6AMLD: What It Requires and Who It Applies To

What is 6AMLD?

The Sixth Anti-Money Laundering Directive, formally Directive (EU) 2018/1673, is a European Union measure that standardizes criminal law definitions and penalties for money laundering across all member states. The European Parliament and the Council adopted it on October 23, 2018. Member states had until December 3, 2020 to transpose it into national criminal law.

Before 6AMLD, definitions of money laundering varied considerably across the EU. Proceeds from tax evasion might constitute a predicate offense in Germany but not in another member state. That inconsistency gave criminal networks room to move funds through jurisdictions with narrower definitions. 6AMLD closes that gap by mandating a common set of 22 predicate offenses, a minimum prison sentence, and corporate criminal liability rules that apply uniformly.

This is a criminal law directive, not a prudential compliance directive. The day-to-day obligations financial institutions operate under (customer due diligence, transaction monitoring, SAR filing) come primarily from the Fourth and Fifth Anti-Money Laundering Directives and, prospectively, from the EU AMLR (EU) and the new AMLA (EU) authority. 6AMLD addresses what happens when prevention fails and a prosecutor needs to build a case.

Three changes define 6AMLD relative to its predecessors. Tax crimes appear on the predicate offense list for the first time, meaning proceeds from serious tax evasion now fall explicitly within money laundering's scope. Minimum sentences rise to four years imprisonment. And legal persons (companies) face criminal liability when their personnel launder money for the firm's benefit, or when inadequate supervision enabled the offense.

Who does 6AMLD apply to?

6AMLD's formal obligations run to EU member states, which must align their national criminal codes with the directive's requirements. But the corporate criminal liability provisions create direct exposure for any institution or professional firm operating in the EU.

Compliance officers at the following entity types need to understand their institution's position:

• Banks and credit institutions: Retail banks, corporate banks, and savings institutions. Any employee who conducts, facilitates, or conceals a money laundering transaction creates criminal exposure for the institution under transposed national law.
• Electronic money institutions (EMIs): Payment firms, e-wallet providers, and remittance services. The inclusion of cybercrime and tax offenses as predicate offenses is particularly relevant for EMIs handling high-velocity cross-border transactions.
• Virtual asset service providers (VASPs): Crypto exchanges, custodians, and peer-to-peer platforms. 6AMLD's 22-offense list aligns with FATF Rec 15 (FATF) guidance on virtual assets and informs AML obligations that sit alongside MiCA (EU).
• Designated non-financial businesses and professions (DNFBPs): Accountants, notaries, lawyers, real estate agents, and dealers in high-value goods. These firms face the same corporate criminal liability standard as banks. FATF Rec 22 (FATF) covers their CDD obligations in parallel.
• Legal persons generally: A company is criminally liable when a person with authority to represent or make decisions for the firm commits a laundering offense for the firm's benefit, or when the offense resulted from inadequate supervision of a subordinate.

There are no revenue or asset-size thresholds. A small payment firm and a G-SIB face the same criminal liability standard under transposed national laws.

What does 6AMLD require?

The directive places formal obligations on member states, but the operational impact lands on institutions. Here's what 6AMLD mandates:

1. Criminalize 22 predicate offense categories: Member states must treat all of the following as predicates for money laundering charges: participation in organized crime; terrorism and terrorist financing; human trafficking and migrant smuggling; sexual exploitation including child sexual abuse material; drug trafficking; illegal arms trafficking; corruption and bribery; fraud including fraud against EU financial interests; counterfeiting currency; counterfeiting and piracy of products; environmental crime; murder and grievous bodily injury; kidnapping, illegal restraint, and hostage-taking; robbery and theft; smuggling; extortion; forgery; piracy; insider trading and market manipulation; cybercrime; and all offenses punishable by over one year's imprisonment. Tax crimes fall under both the fraud category and the catch-all provision. Their inclusion is the most significant new element for private banking and wealth management operations.

2. Set a minimum four-year maximum sentence: Every member state must ensure money laundering carries a maximum sentence of at least four years imprisonment. Member states can set higher maxima. Germany allows up to ten years under Section 261 StGB in aggravated cases.

