AML6 - Sixth AML Directive: Updates and changes to comply with

Person paying while complying with AML6


    icon newsletter
    Get the latest news right in your inbox

    The Sixth Anti-Money Laundering Directive, AML6 or 6AMLD, raises a number of crucial changes to the technical and legal standards that affect all those companies that are required to comply with these regulatory standards. 

    The already well-known AML5, together with eIDAS, brought about a revolution in terms of business-user relations, allowing companies, especially those in the financial and banking sector, to be able to establish themselves in other markets simply by complying with its requirements.

    The new directive, AML6, which was postulated as an update of the previous one, is already a reality that companies must adapt to and are taking advantage of.

    What is AML6?

    AML6 is the name by which we refer to the European Union Directive 2018/1673. This acronym used indifferently with the less used 6AMLD (Sixth Anti-money Laundering Directive), is the most common to refer to this European standard. This directive, despite being a regulation implemented in EU countries, is the international reference for setting regulatory guidelines regarding AML (Anti-Money Laundering) policies worldwide.

    AML6 builds on the already consolidated proposal of its predecessor by adjusting a number of points that were somewhat lukewarm, defining sanctions to avoid doubts in the related jurisprudence and adding more exhaustive controls for online identity verification processes.

    The standard not only sets out all the practices for the prevention of money laundering and terrorist financing that companies in all sectors, but especially in the financial and related sectors, must apply but also sets out the penalties imposed if they are not complied with.

    Now, a specific criminal framework is established that brings together all the guidelines and regulations that punish this absence of practices and controls under a single rule, leaving no room for doubt as to the jurisprudence applicable by the courts. This time, the concept of corporate responsibility is included and sanctions are clarified.

    Learn all about AML6 and other regulations

    Industries affected by the 6AMLD regulation

    Although the regulation is cross-sectorial, that is, it applies to any company regardless of the industry and area of activity to which it belongs, there are a number of sectors that, due to the nature of their activity and the type of operations carried out in them, are more affected and susceptible to being fined by the authorities.

    The activities most affected by AML6 are the following:

    1. Financial sector in general.
    2. Banking. Especially digital banking and online banking services.
    3. FinTech. And new 100% online financial services platforms. Here cryptocurrency exchanges, trading platforms and others stand out, now obliged to carry out exhaustive digital onboarding processes and with anti-fraud controls.
    4. Investments. Services related to asset management and brokers.
    5. Insurance. The insurance industry must comply with KYC standards in the same way.
    6. Others. To a lesser extent, Real Estate and those companies that provide auxiliary financial services to companies in the automotive sector and others.

    Businesses and institutions belonging to these areas would be disqualified from obtaining financing, subsidies, concessions or public tenders if they fail to carry out the relevant controls required by AML6 for their customers.

    These controls were sometimes done in an inefficient way that generated friction among users, triggering abandonment rates after several attempts to complete control procedures that were not well designed. The automation of these controls thanks to solutions developed specifically for these use cases has been the answer for many banks and FinTechs.

    Is it all restrictions? No, AML6 is a great opportunity

    It might seem that AML6 is an obstacle in the way for companies to operate smoothly in markets as important as the European one. However, AML5 has already put on the table a common European digital framework that is based on just the opposite: making it easier for companies to operate in the markets with hardly any requirements beyond complying with a series of controls that are very simple to implement.

    Given the regulatory framework and technological advances, software companies called RegTech have emerged to offer scalable and affordable Plug&Play solutions to comply with regulations such as AML6 in a simpler way than it might seem. 

    Systems and tools to adapt to 6AMLD

    Gerwheels of tools

    Some of them offer these systems in such a way that they adapt to the needs and growth of the business without conditioning its future, ensuring sustainability and profit. And only the best ones accompany companies, in addition to legal compliance, in offering the best customer experience focused on conversion, ensuring the customer journey in a holistic way.

    Now, any company, regardless of its country of origin and resources, can sell its products and services throughout Europe without restrictions or the need for equipment or physical presence in its different regions thanks to what has already been initiated by AML5. The new AML regulation6 simply reinforces this framework to make it more secure and consistent.

    AML6: Dates and times for application

    The Sixth Money Laundering Directive, AML6 was approved by the European Union on October 23, 2018, in the European Parliament and the Council. As of that date, states had a limited margin to introduce their changes in the national laws of each country.

