU, a topic that determines business survival in cross-border operations. Regulators are tightening control, especially with the launch of AMLA (Anti-Money Laundering Authority) on 31 December 2025, and COREDO’s experience shows: those who implement a risk-based AML approach in advance save time and avoid fines.

It is important to understand: the launch of AMLA means a shift from fragmented supervision to a single decision-making center in the EU. This changes the logic of checks — banks no longer accept ‘local’ explanations, but assess business from the perspective of pan-European risks. Companies without a systematic AML approach automatically come under increased scrutiny.

Sanctions control for international business

Illustration for the section «Sanctions control for international business» in the article «Sanction AML — what EU regulators are looking at now»
EU AML regulation is evolving under the influence of the Sixth Directive (6AMLD), which will come into full force on 10 July 2027. The key change in 6AMLD is personal criminal liability for directors and beneficiaries for circumventing sanctions and facilitating money laundering. Formal delegation of compliance no longer protects: regulators assess actual control and management involvement.

The transition period gives time to adapt, but banks and financial institutions are already applying enhanced due diligence (EDD) for transactions with high-risk jurisdictions FATF and the EU blacklist. Our experience at COREDO confirms: ignoring EU blocking sanctions leads to account freezes and administrative fines of up to millions of euros.

Imagine a client from Singapore planning payments to the EU. The COREDO team conducted risk profiling and identified a connection to politically exposed persons (PEP) through a chain of beneficiaries. We adjusted the structure, implemented monitoring of suspicious transactions and ensured compliance with 2025 KYC requirements. Result: the account was opened without delays, and the client obtained a license for payment services in Estonia.

The critical factor was not eliminating the PEP risk, but properly documenting it. Banks accepted the risk because it was transparently described, assessed and integrated into the monitoring system, not concealed or formally ignored.

Banks’ sanctions control focuses on payment structuring (smurfing) and indirect financing of sanctioned persons. Special attention is paid to operations that do not formally violate sanctions but create an economic effect in favor of sanctioned persons.

It is precisely such cases that most often lead to account blocks without prior warning. Regulators monitor cross-border payments, especially when using alternative systems, and require documentation of sources of funds (source of funds). COREDO’s practice shows: transparency here is the key to bank trust in the Czech Republic or Cyprus.

KYC and EDD in 2025

Illustration for the section 'KYC and EDD in 2025' in the article 'Sanction AML — what EU regulators are looking at now'
KYC verification of clients is now mandatory for all legal entities; KYC is no longer considered an “entry” procedure. In 2025 banks and regulators expect a continuous KYC process where the client profile is updated with every material change in activity or geography of operations.

With the harmonization of KYC standards in the EU. For corporate clients the following are needed:

Documents on founders and beneficial owners (beneficial ownership verification): passports, proof of address, ownership structure.
Proof of economic presence (substance): office, staff, local reporting.
Information on source of funds and the business plan.

Enhanced due diligence (EDD) is activated for high-risk clients — from the EU grey or black lists, with PEPs or transactions involving sanctioned countries. The COREDO team recently assisted a client from Dubai during registration in Cyprus: we assembled the full package, including an audit of the ownership chain, and passed the bank review in 7 days.

How to apply the new EU KYC requirements to clients in 2025? Implement periodic KYC information reviews, once a year for standard clients, quarterly for high-risk ones. The transition period until 2027 allows updating databases over 5 years, but COREDO recommends starting now to avoid peak loads.

AMLA Powers, Supervision and Fines

Illustration for the section 'AMLA Powers, Supervision and Fines' in the article 'Sanctions AML — what EU regulators are currently looking at'
AMLA will take direct supervision over the largest EU banks, applying a risk assessment methodology for direct supervision. Powers include administrative measures and fines: up to 10% of annual turnover or €10 million for the first violation.

