The European Union's new Anti-Money Laundering Authority (AMLA) is not simply another acronym in the alphabet soup of financial regulation; it is the linchpin of a redesigned supervisory architecture which, taken together with the Single Rulebook Anti-Money Laundering Regulation (AMLR), the Sixth AML Directive (6AMLD), the Funds/crypto “travel rule”, and MiCA's prudential and conduct regime for crypto-asset service providers (CASPs), will raise the standard of AML/CFT controls from a fragmented, member-state-by-member-state patchwork to a consistently enforceable baseline—and will do so in a manner that expects crypto businesses to be “day-one ready”, not aspirationally compliant at some indefinite future milestone.
On 1 July 2025, AMLA's powers came into force, and within days the Authority underscored—in a dedicated crypto press note—that firms active in crypto-asset activities must operate with “strong protections” against money laundering and terrorist financing; the message, which dovetails with MiCA's hand-off to national competent authorities (NCAs) for licensing and day-to-day oversight, is that supervisory convergence will be driven from Frankfurt and measured against a risk-based methodology that AMLA is mandated to develop and hard-wire into binding technical standards.
This is not theory: Regulation (EU) 2024/1620 (the AMLA Regulation) fixes Frankfurt am Main as the Authority's seat and equips AMLA to draft regulatory/implementing technical standards, issue guidelines, and, where appropriate, step in directly with selected high-risk obliged entities; it also tasks AMLA with coordinating FIUs through joint analyses and hosting FIU.net, thereby linking supervisory expectations to operational data flows that CASPs will increasingly have to produce on demand. EUR-Lex
Running in parallel is the Single Rulebook AML Regulation (EU) 2024/1624, which—unlike prior directives—will apply directly across the Union and, crucially for crypto, expressly brings CASPs into the list of “obliged entities”; application is set for 10 July 2027 (with certain sectoral deferrals), leaving a finite window for firms to redesign frameworks, automate controls, and evidence effectiveness before the regulation bites.
What this means for CASPs under MiCA—substance over slogans
MiCA (Regulation (EU) 2023/1114) standardises authorisation and ongoing conduct for CASPs, with ESMA publishing supervisory briefing to drive consistent authorisation practices across NCAs; however, MiCA is not an AML rulebook, and AMLA has made clear that convergence on AML/CFT must accompany MiCA licensing from day one, not after-the-fact, which in practice requires an integrated controls architecture that maps MiCA obligations (governance, conflict management, safeguarding of client crypto-assets, ICT resilience) to AML/CFT duties (risk assessment, KYC/KYB, monitoring, sanctions, reporting) with traceable accountability at senior management level.
Two further pillars tighten the screws. First, the recast Funds Transfer Regulation (Regulation (EU) 2023/1113) extends the “travel rule” to crypto-asset transfers; the EBA's final guidelines specify the information that must accompany such transfers and set concrete application/compliance dates, meaning CASPs need interoperable data pipelines—both inbound and outbound—to avoid settlement friction and regulatory findings. Second, FATF has reiterated, repeatedly, that jurisdictions and VASPs are expected to operationalise Recommendation 15 (including the travel rule), with particular attention to DeFi touchpoints and stablecoin use cases—benchmarks that EU supervisors increasingly reference.
Liechtenstein's position: already strong, now strategically advantageous
Liechtenstein, as an EEA/EFTA jurisdiction with a mature token framework (the TVTG—Token and TT Service Provider Act—effective since 1 January 2020), has long implemented FATF standards and placed VT-service providers under FMA registration and ad-hoc supervision; that alignment, coupled with EEA-relevant EU instruments (including the travel rule regulation), positions Liechtenstein-based providers to build AMLA-grade systems that interoperate with EU supervisory expectations.
A pragmatic build plan for “AMLA-ready” crypto compliance
- Risk taxonomy and enterprise-wide ML/TF assessment, refreshed at least annually, tying business model, asset types (including e-money tokens and asset-referenced tokens where relevant), customer profiles, and geographies to specific mitigating controls, with explicit treatment of sanctions-evasion risk as a predicate concern highlighted by EU legislators.
- Travel-rule implementation without “sunrise gaps”: end-to-end testing with counterparties, automated lookup/handshake for originator/beneficiary information, exception handling for unhosted wallets, and evidence that transfers are blocked/flagged when mandatory data are unavailable—documented against the EBA guidelines.
- MiCA↔AML control mapping, so that authorisation artefacts (organisation, internal control functions, safeguarding arrangements) align with AMLR obligations (KYC, monitoring, STR/SAR reporting, record-keeping), producing a single supervisory narrative for NCAs and, ultimately, AMLA peer comparisons.
- Data governance ready for FIU.net-driven expectations: standardised schemas for transactions, counterparties, and screening results; lineage mapping from source systems to regulatory reports; reproducible analytics supporting STRs and thematic reviews.
- Board accountability and “fit-and-proper” coherence: minutes and MI packs that show risk appetite, model validation, and remediation tracking; documented training and role clarity for AMLRO/MLRO, with escalation channels into executive and board committees.
Sources: European Anti-Money Laundering Authority. (2025, July 23). AMLA expects high standards against financial crime in the crypto sector.
Key findings & core statements (executive bullets)
- AMLA is live and crypto-focused: since 1 July 2025, AMLA has signalled high expectations for crypto firms and will drive supervisory convergence from Frankfurt.
- The Single Rulebook (AMLR) brings CASPs squarely into scope and applies from 10 July 2027, replacing divergent, directive-led implementation with directly applicable rules.
- Travel-rule obligations already apply to crypto transfers, with EBA guidelines specifying required data and processes; supervisors expect working solutions now.
- MiCA licensing must be “AML-complete” from day one, with ESMA pushing consistent authorisation practices and AMLA expecting effective systems at authorisation—not later.
- Liechtenstein's TVTG offers a strong, FATF-aligned foundation for EU-facing CASPs, but AMLA/AMLR promotes a new level-playing field.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
