The clock is ticking
How the EU's New AML Regulation Reshapes Due Diligence Obligations for Real Estate Professionals
For real estate professionals across all 27 EU member states, the AMLR represents the most significant overhaul of AML obligations in a generation. Unlike the Directives it supersedes, the AMLR is a directly applicable Regulation: it requires no national transposition, tolerates no fragmentation between member states, and leaves no room for the inconsistent implementation that allowed gaps to persist under the previous Directive-based framework. The rules will be the same in Madrid, Amsterdam, Lisbon, and Warsaw — uniformly enforceable, uniformly demanding.
Learn what AMLR requires, why the real estate sector carries specific and elevated obligations under it, and how Immosurance provides the operational infrastructure professionals need to comply — without the complexity overwhelming the business.
The Clock Is Ticking: The rules governing Anti-Money Laundering (AML) compliance in real estate have just been fundamentally rewritten. On 19 June 2024, Regulation (EU) 2024/1624 — the EU's new Anti-Money Laundering Regulation, known as the AMLR — was published in the Official Journal of the European Union. It entered into force on 9 July 2024 and becomes fully applicable on 10 July 2027. That deadline may feel distant. It is not.
The Regulatory Landscape: From Directives to a Regulation
To appreciate the significance of the AMLR, it helps to understand what it replaces. Since the early 1990s, EU AML law has been structured around a series of Directives — the 1st through 6th Anti-Money Laundering Directives (AMLDs). Directives require member states to enact national legislation, which creates variation: different thresholds, different interpretations, different supervisory approaches. For criminals, those gaps were exploitable. For compliance professionals operating across borders, they were a persistent source of confusion.
The AMLR ends that model for the core due diligence obligations. It sits at the centre of a three-part legislative package:
· Regulation (EU) 2024/1624 (AMLR) — the core rulebook for obliged entities: what due diligence to conduct, how to assess risk, how to screen customers, what records to keep.
· Directive (EU) 2024/1640 (6th AMLD) — governs the national supervisory architecture, Financial Intelligence Units (FIUs), and beneficial ownership registers. This companion Directive must be transposed by member states by 10 July 2027.
· Regulation (EU) 2024/1620 (AMLA Regulation) — establishes the new EU Anti-Money Laundering Authority (AMLA), based in Frankfurt, which will directly supervise the highest-risk obliged entities across the EU and act as a co-ordination hub for national supervisors.
Together, these three instruments create the most comprehensive and harmonised AML framework the EU has ever had. For real estate, the implications are direct, detailed, and non-negotiable.
Real Estate Under the AMLR: A Sector Under the Microscope
The AMLR does not treat real estate as a peripheral concern. The sector is explicitly named, specifically regulated, and — for the first time in EU law — addressed with provisions that reflect the genuine complexity of how property transactions are structured and executed.
Expanded Definition of Obliged Entities
Under the previous Directive framework, the AML obligations on real estate professionals were somewhat loosely defined, leading to inconsistent application — particularly regarding lettings. The AMLR closes this gap definitively.
Article 3 of the AMLR now explicitly includes within the scope of obliged entities:
"Real estate agents, including when acting as intermediaries in the letting of immovable property for monthly rents of EUR 10,000 or above."
This is a landmark expansion. For the first time, letting agents are formally captured by EU AML law — not just sales agents and notaries. Any professional intermediating a rental transaction at or above €10,000 per month is now an obliged entity, with all the due diligence, screening, record-keeping, and reporting obligations that entails.
The practical implications for the market are substantial. High-end residential lettings in major EU cities — Paris, Barcelona, Amsterdam, Lisbon, Milan — routinely reach or exceed this threshold. Luxury short-term rentals, serviced apartments, and commercial property lets are all potentially in scope. Agents and property managers who have historically operated without formal AML programmes must now build them.
The Risk-Based Approach: Codified and Elevated
The AMLR does not invent the risk-based approach — it codifies, harmonises, and significantly strengthens it. Under Article 20, obliged entities must conduct a documented individual risk assessment for every customer and every business relationship. The assessment must consider:
· The customer's identity, residence, and legal form
· The nature and purpose of the transaction
· The geographic risk factors
· The delivery channel used
· The customer's beneficial ownership structure
In real estate, each of these dimensions can carry material risk — and the AMLR requires that the analysis be explicit, documented, and reviewable by supervisors. A generic "low risk" designation unsupported by analysis will not satisfy the standard.
