EBA Annual Report 2025: What AML Compliance Leaders Need to Know About Europe’s New Supervisory Era

EBA Annual Report 2025: AMLA, MiCA, DORA & Key AML Compliance Insights

The European Banking Authority’s (EBA) 2025 Annual Report is more than a summary of regulatory achievements. It signals a fundamental shift in European financial supervision, from traditional rulemaking toward direct oversight of digital finance, operational resilience, and anti-money laundering (AML) coordination. For AML compliance leaders, financial crime teams, banks, fintechs, crypto firms, and RegTech providers, the report provides a roadmap for the future of compliance across the European Union.

The most significant development is the operational launch of the Anti-Money Laundering Authority (AMLA), alongside the EBA’s implementation of DORA (Digital Operational Resilience Act) and MiCA (Markets in Crypto-Assets Regulation). Together, these initiatives are reshaping how financial institutions manage financial crime, cyber risk, digital assets, and regulatory reporting.

Key Highlights at a Glance

The EBA achieved substantial progress through its 2025 work programme:

Metric	2025 Result
Total tasks completed	94.1%
Tasks in work programme	379
Additional tasks delivered	29
Total tasks managed	408
Deliverables completed	217
Ongoing tasks	191
Banks covered in EU-wide stress test	64
Share of EU banking assets covered	~75%
Regulatory efficiency recommendations issued	21
Regulatory mandates reviewed for simplification	~20% identified for deprioritisation
Critical ICT providers designated under DORA	19

Operations In Numbers (Reporting Year 2024*)

• 22,625 INFORMATION REQUESTS sent by Egmont Group member FIUs to other EG member FIUs. The scope of these requests can vary widely some relate to one or two entities, while others can involve more than 50.
• 88,862 REPORTS/DISCLOSURES received FROM OTHER NATIONAL PUBLIC AUTHORITIES (such as the ministry of finance treasury supervisory authorities etc.) when there is a suspicion of ML/ TF or a predicate crime.
• 106,736 EGMONT GROUP OF FINANCIAL INTELLIGENCE UNITS Number of all SENT SPONTANEOUS DISCLOSURES with foreign FIUs and competent authorities from other countries. This refers to information shared without a prior request, typically when an FIU identifies data that may be relevant to another jurisdiction’s investigations or intelligence efforts.
• 6,712,308 Reports ON CROSS-BORDER MOVEMENT OF CASH OR BNIs (bearer negotiable instruments).
• 22,601,956 STR/SAR/UTR received by Egmont Group member FIUs.
• 852,208,870 THRESHOLD REPORTS (i.e., reports submitted by FIs or DNFBPs when a customer conducts a transaction, such as a wire transfer, real estate transaction, or securities transaction, above a fixed amount).
• 305,117,753 CASH TRANSACTION REPORTS (i.e., reports filled out by FIs or DNFBPs where a customer requests to deposit or withdraw a cash transaction above a fixed amount).

The Risk Environment: Strong Banks, Rising Financial Crime and Cyber Risks

The EBA describes 2025 as a year characterized by:

• Easing interest rates
• Improving financing conditions
• Stable labor markets
• Recovering residential real estate
• Persistent geopolitical uncertainty
• Increasing cyber threats
• Growing dependence on third-party technology providers

While European banks remained resilient, the EBA identified several emerging vulnerabilities:

1. Commercial Real Estate Exposure

Although residential real estate markets improved, commercial real estate, especially office segments, continued to present elevated risk. Banks with concentrated exposures remain vulnerable to further corrections.

2. Geopolitical Risk

Trade tensions, sanctions developments, global conflicts, and supply-chain disruptions increasingly affect banking sector stability. The EBA views geopolitical risk as a multiplier capable of simultaneously triggering:

• Credit risk
• Market risk
• Liquidity risk
• Operational risk

3. Cybercrime and Digital Fraud

The report repeatedly highlights cyber-attacks, fraud, and data-security incidents as among the most significant operational threats facing European financial institutions. Increasing reliance on cloud providers and outsourced services has amplified concentration risks and third-party dependency concerns.

For AML teams, this confirms an important trend: financial crime risk is increasingly intertwined with cyber risk.

EU-Wide Stress Test Confirms Banking Sector Resilience

One of the report’s most important findings is the outcome of the 2025 EU-wide stress test.

The exercise covered:

• 64 banks
• Approximately 75% of EU banking assets
• A three-year adverse scenario (2025–2027)

The hypothetical scenario assumed:

• Escalating geopolitical tensions
• Protectionist trade policies
• Severe economic contraction
• Increased unemployment
• Asset-price shocks

Even under these conditions, European banks maintained aggregate CET1 capital ratios of approximately 12%, remaining above minimum regulatory requirements. No institution breached its core regulatory capital threshold.

This finding demonstrates the strength of post-financial-crisis reforms and the effectiveness of risk-based supervision.

Regulatory Simplification Becomes a Strategic Priority

One of the most notable themes throughout the report is regulatory efficiency.

After more than a decade of increasing regulatory complexity, the EBA launched a comprehensive review aimed at reducing unnecessary compliance burden without weakening resilience.

The EBA published a major Report on the Efficiency of the Regulatory and Supervisory Framework containing:

• 21 recommendations
• Four areas of reform
• Simplification of reporting requirements
• Better supervisory coordination
• Stronger proportionality measures

Why This Matters for Compliance Teams

The EBA identified approximately 20% of upcoming Level 2 and Level 3 mandates that could potentially be deprioritized based on materiality and supervisory value.

