Trump Administration Executive Order (EO) Tracker
Insights and Analysis
The Financial Gatekeepers: The new role of financial institutions in upholding financial sanctions
09 April 2025
Key takeaways
The new EU AML Regulation requires obliged entities to identify and minimize risks arising from the non-implementation or circumvention of financial sanctions.
Regardless of whether there is a sanctions breach, firms could face fines for failure to take appropriate steps to mitigate the risk of non-compliance.
The following requirements were set: 1. Compliance officers will need to compile and maintain a business-wide risk assessment (approved by the management body) of the risks of non-implementation or evasion of financial sanctions. 2. Obliged entities will need to modify internal policies, procedures, and controls to limit non-compliance with financial sanctions. 3. Obliged entities must ensure that their customers including any beneficial owners are checked against the lists of persons or entities designated under targeted sanctions lists.
These new requirements will lead to heightened supervision and could result in enforcement action and fines so firms should review their systems for minimizing the risk of non-compliance with financial sanctions.
The long-awaited EU anti-money laundering ("AML") Package came into force in July 2024 and will begin to apply directly to firms in scope ("obliged entities") from 10 July 2027. Regulation (EU) 2024/1624 (the “AML Regulation”) expands the scope of previous AML legislation to include obligations aimed at increasing compliance with targeted financial sanctions (i.e. the freezing of assets and the prohibition to make funds or other assets available for the benefit of sanctioned persons and entities). Obliged entities, in particular, financial institutions, play a central role as gatekeepers in the financial system. They will now be expected to adopt a risk based approach to implement adequate measures to mitigate any risk of non-implementation or evasion of targeted financial sanctions.
This article provides practical guidance as to what obliged entities, compliance officers and management boards will need to consider.
Chapter 1
1Sanctions compliance management system under AML Regulation
Until the AML Regulation came into force, there was no harmonized European regulation on how financial institutions must manage and implement compliance with financial sanctions and the implementation of financial sanctions still differs across EU Member States.
Under the AML Regulation the implementation of a sanctions compliance management system has become a legal obligation. Obliged entities will have to update their internal policies and procedures in order to mitigate and manage effectively the risks of non-implementation and evasion of targeted financial sanctions. Additionally, each obliged entity will need to reflect the risk of non-compliance and evasion of targeted financial sanctions in their business-wide risk-assessment and keep it regularly updated; this obligation applies directly to compliance officers and the management body and the assessment must take account of risks at the group level. The new European AML Regulator (“AMLA”) is tasked with issuing guidelines on how to carry out this business wide risk assessment by 10 July 2026 and the European Commission has asked the EBA to support AMLA in preparing to assume these new responsibilities.
As a part of the customer due diligence the obliged entity will need to check customers and their beneficial owners against the lists of persons or entities designated under targeted financial sanctions. In case there is a suspicion that a customer, or a person acting on behalf of the customer, is attempting to circumvent or evade targeted financial sanctions, enhanced due diligence must be applied. Customer due diligence obligations will be subject to ongoing monitoring. For credit institutions and financial institutions, the verification is to be carried out upon any new designation in relation to targeted financial sanctions.
On 6 March 2025 the EBA issued a 90 page Consultation Paper setting out further proposed binding technical standards, including on how to perform risk assessments and how to conduct customer due diligence. The desire to standardise the approach here across the EU means that there could be very granular requirements.
Chapter 2
2New EBA Guidelines on Restrictive Measures /Sanctions
Although the AML Regulation will not take effect until 10 July 2027, there are some interim EBA guidelines which apply from 30 December 2025. The EBA, which remains the competent European Supervisory Authority for AML until the end of 2025, has already seen the need to provide guidance to assist firms. EBA has at its own initiative issued guidelines applicable to financial institutions under CRD, payment service provider and e-money-institutions (EBA Guidelines on restrictive measures – EBA/GL/2024/14). These EBA guidelines set out measures to be taken to ensure that financial institutions’ governance and risk management systems comply with sanctions and address the risk that they might breach or evade restrictive measures. For example they require firms to be able to demonstrate to supervisors that any screening systems used are adequate and they will need to appoint a senior person who is responsible for compliance with financial sanctions. EBA Guidelines on restrictive measures will apply starting 30 December 2025.
As the AML Regulation requirements for a sanctions compliance management system will come into force from 10 July 2027, the EBA has already confirmed that the guidelines for restrictive measures will be amended after July 2027 to reflect the changes by the AML Regulation.
Chapter 3
3The new European AML Authority
The AMLA will be the first European authority with direct supervisory competences in the area of AML/CTF, including targeted financial sanctions. AMLA will directly supervise a limited number of selected obliged entities that are exposed to the high risk of money laundering and terrorism financing and operate on cross border basis. AMLA will then also monitor the internal policies and procedures of those directly supervised financial institutions for compliance with targeted financial sanctions.
AMLA will facilitate cooperation, information exchange and identification of best practices among FIUs. Therefore, AMLA will establish a central database to collect data from selected obliged entities and assess their vulnerabilities and risks, including risks of non-implementation or circumvention of targeted financial sanctions. Such data will be available to national supervisory authorities to enable a more joined up approach to oversight and enforcement. You can find out more about the AMLA regulation here.
Chapter 4
4Conclusion
Under the AML Regulation obliged entities have a crucial role to ensure compliance with targeted financial sanctions and in preventing the circumvention of financial sanctions. The Regulation imposes duties directly on both compliance officers and boards and gives AMLA power to impose sanctions including fines for non-compliance by financial institutions subject to its direct supervision.
The extension of the scope of the AML Regulation with regard to targeted financial sanctions requires obliged entities to develop an understanding of the legal requirements and vulnerabilities in that area. The importance and complexity of sanctions has increased significantly in recent years, and the war in Ukraine has led to an unprecedented growth in sanctions in particular against Russia and Belarus.
Many obliged entities have already integrated their sanctions controls into their AML screening of business relationships. The EBA Guidelines on restrictive measures provide important practical recommendations that can already be implemented to help minimise the non-implementation or evasion of financial sanctions. Financial institutions should take steps now to plan for full compliance with the EBA guidelines by 30 December 2025; in doing so they should also have regard to the EBA's Consultation paper (EBA/CP/2025/04) as this sets out a proposed methodology for assessing risks and screening new customers. The AML Regulation further sharpens, expands and specifies the requirements in this respect. Obliged entities should now ask themselves what adjustments they need to make to their policies and procedures and update their control systems accordingly. Especially risks assessments are a critical area of regulatory focus and needs to be amended specifically in the light of targeted financial sanctions. Obliged entities should also keep an eye out for the upcoming measures that will be issued at EU level (e.g. EBA/CP/2025/04). All this leads us to expect an increase in compliance costs and a greater need for improved data management systems that will withstand AMLA/national supervisors' scrutiny and enforcement action.
Chapter 5
5Next Steps
If you would like to discuss how your firm is on track to meet the new obligations to prevent the circumvention of targeted financial sanctions, of if you have any other concerns about the new AML regime, please do get in touch with any of the contacts listed below or your usual Hogan Lovells lawyer.
Authored by Viktoria Hennig, Richard Reimer, and Sarah Wrage.
Regulation (EU) 2024/1624 of the European Parliament and of the Council of 31 May 2024 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32024R1624)
Regulation (EU) 2024/1620 of the European Parliament and of the Council of 31 May 2024 establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism and amending Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010 (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ:L_202401620)
Contacts
Frankfurt
Search
