Applicability and entity status
We determine whether and from when you are subject to the AML package and whether you operate as an existing entity or one newly covered by the regulation.
AMLR / AMLA / TFR for obliged entities
We guide companies from applicability diagnosis to full AMLR readiness, GIIF inspections and AMLA supervision, with a practical 0-9 stage roadmap.
fintech brands we have worked with
scope of AMLR support: from qualification to implementation
We translate AMLR, AMLD6, AMLA and Travel Rule requirements into operational actions that can be implemented across business, compliance and IT teams.
Governance and accountability
We design a Compliance Manager + Compliance Officer model, role split, independent audit and board reporting.
CDD/EDD/SDD and UBO
We implement due diligence procedures, UBO >=25% verification, PEP/HNWI, source of funds and ongoing CDD reviews.
Monitoring and STR/FIU
We build transaction monitoring, sanctions screening, the STR path and a procedure for FIU responses within 5 business days.
Operational thresholds and limits
We align processes with the CDD threshold >EUR 10,000, cash >=EUR 3,000, cash limit >EUR 10,000 and the ban on anonymous instruments.
AMLA readiness and inspections
We prepare documentation, an evidence pack and processes for national inspections and potential direct AMLA supervision.
who we design AML implementations for
We support both entities already covered by AML and sectors that are broadly entering the new AMLR regime.
Financial institutions
Banks, payment institutions, EMIs, investment firms, funds and life insurers.
MiCA / Crypto-assets
Entities with the dual MiCA + AMLR + TFR regime, including self-hosted wallet mitigation.
Real estate
Sales and rental intermediaries, including rentals above EUR 10,000 per month.
Luxury goods
Jewellery >EUR 10k, cars >EUR 250k, yachts/aircraft >EUR 7.5 million, art >EUR 10k.
Regulated professions
Law firms, notaries, statutory auditors, accountants and tax advisors.
Crowdfunding and investments
Crowdfunding platforms, credit intermediaries, investment migration and, from 2029, professional football.
why AMLR implementation must be planned now
AML risk is not only a financial penalty. It is also licensing risk, reputational risk and management liability for the lack of an effective system.
Financial sanctions
Serious breaches: up to EUR 10 million or 10% of annual turnover. For natural persons: up to EUR 5 million.
Management risk
A new liability model: a Compliance Manager at board level and tangible supervisory consequences for gaps in the system.
Operational risk
Errors in CDD/EDD, UBO, STR or sanctions screening can block business processes and increase exposure to inspections.
Licensing risk
Breaches may result in additional sanctions: licence withdrawal, ban on management functions, intervention measures.
Key thresholds and operational deadlines
- CDD: > EUR 10,000
- Cash (identification): >= EUR 3,000
- Cash limit: > EUR 10,000
- UBO: >= 25%
- FIU response: 5 business days
- Key deadline: 10 July 2027
Legal status/material: 21 February 2026.
frequently asked questions
Questions most frequently raised at board, compliance and operations level during AMLR preparation.
No. The scope also covers new sectors, including parts of the real estate industry, luxury goods, crowdfunding and other industries indicated in the EU AML package.
The Compliance Manager is responsible at management level for the effectiveness of the AML system, while the Compliance Officer handles operational maintenance of the process and controls.
In particular, for business relationships, occasional transactions above EUR 10,000, cash from EUR 3,000, ML/TF suspicion and doubts about customer data.
The threshold is defined as at least 25%, multi-tier structure verification is gaining importance, and there is an obligation to report discrepancies with the register.
No. The STR decision and responsibility for filing remain with the organisation as an internal function.
In the target AML package model we are talking about 5 business days, so a ready escalation and data-flow procedure is essential.
For many organisations a single cross-compliance model works better than several parallel projects, especially for CASPs and financial entities.
The scope depends on the organisation's maturity. Most often the project covers a diagnostic stage, procedure redesign, training and preparation of an ongoing maintenance model.
Yes, if it is an obliged entity. The scope of measures is proportionate to risk, but core obligations remain mandatory.
role-based AML training
We build the training programme around roles and the operational risk of each organisation. We deliver training at the client's premises, on-site at our offices or online.
At the client's premises
We come to you. On-site training tailored to the team and the specifics of your organisation.
On-site at our offices
Welcome to the Legal Geek office. Ideal for teams from different organisations participating together.
Online / remote
Live training via video conference. Full interactivity, Q&A and materials in electronic form.
We tailor the programme and topical scope to the risk profile and specifics of your business — there are no template "one-size-fits-all" trainings.
We deliver complete documentation: a training register, attendance confirmations and training materials for the compliance file.