Customer Due Diligence: Tightened Standards
The AMLR's provisions on Customer Due Diligence (CDD) tighten requirements compared to the preceding Directives in several respects.
Identity verification must now be completed before the business relationship is established or the transaction is executed — not during or after. In real estate terms, this means verification must occur before an offer is formally processed, not at the point of exchange or completion. The CDD provisions under Articles 20–30 are explicit on this sequencing.
Beneficial ownership verification receives particular attention. For corporate customers — which are prevalent in real estate transactions — the AMLR requires obliged entities to:
· Identify the ultimate beneficial owner (UBO): the natural person who ultimately owns or controls the legal entity, generally defined as anyone holding more than 25% of the shares, voting rights, or other ownership interest.
· Verify that identification through reliable, independent sources — not simply by accepting the customer's own declaration.
· Where the ownership structure is complex or layered, trace through every intermediate level until the natural person is reached.
· Document every step of the verification chain.
This is a direct response to one of the most widely cited vulnerabilities in real estate: the use of shell companies, trusts, and nominee structures to conceal the true identity of property buyers. Under the AMLR, "we accepted the company registration document" will not be an adequate defence. The verification obligation runs all the way to the person behind the structure.
Enhanced Due Diligence: Broader Triggers, Stricter Requirements
The AMLR's Enhanced Due Diligence (EDD) provisions (Articles 34–46) expand both the triggers for EDD and the requirements of what it must entail.
Mandatory EDD triggers now explicitly include:
· Transactions involving Politically Exposed Persons (PEPs), their family members, or close associates — with a minimum 12-month EDD period after a person leaves public office (extendable based on residual risk).
· Business relationships or transactions involving high-risk third countries, as designated by the European Commission — a list that is updated regularly and includes jurisdictions identified by the FATF as having strategic AML deficiencies.
· Any situation identified by the obliged entity's own risk assessment as presenting a higher-than-standard risk.
· Transactions where the customer is not physically present for identification — a provision that directly addresses the prevalence of remote or cross-border real estate purchases, which have increased markedly in recent years.
For non-EU nationals purchasing EU real estate — a category that encompasses a significant share of high-value transactions in many markets — the AMLR's high-risk country provisions and non-face-to-face EDD triggers will frequently apply in combination. The documentary and analytical requirements this creates are substantial.
Under EDD, the AMLR now requires:
· Obtaining additional information on the customer's Source of Wealth (SoW) — how their wealth was accumulated overall.
· Obtaining and verifying the Source of Funds (SoF) for the specific transaction — tracing the actual money flow with supporting documentation.
· Conducting enhanced ongoing monitoring of the business relationship.
· Obtaining senior management approval before establishing or continuing the relationship.
These requirements apply not just at onboarding but throughout the relationship. An EDD classification is not a one-time exercise — it demands continuous elevated scrutiny.
Simplified Due Diligence: Narrowed Scope
The AMLR also tightens the conditions under which Simplified Due Diligence (SDD) is permissible. Under Article 33, SDD may only be applied where the obliged entity can demonstrate, on the basis of its risk assessment, that the relationship presents a genuinely low risk. The list of categories eligible for SDD is defined in Annex II — and standard private real estate customers do not appear on it. SDD in real estate will remain the exception, not a shortcut to apply broadly.
Ongoing Due Diligence: A Permanent Obligation
The AMLR makes clear in Article 26 that CDD is not a one-time transaction event. Obliged entities must monitor business relationships on an ongoing basis, including:
· Scrutinising transactions to ensure consistency with the customer's known profile and risk level.
· Keeping customer documentation up to date — with periodic refreshes (frequency determined by risk level) and immediate updates when triggered by significant events (e.g., adverse media coverage, sanctions designations, changes in beneficial ownership).
· Re-applying CDD measures when circumstances change in a way that affects the risk assessment.
