AML Compliance
Understanding AML Challenges
The main challenges real estate businesses face are less the willingness to 'do the right thing' than the complexities of the current Directive and the upcoming drastic changes with the already approved Regulation.
Let's bring this into perspective and formulate both challenges and opportunities.
High Level AML Challenges
Interpretation
Since its introduction, the AML Directive has gone through several iterations with the last one being the 6th Directive turned into law in 2024.
Being a Directive, EU member states each have interpreted this already complex law, often with additional complexity. This has resulted in an overall very low compliance rate across Europe.
Awareness
Arguably the biggest challenge today is the lack of awareness by a large amount of the real estate businesses.
Varying by country, a significant amount of real estate professionals too often do not act according to current obligations under the Directive, and even at times believe it's not their responsibility.
Evolution to AMLR
AMLA, the Anti-Money Laundering Authority that was created by the EU to deal with the transition from Directive to Regulation, has defined the common EU rules of the Regulation. AMLR which is approved, takes effect on 10/7/2027 for all EU member states equally, introducing over 100 articles, up from the current approximately 50 articles, adding vast complexity for all.
Audits
AMLA is also the authority in charge to make sure that FIUs (Financial Investigation Units) from each individual EU member state ensure the AMLR is vigorously implemented and verified.
Since the tools provided to AMLA are of such nature that no FIU will ignore their obligations, translating into a never before seen increase of audits of real estate businesses.
Asking the Right Question
"Are You Ready for AMLR"?
Is this the right question? Prior to answer such question, it's important to understand the underlaying issues, rather than jumping to conclusions.
Surely with severe consequences of non-compliance, the issue is not so much whether a business works hard enough to do its best, so clearly that wouldn't be the question to ask first neither.
To find the right question, we need to dig in deeper and revise the common challenges in AML risk assessment first.
Common AML Challenges
- Changing risk & regulatory environment
- Complexity of AML compliance requirements
- Inconsistent data => poor management practices
- Resource constraints or lacking skills
- Internal communication issues
- Non-collaboration with regulators
- Weak internal control & auditing measures
- Failure to timely report STR/SARs
What is NOT the Problem
Assuming you are already aware of your current obligations, continued complex changes and additions require more work for your business and adding processes to the internal risk assessment, valuation & documentation, reflect those changes in your continued education of employees, as well as to every single transaction.
For this you may have some tools, either automated or manual, typically decentralised and operated by different persons.
The real problem is:
ARCHITECTURE
(and AMLR is going to expose it)
Why the Architecture is the Problem
Compliance systems grow organically — and that's exactly the issue.
-
1
STEP 1: No tool
Manual checks are performed using for instance Excel sheets, and all AML-related documentation (KYB) & transactional documents (KYC) are stored decentralised, on cloud or local servers (violating GDPR rules).
-
2
STEP 2: First tool
You start with a basic AML tool to address some need, like e.g. some sanction lists checking (note there are over 2000 potential lists to check).
-
3
STEP 3: Strengthen KYC
Initial control shows weaknesses: now you try strengthening the KYC controls.
-
4
STEP 4: Audit
Following an audit, more layers need to be added to comply with requirements as outlined by the auditor.
-
5
STEP 5: New regulation
A new regulation comes into effect which forces you to add more filters, layers and tools.
-
6
STEP 6: Fines & more Tools
After a supervisory review you are fined and decide to deploy additional tools, and potentially manual processes and software (manual document uploads, Excel sheets,…).
Architectural complexity increases over time
The result: tools are not integrated and you end up with fragmented workflows. The law requires a 360º view all-in-one which is ready to be audited, including not only transactional KYC, but also all the company obligations within KYB.
Back to the Initial Question
The question is not "Are we ready today and AMLR compliant?"
But rather: "Can our model & architecture survive tomorrow?"
The answer: No. This is a major issue, but luckily one that can be resolved.
Why This Matters
Current architectures were built reactively — layer by layer — and are not designed to meet the harmonised, traceable, and integrated requirements that AMLR demands from 2027 onwards.
The aim is to implement an architecture that is ready for the changes ahead, the increasing complexity and the frequent updates, which leads to these four key points:
Automation
Up to 70% reduction in manual entry + analyst intervention becomes an exception.
Orchestration
Reduction of workload hence also labour costs + Centralised management of all obligations (KYB + KYC + Risk assessment).
Reduction
Lower workload hence also labour costs by reducing false positives and research work.
Traceability
Immediate audit readiness (less than 1 hour to reconstruct a full case audit) making audit a normal and controlled event.