At the end of each training we run a knowledge test. The participant receives a certificate confirming AML competencies.
Sample agenda — AML training for the Compliance team (16h)
- Module 1 — Legal and regulatory framework (3h)
AML Act, AMLR, AMLD6, AMLA, EU/UN sanctions, AML Officer liability. - Module 2 — ML/TF risk assessment (3h)
Business-Wide Risk Assessment: methodology, risk factors, documentation and updates. - Module 3 — CDD / EDD and onboarding (4h)
Customer identification and verification, PEP, HNWI, UBO, sanctions — criteria and EDD procedure. - Module 4 — STR / SAR and reporting to GIIF (3h)
When and how to report a suspicious transaction, the tipping-off prohibition, deadlines and forms. - Module 5 — Case studies, workshops and exam (3h)
Analysis of real cases, work on scenarios, final test.
Group
Scope
Media format
Management board / Board
Compliance Manager liability, sanctions, AMLA, supervision.
Workshop 4-8h
Compliance / AML
AMLR Deep Dive: CDD/EDD, STR, TFR, sanctions, UBO.
Training
Front office / Sales
Onboarding, red flags, documents, PEP/HNWI, tipping-off.
Workshop 4-8h
IT / Operations
Transaction monitoring, sanctions screening, record-keeping, BCP/DRP.
Training
All employees
AML awareness, the reporting path and basic ML/TF risks.
E-learning 2-4h
AML e-learning
We also offer e-learning modules available 24/7 — as a supplement to expert-led training. The platform includes, among others:
- AML awareness for new employees
- Recognising red flags and suspicious transactions
- Internal path for reporting suspicions
- Sanctions and screening — operational procedure
Each module ends with a test. The compliance manager receives a completion report and participant certificates.
UKNF position on AML training
According to the position of the Office of the Polish Financial Supervision Authority: self-study does not satisfy the training obligation set out in Article 52 of the Anti-Money Laundering Act for the AML Officer. It may only supplement professional training delivered by qualified trainers.
Stage outcome: AML Training Program + materials + training register + attendance confirmations.
AML procedures: CDD, UBO, sanctions, STR
We build procedures that pass the practical test: clear allocation of responsibilities, complete documentation and operational performance in day-to-day processes.
CDD / EDD / SDD
We design procedures for the new thresholds and scenarios: PEP, HNWI, high-risk countries, source of funds/source of wealth.
UBO and complex structures
We implement look-through ownership, UBO >=25% verification and a procedure for reporting register discrepancies.
Sanctions screening
We automate EU/UN/OFAC screening, the hit process and asset freezing, and sanctions list updates.
STR/SAR and FIU
We define the suspicion reporting path, the tipping-off prohibition and a procedure for responding to FIU requests within 5 business days.
Cash and thresholds
We implement cash limit controls and identification requirements for payments in line with the new AMLR regime.
DPO outsourcing
We structure outsourcing with a clear separation of functions that cannot be transferred outside the organisation (including STR).
AML audits and ongoing compliance
We close the implementation with a continuous model: audit, regulatory change monitoring and readiness for national inspections and AMLA.
Annual effectiveness audit
We test the quality of CDD/EDD, STR, screening and alert logic, and turn the results into a remediation plan with owners.
Continuous monitoring
We update the risk assessment, report quarterly to the board and maintain a calendar of AML obligations.
AMLA readiness
We build the evidence pack and processes for inspection, including a readiness assessment for cross-border entities.
Stage outcome: Annual AML Audit Report + AMLA Readiness Assessment + Regulatory Watch Calendar.
AML/CFT experts
In AML we combine legal, regulatory and technology perspectives so that implementations are secure and operationally feasible.
Direct expert support
- Practical approach to AML implementations and control processes
- Support for decisions of high regulatory significance
- Recommendations tailored to your organisation's operating model
Strengths of our AML/CFT team
- Over 15 years of experience in AML/CFT
- Experience across many industries (incl. finance, crypto, real estate, accounting offices)
- Handling GIIF / KNF inspections
- Audits
AML/CFT contact
Tomasz Klecor
Managing Partner
FinTech navigator. Lawyer.
For 15 years he has helped Poland's largest and most ambitious fintechs grow safely and globally. Starting as a lawyer, he now combines law, strategy, and technology — advising founders and boards on key decisions: how to scale in compliance with regulations, how to correctly implement DORA, MiCA, or AML and prepare for PSD3/PSR, and how to avoid the regulatory killers that can stop growth in its tracks.
LinkedIn
EU AML package timeline
Cut-off dates determine the budget, sequence of actions and urgency of implementation.