For real estate property managers, this translates to a structured periodic review programme for every landlord and tenant relationship that meets the threshold. For agents managing long-term mandates, it means that due diligence records from three years ago are not sufficient — they must be current.
Cash Payment Restrictions: Harmonised Across the EU
One of the most practically impactful provisions of the accompanying 6th AMLD is the harmonised EU-wide cap on cash payments of EUR 10,000 for transactions between businesses and between businesses and consumers. For real estate professionals, this eliminates the previous patchwork of national cash thresholds and creates a single, unambiguous standard across all member states. Cash transactions above this threshold are simply prohibited — and any attempt to circumvent the limit through multiple smaller payments must be treated as a red flag and escalated accordingly.
Record-Keeping: Five Years, Fully Documented
Under Article 77 of the AMLR, obliged entities must retain records of all CDD measures taken, all documentation collected, and all transaction records for a minimum of five years from the end of the business relationship or the date of the transaction. The records must be sufficient to allow a competent authority to reconstruct the due diligence process in full. Gaps in documentation are not a minor administrative failing — they are a substantive compliance breach.
Why Real Estate Faces a Steeper Compliance Climb
The AMLR applies across a wide range of obliged entities — banks, payment institutions, auditors, lawyers, accountants, crypto asset service providers, and more. But real estate faces a compliance challenge that is structurally more complex than most.
The sector is transaction-driven, not relationship-driven. In banking, a customer relationship provides continuity of data and monitoring. In real estate, each transaction may involve a new buyer, a new seller, a new set of structures — requiring fresh due diligence every time, under tight commercial timescales.
Beneficial ownership structures are routinely complex. A high proportion of investment-grade real estate transactions are conducted through corporate vehicles. The AMLR's UBO verification requirements — trace every layer, verify every step — demand a systematic approach that most real estate firms do not currently have.
The rental market is newly in scope. Letting agents at the €10,000/month threshold have, in many cases, never operated within a formal AML framework. Building a compliant programme from scratch — risk policies, customer due diligence workflows, screening systems, record-keeping infrastructure — in three years is achievable, but only with the right tools.
Cross-border transactions multiply the risk exposure. International buyers purchasing EU real estate through offshore structures, using funds from foreign accounts, with no prior relationship with the agent, represent the highest-risk scenario the AMLR is designed to address. These transactions are also among the most commercially attractive. Managing that tension requires robust, reliable process.
AMLA will supervise directly. From 2025 onwards, AMLA will directly supervise a selection of the highest-risk obliged entities across the EU, including those in the real estate sector. For the firms that fall under direct AMLA supervision, the standard of expectation — and the scrutiny applied — will be higher still. Even for those supervised nationally, the convergence of standards means that the bar everywhere is rising.
How Immosurance Turns AMLR Compliance into Operational Reality
The AMLR sets the standard. Meeting it requires technology, process, and people working together — and for the vast majority of real estate firms, the technology is the critical enabler. Without structured tools, even the most well-intentioned compliance programme becomes inconsistent, undocumented, and ultimately indefensible.
Immosurance was built precisely for this environment: a platform that translates the complexity of the AMLR's requirements into guided, intuitive workflows that real estate professionals at every level can execute correctly.
Risk-calibrated onboarding aligned to AMLR Article 20. When a new customer or transaction is initiated in Immosurance, the platform conducts an automated preliminary risk assessment based on the customer's profile, transaction type, jurisdiction, and ownership structure. The result determines which due diligence pathway applies — standard CDD, EDD, or the specific enhanced workflows triggered by PEP status or high-risk country involvement. Professionals do not need to interpret the regulation themselves; the platform applies it for them.
Beneficial ownership mapping for AMLR Article 22 compliance. For corporate customers, Immosurance provides a structured UBO mapping tool that guides users through each layer of the ownership structure, prompts for the required verification at every level, and flags incomplete chains before the onboarding is completed. The resulting beneficial ownership record is documented, time-stamped, and audit-ready — meeting the AMLR's requirement that verification be based on reliable, independent sources and fully traceable.
