ARTICLE
25 June 2026

AMLA’s BWRA Consultation: Setting EU‑Wide Standards For Risk Assessment

CC
Chetcuti Cauchi Advocates

Contributor

Chetcuti Cauchi Advocates logo
Chetcuti Cauchi Advocates is an multidisciplinary law firm in Malta, based in Valletta, offering a comprehensive range of legal, tax, immigration and fiduciary services to international businesses and private clients worldwide. Established in 2002, our law firm in Malta employs a fully integrated approach allowing our lawyers to take ownership of your projects, advancing your interests in a holistic manner.
Explore Firm Details
The Anti-Money Laundering Authority (AMLA) has launched a consultation on draft Guidelines establishing EU-wide minimum standards for Business Wide Risk Assessments, marking a significant shift towards more consistent, evidence-based risk assessments across Member States. These Guidelines reinforce the central role of the BWRA in AML/CFT compliance and set out four key requirements covering business overview, inherent risk identification, control quality assessment, and residual risk evaluation.
Malta Government, Public Sector
Deekshitha Maddappa
Your Author LinkedIn Connections
Chetcuti Cauchi Advocates are most popular:
  • within Tax, Corporate/Commercial Law and Employment and HR topic(s)
  • in United States
  • with readers working within the Accounting & Consultancy industries

AMLA’s draft Guidelines on Business Wide Risk Assessment and what they mean for EU AML compliance

AMLA has launched a consultation on draft Guidelines setting EU wide minimum standards for Business Wide Risk Assessments. The Guidelines reinforce the central role of the BWRA in AML/CFT compliance and signal a shift towards more consistent, evidence based risk assessments across Member States.

  • AMLA is establishing minimum EU wide standards for Business Wide Risk Assessments under Article 10(4) AMLR
  • The BWRA must assess inherent risk, control effectiveness, and residual risk using an evidence based approach
  • The Guidelines emphasise proportionality, governance, and practical use of the BWRA in day to day AML/CFT compliance

Intro Summary

The Anti Money Laundering Authority (AMLA), the EU’s new central AML supervisory body based in Frankfurt, launched a public consultation on 16 April 2026 on its draft Guidelines for the Business Wide Risk Assessment (BWRA). The consultation runs until 15 July 2026, with final guidelines expected in Q4 2026.

The BWRA is the cornerstone of every organisation’s risk-based approach to AML/CFT compliance. It determines how exposure to money laundering, terrorist financing, proliferation and sanctions evasion risks is understood. It also informs how AML/CFT controls are calibrated. AMLA is now setting minimum EU wide standards for how this assessment must be done.

What the Guidelines Cover

The draft Guidelines establish four minimum requirements applicable to all obliged entities, financial and non financial.

Business and Operational Overview require a documented picture of structure, customer base, products, delivery channels, geographic exposure, and governance setup. This baseline determines the depth of the remaining assessment.

Inherent Risk Identification and Classification require a risk weighted analysis across customers, products, delivery channels, and geographies, identifying where ML/TF and sanctions evasion risks may materialise, with weighting decisions documented and evidence based.

An Assessment of Control Quality evaluates whether existing AML/CFT controls are well designed and operating effectively, supported by audit findings, testing outcomes, and supervisory feedback.

Finally, Residual Risk Assessment requires determining the level of risk remaining after controls are applied, recognising that high inherent risks cannot always be fully eliminated, and ensuring results drive remediation actions.

"AMLA isexplicit that the BWRA must not be a formalistic exercise but a tool thatdrives genuine improvements in risk management."
— AMLA, draft Guidelines on Business‑Wide Risk Assessment

Methodology and Information Sources

AMLA allows methodological flexibility, requiring the approach to reflect size and complexity while meeting minimum requirements and documenting the rationale. Less complex entities may rely on a more qualitative assessment.

The Guidelines also broaden the information sources to be considered, including FATF reports, sanctions watchlists, FIU feedback, internal audit findings, and other credible external risk intelligence beyond Article 10(1) AMLR.

Common Challenges Organisations Face

Despite the BWRA obligation existing since the Fourth AML Directive, challenges across the industry remain common:

  • Risk assessments reviewed annually but not used to improve controls
  • Generic methodologies failing to distinguish between key risk dimensions
  • Control assessments based on self certification rather than testing and audit
  • Weak documentation of weighting and judgement
  • Management approval without effective engagement

Why This Matters for You

These Guidelines align with EBA risk factor guidelines, restrictive measures guidance, and FATF standards. If your organisations is already aligned with these benchmarks, then you are well placed, if not, you have an opportunity to strengthen your frameworks ahead of finalisation.

If your organisation will come into scope or is an expanded category due to the new Anti-Money Laundering Regulation (AMLR), which is part of the EU’s new AML/CFT legislative package, you need to prepare to align with this expectation.    

With AMLA coordinating supervision across Member States, a robust and well documented BWRA is becoming a baseline expectation for all Subject Persons for AML/CFT Purposes (to be known as Obliged Entities under the AMLR.

How We Stay Ahead

The BWRA methodology that we develop draws on multiple external and internal sources, including:

  • FATF typologies and mutual evaluations
  • EU and Member State national risk assessments
  • EBA guidelines and AMLA’s AML Single Rulebook
  • FIAU feedback and STR/SAR analysis
  • Sanctions intelligence and corruption indices

What this means for you

Now is the time to assess whether your BWRA truly reflects risk exposure, is evidence based, and actively informs AML/CFT controls. Early alignment with AMLA expectations will reduce supervisory risk and strengthen long term resilience. With the Guidelines expected to be finalised in Q4 2026, organisations have a limited window to assess alignment and address gaps before supervisory expectations crystallise.

How we can help

If your organisation is reviewing its BWRA methodology in light of AMLA’s draft Guidelines, Chetcuti Cauchi can assist with alignment assessments, strengthening risk assessment methodologies, enhancing governance and documentation, and supporting preparedness for supervisory engagement. Engagement at this stage allows organisations to assess alignment ahead of the finalisation of the Guidelines and evolving supervisory expectations.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Person photo placeholder
Deekshitha Maddappa
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More