From 10 July 2027, AMLR (Regulation (EU) 2024/1624) sets a single, directly applicable customer due diligence standard for banks and financial institutions across the EU. Under Article 22, when identifying a legal-entity customer, an institution must collect a defined dataset including, “where available”, the customer’s registration number, tax identification number and Legal Entity Identifier (LEI). The obligation is to collect the LEI where the customer has one. A counterparty that holds a valid, active LEI gives the institution a precise, machine-readable record and a faster check.
The problem: same customers, higher standard, one rulebook
Banks already run customer due diligence. What changes under AMLR is the standard, the uniformity, and the supervisor. The Legal Entity Identifier, the 20-character ISO 17442 code that identifies a legal entity uniquely worldwide, moves from a reporting-line concept under EMIR and MiFIR into the customer due diligence text itself.
For a FinCrime or KYC team, the practical question is whether your counterparty and entity data will clear a higher, uniform bar in 2027. AMLR is directly applicable, so a bank operating in several Member States moves toward one CDD standard in place of several national interpretations. That harmonisation is welcome, and reaching it means cleaning up entity and counterparty data across the book.
What Article 22 asks of you
Article 22 sets out the information an obliged entity must obtain to identify a customer. For a legal entity, that includes the legal form and name, the registered office address and country of creation, the names of legal representatives, and, “where available”, the registration number, the tax identification number and the Legal Entity Identifier. The same “where available” reference to the LEI appears for trustees of express trusts, and the LEI is listed again, “where applicable”, for other organisations with legal capacity under national law.
Three points a banking compliance team should take from this:
The LEI is in the binding CDD dataset. It sits in the list of identifiers an institution must collect to identify a legal-entity customer, alongside the registration number and tax identification number.
The duty is yours, and it is conditional. AMLR requires the institution to collect the customer’s LEI where the customer has one. It does not require your customer to obtain an LEI, and an absent LEI does not, by itself, stop you onboarding them. What it does is leave a less precise, less interoperable record where an LEI would have given you a clean one.
Identity verification can be digital. Article 22 permits verification using electronic identification means meeting the eIDAS “substantial” or “high” assurance levels and relevant qualified trust services. This is the channel the vLEI, the verifiable form of the LEI, is designed for. The vLEI is not named in AMLR and is not required; it is the emerging route to machine-verifiable legal-entity identity worth tracking.
Beneficial ownership and ongoing monitoring
AMLR does not stop at onboarding. Article 22 requires institutions to identify and verify beneficial owners, including by consulting the central registers maintained under AMLD6, and AMLR carries a duty to report discrepancies between what you find and what the register holds. The beneficial-ownership threshold is 25% or more of ownership interest. A lower threshold can apply in higher-risk sectors, but it is set centrally rather than by Member States at will: the European Commission may, following an assessment due by 10 July 2029, set a lower threshold by delegated act, capped at 15%.
Ongoing monitoring continues through the life of the relationship. Entity data that is correct at onboarding but never refreshed degrades. An LEI helps here precisely because it is maintained: a valid LEI is renewed annually and its reference data is kept current in the Global LEI Index, so a counterparty’s LEI status is a live signal you can check rather than a static field you captured once.
The supervision change: AMLA
From 1 January 2028, the new EU Authority for Anti-Money Laundering, AMLA, begins direct supervision of a first group of selected institutions. The first phase is capped at around 40 entities, each operating in at least six Member States and assessed as high risk, with the selection running through the second half of 2027. If your institution is large and cross-border, direct AMLA supervision is a live possibility and the quality of your CDD data will be examined against a single EU standard. If you are not selected, you remain bound by the same AMLR rules under national supervision. Either way, the rulebook is the same.
What this means for your counterparty data
The institutions that find AMLR straightforward in 2027 will be the ones whose entity and counterparty data is already clean. Concrete steps for a FinCrime or KYC function:
- Add the LEI to your CDD data model now, if it is not already a captured, validated field for legal-entity customers.
- Enrich existing customer records with LEIs where customers already hold them, by matching against the Global LEI Index, rather than waiting to collect at next review.
- Treat LEI status as a monitoring signal. A counterparty whose LEI has lapsed is telling you something about its data hygiene.
- Get your own group’s LEIs in order. Your bank and its subsidiaries are legal entities other obliged entities must identify. Active LEIs across your structure reduce friction in every relationship you are the customer in.
The case for clean counterparty data
AMLR puts the LEI where it has the most operational value for a bank: inside customer due diligence. The obligation is conditional and sits with you as the obliged entity. Counterparties with valid, active LEIs are less costly and faster to onboard and monitor, and entity data built around a maintained global identifier ages better than data that is not. With the standard rising on 10 July 2027, the data work is best started now.
Next step: make sure your own entities carry valid, active LEIs, and consider how counterparty LEIs feed your CDD. Register or renew an LEI, or talk to us about EnterpriseLEI for portfolio-scale management.