3. Criminalize self-laundering: A person who launders the proceeds of their own predicate offense faces money laundering charges on top of charges for the predicate offense itself. This closes a gap that previously existed in several member states' criminal codes.

4. Criminalize aiding, abetting, incitement, and attempt: All four forms of participation must be criminal offenses. A compliance officer who knowingly approves a deficient process for a high-risk transaction isn't automatically protected by their role.

5. Impose corporate criminal liability: When a person with authority to represent or control a company commits an ML offense for that company's benefit, the company faces criminal sanctions. The same applies when inadequate management supervision enabled a subordinate to commit the offense.

6. Define sanctions for legal persons: These include exclusion from public benefits and subsidies, temporary or permanent prohibition on commercial activity, judicial supervision, judicial winding-up, and closure of establishments used in the offense.

7. Set jurisdictional rules: Member states must assert jurisdiction over ML offenses committed on their territory, by their nationals abroad, or on behalf of legal persons established in their territory.

The criminal liability framework reinforces existing record retention obligations under FATF Rec 11 (FATF) indirectly: every document related to a money laundering prosecution becomes potential criminal evidence, which gives institutions strong incentive to maintain complete records for the standard five-year post-relationship period.

What evidence do regulators expect?

When prosecutors or supervisory authorities examine an institution after a 6AMLD-related incident, they look for evidence that the firm exercised adequate supervision and control. A policy document isn't sufficient.

The audit-day checklist:

• Board-approved ML criminal risk assessment: A documented assessment covering all 22 predicate offense categories, with particular attention to tax crimes for private banking divisions and cybercrime for digital payment operations.
• Corporate liability governance: Board-level sign-off on who has authority to act for the firm, with documented escalation paths for unusual transactions.
• Staff training records: Evidence that employees in customer-facing, transaction approval, and senior decision-making roles received training on 6AMLD criminal liability exposure. Annual training is a floor. Firms with high-risk client bases are expected to train more frequently.
• Transaction monitoring logs: Dated system records showing alerts were generated, reviewed, and resolved in a timely way. Persistent alert backlogs are treated as evidence of inadequate supervision.
• Suspicious Activity Report (SAR) filing records: Complete records of SAR submissions to the national Financial Intelligence Unit (FIU), including the analysis that supported the decision to file or not. Gaps in coverage for specific predicate offense types, particularly tax crimes, are a recognized red flag.
• Ultimate Beneficial Owner (UBO) verification records: Documentation showing that beneficial ownership was verified for legal persons, consistent with FATF Rec 24 (FATF).
• Disciplinary records: Evidence that employees who raised compliance concerns were protected, and that employees who violated procedures faced consequences.
• Periodic control testing: Records showing the firm tested whether its monitoring systems would actually detect offense types within scope, including newer predicate categories like cybercrime and tax fraud.

Common failure modes

Most 6AMLD enforcement actions occur under transposed national criminal codes rather than under the directive's name directly. The patterns are consistent across cases.

• Tax crime typologies missing from transaction monitoring: Before 6AMLD, most banks didn't screen for tax evasion as an AML predicate. Firms that didn't update their typology libraries after December 2020 transposition remain exposed. Germany's Federal Court of Justice confirmed in its July 2021 Cum-Ex ruling (BGH, 1 StR 519/20) that dividend-stripping trades are criminal and their proceeds fall squarely within money laundering scope. (BGH Press Release, July 2021)

• Corporate liability gaps at branch level: Branch managers who execute transactions for high-value clients without meaningful oversight create exactly the exposure 6AMLD's corporate liability provisions target. ING Bank's 2018 settlement with Dutch prosecutors (€775 million) documented account managers enabling laundering through corporate accounts with no effective supervisory controls. (Dutch Public Prosecution Service, September 2018)

• Self-laundering blind spots: Jurisdictions that previously didn't criminalize self-laundering had no controls for customers who were both the predicate offender and the launderer. Many mid-tier banks still haven't built typologies that specifically identify this pattern.

