EU AML Directives (AMLD6, AMLD5) – privacy-preserving compliance in the age of digital regulation
The EU’s Anti-Money Laundering Directives have defined the European approach to financial integrity for over two decades. AMLD5 extended compliance into the digital economy, bringing virtual asset service providers and prepaid cards under supervision. AMLD6, now in effect across EU member states, pushed even further — making money laundering a harmonized criminal offense and introducing stricter corporate accountability.
The regulatory intent is clear: AML compliance must be continuous, cross-border, and data-driven. But achieving that level of visibility within Europe’s fragmented data landscape requires more than traditional monitoring. It demands a new model of secure, privacy-preserving data collaboration.
What AMLD6 and AMLD5 introduced
The two directives form the backbone of Europe’s AML/CTF regime:
AMLD5 (2018):
- Extended AML rules to cryptocurrencies and digital wallets.
- Required central beneficial ownership registers.
- Tightened controls on anonymous prepaid instruments.
- Strengthened cooperation between Financial Intelligence Units (FIUs).
AMLD6 (2021):
- Defined 22 predicate offenses for money laundering.
- Introduced criminal liability for legal entities.
- Required harmonized penalties and cross-border information sharing.
- Expanded obligations for ongoing monitoring and reporting.
Together, they form a framework where compliance depends on access to high-quality, cross-institutional data — while respecting GDPR and national data protection laws.
The challenge: collaboration vs. confidentiality
AMLD6 mandates deeper collaboration between financial institutions, FIUs, and regulators. Yet the same directives exist within a privacy framework that strictly limits data exposure.
Institutions must share intelligence on suspicious activities, beneficial ownership, and cross-border transfers — but cannot reveal personal data without legal basis. This tension has become the central challenge of modern AML: how to collaborate on detection without breaching privacy laws.
This same problem affects Suspicious Activity Monitoring, Customer Due Diligence (CDD), and Financial Crime Detection, all of which rely on data aggregation that’s difficult to achieve under GDPR restrictions.
Institutions must share intelligence on suspicious activities, beneficial ownership, and cross-border transfers — but cannot reveal personal data without legal basis. This tension has become the central challenge of modern AML: how to collaborate on detection without breaching privacy laws.
This same problem affects Suspicious Activity Monitoring, Customer Due Diligence (CDD), and Financial Crime Detection, all of which rely on data aggregation that’s difficult to achieve under GDPR restrictions.
Supervisory expectations under the new framework
The European Banking Authority (EBA) and the European Commission have made clear that compliance will now be judged on outcomes, not checklists. Institutions are expected to:
- Implement real-time transaction monitoring aligned with risk-based methodologies.
- Strengthen Customer Due Diligence with ongoing data refresh cycles.
- Ensure cross-border cooperation with other EU financial institutions.
- Maintain data protection by design in all compliance systems.
This shift is reinforced by DORA, which connects operational resilience with regulatory compliance — ensuring that the infrastructure supporting AML monitoring is both secure and resilient.
Technology’s role in achieving AMLD6 compliance
Legacy compliance tools were built for periodic reviews, not continuous intelligence. AMLD6 requires something more dynamic — systems that can exchange insights while preserving confidentiality.
Modern compliance architecture includes:
Modern compliance architecture includes:
- Federated data models: enabling institutions to share insights without centralizing data.
- Multi-Party Computation (MPC): allowing joint analysis of encrypted datasets.
- AI-driven transaction monitoring: improving detection accuracy while reducing false positives.
- Perpetual KYC (pKYC): maintaining up-to-date customer profiles through automated refresh.
These technologies convert compliance into an active intelligence process rather than a reactive one.
“AMLD6 sets a new standard for cooperation — but it also exposes the limitations of traditional data sharing. True compliance will depend on technologies that allow collaboration without compromise.”
- William Morris, Lead Enterprise Account Executive - UK
This reflects the new compliance reality: secure data collaboration is no longer optional, it’s essential.
Interconnected compliance: how AMLD6 supports the wider ecosystem
The AML Directives don’t stand alone. They link directly to the EU’s broader regulatory framework:
- DORA, ensuring resilience of compliance infrastructure.
- PSD2, mandating secure data exchange across payment systems.
- EBA guidelines on financial crime risk, defining risk-based supervision.
- FATF Recommendations, setting the global standards for AML and CTF.
Each of these frameworks reinforces the others — collectively demanding a secure, interoperable approach to data collaboration.
Partisia’s perspective
The EU’s AML directives aim for transparency, but compliance cannot come at the cost of privacy. Partisia’s privacy-preserving data collaboration technology enables institutions to meet AMLD6 and AMLD5 obligations securely and efficiently.
Using Multi-Party Computation (MPC), financial institutions can:
Using Multi-Party Computation (MPC), financial institutions can:
- Compare transaction data without revealing identities.
- Coordinate AML investigations with other institutions and FIUs.
- Demonstrate regulatory compliance while upholding GDPR standards.
This approach allows for continuous compliance that is both privacy-safe and regulator-ready — bridging the gap between transparency and confidentiality that AMLD6 has made central to European compliance.
