EU AML Regulation 2024/1624 — Articles 48 & 49
Your client was verified last week. They shouldn't have to do it again.
Under the EU's new AML Regulation, obliged entities across Europe can rely on another firm's customer due diligence — legally, compliantly, and without asking your client to repeat the same process. Instant Compliance makes reliance seamless for law firms, accountants, real estate professionals and other obliged entities operating under the AMLR.
Start freeOriginating firm
CDD completed & verified
Relying firm
Reliance accepted — risk assessment applied
The problem
Why your clients keep getting asked the same questions.
Every professional involved in a transaction — the lawyer, the accountant, the real estate agent, the notary — is an obliged entity under the AMLR. Each one is required to conduct customer due diligence before providing their services.
Without reliance, your client is asked to upload their passport, prove their address and confirm their identity multiple times — once for each professional on the deal. Articles 48 and 49 of the AMLR create a legal framework that lets one obliged entity rely on the CDD already performed by another — so the client only goes through the process once.
The client experience without reliance
Multiple identity requests. Repeated document uploads. The same questions asked by every professional on the deal. Clients feel like they are being treated as suspects — not customers.
The compliance reality
Every obliged entity still has its own CDD obligations. Reliance does not eliminate them — it satisfies them more efficiently. The relying firm receives the originating firm’s CDD and applies its own risk assessment on top.
The AMLR solution
Articles 48 and 49 of the AMLR create a clear, legally-recognised pathway for one obliged entity to rely on another’s CDD — with a written agreement, a 5-working-day information transfer obligation, and full liability remaining with the relying entity.
The legal framework
What the AMLR actually says.
The reliance mechanism is not a workaround or a shortcut. It is a formal legal framework built into the EU's primary AML legislation. Here is what it says.
“Obliged entities may rely on other obliged entities, whether located in a Member State or in a third country, to meet the customer due diligence requirements… The ultimate responsibility for meeting the customer due diligence requirements shall remain with the obliged entity which relies on another obliged entity.”
Who can use reliance
Any obliged entity under the AMLR — law firms, accounting firms, real estate agents, notaries, trust and company service providers, and other regulated professionals. Reliance can be used with any other obliged entity in an EU Member State, or with entities in third countries that apply equivalent AML/CFT standards.
Reliance on entities in third countries identified by the European Commission as having strategic AML/CFT deficiencies is prohibited under Art. 48(4).
What reliance covers
Reliance satisfies the three core CDD obligations under Article 20(1)(a), (b) and (c): identifying and verifying the customer; identifying and verifying beneficial owners; and identifying the purpose and intended nature of the business relationship.
It does not cover ongoing monitoring. Each obliged entity must conduct its own ongoing monitoring regardless of any reliance arrangement.
What the relying firm must still do
Reliance does not make the relying firm passive. Under Article 49, the relying firm must obtain all necessary CDD information, ensure documents can be provided within 5 working days on request, apply its own risk assessment, conduct its own ongoing monitoring, and keep its own records for the retention period.
This is not a new concept. Banks and financial institutions have used equivalent reliance mechanisms across Europe for over a decade. The AMLR extends the same framework to lawyers, accountants, real estate professionals, notaries and other obliged entities — for the first time, on a harmonised, EU-wide basis.
Reliance in practice
How Instant Compliance handles it.
Originating firm completes CDD
The originating firm completes full CDD in Instant Compliance — identity verification, beneficial owner identification, PEP and sanctions screening, and the purpose and nature of the business relationship.
AutomatedCreate a reliance record
The completed CDD is marked as available for reliance, creating a shareable, structured summary of the CDD performed — without transferring the underlying documents unless requested.
AutomatedWritten agreement executed
Both firms execute a written reliance agreement as required by Article 49(4). Instant Compliance provides a compliant template that specifies the conditions for information transfer and each party’s obligations.
AutomatedRelying firm receives the CDD summary
The relying firm receives a structured summary — customer identity, beneficial owners, purpose and nature of the relationship. Full supporting documents are available on request within 5 working days, as required by Article 49(3).
AutomatedApply your own risk assessment
The relying firm must apply its own ML/TF risk assessment. Reliance satisfies identity verification and beneficial owner identification — it does not satisfy the risk assessment obligation, and your risk rating may differ from the originating firm’s. Instant Compliance will not mark the reliance complete until this is done.