This reflects a broader European trend toward:

• Smarter compliance
• Risk-based regulation
• Reduced reporting duplication
• Better supervisory data sharing

For institutions struggling with escalating compliance costs, this is a significant development.

AMLA Launch: The Biggest AML Development in Europe

For AML professionals, the most important section of the report concerns the transition to AMLA.

The year 2025 marked the operational launch of the European Union’s new Anti-Money Laundering Authority (AMLA). Throughout the year, the EBA worked with the European Commission and AMLA to transfer responsibilities, methodologies, data systems, expertise, and supervisory frameworks.

By the end of 2025, the EBA had completed the transfer of:

• AML/CFT mandates
• EuReCA database
• Supervisory insights reports
• AML/CFT guidelines
• Regulatory standards
• Reporting infrastructure

AMLA’s New Supervisory Framework

A major milestone was the EBA’s response to the European Commission’s Call for Advice regarding AMLA implementation.

The EBA delivered draft Regulatory Technical Standards (RTS) covering:

AML Supervisory Risk Assessment

Methodologies for assessing institutional AML/CFT risk across the EU.

Selection of Institutions for Direct AMLA Supervision

Criteria determining which institutions will fall directly under AMLA’s oversight.

Customer Due Diligence Requirements

Harmonized CDD expectations across member states.

Administrative and Pecuniary Sanctions

Standards governing AML-related penalties.

Group-Level Information Sharing

Mechanisms enabling cross-border AML intelligence sharing.

For multinational financial institutions, these developments signal a move toward far greater AML supervisory consistency across Europe.

AML Risks Identified by the EBA

Before transferring responsibilities to AMLA, the EBA released several major analytical products examining emerging financial crime threats.

The report highlights:

Crypto-Asset ML/TF Risks

The EBA assessed money laundering and terrorist financing risks associated with crypto-asset service providers and digital assets.

SupTech and Digital AML

The EBA published a report on digital AML/CFT technologies and supervisory technology adoption.

EU-Wide ML/TF Risk Assessment

The biennial Opinion on Money Laundering and Terrorist Financing Risks identified vulnerabilities arising from:

• Geopolitical instability
• Rapid digitalization
• Uneven RegTech adoption
• Cross-border supervisory inconsistencies

These findings align with broader industry concerns about the convergence of financial crime and digital risk.

Crypto Compliance Enters a New Era

The report demonstrates that crypto regulation has become a mainstream supervisory priority.

Under MiCA, the EBA:

• Finalized supervisory procedures for significant asset-referenced tokens
• Established supervisory capacity
• Developed oversight frameworks
• Prepared national authorities for harmonized crypto supervision

For compliance leaders in digital assets, this marks the transition from fragmented national supervision toward centralized European oversight.

DORA: Operational Resilience Becomes a Board-Level Priority

The implementation of DORA represents another major regulatory shift.

In 2025:

• 19 Critical ICT Third-Party Providers were designated
• Continuous oversight mechanisms were launched
• Joint supervisory structures were established
• Examination methodologies were developed

For AML and compliance teams, DORA is not merely an IT regulation.

Financial crime controls increasingly depend on:

• Cloud infrastructure
• Transaction monitoring systems
• Sanctions screening platforms
• KYC utilities
• External data providers

Operational resilience has therefore become a critical AML consideration.

Consumer Protection and Fraud Prevention Expand

The EBA significantly increased its focus on fraud and consumer protection.

Key initiatives included:

• Instant Payments Regulation implementation
• Consumer Trends Report publication
• Payment fraud monitoring
• Crypto fraud awareness campaigns
• Digital finance scam prevention programs

The Authority conducted multilingual awareness campaigns using:

• Factsheets
• Podcasts
• Expert interviews
• Videos
• Social media explainers

These campaigns aimed to improve consumer understanding of crypto risks and online fraud schemes.

What This Means for AML Compliance Leaders

The EBA’s 2025 Annual Report highlights five strategic shifts that should influence AML programmes over the next several years.

1. AMLA Will Drive Greater Supervisory Consistency

Institutions should prepare for more harmonized AML supervision across the EU, particularly in customer due diligence, sanctions, governance, and risk assessment.

2. Crypto Compliance Will Become More Rigorous

MiCA supervision and AMLA oversight will significantly increase scrutiny of crypto-asset service providers and token issuers.

3. Cyber Risk and Financial Crime Are Converging

AML programmes must increasingly coordinate with cybersecurity, fraud, and operational resilience teams.

4. Data Quality Will Become a Competitive Advantage

The EBA’s investments in data infrastructure, Pillar 3 reporting, and integrated reporting frameworks indicate that regulatory expectations around data governance will continue to rise.

5. Smarter Regulation Does Not Mean Less Regulation

Although the EBA is pursuing simplification, the objective is efficiency rather than deregulation. Institutions should expect more targeted, risk-based supervision supported by stronger data, technology, and cross-border coordination.

Conclusion

The EBA’s 2025 Annual Report marks a pivotal moment in European financial regulation. The launch of AMLA, implementation of DORA and MiCA, expansion of digital supervision, and focus on regulatory simplification collectively signal the emergence of a more integrated, technology-driven, and risk-based supervisory environment. For AML compliance leaders, success will increasingly depend on the ability to manage financial crime, cyber threats, digital assets, operational resilience, and regulatory reporting as interconnected risks rather than standalone compliance functions.