EBA’s Final Implementation Review Warns Europe Against Complacency in the Fight Against Financial Crime

Released on October 8, 2025, the European Banking Authority’s (EBA) final implementation review serves as both a progress assessment and a pointed reminder of Europe’s ongoing struggle to curb financial crime. The document marks the conclusion of a six-year evaluation cycle examining how national authorities across the continent supervise anti-money-laundering (AML) and counter-terrorist-financing (CTF) risks within the banking sector. Its findings depict a financial landscape moving gradually toward harmonized, risk-based supervision, yet still burdened by uneven capabilities, resource shortages, and the enduring challenge of converting regulatory frameworks into tangible deterrence.

At the core of the report lies a clear and urgent message: AML supervision in Europe must become more risk-driven, more consistent, and more collaborative. Between 2018 and 2024, the EBA assessed forty supervisory authorities across the European Economic Area. What began as a patchwork of divergent national approaches has evolved into a more coordinated system, where risk assessment, supervisory planning, and cross-border cooperation are beginning to align.

The review found that most national regulators have developed clearer AML strategies and dedicated teams for financial crime oversight. Supervisory manuals are increasingly standardized, operational procedures have become better documented, and risk categorization is now more coherent. However, the report also underscores that progress remains fragile. Persistent staffing gaps, coordination frictions, and financial limitations continue to hinder supervisory efficiency. The transition from EBA’s oversight function to the new Anti-Money Laundering Authority (AMLA) will be the ultimate test of whether this evolving architecture can translate policy coherence into measurable reductions in financial crime and terrorist financing risk.

As both a scorecard and a warning, the report highlights the lessons regulators have absorbed from major scandals such as Danske Bank and Pilatus Bank while exposing the limits of institutional reform without adequate funding or sustained political commitment.

The EBA’s assessments centered on three structural components—supervisory strategy, planning, and manuals—that shape how each national authority implements the risk-based approach outlined under Directive (EU) 2015/849. By 2025, most supervisors had shifted from ad hoc enforcement to structured, multi-year strategies. Approximately seven out of ten regulators that once lacked defined AML supervision frameworks have now introduced them, signaling a move from reactive compliance checks to proactive risk management.

Supervisory strategies now include measurable objectives, risk-tiered classifications of financial institutions, and inspection schedules linked to those risk categories. The EBA’s push for alignment with its risk-based supervision guidelines has produced visible consistency: regulators are increasingly assessing not just formal compliance but the effectiveness of internal controls, governance frameworks, and customer due diligence systems relative to each institution’s exposure level.

Planning has become more disciplined as well. Most authorities now publish annual or biannual supervisory plans detailing inspection frequency, scope, and methodologies, all explicitly tied to risk assessments. These plans also account for emerging risks—such as digital asset markets and sanctions evasion networks—by integrating contingency protocols. Supervisory manuals have been modernized and expanded, providing operational guidance and serving as key training tools for new personnel. More than four-fifths of the authorities reviewed have revised their manuals to include clear instructions on evaluating AML systems and calibrating supervisory intensity according to findings.

The deployment of supervisory tools has also diversified. Where regulators once depended heavily on questionnaires and off-site reviews, they now employ thematic inspections, targeted testing, data analytics, and structured follow-up mechanisms. Some authorities have contracted external specialists for technically complex assessments, extending their coverage without straining internal capacity. By early 2025, roughly two-thirds of supervisors had met EBA’s expectations in this area, while others remained in transition due to the timing of their review cycles.

These developments reflect a broader cultural shift in European supervision. AML oversight is no longer treated solely as a compliance obligation but as a key pillar of prudential governance. Nevertheless, progress remains uneven. A small number of Member States still lack comprehensive supervisory strategies or standardized manuals, leaving gaps that sophisticated criminal networks can exploit. The future effectiveness of AMLA’s indirect supervision model will depend largely on its ability to lift these lagging jurisdictions to the new European benchmark.

The EBA devoted substantial attention to the issue of cooperation—both domestic and international—recognizing it as the lubricant of effective AML enforcement. The findings reveal improvement in information sharing but continued fragmentation.

Domestically, the review identified three main dimensions: coordination among multiple AML supervisors, collaboration with financial intelligence units (FIUs) and tax authorities, and engagement with prudential supervisors. In countries where more than one body oversees banking AML functions, fragmented accountability has often led to inconsistent risk assessments. By 2025, most such jurisdictions had signed memoranda of understanding to clarify responsibilities and establish regular coordination meetings. However, several authorities were unable to demonstrate that these agreements translated into consistent operational practice.

