On 12 March, Trapets hosted a breakfast seminar with the theme Ready for AMLR - what does it mean in practice?
Here are some highlights from the morning's session.
1. The market is asking: "Where do we begin?"
When interviewing customers about their AMLR readiness, many shared a common challenge of not knowing how to get started.
67% of institutions have started an initial analysis for AMLR preparations, while 17% plan to start soon. Only 8% have begun a structured implementation, and another 8% have not started at all.
Despite the July 2027 deadline, AMLR is already an active challenge for most organisations.
Confidence levels reflect this uncertainty. 33% say they feel confident, while another 33% are actively working towards readiness, but are not yet confident. 26% report low confidence, and only 8% feel fully prepared.
When looking at the main challenges:
- 33% point to timeline and implementation, driven by limited time, competing priorities, and dependency risks.
- 24% highlight data quality issues, including unclear definitions and fragmented data.
- 24% identify resource constraints, with small teams managing increasing demands.
- 19% struggle with interpretation, where uncertainty around requirements slows progress.
2. AMLR timeline: closer than it may seem
With the deadline for July 2027, the timeline may appear manageable on paper, but it's significantly shorter in practice.
Budget cycles, competing priorities, resource constraints, as well as holidays reduce the actual time available for implementation.
The timeline reinforces the need for early prioritisation and structured execution across the company.
3. Getting started requires a maturity and capability assessment
In order to get started with preparations, understand where your current position is through two lenses: maturity and capability.
To conduct an effective maturity assessment, ask yourself these questions:
- How strong is your current AML/CTF framework?
- Is there AMLR awareness at the board and management level?
- Do first-line teams understand the operational impact?
- What is the quality of existing policies and frameworks?
- How effective are current controls and processes?
- Is there a shared understanding across compliance, operations, and technology?
To conduct an effective capability assessment, ask yourself these questions:
- Can your organisation deliver on AMLR requirements?
- Do you have sufficient resources across compliance, business, and technology?
- What competing priorities exist (e.g., the Digital Operational Resilience Act, the Markets in Crypto-Assets regulation)?
- Do you have project governance and execution capacity?
- Is your technology stack ready for change?
- Is there budget authority and investment appetite?
4. Data and technology are more essential than you think
Data has always been part of an effective AML programme. But AMLR introduces even clearer expectations on what data must be collected, how it should be structured, and how it connects to risk assessments and operational outcomes.
When surveying our customers, we’ve noticed a general awareness that data requirements are increasing, but there’s less clarity on what that means in practice.
Several patterns tend to emerge from these discussions:
- Data is spread across multiple systems
- Definitions are not standardised
- Different onboarding flows exist across products or entities
- External data sources are not consistently integrated
- Systems are difficult to adapt when new requirements are introduced
This creates uncertainty when trying to interpret AMLR at an operational level. The challenge is less about understanding the regulation itself and more about understanding what it requires from existing processes and data structures.
Curious about what else is coming up at Trapets? Sign up for our newsletter to stay updated on upcoming webinars and insights.
