Implementation of the EU AML Package in Liechtenstein – Repeal of the SPG and enactment of the new AMLA

Classification¹

¹_{This is a highly simplified overview intended to provide a quick initial understanding of the subject matter. Each institution should determine the relevance and specific need for action on a case-by-case basis.}

6th AML Directive / GwG

The 6th AML Directive is implemented in Liechtenstein by the new Anti-Money Laundering Act (AMLA), whose consultation report was adopted on March 3, 2026. The Act (like the 6th AML Directive) primarily serves to organize and regulate the tasks and powers of the supervisory authorities (now “supervisors,” i.e., in Liechtenstein, unchanged, the FMA and the Chamber of Lawyers), as well as their cooperation with the supervisory authorities of other countries.

Accordingly, the direct impact on those currently subject to the SPG (now “Obliged Entities”) is limited. Nevertheless, some of the most relevant changes are highlighted below.

Scope of Entities Subject to the Act/Obliged Entities²: 

In addition to the fact that certain institutions have been replaced by references to the relevant EU regulations, the scope of Obliged Entities is specifically expanded to include the following persons: 

• Crowdfunding service providers and crowdfunding intermediaries
• For investment funds (Undertakings for Collective Investment (UCIs)): There is no longer an exhaustive list of regulated entities; in principle, both the funds themselves and their management companies or managers are each individually regulated
• Non-financial mixed activity holding companies
• Precious metal dealers and gemstone dealers
• Dealers in high-value goods (in particular jewelry, watches, and motor vehicles above a certain value/price)
• Dealers and intermediaries in cultural goods (in particular art galleries and auction houses) for amounts of CHF 10,000 or more
• Investment migration advisors
• Soccer agents

The new provision regarding the exception for employees of a subject legal entity also differs from the previous regulation in its scope of application. Under the new rules, a regulated activity is considered to be performed by an employee only if it is carried out in the name and on behalf of the legal entity. If either of these criteria is not met (e.g., if a trustee performs board-level duties on behalf of their trust company but personally in their own name), the natural person (in addition to the legal entity, if applicable) is also subject to the law. 

It should be emphasized that the previous general coverage of traders has been superseded by the coverage of specific groups of traders, as well as the introduction of a threshold of CHF 10,000 for cash transactions. This threshold applies to both the trade in goods and the provision of services.

The broader regulation of investment funds, or rather their management companies, is facilitated insofar as the Council states in its commentary on the EU-AML Regulation that “duplication of efforts” between funds and fund managers “should be avoided.” Accordingly, the measures taken to implement the EU-AML Regulation “should not be same, but should reflect the allocation of tasks between the fund and its manager.” 

Likewise, the significance of the new regulation of non-financial mixed activity holding companies (also known as “industrial holding companies”) must not be overlooked. These are holding companies that do not hold stakes in companies in the financial sector but have subsidiaries that are themselves subject to the AMLA. Furthermore, these holding companies perform central functions within the group (e.g., strategic management) and therefore do not serve “purely” to hold equity interests. The due diligence obligations of these holding companies will generally be limited due to the absence of their own regulated operational activities; nevertheless, the group-wide requirements (e.g., risk analysis, compliance function, etc.) now apply.

²_{The provisions regarding the group of regulated entities are indeed found in the EU-AML Regulation; however, since they are to be incorporated into the AMLA, they are explained here.}

Unannounced on-site inspections by the FMA: 

Under Art. 12(3) AMLA, the FMA is now authorized to inspect the business premises of Obliged Entities without prior notice. However, this applies only in cases where the proper conduct or effectiveness of the inspection requires it, or where prior notice would jeopardize it. Such unannounced on-site inspections are therefore expected to be the exception.

 
Reporting and information obligations:

The AMLA sets forth numerous obligations for supervisors regarding the collection of data and the conduct of risk analyses. Accordingly, Obliged Entities must, pursuant to Art. 15 AMLA, make the relevant data available to the supervisors. The exact scope and modalities of the data to be reported are still open at this time and will be specified by the FMA. The minimum scope of the data will be elaborated by the European Authority for Anti-Money Laundering in a corresponding draft RTS by July 10, 2026, in accordance with Art. 40(2) of the 6th AML Directive.

EU-AML Regulation 

While the 6th AML Directive and the AMLA primarily address the (inter)national framework for anti-money laundering, the EU-AML Regulation contains the substantive requirements for persons subject to money laundering legislation. These include, in particular, provisions regarding the scope of regulated entities (incorporated into the new AMLA), as well as requirements for their internal organization and processes, and, not least, the due diligence obligations to be observed. The EU-AML Regulation generally follows the already familiar requirements and principles; nevertheless, deviations from the currently applicable SPG may arise. A selection of some of these changes is explained below. Please note that the implementing RTS for certain parts of the Regulation are not yet available in their final form; these are to be made available by the Authority for Anti-Money Laundering by July 10, 2026.  

