The European Union has finalized sweeping anti-money laundering regulations that will fundamentally reshape how cash payments and cryptocurrency transactions are handled across all 27 member states. Effective July 10, 2027, Regulation (EU) 2024/1624 will introduce an EU-wide €10,000 cap on commercial cash payments and mandate strict know-your-customer (KYC) verification for occasional crypto users conducting transactions worth €1,000 or more.
Historic Regulatory Shift
This regulation represents the most significant transformation in EU anti-money laundering prevention since the first AML Directive was introduced in 1991. The new framework replaces the directive-based 6th AMLD with a directly applicable single rulebook, eliminating national implementation room and creating harmonized standards across the European single market.
The regulation’s centerpiece is the creation of the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA), headquartered in Frankfurt, Germany. This decentralised EU agency will coordinate national authorities and ensure consistent application of AML rules across member states. AMLA is expected to be fully operational by 2028, initially overseeing 40 EU financial institutions deemed highest risk.
Cash Payment Cap: What Changes
The new €10,000 limit applies specifically to cash payments made in a business context for commercial transactions. This prohibition covers both single operations and several linked operations that collectively exceed the threshold.
Key details about the cash cap:
For cash transactions valued at €3,000 or more, traders and obligated entities must verify customer identities and perform due diligence checks before completing the transaction. Individuals can still hold unlimited cash amounts and use it for daily private transactions—the restriction applies only to professional business payments.
Cryptocurrency KYC Requirements
The regulation introduces comprehensive customer verification obligations for crypto-asset service providers (CASPs), including exchanges and custodians. For occasional crypto transactions worth €1,000 (approximately $1,150) or more, regulated crypto businesses must conduct full customer due diligence.
Crypto KYC threshold structure:
- €1,000+ transactions: Full customer due diligence required
- Below €1,000: Customer identification mandatory, but verification level reduced compared to larger transactions
- Anonymous accounts: Explicitly prohibited across all regulated platforms
The regulation explicitly bans regulated crypto firms from supporting privacy coins—anonymity-enhancing cryptocurrencies that allow transaction obfuscation. Starting July 2027, licensed exchanges cannot list, custody, or facilitate transactions involving privacy-focused assets.
Important clarification: Direct transfers between self-hosted wallets remain outside mandatory identification requirements. The identification obligations apply to crypto-asset service providers rather than every blockchain transaction. Peer-to-peer Bitcoin transactions conducted without an intermediary do not trigger direct identity verification under EU law.
The Travel Rule framework (Regulation (EU) 2023/1113) requires regulated providers to transmit sender and recipient information during crypto transfers. Additional checks apply when transfers involving self-hosted wallets reach €1,000 or more with a regulated intermediary involved.
Newly Obliged Entities
The regulation significantly expands the list of entities covered by EU anti-money laundering obligations. New sectors now required to carry out compliance checks and report suspicious activity include:
- Professional football clubs and football agents (from 2029, with turnover exemptions)
- Crowdfunding operators and platforms
- Investment migration businesses
- Luxury goods dealers (jewelers, watchmakers for €10,000+ transactions)
- Luxury car dealers (for €250,000+ transactions)
- Art dealers (for €10,000+ transactions)
- Real estate agents
- Trust and company service providers
- Mortgage and consumer credit intermediaries
Football clubs below the top league with yearly turnover under €5 million over two years may be exempted by member states.
Enhanced Beneficial Ownership Transparency
Legal entities across the bloc must disclose their ultimate owners through national registries. Ownership thresholds are generally set at 25% and reduced to 15% for higher-risk structures.
Trusts, foundations, and non-EU entities involved in specific EU business activities or real estate transactions will also face disclosure requirements. Trustees must update ownership information within 28 calendar days.
Sanctions and Penalties
AMLA can impose substantial pecuniary sanctions for breaches. For serious, repeated, or systematic breaches related to customer due diligence identified in two or more member states, sanctions range from €500,000 to €2,000,000 or 1% of annual turnover.
For breaches identified in one member state, penalties range from €100,000 to €1,000,000 or 0.5% of annual turnover. Maximum sanctions can reach 10% of total annual turnover for the most serious violations.
Implementation Timeline
The regulation entered into force 20 days after its mid-2024 publication but becomes applicable from July 10, 2027 for most entities. Certain entities will have implementation deadlines extending to July 10, 2029.
Companies should conduct gap analysis early to identify discrepancies between existing AML processes and future regulatory requirements. KYC, ultimate beneficial owner identification, politically exposed person screening, and sanctions checks must be integrated into unified, audit-proof compliance systems.
Industry Impact
The shift represents a fundamental paradigm change: whereas formal documentation requirements previously dominated, the effective functionality of compliance systems now takes center center. Anti-money laundering must become data-driven, with companies collecting data structurally, updating continuously, and analyzing intelligently.
Data protection and anti-money laundering are moving significantly closer and cannot be viewed isolation. The new EU list system for high-risk countries and closer integration with sanctions law further complicate compliance requirements.
Businesses initiating this transformation early reduce regulatory risks while creating more efficient processes, strengthening partner trust, and securing competitive advantages.