The relationship between supervisory authorities and FIUs remains a notable weak point. Although most regulators have formal cooperation frameworks, the EBA found that only about four in ten maintain effective and continuous information exchange with their FIUs. The remainder rely on sporadic, case-specific communication that limits strategic oversight. The same pattern extends to coordination with tax authorities, where formalization has improved but data quality and frequency vary considerably.

Collaboration with prudential supervisors—a long-standing challenge—has improved but is still incomplete. Over half of the regulators that previously struggled in this area now maintain structured cooperation through training sessions, joint inspections, and defined escalation procedures. Yet around a quarter still lack full integration between prudential and AML oversight, a critical shortcoming given that money-laundering risks often manifest through governance failures or capital adequacy issues rather than transaction anomalies alone.

Cross-border cooperation shows stronger gains. AML/CFT colleges—multilateral forums that enable supervisors from various jurisdictions to share risk data—have become central to the EU’s cross-border AML framework. These colleges now function effectively across most banking groups, fostering shared priorities and coordinated engagement with non-EU counterparts. Nonetheless, bilateral cooperation beyond the Union remains inconsistent. About half of the authorities identified for improvement in this area have made progress through new memoranda of understanding or participation in additional colleges, while the rest continue to face obstacles such as data-protection constraints, divergent legislation, and resource shortages.

This unevenness underscores a paradox: Europe’s internal AML integration is improving, but its external coordination still lags. As illicit financial flows increasingly traverse global channels—from correspondent banks to crypto intermediaries—Europe’s inability to maintain continuous collaboration with non-EU regulators could weaken its domestic defenses.

In its closing analysis, the EBA’s report identifies several structural vulnerabilities threatening the sustainability of reform. Among them is the problem of overlapping evaluations. National authorities are often subject to concurrent reviews by the EBA, FATF, IMF, and regional bodies like Moneyval, each with distinct methodologies and schedules. This duplication creates conflicting priorities and heavy administrative strain. Without better coordination among evaluators, resource fatigue is unavoidable.

Domestic coordination in multi-agency environments presents another persistent difficulty. Building trust between FIUs, tax bodies, and central banks takes time, and even where cooperation agreements exist, cultural barriers and incompatible IT systems continue to hinder real-time data sharing. Smaller countries face particular challenges, with staff often juggling multiple supervisory responsibilities that blur accountability lines.

The evolving nature of EU legislation adds another layer of complexity. The upcoming AML Regulation and the establishment of AMLA require substantial national input and adaptation, stretching already limited supervisory resources. Some authorities have delayed implementation of earlier reforms to accommodate these legislative demands.

A shortage of qualified personnel remains one of the most pressing constraints. Many regulators struggle to attract and retain experienced AML professionals due to pay disparities with the private sector. The expansion of AML oversight into areas like crypto assets and sanctions monitoring only intensifies this strain. Without long-term investment in staffing, training, and remuneration, risk-based supervision risks remaining more aspirational than operational.

Geopolitical factors have further complicated the landscape. The wave of sanctions targeting Russian and other actors since 2022 has redirected supervisory focus toward compliance verification and sanctions-risk assessment. AML departments must now manage overlapping mandates that do not always align, stretching budgets and expertise.

Despite these pressures, the EBA concludes that overall AML supervision across Europe has strengthened considerably since 2018. The institutionalization of risk-based approaches, the establishment of AML/CFT colleges, and the harmonization of supervisory tools represent genuine progress. The next challenge lies in maintaining this momentum through leadership transitions and the institutional restructuring accompanying AMLA’s launch.

The transfer of responsibilities from the EBA to AMLA marks the most significant centralization of AML oversight in EU history. The EBA’s review effectively hands AMLA a detailed baseline from which to build its risk-based supervision model. The next phase will hinge on translating qualitative improvements into measurable outcomes—reductions in laundering exposure, stronger enforcement actions, and demonstrably cleaner financial channels.

Three priorities emerge from the findings. First, AMLA must ensure that national strategies continue to evolve rather than plateau once minimum compliance thresholds are met. It should introduce performance metrics linking supervisory quality to actual reductions in risk, not just procedural completion. Second, cooperation frameworks must be embedded into permanent, digitalized information pipelines connecting FIUs, tax authorities, and prudential supervisors across the Union. Expanding secure data-exchange infrastructure would eliminate many of the frictions documented by the EBA. Third, capacity building remains essential. Addressing staffing and expertise gaps through shared training programs and expert pools could equalize competence levels across Member States and fortify AMLA’s indirect supervision model.

Ultimately, the success of Europe’s new AML regime will depend not on institutional architecture but on outcomes. Financial integrity will only be achieved when supervisors move beyond procedural compliance toward proactive, predictive vigilance—and when information flows seamlessly across all institutions charged with protecting Europe’s banking system from abuse.

By fLEXI tEAM