AAnti Money Laundering & Sanctions

Third-Party Providers in AML: Outsourcing, Responsibility & New EU Requirements | ALLES LEGAL #130

0
Shares
0
0
0
0
0
0

🎧External service providers have long played a key role in anti-money laundering compliance, but the new EU AML framework is shifting responsibility more clearly back to firms themselves. In the latest episode of “Alles Legal – Fintech-Recht kompakt”, Sebastian Glaab and Dana Wondra discuss what this means for outsourcing, KYC processes and digital identification. – Tune in now!

Podcast: https://paymentandbanking.podigee.io/809-alles-legal-130-third-party-provider-im-aml-auslagerung-verantwortung-neue-eu-vorgaben/

Third-party providers in AML: what is changing under the new EU framework

In episode #130 of “Alles Legal – Fintech-Recht kompakt”, Dana Wondra from Payment & Banking speaks with Sebastian Glaab, attorney at Annerton and PayTechLaw author, about the future role of external service providers in anti-money laundering compliance. The episode focuses on a central question: which tasks firms may still outsource in future, and where regulatory responsibility will need to remain firmly in-house.

Outsourcing remains important – but with clearer limits

Third-party providers have become an integral part of AML practice. Whether for video identification, digital identity checks or technical support in KYC processes, many obliged entities have relied on external providers for years. Under the new European AML regime, however, the regulatory boundaries are becoming more clearly defined.

The overall direction is clear: certain core functions should no longer be capable of being fully outsourced. This applies in particular to strategic decisions, risk analysis and key control functions. Firms will therefore need to retain stronger ownership of essential compliance responsibilities.

Responsibility stays with the institution

This does not mean that third-party providers will disappear from AML structures. Their role is evolving rather than diminishing. They will remain relevant for operational and technical support, especially in identification procedures and digital compliance solutions.

At the same time, the new framework reinforces a fundamental principle: ultimate responsibility always remains with the obliged entity. Outsourcing a process does not outsource regulatory accountability. Firms will therefore need to manage and monitor external providers more closely and embed outsourced services within robust internal governance structures.

Identity verification is changing

One of the clearest examples of this shift can be seen in identity verification. Processes such as video identification are increasingly being reassessed, while more standardised and harmonised European solutions are gaining traction. Approaches linked to eIDAS and digital identity frameworks are likely to become more important.

The aim is to achieve more consistent, secure and harmonised identification across the EU. For firms, this also means reviewing current processes early and preparing for changing regulatory expectations.

Practical challenges for existing outsourcing models

In practice, many existing outsourcing models are unlikely to carry over unchanged into the new system. In areas such as monitoring, review procedures and control-related functions, firms will need to distinguish more carefully between tasks that can be delegated and those that must remain internal.

This creates uncertainty, but it also highlights the growing importance of clear internal responsibilities, reliable control frameworks and a well-defined relationship between institutions and their service providers.

What firms should focus on now

The episode makes one point particularly clear: third-party providers will remain an important part of modern AML compliance, but under different conditions. The decisive factor will be how effectively firms combine external solutions with internal accountability. Now is the right time to review outsourcing models, governance structures and identification processes in light of the new EU AML regime.

About this podcast

Alles Legal – Fintech Recht Kompakt delivers sharp, weekly insights into legal and compliance matters in the world of banking. (in German only)
This podcast is a collaboration between Payment & Banking and PayTechLaw.
Each Wednesday, we unpack the legal developments shaping the financial world – clearly, concisely, and without the legal jargon.
Since 2021, PayTechLaw authors and Annerton attorneys have brought depth and clarity to complex topics.
Whether it’s PSD3, DORA, or FiDA – we provide the legal context you need.
In 20 minutes. No detours.

0
0

Sebastian Glaab is a lawyer and partner at Annerton in Frankfurt am Main. He has extensive knowledge, particularly in the areas of money laundering prevention (editor of the AMLA commentary "Zentes/Glaab"), securities compliance, MaRisk compliance and sanctions, and is very familiar with the practice due to his 12 years of work as a compliance officer and money laundering officer in an internationally active credit institution. Sebastian Glaab is a regular speaker at specialist lectures and events in the financial environment.



By continuing, you accept our privacy policy.
You May Also Like
PPSD2
MiCAR trifft PSD2: Warum E-Geld-Token plötzlich doppelt reguliert werden | ALLES LEGAL #138
Read More
  • 2 minute read

MiCAR meets PSD2: Why e-money tokens are suddenly subject to dual regulation | ALLES LEGAL #138

Since the end of the EBA transitional period in March 2026, many crypto-asset service providers have had to assess whether, in addition to MiCAR, they also require a PSD2 or national payment services licence. In this episode, Kemal Ahmedi explains why crypto regulation and payment services law overlap and what this means for business models and licensing strategies.
Read More
AAnti Money Laundering & Sanctions
AMLA konsultiert Leitlinien zur laufenden Überwachung von Geschäftsbeziehungen – Was auf Verpflichtete zukommt AMLA Consults on Guidelines for the Ongoing Monitoring of Business Relationships – What You Should Expect
Read More
  • 5 minute read

AMLA Consults on Guidelines for the Ongoing Monitoring of Business Relationships – What You Should Expect

Continuous monitoring is already one of the core obligations in anti-money laundering compliance today. However, the AMLR elevates this principle to a new level. Obliged entities must not only review individual transactions but continuously analyse and assess the entire business relationship throughout its lifecycle.
Read More
PPodcast
MiCAR erklärt: Was die neue Krypto-Regulierung für Unternehmen verändert | ALLES LEGAL #137 MiCAR explained: How the new crypto regulation is changing the market | ALLES LEGAL #137
Read More
  • 2 minute read

MiCAR explained: How the new crypto regulation is changing the market | ALLES LEGAL #137

With MiCAR, the EU is introducing its first harmonised regulatory framework for crypto-assets. In the latest episode of “Alles Legal – Fintech-Recht kompakt”, Kemal Ahmedi from Annerton explains which companies will require a MiCAR licence, why stablecoins are subject to stricter regulation and how the EU passport could reshape the European crypto market.
Read More