• DNFBPs treating 6AMLD as a banks-only problem: Law firms, accountancy practices, and real estate agents face the same criminal liability standard as banks under transposed national laws. Inadequate AML frameworks at professional services firms are a documented gap across multiple member states.

• Incomplete SAR coverage across all 22 predicates: Filing SARs for drug proceeds but not for tax fraud proceeds is a compliance gap. AML transaction monitoring rules need explicit coverage of every predicate category, with documented rationale for thresholds applied to each.

Penalties for non-compliance

6AMLD sets floors, not ceilings. Member states may impose harsher penalties than the directive requires.

For natural persons:

• Standard money laundering: minimum maximum sentence of four years imprisonment
• Aggravated circumstances (organized crime involvement, professional ML context): member states must impose additional penalties. Germany's Section 261 StGB allows up to ten years. France's Article 324-2 Code pénal doubles to ten years and €750,000 when organized crime is involved.
• Aiding, abetting, inciting, or attempting carries the same penalty range as the principal offense.

For legal persons:

• Exclusion from public benefits, grants, and procurement contracts
• Temporary or permanent prohibition on commercial activity
• Placement under judicial supervision or judicial winding-up
• Closure of establishments used in the offense
• Financial penalties at member state discretion (no EU-wide cap)

Notable enforcement cases:

ING Bank NV: €775 million settlement with the Dutch Public Prosecution Service in September 2018, the largest AML settlement in Dutch history at the time, for enabling systematic laundering through corporate accounts over multiple years. (Dutch Prosecution Service, September 2018)

Swedbank: SEK 4 billion (approximately €347 million) fine from Sweden's Finansinspektionen in March 2020 for systemic AML failures across Baltic operations. (Finansinspektionen, March 2020)

Both cases predate 6AMLD's December 2020 transposition deadline. Under today's framework, 6AMLD's criminal liability provisions add a prosecution pathway on top of supervisory fines.

Related regulations and frameworks

6AMLD doesn't stand alone. It's one instrument in a layered EU and international AML architecture.

EU AML package: The Fourth and Fifth Anti-Money Laundering Directives (4AMLD/5AMLD) set the compliance obligations that financial institutions follow daily. CDD, transaction monitoring, and SAR filing obligations come from those directives, not from 6AMLD. The new EU AMLR (EU) replaces 4AMLD/5AMLD with a directly applicable regulation. The AMLA (EU) authority, operational from 2025, will supervise high-risk entities directly. Both build on the criminal liability baseline that 6AMLD establishes. VASPs should also note the EU TFR (EU) travel rule requirement, which covers asset transfers involving the same predicate offense categories as 6AMLD.

FATF framework: 6AMLD's predicate offense categories mirror FATF's designated categories of offenses (DCOs) under FATF Rec 1 (FATF). The SAR filing obligations in FATF Rec 20 (FATF) are the operational bridge between 6AMLD's criminal definitions and the day-to-day financial intelligence work compliance teams do.

National criminal codes: Germany updated Section 261 StGB in 2021 to implement 6AMLD. France relies on Articles 324-1 through 324-9 of the Code pénal. The Netherlands updated Articles 420bis through 420quater of the Dutch Criminal Code. Each national transposition sets its own sentence maxima above the four-year floor.

UK note: Post-Brexit, the UK is not bound by 6AMLD. UK AML criminal provisions sit in the Proceeds of Crime Act 2002. UK compliance obligations for financial institutions are governed by the UK MLR 2017 (UK-FCA) framework, which exists independently of the 6AMLD architecture.

How FluxForce supports 6AMLD compliance

FluxForce's AI agents automate the transaction monitoring, Customer Due Diligence (CDD), and SAR workflow processes that form the operational backbone of 6AMLD compliance. Aiden Flux monitors transactions across all 22 predicate offense typologies, generates evidence trails for every decision, and escalates cases that meet SAR thresholds without manual bottlenecks. Nova Sentinel tracks corporate ownership structures to support the corporate liability controls 6AMLD requires. Every alert includes a full decision explanation, so compliance officers can demonstrate adequate supervision to examiners. Request a demo to see how FluxForce maps to your 6AMLD obligations.