Compliance Officers and Investigating Officers:

It is particularly important to note that, under the EU-AML Regulation, the compliance officer effectively acts as the guarantor, regardless of whether a member of management holds the position or not. The EU-AML Regulation also explicitly states that the submission of a suspicious activity report falls within the responsibility of the compliance officer, whereas the SPG does not specify this. It is not explicitly stated whether the responsibility for submitting the report is accompanied by the decision-making authority to file the report. Since the definition of procedures regarding the filing of suspicious activity reports constitutes a fundamental requirement for the organization of the Obliged Entities as a whole, it can be assumed that these entities may also regulate the decision-making authority themselves (in each case while ensuring the protection of the compliance officer against reprisals, discrimination, etc.).

The investigating officer is now referred to as “audit function”, whose primary responsibility remains the verification of compliance with AML requirements. It should still be possible to outsource this function, with further details to be regulated by the Authority for Anti-Money Laundering through RTS.

Application of due diligence obligations to occasional transactions:

The threshold for applying due diligence obligations to occasional transactions has been lowered from CHF 15,000 to CHF 10,000. 

For occasional transactions in the form of cash payments, due diligence obligations apply starting at CHF 3,000, albeit to a reduced extent (until the usual threshold of CHF 10,000 is reached), requiring only that the identity of the contracting party be established and verified. The same regulation has been introduced for occasional transactions involving cryptocurrency transfers below the existing CHF 1,000 threshold. Accordingly, AML due diligence obligations must be complied with for every cryptocurrency transfer.

Event-independent updating of customer data or the business profile:

The EU-AML Regulation further specifies the existing obligation to regularly update customer data and, in some cases, imposes stricter requirements. Update checks must now be conducted at least annually for high-risk customers subject to enhanced due diligence (previously every 1–2 years according to FMA guidelines) and at least every 5 years for all other customers, whereas previously a frequency of at least 3–5 years sufficed for normal-risk customers, and event-driven checks were sufficient for low-risk customers.

It should be noted that the current business profile requirements differ only slightly from the KYC requirements set forth in the EU-AML Regulation. It should be emphasized that the EU-AML Regulation generally only requires verification of the assets provided (source of funds), while the origin of total assets (source of wealth) is only mentioned as part of enhanced due diligence measures.

Customer risk classification:

The EU-AML Regulation continues to distinguish between customers with low, normal, and high risk, whereby this classification enables or requires the application of simplified or enhanced due diligence measures. The factors to be considered for this purpose in Annexes I through III are not exhaustive lists and generally include the known factors from the SPG, resp. do not exclude them. 

However, a new requirement has been added mandating the application of certain due diligence measures for high-risk customers who exceed specific thresholds for assets under management (CHF 5,000,000) and total assets (CHF 50,000,000). These include, in particular, addressing and preventing any conflicts of interest with respect to such clients.

Identification of beneficial owners and clients:

The EU-AML Regulation generally continues to follow the 25% rule for determining beneficial ownership based on voting rights or profit sharing. This threshold may now be lowered by the Commission for certain categories of companies or industry sectors. Accordingly, it is to be expected that for certain business relationships, individuals with a stake of, for example, 10% will already be identified as beneficial owners and must be screened accordingly.

Examples of beneficial ownership based on “other forms of control” over a company have also been included, specifically through family members or formal and informal agreements.

The EU-AML Regulation provides for more comprehensive data collection for the identification of beneficial owners. New additions include, in particular:

• Place of birth
• Identification document number
• National identification number
• Description of the sources of the numbers

Similarly, the required information for customer identification has also been expanded; for example, in the case of legal entities, the location of the center of economic activity may need to be specified in addition to the location of the registered office, and the registration number, tax identification number, and legal entity identifier must be recorded.

In addition, for companies subject to transparency requirements, the required information regarding their beneficial owners has been expanded to include:

• Place of birth
• Residential address and country of residence
• Identification document number
• If available: Unique personal identification number
• Date from which the economic interest exists
• Information regarding the company subject to transparency requirements: Tax identification number and legal entity identifier
• If there are multiple companies: Detailed description of the ownership and control structure

Timeline

The EU-AML Regulation, as a directly applicable regulation, will replace the SPG as of July 10, 2027.

The AMLA will generally enter into force with the decisions of the EEA Joint Committee to adopt the 6th AML Directive. However, experience shows that it will be implemented simultaneously with the EU-AML Regulation, regardless of whether a corresponding decision by the Committee is in place at that time.

Impact on Market Participants 

Although the EU-AML Regulation does not comprehensively alter the fundamental requirements and principles for institutions and persons subject to anti-money laundering law, there are minor or even significant deviations from the existing requirements in some areas.

Given the scope and complexity of the new regulatory framework, affected institutions should conduct a detailed analysis of their current anti-money laundering framework at an early stage to familiarize themselves with their options and any necessary actions.

If you have any questions regarding the AML package or other financial market law topics, our team Regulatory & Compliance Financial Services will be happy to assist you. We look forward to hearing from you.