Manual — cannot be skippedOngoing monitoring — each firm’s own obligation
Both firms conduct their own ongoing monitoring of the business relationship. Instant Compliance sends periodic review reminders and flags any change to PEP or sanctions status, and re-screens on list updates.
AutomatedWho reliance is for
Which professions can use reliance.
The AMLR applies to a broad range of obliged entities. Any of the following can act as either the originating firm or the relying firm in a reliance arrangement.
Law Firms
Lawyers providing legal services in connection with real estate transactions, business sales, trust creation, company formation, or managing client funds.
Common scenario: Relying on a real estate agent’s buyer CDD when acting for the same buyer in the conveyancing.
Accounting Firms
Accountants and auditors providing services in connection with business sales, trust administration, company formation, or managing client funds.
Common scenario: Relying on a lawyer’s CDD when both firms advise the same client on a business acquisition.
Real Estate Professionals
Real estate agents, brokers, and intermediaries involved in the purchase, sale, or lease of real property.
Common scenario: Relying on a conveyancer’s CDD when acting as buyer’s agent for the same buyer.
Notaries & TCSPs
Notaries, trust and company service providers, and other professionals involved in creating or managing legal arrangements.
Common scenario: Relying on a law firm’s CDD when providing registered office or nominee director services to the same client.
Cross-border
Reliance works across EU borders — and beyond.
Unlike many national AML frameworks, the AMLR explicitly permits reliance on obliged entities in other EU Member States — and on entities in third countries that apply equivalent AML/CFT standards.
A German law firm can rely on the CDD performed by a French notary. A Dutch accountant can rely on a Spanish real estate agent. And an EU-based firm can, in appropriate circumstances, rely on a firm in a third country — provided that country's framework meets the AMLR's equivalence standard.
Within the EU
Full reliance is available between any two obliged entities in EU Member States, subject to the written agreement requirement and the 5-working-day information transfer obligation. No additional equivalence assessment is required.
Third countries
Reliance is available where the third country applies AML/CFT requirements equivalent to the AMLR. The relying firm must weigh the geographical risk factors in Annexes II and III. Reliance on entities in countries with strategic AML/CFT deficiencies is prohibited.
Instant Compliance automatically flags when a proposed reliance arrangement involves a third-country entity, and prompts the relying firm to complete the required equivalence assessment before the arrangement is activated.
What changes
What changes when you use reliance.
| Without Reliance | With Instant Compliance Reliance | |
|---|---|---|
| Client experience | Multiple identity requests from every professional on the deal | One verification — shared across all firms involved |
| Time to onboard | Each firm waits for its own full CDD process | Relying firm onboards in minutes once the CDD summary is received |
| Written agreement | Not applicable | Pre-populated AMLR-compliant template, signed and stored automatically |
| Information transfer | Manual, ad hoc, often by email | Structured, secure, within the 5-working-day AMLR requirement |
| Risk assessment | Each firm conducts its own (often duplicating effort) | Each firm conducts its own — but with the originating firm’s CDD as the foundation |
| Ongoing monitoring | Each firm monitors independently | Each firm monitors independently — Instant Compliance alerts both |
| Audit trail | Fragmented across firms | Unified reliance record stored in both firms’ accounts |
| GDPR / privacy footprint | Each firm holds full identity documents | Relying firm holds the reliance acknowledgement — not the underlying documents |
Client experience
Without Reliance
Multiple identity requests from every professional on the deal
With Instant Compliance Reliance
One verification — shared across all firms involved
Time to onboard
Without Reliance
Each firm waits for its own full CDD process
With Instant Compliance Reliance
Relying firm onboards in minutes once the CDD summary is received
Written agreement
Without Reliance
Not applicable
With Instant Compliance Reliance
Pre-populated AMLR-compliant template, signed and stored automatically
Information transfer
Without Reliance
Manual, ad hoc, often by email
With Instant Compliance Reliance
Structured, secure, within the 5-working-day AMLR requirement
Risk assessment
Without Reliance
Each firm conducts its own (often duplicating effort)
With Instant Compliance Reliance
Each firm conducts its own — but with the originating firm’s CDD as the foundation
Ongoing monitoring
Without Reliance
Each firm monitors independently
With Instant Compliance Reliance
Each firm monitors independently — Instant Compliance alerts both
Audit trail
Without Reliance
Fragmented across firms
With Instant Compliance Reliance
Unified reliance record stored in both firms’ accounts
GDPR / privacy footprint
Without Reliance
Each firm holds full identity documents
With Instant Compliance Reliance
Relying firm holds the reliance acknowledgement — not the underlying documents
GDPR & privacy
Reliance means a smaller data footprint.
