Derville Rowland, Executive Board Member of the EU’s Anti-Money Laundering Authority (AMLA), issued a strong call to action for companies to elevate their anti-money laundering (AML) standards. Speaking at the Banking and Payments Federation Ireland (BPFI) National Payments Conference in Dublin in early March 2026, she highlighted the urgent need for enhanced compliance amid massive illicit financial flows. Her remarks underscore AMLA’s push for unified EU-wide defenses against financial crime.
Rowland described the annual laundering of $750 billion (€647 billion) through Europe’s financial system as “enormous,” equating to 2.3% of the region’s GDP. This figure, drawn from a 2023 Nasdaq Verafin report analyzed with Celent and Oliver Wyman, stems from drug trafficking ($178 billion), human trafficking ($82.2 billion), terrorist financing ($2.7 billion), and other crimes like fraud and corruption ($487.2 billion). Over a quarter of these cross-border activities target Germany (20%), the UK, and France, exploiting fragmented national regimes.
She warned business leaders: “Don’t have them surprised that there’s a step-up coming,” urging boards to prioritize enhanced risk assessments, system flags for suspicious activities, and effective monitoring. Criminals, she noted, leverage “crime as a service” models, renting hacking tools and operating from entire villages dedicated to cybercrime, rapidly outpacing traditional defenses.
Derville Rowland’s Regulatory Expertise
Rowland brings over two decades of experience from the Central Bank of Ireland, where she served as Deputy Governor for Consumer and Investor Protection and Director of Enforcement and AML. A qualified barrister with degrees from London and King’s Inns Dublin, plus a Diploma in Applied Finance Law, she oversaw multimillion-euro fines against banks like Ulster Bank (€3.325 million in 2016), AIB (€2.275 million in 2017), and Bank of Ireland (€3.15 million in 2017) for AML failures in risk assessments, customer due diligence (CDD), and suspicious transaction reporting.
Appointed to AMLA’s board in May 2025, she relocated to Frankfurt, praised by Central Bank Governor Gabriel Makhlouf for her enforcement prowess. Her prior speeches, like one in September 2024 on AML partnerships, emphasized private-sector collaboration and innovative data sharing under the EU AML Regulation.
AMLA’s Expanding Mandate and 2026 Roadmap
Launched in July 2025 under EU Regulation 2024/1620, AMLA aims for 400+ staff by 2027 to harmonize 27 national AML frameworks into a “Single Rulebook.” It will directly supervise ~40 high-risk cross-border entities—like banks and crypto firms operating in six+ member states—from 2028, while coordinating national authorities and Financial Intelligence Units (FIUs) via platforms like FIU.net.
AMLA’s Single Programming Document (SPD) for 2026-2028 outlines 26 Regulatory Technical Standards (RTS), Implementing Technical Standards (ITS), and guidelines, with 24 due in 2026. Key focuses include CDD criteria for linked transactions and lower thresholds (RTS under AMLR 19(9), consultation open until May 2026), pecuniary sanctions (closed March 2026), business-wide risk assessments, group policies, and breach indicators.
From July 2027, the AML Regulation (AMLR) mandates uniform rules on risk-based measures, beneficial ownership transparency, and curbs on anonymous instruments like prepaid cards. New bans on cash payments over €10,000 for high-value goods and stricter crypto oversight will tighten misuse of cash and digital assets.
Industry Vulnerabilities and Reactions
The payments sector, a prime gateway for consumers, faces acute risks from interconnected services, as Rowland noted in past BPFI addresses. Experts like Linklaters’ Andreas Dehio see AMLA as a “huge opportunity” for consistent rules, but warn of GDPR tensions with data needs. Nasdaq Verafin advocates AI-driven tools, used by 2,600+ institutions managing $10 trillion in assets.
Reactions emphasize tech adoption: BPFI highlighted payments vulnerabilities, while AML Intelligence linked Rowland’s speech to global fines like FinCEN actions. Firms near direct supervision thresholds—e.g., high transaction volumes—must assess footprints now.
Implications for Companies and Path Forward
Companies must integrate AML into core operations, investing in training, policies, and tech to avoid sanctions. AMLR demands risk-based CDD, PEP identification, and timely suspicious activity reports, rejecting “tick-box” compliance.
Rowland’s warning signals a “step-up” in scrutiny, with AMLA fostering partnerships for detection and disruption. Success depends on national alignment and innovation, potentially reshaping Europe’s fight against financial crime that erodes trust and fuels societal harms like elder exploitation and terrorism.