    Thus, the deadline for AML6 to officially come into force in all countries was December 3, 2020. Thus, from then on, its application is effective and mandatory for all companies operating in European markets, facing serious penalties if they fail to do so.

    However, there is a date that takes on even more relevance: June 3, 2021, since from then on we have stricter control over private and public organizations, as well as businesses of any sector that are affected by the casuistry of their activity.

    As of this latest and most recent date, companies will be penalized if they have not previously adapted to the AML6 standard. Contact an expert now and get free advice on how your business can easily comply with the AML6 regulation.

    Comply with AML6 with an agile, affordable solution implemented in days

    Changes in AML6 with respect to AML5

    As we have been analyzing, AML5 was a revolution for the European market, but it left some issues undetailed that sometimes generated conflict in terms of applicable jurisprudence. Now, AML6 delves deeper into the points to be considered an aggression with respect to money laundering: 

    1. An illegitimate activity previously performed.
    2. The attempt to acquire property through the success of such illegitimate activity.
    3. The whitening of these.

    Thus, the new regulation makes a classification and establishes as crimes the methods of acquisition of both goods and money, expanding the necessary controls to detect these facts from the companies.

    One of the most important changes, which we have already mentioned, was the consideration of corporate liability. Article 7 of AML6 makes legal entities liable when there is a lack of control and supervision that favors the commission of crimes related to money laundering. This, avoidable thanks to the KYC (Know Your Customer) process, is one of the main and most important changes introduced in AML6 with respect to its predecessor AML5.

    Companies are now 100% responsible for what happens when operating in their markets and for what their clients do since they become passive subjects in the face of money laundering and criminal acts. This article is closely related to number 10 of the same regulation, which clearly defines how the application of sanctions should be carried out and how the jurisprudence should proceed.

    The fifth and eighth articles of the new AML6 clearly state the penalties for both private companies and individuals for inaction and encouragement of criminal behavior. Although AML5 already penalized this, it was not until AML6 that the sanctions went from paper to reality.

    AML6, KYC, KYB and eIDAS: what is the relationship?

    KYC and KYB regulatory framework

    On many occasions, it is easy to become bewildered by the various acronyms that exist to denote both the regulations that affect companies and the procedures they have to follow in order to operate safely and securely at a global level.

    KYC is the Know Your Customer process, which defines the point at which identity data is collected and verified with a series of very specific checks on a customer to officially confirm and stamp that they are who they say they are. 

    This procedure, in the first phase of onboarding new customers, is often confused with the very similar KYB (Know Your Business). The latter is nothing more than the transposition of the former to the B2B level, where one company verifies another in order to establish a relationship of trust as a partner, supplier or customer.

    On the other hand, eIDAS, (electronic IDentification, Authentication and trust Services) and the most current eIDAS 2, define the common standards for the use and exercise of electronic signatures and digital identity verification methods.

    Thus, all of them allow us to successfully and easily comply with AML6 in order to operate in the market with security, guarantees and without the need for bureaucratic and costly business infrastructures.

    Newsletter icon

    Get the latest news right in your inbox


    Trust, identity and automation services

    Tecalis creates disruptive digital product to make the most innovative companies grow and evolve. We drive growth and digital transformation processes to bring the future to businesses today.

    KYC (Know Your Customer) Video Identity Verification, Digital Onboarding and Authentication (MFA/2FA) solutions and services enable our customers to provide their users with an agile and secure experience.

    Our RPA (Robot Process Automation) software enables the creation of sustainable, scalable, productive and efficient business models through BPM (Business Process Management), allowing unlimited growth.


    Advanced and Qualified Electronic Signature and Certified Communication services (Electronic Burofax) allow customer acquisition, contracting and acceptance processes that used to take days or weeks to be completed and approved in minutes or seconds.

    Customer Onboarding (eKYC), Digital Signature (eSignature) services and Automated Fraud Prevention are making it possible for companies to operate online and without borders.


    As an EU-certified Trust Services Provider and an established RegTech partner, we help organizations comply with the most demanding regulatory standards in their sector and region, including AML (Anti-Money Laundering), eIDAS (Electronic IDentification, Authentication and etrust Services), GDPR (General Data Protection Regulation), SCA (Strong Customer Authentication) or PSD2 (Payment Services Directive) regulations thanks to Tecalis Anti-Fraud Controls and Document Verification.