Switch to the new Analyser Online here


Understanding the new EBA guidelines: Key requirements for all

24 June 2025
AMLA® blog, Thought leadership
EBA Guidelines

The European Banking Authority (EBA) has issued its Guidelines on restrictive measures, introducing a far more rigorous framework for sanction screening system testing across the EU’s financial sector.

Coming into effect on 30 December 2025, these Guidelines will become an integral part of the EU’s Anti-Money Laundering Regulation (AMLR), which itself will take effect on 10 July 2027, overseen by the newly established EU Anti-Money Laundering Authority.

These Guidelines mark a major landmark in the EU’s financial crime compliance regime, with an evidential shift from passive adherence to active, demonstrable competence in sanctions screening testing and tuning.

Financial institutions will need to act now, well ahead of the December 2025 deadline, to ensure their systems, governance and documentation align with the new requirements.

Scope and applicability

The Guidelines are separated into two parts:

Section /14 applies to all regulated financial institutions, covering general compliance with restrictive measures. Section /15 is targeted specifically at payment service providers (PSPs) and virtual-asset service providers (VASPs), focusing heavily on screening practices and technological adequacy.

All competent authorities are expected to notify the EBA whether they intend to comply with the Guidelines. A failure to do so will result in the institution being publicly listed as non-compliant, an outcome with clear reputational implications.

Key requirements from the EBA Guidelines

1. Ongoing sanction screening system reviews – once a year minimum

Institutions must conduct annual reviews of their sanctions screening systems. Reviews must also be conducted whenever there are grounds for concern, such as a change in sanctions policy, for example.

These reviews must assess:

  • The effectiveness of the system in identifying matches against restrictive measures
  • The reliability and integrity of alert generation
  • The transparency around system performance

The results should be thoroughly documented, justifiable under supervisory scrutiny, and integrated into the financial institution’s wider compliance framework.

2. Screening system tuning

Tuning, or calibration as it is referred to by the EBA, is now a regulatory expectation. Financial institutions must calibrate their systems to ensure that screening parameters are optimally tuned.

This involves testing the system against:

  • Sanction list data
  • Manipulated sanctioned records (for fuzzy logic matching capabilities)
  • The calibration process must also be performed prior to deploying a new system, ensuring it is fit-for-purpose from the very start of its use

3. Testing of screening effectiveness

PSPs and VASPs in particular are required to conduct detailed testing of their systems, addressing the following:

  • Are the most up-to-date, relevant sanctions lists being used?
  • Are all customers and all transactions being screened properly?
  • Are the right data fields being fed into the screening system?
  • Does the system automatically suspend operations when needed?
  • Are resources sufficient to process and escalate positive matches promptly?

4. Reporting and remediation obligations

Financial institutions are explicitly required to report any significant weaknesses or deficiencies in their sanction screening system immediately.

The expectation is not just to identify issues, but to:

  • Conduct a root cause analysis
  • Implement remediation plans
  • Demonstrate continuous improvement through documentation and board-level oversight

Challenges faced in becoming compliant

Meeting the EBA Guidelines certainly isn’t a straightforward task, and it is expected that many financial institutions trying to implement the key requirements will encounter common problems such as:

1. Calibration complexity

Tuning a system for optimal performance requires deep technical knowledge. Calibrating thresholds too loosely can flood operational teams with false positives. Calibrating too tightly, and you risk missing true matches, a compliance failure that regulators will be very strict on.

2. Data management and integration

Ensuring a complete and accurate intake of transaction data is often hindered by poor IT systems, inconsistent formats and cross-border data flows. This is particularly acute for VASPs, where blockchain-based assets introduce unique screening challenges.

3. A constantly changing sanctions environment

With sanctions lists evolving rapidly – some on a daily basis – financial institutions must ensure updates are integrated as quickly as possible. List management must not only be completely accurate, but it must be agile enough to keep up to date with the frequency of changes.

4. High testing burden

In-depth system testing demands both technical expertise and time, and resources within financial institutions are often scarce and hard to come by. Internal compliance teams may lack the skills or availability to conduct meaningful testing at the required accuracy or frequency.

5. Demonstrating effectiveness

It is no longer sufficient to claim that a system is effective; financial institutions must now prove it. This requires solid documentation, formal testing methodologies and independent third-party validation.

6. Identifying and addressing system weaknesses

Diagnosing weaknesses in a complex sanctions screening system, especially in how alerts are handled or suspended transactions are processed, requires a mix of compliance knowledge and system-level insight.

How AML Analytics (AMLA®) can help with the EBA Guidelines

To help meet these challenges and implement the EBA’s requirements, financial institutions are increasingly turning to AMLA®, the global leader in sanctions screening testing and validation.

As the only provider in the world trusted by supervisors and world governments to conduct sanctions Thematic Review testing of their financial entities, AMLA® brings a depth of knowledge and expertise that few internal teams can rival.

AMLA® is an independent provider of sanction screening system testing technologies with no affinity to any supplier of automated systems. This independence ensures:

  • Unbiased results
  • Greater confidence from regulators
  • Assurance for boards and audit committees
  • Technology driven testing

Working with AMLA® requires no access to client data, zero integration with financial institutions’ systems and minimal internal resources are required. This eliminates the typical data privacy and cybersecurity concerns associated with third-party reviews.

Act before December 2025

The 30 December 2025 deadline may seem far away, but for financial institutions not yet reviewing their sanction screening systems, time is already of the essence.

Compliance with the EBA’s Guidelines will require months of planning, testing, documentation, and possible system upgrades.

Financial institutions should begin their preparations immediately – any delay could result in last-minute stress or worse: supervisory action and reputational damage.

The EBA’s Guidelines signal a significant shift towards proactive, technology informed sanctions screening. Institutions are expected not only to implement capable systems but to prove that those systems work effectively, efficiently and transparently.

Log in