Explore what effective sanctions compliance looks like in 2026


EBA Guidelines on restrictive measures: What financial institutions must do now

23 January 2026
AMLA® Insights

The European Banking Authority (EBA) Guidelines on restrictive measures have officially come into force, introducing a far more rigorous regulatory framework for sanctions screening system testing across the EU financial sector.

These Guidelines form a core component of the EU’s Anti-Money Laundering Regulation (AMLR), which will take effect on 10 July 2027 and will be overseen by the newly established EU Anti-Money Laundering Authority (AMLA).

Together, these changes represent a landmark shift in the EU’s financial crime compliance regime, moving from passive compliance to active, demonstrable effectiveness in sanctions screening testing, tuning, and governance.

Financial institutions must act now to ensure their sanctions screening systems, governance frameworks, and documentation align with the new regulatory expectations.

Scope and applicability of the EBA Guidelines

The Guidelines are divided into two distinct sections:

  • Section 14 – Applies to all regulated financial institutions, covering general compliance with restrictive measures

  • Section 15 – Applies specifically to Payment Service Providers (PSPs) and Virtual Asset Service Providers (VASPs), with a strong focus on sanctions screening practices and technological adequacy

This targeted approach reflects regulators’ increasing concern about payments and crypto-asset channels being used to evade sanctions.

Key requirements under the EBA Guidelines

1. Annual sanctions screening system reviews

Financial institutions must conduct formal reviews at least once per year, and additionally whenever there are reasonable grounds for concern, such as:

  • A change in sanctions regimes

  • A major system update

  • Identified control weaknesses

Each review must assess:

  • The system’s effectiveness in identifying sanctioned entities

  • The reliability and integrity of alert generation

  • The transparency and explainability of screening outcomes

Results must be fully documented, defensible under supervisory scrutiny, and embedded into the institution’s wider compliance framework.

2. Mandatory screening system tuning (calibration)

Tuning, referred to by the EBA as calibration, is now an explicit regulatory expectation.

Institutions must calibrate screening parameters using:

  • Live sanctions list data

  • Manipulated sanctioned records (to test fuzzy-matching capabilities)

Calibration must also be completed before deploying any new screening system, ensuring it is fit for purpose from day one.

3. Testing of sanctions screening effectiveness

PSPs and VASPs face heightened obligations to conduct in-depth system testing, including confirmation that:

  • The most up-to-date sanctions lists are used

  • All customers and transactions are screened

  • All relevant data fields feed into the system

  • The system can automatically suspend transactions when required

  • Adequate resources exist to review and escalate alerts promptly

4. Reporting and remediation obligations

Financial institutions must immediately report any significant weaknesses or deficiencies in their sanctions screening systems.

Regulators now expect institutions to:

  • Conduct root-cause analyses

  • Implement structured remediation plans

  • Demonstrate continuous improvement

  • Maintain board-level oversight and formal documentation

Compliance challenges for financial institutions 

Implementing the EBA Guidelines presents material operational and technical challenges, including:

1. Calibration complexity

Setting thresholds too loosely creates overwhelming false positives.
Setting them too tightly risks missing true sanctions matches — a critical regulatory failure.

2. Data management and integration

Poor IT infrastructure, inconsistent formats, and cross-border data flows hinder screening accuracy, especially for VASPs managing blockchain-based transactions.

3. Rapidly changing sanctions lists

Sanctions regimes evolve constantly, sometimes daily.
Institutions must ensure real-time list updates and flawless integration into screening systems.

4. High testing burden

Meaningful testing requires scarce technical skills, time, and specialist resources that many compliance teams lack.

5. Demonstrating effectiveness

Regulators now demand evidence, not assertions.
This requires formal methodologies, documentation, audit trails, and independent validation.

6. Identifying and fixing system weaknesses

Diagnosing alert handling failures or transaction suspension issues requires deep compliance and systems expertise.

How AMLA® supports financial institutions with the EBA Guidelines

To meet these challenges, financial institutions are increasingly partnering with AMLA®, the global leader in sanctions screening testing and validation.

AMLA® is the only provider trusted by supervisors and governments worldwide to conduct sanctions Thematic Review testing of financial institutions.

Why financial institutions chose AMLA®

Independent and Unbiased
AMLA® has no affiliation with any sanctions screening vendor, ensuring neutral, regulator-credible results.

Regulator-Grade Assurance
Boards, audit committees, and supervisors gain confidence from independently validated testing outcomes.

Zero Data Access & Zero System Integration
AMLA® testing requires:

  • No client data

  • No system integration

  • Minimal internal resources

This eliminates cybersecurity, privacy, and operational disruption risks typically associated with third-party reviews.

Technology-Driven Testing
AMLA® delivers:

  • Objective system effectiveness scoring

  • Calibration performance validation

  • Full regulatory-ready documentation

  • Repeatable testing methodologies

Act now to meet the EBA requirements

The EBA Guidelines on Restrictive Measures are already in effect, and supervisors are now actively assessing institutions against these new expectations.

To understand how AMLA® can help you meet the EBA Guidelines and demonstrate regulator-ready compliance:

Contact the AMLA® team today to discuss how our independent sanctions screening testing and validation solutions can support your organisation’s obligations under the new EU framework.

AMLA® will help you:

  • Evidence screening effectiveness under supervisory scrutiny

  • Validate system calibration and tuning

  • Identify and remediate hidden system weaknesses

  • Produce regulator-grade documentation

  • Strengthen board-level assurance

Act now to ensure your sanctions screening framework meets the EBA’s new regulatory standard.

You may also like

Log in