The European Union's Anti-Money Laundering (AML) Package represents the most significant transformation of the region's financial crime framework in decades.
During NICE Actimize's recent webinar, The EU AML Package: What to Do Now and How to Handle the Transition, Daniel Orchard, EMEA & APAC KYC Strategy Leader at NICE Actimize, was joined by Avisha Patel, regulatory change expert, and Claire Morris, Head of Economic Crime Risk & Control at Santander UK, to discuss how financial institutions can prepare for the changes ahead.
Here are 10 of the biggest takeaways for FIs as they navigate the EU AML Package changes:
- Significant change in a short timeframe: For many, compliance with the EU AML Package requires a major uplift. The main concern for many is how to prioritise responses to consultations, impact assessments and potential changes to technology and operations.
- Firms should not wait for final rules before acting: Although the rulebook comes into force in July 2027, organisations have started impact assessments now based on draft technical standards and guidelines. The view for many is that the timeframe dictates this approach and waiting is not an option.
- Customer due diligence is expected to see the greatest impact: Expanded data requirements, more prescriptive due diligence expectations and stronger ongoing review obligations make CDD a priority area for readiness.
- CDD changes will affect the broader financial crime programme: Customer data and risk profiles feed downstream controls such as transaction monitoring, screening and risk assessments.
- There is a risk of misinterpreting scope: Certain institutions are at risk of incorrectly assuming they are not subject to the new requirements. Entities with a non-EU headquarters but regional presence or operation, and those not previously considered obliged entities, are exposed to this in particular.
- Scale will be a major operational challenge: Larger institutions must determine how to refresh customer data without overwhelming teams or customers. Small uplifts in requirements can be impactful when extrapolated across large customer volumes.
"We've got just short of 14 million active customers. Scale in itself presents the challenge." - Clare Morris, Head of Economic Crime Risk & Control, Santander UK
- Customer experience must remain central to compliance design: Firms will need to embed new AML requirements into onboarding and lifecycle processes in ways that reduce friction.
- Technology flexibility will be a key driver of readiness: Modern, adaptable onboarding and customer lifecycle management platforms will help firms respond more efficiently as guidance evolves.
- AMLA readiness requires people, skills and cultural change: Firms will need training, governance, regulatory engagement and cross-functional expertise to support the new supervisory model.
"This is not a one-off compliance project with a go-live date. It's an evolving supervisory landscape." Avisha Patel, Regulatory Change Expert
- This should be treated as an ongoing transformation, not a one-time project: AMLA implementation will continue to evolve, requiring sustained governance, executive sponsorship and adaptable operating models. Enforcement action may be years down the line but will also be an important component of the landscape.


Looking Ahead
Despite the scale of the transformation, the panel expressed optimism about the direction of travel.
For compliance leaders, the focus should be on adopting a pragmatic approach: assessing impacts now, including current technological flexibility, prioritising customer due diligence, briefing executives to secure sponsorship and preparing the workforce.
Watch the full on-demand webinar to hear the complete discussion and additional insights from the panel.