30 December 2024
TFR active: obligation to provide originator/beneficiary data for transfers of funds and crypto-assets.
1 July 2025
AMLA begins operations and builds the European supervisory model.
10 July 2026
Next stage of AMLD6 transposition and finalisation of some implementing standards.
10 July 2027
Key deadline: full entry into force of AMLR (Single Rulebook) and the new sanctions regime.
10 July 2029
AML obligations enter into force for professional clubs and football agents.
Legal status/material: 21 February 2026.
AML implementation roadmap: stages 0-9
We close each stage with a concrete artefact that can be used in audits, inspections and board reporting.
Stage 0
Applicability
DeliverableWe assess whether the organisation is an obliged entity and what regulatory roles it performs.
AML Applicability Assessment + Obliged Entity Classification
Stage 1
Risk assessment
DeliverableWe build a Business-Wide AML/CFT Risk Assessment and a client/product/channel/jurisdiction risk matrix.
Business-Wide Risk Assessment + Risk Matrix
Stage 2
Governance and policies
DeliverableWe implement the compliance manager/officer model, AML/CFT policies, whistleblowing and outsourcing rules.
AML Governance Framework + Policy Pack
Stage 3
CDD / EDD / SDD
DeliverableWe design a full due diligence process covering UBO, PEP and HNWI as well as a review of existing clients.
CDD/EDD/SDD Procedures + UBO/PEP Framework
Stage 4
Monitoring and reporting
DeliverableWe build transaction monitoring, alert handling, STR/SAR, sanctions screening and FIU responses.
TM Policy + STR Procedure + FIU Response Procedure
Stage 5
UBO and registers
DeliverableWe strengthen the UBO identification process and the reporting of register discrepancies.
UBO Verification Procedure + Discrepancy Reporting
Stage 6
Cash and anonymous instruments
DeliverableWe implement cash limit controls, the identification process and the elimination of anonymous instruments.
Cash Limit Procedure + Anonymous Instrument Policy
Stage 7
Regulatory integration
DeliverableWe combine AML with MiCA, DORA, GDPR, AI Act and NIS2 in a single operating model.
Cross-Regulatory Alignment Matrix
Stage 8
Training
DeliverableWe launch role-based training and a training register with confirmations.
AML Training Program + Training Register
Stage 9
Audit and AMLA readiness
DeliverableWe close the continuous model: annual audit, change monitoring and inspection readiness.
Annual AML Audit Report + AMLA Readiness Assessment
integrating AML with other regulations
For most organisations a single cross-regulatory implementation is more effective than several parallel compliance projects.
AML + MiCA
CASP: alignment of CDD/EDD, TFR, screening and governance with MiCA licensing requirements.
AML + DORA
ICT resilience for transaction monitoring and sanctions screening systems, together with BCP/DRP.
AML + GDPR
DPIA, legal basis for processing, 5-year retention and profiling rules in AML processes.
AML + AI Act
Classification of AI systems used in AML (TM/fraud/screening) and transparency requirements.
AML + NIS2
Cybersecurity and incident management for critical AML systems.
AML + whistleblowing
Updating AML breach reporting channels and whistleblower protection.
Stage outcome: Cross-Regulatory Alignment Matrix + Integrated DPIA (GDPR+AML) + AI in AML Assessment.
AML service packages
We tailor the scope of work to the organisation's stage: from quick diagnosis to full implementation and ongoing compliance maintenance.
AML Readiness Scan
For organisations starting an AMLR project that need to quickly determine scope and sequence of actions. You get a gap analysis, risk map and priority plan.
AML Risk Assessment Service
For companies that need a full Business-Wide Risk Assessment because the current risk assessment is outdated or too general. You get the methodology, a risk matrix and audit-ready documentation.
AML/CFT Full Implementation
For entities that need to complete a full 0-9 stage implementation in a single project before the deadline. You get governance, procedures, monitoring, training and a maintenance model.
AML for CASP
For crypto entities subject to MiCA and AMLR/TFR that want to avoid parallel, inconsistent implementations. You get integration of CDD/EDD, Travel Rule, sanctions and wallet compliance procedures.
CDD/EDD Procedure Redesign
For organisations with an active AML system but outdated procedures — where the main risk is the quality of onboarding and client review. You get new CDD, HNWI, UBO, PEP and sanctions flagging standards.
AML Compliance as a Service
For companies that, after implementation, want to maintain compliance in a continuous model without losing it operationally. You get policy updates, change monitoring, audit support and board reporting.
contact
As a first step we qualify the project stage: readiness diagnosis, full implementation or compliance maintenance and audit.