For holdings and corporate groups the fine may be calculated on a consolidated basis, which makes the risks critical even for formally “small” operational structures. EU financial sanctions are being strengthened: asset freezes, license suspensions, criminal prosecution of executives for evading sanctions through asset transfers.

The solution developed at COREDO for an Estonian fintech integrated a risk matrix taking AMLA fines into account. We configured transaction monitoring systems to detect anomalies such as payment structuring, and the client successfully obtained a crypto license, avoiding CFT (Countering the Financing of Terrorism) risks.

Which operations are considered suspicious under AMLA standards? A separate trigger is a mismatch between the business logic and the declared model. Even lawful payments are blocked if the bank does not understand why they are made and what economic purpose they serve. Frequent small transfers, mismatch with the client’s profile, payments to high‑risk jurisdictions.

Banks block such transactions under a decision of the Council (CFSP), requiring Suspicious Activity Reporting (SAR).

Risk-oriented approach: assessment and monitoring

Illustration for the section «Risk-oriented approach: assessment and monitoring» in the article «Sanction AML - what EU regulators are looking at now»
Risk-oriented AML, the basis of compliance requirements for banks. In practice, a risk-oriented approach does not mean complicating processes. On the contrary, it allows reducing the burden on low-risk operations and focusing resources where the likelihood of sanctions violations is truly high. Steps for implementation:

risk assessment (Risk Assessment): profile clients by geography, transaction type, and PEP status.
CDD/EDD: basic checks + enhanced checks for high-risk cases.
Transaction Monitoring: algorithms based on GNN (Graph Neural Networks) and FHE (Fully Homomorphic Encryption) detect money laundering networks.
Staff training and internal policies.

COREDO’s practice confirms: for a Slovak company we implemented such a system, reducing false positives by 40% and ensuring compliance for a forex license. An additional effect is reduced operational costs for manual checks and increased trust from banks, which directly affects limits and the speed of payment processing.

How to implement without complications? Start with automation: COREDO integrates ready-made platforms adapted to the EBA (European Banking Authority).

The EU blacklist is updated in June 2025 per FATF: the focus is on countries with weak controls. Working with them requires EDD and reporting.

COREDO Case Studies: real solutions

Illustration for the section «COREDO Case Studies: real solutions» in the article «Sanctions-related AML — what EU regulators are looking at now»

EU registration with an AML focus. A client from Asia opened a company in the Czech Republic. The COREDO team conducted KYC for legal entities, confirmed substance and opened an account despite a complex beneficial ownership profile.
Obtaining a payments license in Cyprus. Integrated monitoring for 6AMLD, mitigated risks of blocking sanctions: license in 3 months.
AML consulting for Dubai. For a holding structure we set up EDD for cross-border payments, avoiding AMLA fines.

These examples demonstrate: COREDO addresses registration, Licensing and AML compliance comprehensively.

GNN, FHE and automation trends

Regulators use AI to detect anomalies – GNN builds relationship graphs, FHE encrypts data for analysis. Companies that do not invest in AML automation now will face disproportionate costs for manual controls and increased regulatory pressure within 1–2 years. Businesses should implement similar solutions: systems monitor the indirect provision of funds to sanctioned persons. At COREDO we adapt these to FATF standards, helping clients from Singapore scale operations in the EU.

Money laundering volumes are 2-5% of global GDP, fines are growing. ROI from AML systems: payback in 12-18 months due to reduced risks.

Action plan for 2025-2027

Audit current KYC: verify beneficiaries, update to 2025 standards.
Implement risk profiling and monitoring.
Train the compliance office for AMLA supervision.
Document everything: regulators examine risk-related decisions.

COREDO provides transparency of processes and support at every stage – from registration in Estonia to license in Dubai. Contact us: together we’ll build a resilient business in an era of strict anti-money laundering enforcement in Europe. Sanctions-related AML is no longer a matter of compliance, but of business resilience. The sooner you align your system with AMLA and the 6AMLD, the smoother scaling in the EU will be.