AMLD6, FATF Recommendations 10–12, and what they mean for your TM coverage

Why we wrote this

Compliance teams keep asking us the same question: "we know AMLD6 and FATF apply — what do we have to prove?" This post answers it. It maps AMLD6 articles and FATF Recommendations 10, 11, and 12 to specific transaction-monitoring (TM) controls, names the control IDs we use internally, and flags the three gaps we see most often in pilot conversations.

The frameworks, briefly

AMLD6 (Directive (EU) 2018/1673, transposed by member states by Dec 2020) sets the criminal-law floor for money laundering across the EU. Article 7 in particular obliges firms to apply risk-based TM and CDD. It does not enumerate scenarios — the scenarios come from your internal risk assessment, but the Directive requires they exist.

FATF Recommendation 10 is the customer-due-diligence backbone: identification, verification, beneficial-ownership, ongoing monitoring.

FATF Recommendation 11 is record-keeping: retain transaction records for at least 5 years (longer if a competent authority asks) and ensure they are available to authorities promptly.

FATF Recommendation 12 covers politically-exposed persons (PEPs): enhanced due diligence, senior-management approval, source-of-wealth checks, ongoing scrutiny.

The combination of these three — and AMLD6 Art. 7 — is what auditors quote when they ask whether your TM "coverage" is adequate.

The mapping

Here are the controls we ship by default and which framework requirement each one defends:

TM-001 — Threshold-based cash-equivalent monitoring

Detects structured deposits / withdrawals just under reporting thresholds. Defends FATF R.10 (ongoing monitoring) and AMLD6 Art. 7 (risk-based monitoring).

TM-002 — Velocity scenarios per customer segment

Per-customer transaction velocity vs. expected from KYC. Defends FATF R.10 and the segmented risk-based requirement of AMLD6 Art. 7.

TM-003 — Cross-border and high-risk-jurisdiction screening

Surfaces flows to / from FATF-listed high-risk jurisdictions. Defends FATF R.10, R.19 (high-risk countries), and AMLD6 Art. 7.

TM-004 — PEP-flagged transaction enhanced monitoring

Tightened thresholds and mandatory manual review for customers flagged as PEPs by the screening engine. Defends FATF R.12 directly.

TM-005 — Beneficial-owner lookthrough

Aggregates flows across legal-entity customers sharing a UBO. Defends FATF R.10 (beneficial-ownership requirement) and AMLD6 Art. 4.

TM-006 — Dormant-account revival

Detects flows on accounts that have been dormant for N months. Common money-mule entry pattern. Defends AMLD6 Art. 7.

TM-007 — Mule-network velocity (LME-assisted)

Uses the Link Map Engine to detect velocity across linked accounts (shared device, address, IP, phone). Defends AMLD6 Art. 7 and supports SAR narrative under AMLD6 Art. 33.

TM-008 — Cash-out layering

Multi-hop pattern detection — funds in, fragmented across N accounts, withdrawn quickly. Defends AMLD6 Art. 7 and FATF R.10.

Record-keeping for every alert and disposition is handled by the platform's hash-chained audit log; that is the FATF R.11 control. Retention is per-plan (90 days Starter, 2 years Pro, 7 years Enterprise — configurable per residency requirement).

The three gaps we see most often

Gap 1: no PEP-tightened thresholds. Teams enable the PEP screening but apply the same TM thresholds to PEP customers as to retail. FATF R.12 expects enhanced monitoring — not just the same monitoring with a flag.

Gap 2: no beneficial-owner aggregation. When two corporate customers share a UBO, their flows must be considered together for TM, not in isolation. The LME-assisted scenarios fix this — but you have to actually turn them on.

Gap 3: scenario coverage frozen at go-live. AMLD6 Art. 7 is risk-based, which means "your scenarios should evolve with your risk profile." Teams that ship four scenarios at go-live and never touch them again become an audit finding. The no-code scenario builder exists to close exactly this gap.

How to check yourself

The simplest test: open your TM scenario list and ask "which of TM-001 through TM-008 are live, and when did each one last get tuned?" If the answer to the second question is "we don't know" or "more than a year ago" — that is the gap the regulator will find.

---

For the full mapping including the equivalent UK MLR 2017 / FinCEN BSA citations, see the docs. To browse scenario coverage on a sandboxed tenant, hit /sandbox.