When a firm relies on another's CDD, it receives a structured summary of the CDD performed — not necessarily a copy of the client's passport or driver's licence. The relying firm's data footprint is significantly smaller: it holds the reliance acknowledgement and the CDD summary, not the underlying identity documents. Its obligations under GDPR Article 5 (data minimisation) are easier to satisfy, and its exposure under Article 83 in relation to that identity data is reduced.
The relying firm must still be able to obtain copies of the underlying documents within 5 working days if requested by its supervisory authority (an Article 49(2) obligation). The documents remain with the originating firm — but the relying firm must have a contractual right to access them. Instant Compliance builds that right into the written reliance agreement template.
AMLR timeline
When do these obligations take effect?
The EU AML Regulation (2024/1624) entered into force on 26 June 2024. The application dates vary by provision.
| Provision | Application date |
|---|---|
| Most CDD and reliance obligations (including Arts. 48–49) | 1 July 2027 |
| AMLA supervision of selected obliged entities | 1 July 2025 |
| Beneficial ownership register provisions | Phased 2025–2027 |
1 July 2027 is closer than it looks. Firms that begin building their reliance infrastructure now — establishing written agreements, onboarding counterparty firms, and training their teams — will be significantly better positioned than those who wait.
Instant Compliance is available now. You don't need to wait until 2027 to start. Firms operating across multiple jurisdictions — including Australia, where the equivalent mechanism is already in force — can use Instant Compliance today and extend the same workflows to their EU operations as the AMLR comes into effect.
Common questions
Common questions about EU reliance.
Does reliance mean my firm no longer has to conduct customer due diligence?
No — and this is the most important thing to understand. Article 48(1) is explicit: the ultimate responsibility for meeting the CDD requirements remains with the obliged entity that relies on another. Reliance satisfies the identity verification and beneficial owner identification obligations. It does not eliminate your firm’s obligation to conduct its own risk assessment, apply enhanced due diligence where required, or conduct ongoing monitoring.
Does the client need to consent to their CDD being shared?
No separate consent is required for the CDD to be shared between obliged entities under a reliance arrangement. However, your privacy notice and the client’s engagement letter should disclose that their information may be shared with other regulated entities involved in the same transaction. Instant Compliance’s standard client-facing KYC flow includes this disclosure.
What is the 5-working-day rule?
Under Article 49(3), the originating firm must provide copies of identity documents, verification sources, and business relationship information to the relying firm within 5 working days of a request. This is a hard legislative requirement — not a best practice. Instant Compliance’s document request workflow is built around this timeframe.
Can we use reliance with a firm in a non-EU country?
Yes, in some circumstances. Reliance is available with entities in third countries that apply AML/CFT requirements equivalent to the AMLR. Reliance on entities in countries identified by the European Commission as having strategic AML/CFT deficiencies is prohibited under Article 48(4). Instant Compliance flags third-country arrangements and prompts the required equivalence assessment.
Do we need a written agreement for every reliance arrangement?
Yes. Article 49(4) requires the conditions for information transfer to be specified in a written agreement between the two firms. For firms within the same corporate group, a group-level internal procedure can substitute for individual agreements under Article 49(5). Instant Compliance provides a compliant template that is pre-populated and executed within the platform.
How is EU reliance different from the Australian mechanism?
The core principle is the same — one obliged entity relies on another’s CDD, and liability remains with the relying entity. The key differences: the EU mechanism explicitly permits cross-border reliance across all Member States; the AMLR specifies a 5-working-day transfer timeframe; it applies from 1 July 2027 for most obliged entities; and it is governed by the AMLR and supervised by AMLA and national supervisors, rather than AUSTRAC.
Can I use Instant Compliance for both Australian and EU reliance?
Yes. Instant Compliance supports both the Australian reliance mechanism (ss.37A–38 of the AML/CTF Act) and the EU mechanism (Arts. 48–49 of the AMLR). Firms operating across both jurisdictions can manage all reliance arrangements from a single platform.
Get started with Reliance
Ready to set up reliance for your firm?
Whether you are preparing for the AMLR's 2027 application date or already operating under the Australian AML/CTF Act, Instant Compliance gives you everything you need to implement reliance correctly — written agreements, CDD sharing, risk assessment workflows, and a complete audit trail.