The Laundromat – February Edition 2026

Welcome to the February edition of The Laundromat newsletter. The financial sector is currently facing a lot of uncertainty regarding the upcoming European Anti-Money Laundering Regulation (EU AML Regulation) and its requirements. Parts of this regulation must already be implemented by the end of 2026.

Few possess such deep expertise on the upcoming changes as Dr. Lars Haffke, external Money Laundering Reporting Officer (MLRO), salary partner at pikepartners, lecturer, editor, author, and speaker, does. In this issue, he provides an outlook on what obligated entities can expect.

Three questions on the EU-AMLR for Dr. Lars Haffke

Will the new EU AML Regulation contribute to market harmonization so that KYC and KYB processes become less susceptible to identity fraud and cross border financial transactions become more secure?

The EU AML Regulation represents a fundamental shift in anti-money laundering. For the first time, anti-money laundering law will be largely standardized in Europe, with the regulation applied uniformly across member states, particularly with regard to customer due diligence measures (KYC).

KYC requirements will be harmonized through Article 19 and the following provisions of the EU AML Regulation and further specified through Regulatory Technical Standards, known as RTS. For example, verified procedures in accordance with the eIDAS Regulation are mandatory for customer identification. The RTS on customer due diligence, which is still in draft form, opens the door to additional remote identification procedures that must meet uniform security standards. This will create a level playing field for remote identification procedures across Europe for the first time, making fragmentation with differing standards across countries not allowed.
The EU Digital Identity Wallet has been approved as an identification method. This increases security and convenience, although it is of course not completely fraud proof, for example in cases involving stolen identity documents.

In your view, what are currently the biggest strategic and operational challenges in meeting the AMLR and CTF requirements coming in 2027, for example due to revised KYC review cycles and risk analysis requirements?

The biggest challenge is: data, data, data.
KYC update deadlines are being shortened, and the requirements for KYC procedures are expanding through additional data points that must be collected and evaluated. For natural persons, this includes the national identification number. For beneficial owners, additional information such as date of birth, residential address, and the number of the ID document also have to be gathered.

According to Art. 10 para. 1 subpara. 1 lit. f) AMLR, obliged entities will be required to incorporate information about their customer base into the company-wide risk assessment, referred to in the future as the “business-wide risk assessment”.

In addition, obliged entities in the financial sector must report more than one hundred potential data points to their supervisory authority once a year, ranging from the date of the most recent business-wide risk assessment to detailed information about customers and their risk profiles, as well as internal safeguards. And this will not begin in mid-2027, but already in the fourth quarter of 2026, as BaFin announced at its anti-money laundering conference.

In short, the EU AML Regulation requires obliged entities to collect and analyze more data. Supervision will also become more data driven. Obliged entities should already be taking this into account and making the necessary preparations. Anyone who has not yet begun preparing should do so immediately.

Which potential stumbling blocks should companies keep on their radar with regard to reporting obligations and compliance processes?

In addition to the annual reporting obligation starting at the end of 2026, the suspicious activity reporting requirement will fundamentally change under Article 69 and the following provisions of the EU AML Regulation.

In the future, it will not only be suspicions of money laundering or terrorist financing that must be reported to the Financial Intelligence Unit but also suspicions when funds are connected to criminal activity itself. This marks a paradigm shift. The use of legally obtained assets for illegal purposes, even without a concrete suspicion of money laundering, must be reported. This includes, for example, suspected fraud, which is likely to significantly increase the number of suspicious activity reports. Obliged entities should establish internal measures for this now.

Additional reporting obligations independent of suspicion, such as those relating to transactions involving luxury cars or ships, have not yet been precisely defined. Details therefore remain to be seen.

Looking for more insights on the EU AML package? In the March edition, you can look forward to part two of the interview with Dr. Lars Haffke, where he will share his outlook on combating money laundering in the crypto sector.

In case you missed it: Your AML News Overview

Ten Years in Prison: Money Laundering Activities with Coronavirus and Flood Relief Funds

A 58-year-old man was sentenced to ten years in prison by the Cologne Regional Court for using several companies to launder money between 2020 and 2024 and fraudulently obtaining around 2.4 million euros in coronavirus and flood relief funds through fictitious business activities. With the help of fake invoices and transfers, the money was moved to private accounts and then integrated into the legal financial cycle.

Further details on how the fraudulent “business model” worked by exploiting coronavirus and flood relief funds were recently published by WELT.

South Korean Custom Authority Uncover Crypto Money Laundering Worth $102 Million

In the December 2025 edition of The Laundromat, we reported on two crypto queens who had defrauded investors of their money with fake financial options.

Now, South Korean customs authorities have uncovered an alleged cross-border money laundering scheme involving cryptocurrencies worth over $101 million. According to investigators, three Chinese nationals are alleged to have transferred around 148.9 billion won between 2021 and 2024 via domestic and foreign crypto accounts and Korean bank accounts. They have been handed over to the public prosecutor’s office, and the legal consequences are still pending. Nevertheless, this case highlights South Korea’s strict, enforcement-oriented approach to criminal crypto activities – even though comprehensive regulatory legislation is still lacking and the authorities primarily rely on foreign exchange regulations.

Detailed information on this case of cross-border money laundering with cryptocurrencies can be found here.

Luxembourg Introduces Changes to Anti-Money Laundering and Criminal Procedure Law

On December 19, 2025, a new law came into force in Luxembourg that comprehensively reforms anti-money laundering and criminal procedure law. The aim is to speed up investigations, meet international FATF standards, and strengthen the prosecution of money laundering and terrorist financing.

A key change is the extension of money laundering to all crimes as possible predicate offenses, including indirect material benefits. Offenses committed abroad can therefore also be prosecuted in Luxembourg, provided they are punishable there. In addition, prosecutors are given extended investigative powers, proceedings against absent defendants or legal entities are facilitated, and the rules on probation are adjusted.

For obligated companies, this means a significantly greater scope of review, as Dr. Lars Haffke already explained: Risk assessments, monitoring systems, internal processes, and training must be expanded so that a broader spectrum of potentially suspicious activities can be identified and reported.

The law firm Baker McKenzie has insights into the changes in Luxembourg.

Further reading: Know-Your-Business Procedures and the EU AML Regulation

As mentioned in the interview above, the introduction of the EU AML Regulation requires additional data to be collected on the beneficial owners of companies. This can involve an enormous amount of work, especially when it comes to cross-border business development. This makes it all the more important to have access to reliable sources for collecting the data. The WebID glossary entry contains the most important information on what to consider, how sophisticated KYB processes can be implemented efficiently, securely, and in compliance with the law, and how they can be successfully implemented with CorporateID.

Crypto Regulation: MiCA Regulation

The crypto market is coming under greater scrutiny in the new EU AML Regulation. However, regulatory requirements have been in place for some time to increase security in this sector and put a stop to money laundering and terrorist financing. The WebID glossary also contains helpful information on the MiCA Regulation.