Integrated PEP, sanctions, and adverse media screening. Every customer processed through Immosurance is automatically screened against current PEP databases, EU and international sanctions lists (including OFAC, UN, and national lists), and adverse media sources — at onboarding and continuously thereafter. When the AMLR's mandatory EDD trigger for PEPs applies, the platform escalates the workflow automatically. When a sanctions update affects an existing customer, an alert is generated in real time.
Source of Funds and Source of Wealth workflows for EDD. The AMLR's EDD requirements around SoF and SoW are among the most operationally demanding provisions in the regulation. Immosurance provides structured document request workflows tailored to the specific transaction type and risk profile — ensuring that the right questions are asked, the right documents are requested, and the right analysis is documented. Nothing is left to improvisation under commercial pressure.
Rental transaction management for the new letting scope. Immosurance specifically addresses the AMLR's newly extended scope to letting transactions at €10,000/month and above, with onboarding workflows designed for landlord and tenant due diligence in the rental context. For letting agents coming to formal AML compliance for the first time, the platform provides a complete framework — not just a checklist.
Non-face-to-face and cross-border EDD. When a transaction involves a non-EU customer, a remote onboarding process, or a high-risk country connection, Immosurance automatically applies the enhanced workflows required by the AMLR's non-face-to-face and geographic risk provisions. International buyers are handled with the rigour the regulation demands and the efficiency that business requires.
Ongoing monitoring and periodic review. For property managers and agents with continuing customer relationships, Immosurance automates the periodic KYC refresh cycle — scheduling reviews at intervals calibrated to the customer's risk level, triggering immediate reassessment when screening events occur, and maintaining a continuous audit trail of the monitoring activity. The AMLR's Article 26 ongoing due diligence obligation is built into the workflow, not bolted on as an afterthought.
Five-year audit-ready record-keeping. Every action taken within Immosurance — every document received, every screening result, every risk assessment decision, every escalation and sign-off — is logged, time-stamped, and stored in a format that satisfies the AMLR's Article 77 record-keeping requirements. When a national supervisor or AMLA requests evidence of compliance, the complete audit trail is available immediately, not reconstructed from scattered files.
Regulatory intelligence as a service. The AMLR is a living framework. High-risk country lists are updated. Sanctions designations change. AMLA will issue technical standards and guidelines throughout the transition period. Immosurance tracks these changes and updates its screening sources, risk logic, and workflows accordingly — so that professionals stay compliant automatically as the regulatory environment evolves.
The Window Before July 2027: Why Acting Now Matters
Three years can feel like a comfortable runway. It is not — particularly for firms that currently lack structured AML programmes.
Building a compliant programme from the ground up takes time: policies must be written, risk assessments conducted, workflows designed, staff trained, and systems implemented and tested. Regulators will not accept "we ran out of time" as a mitigating factor. National supervisors and AMLA are already in transition — they will begin applying the AMLR standard from the application date, not from a period after firms have had time to catch up.
Equally, the commercial case for early adoption is compelling. Clients — particularly institutional investors, family offices, and international buyers — are increasingly asking their real estate advisers about compliance standards before committing to a mandate. A firm that can demonstrate a structured, technology-enabled AMLR-compliant programme will win business that others cannot access. The reputational premium of genuine compliance is real, and it compounds over time.
Conclusion: The AMLR Is Not a Future Concern — It Is a Present Obligation
Regulation (EU) 2024/1624 is approved, published, and in force. Its application date of July 2027 sets a deadline for full compliance, not a start date for thinking about it. For real estate professionals — sales agents, letting agents, property managers, notaries, lawyers — the question is not whether the AMLR will apply to them. It will. The question is whether they will be ready.
The regulation's requirements — harmonised CDD standards, expanded EDD triggers, new obligations for the letting market, comprehensive beneficial ownership verification, strengthened ongoing monitoring, and EU-wide cash restrictions — represent a step change in compliance expectations that cannot be met through manual processes or ad hoc procedures.
Immosurance exists precisely to bridge the gap between the complexity of what the AMLR demands and the operational reality of running a real estate business. Purpose-built for the sector, aligned to the regulation's specific requirements, and designed to be used by professionals rather than compliance specialists — it is the infrastructure that transforms a demanding legal obligation into a manageable, defensible, and even commercially advantageous part of the business.
The clock is ticking. The tools are ready.