The change in supervisory posture
For much of the last decade, European AML supervision could largely be satisfied by evidence that a firm had the right governance architecture: a Board committee with a financial crime mandate, an MLRO with the requisite standing, an approved Business-Wide Risk Assessment, a policy manual and a training programme. The presence of the architecture was treated as reasonable evidence of the outcomes it was meant to produce.
That inference is no longer accepted. SEPBLAC's 2025 Annual Report is explicit on the point. So is the reasoning behind the FCA's Starling Bank Final Notice, the Central Bank of Ireland's action against Coinbase Europe and the Bank of Lithuania's engagement with Revolut Bank. In each case, the architecture was present. What supervisors found missing was the behaviour the architecture was meant to enable.
This is the context in which the term "effective governance" is now used. Perspective 002 set out the questions a Board should be able to answer. Perspective 003 examined the independent challenge that helps produce those answers. This Perspective describes what regulators are looking for when they test governance directly.
The three tests supervisors now apply
From the reasoning in recent enforcement decisions and from supervisory dialogue observed during inspections, three consistent tests emerge.
Information quality
The first test is whether the information reaching the Board is fit to support the decisions being asked of it. Effective MI in this sense has three properties. It is risk-oriented, answering the question of where residual exposure is concentrated and how it is trending. It is analytical, interpreting rather than reciting numbers. It is comparable across periods, so that the direction of travel is visible rather than inferred.
Challenge quality
The second test is whether the challenge exercised in governance forums is substantive. Supervisors read minutes closely. Where minutes record only that a matter was discussed, or that the Committee took note, the challenge is not evidenced. Where they record specific questions asked, specific responses given and the resolution reached, the challenge is defensible.
This is not a documentary exercise. The purpose of the minute is not to protect the firm, it is to record what actually happened, in enough detail that eighteen months later a supervisor could reconstruct the debate. If nothing happened, the honest minute is short. If something substantive happened, the minute reflects it.
Accountability traceability
The third test is whether accountability for financial crime outcomes can be traced through the governance structure to specific individuals. The point is not to apportion blame after the fact. It is to make it possible, during an inspection, to answer the question of who is accountable for a given outcome without ambiguity. Where accountability is diffuse, either between the first and second line or between the executive and the Board, the framework is treated as weaker than the sum of its parts.
The habits that produce effective governance
Effective governance is not installed. It is practised. The habits that produce it are visible in every firm that handles supervisory engagement comfortably.
What AMLA will inherit
The Anti-Money Laundering Authority becomes operational in 2028 and will directly supervise a limited number of the largest cross-border obliged entities from that date. For the smaller regulated firms that are the primary audience for Claritas, direct supervision by AMLA is not the principal issue. Indirect supervision, through the harmonised expectations AMLA will apply to national supervisors, is.
The governance expectations described in this Perspective are, in substance, the expectations that AMLR sets out and that AMLA will consolidate. Firms that build the habits now will find the transition uneventful. Firms that wait for national supervisors to translate the harmonised standards into local expectations will find themselves preparing under time pressure they could have avoided.
How Claritas approaches governance work
Governance reviews in the Claritas model are diagnostic rather than architectural. We start from the assumption that the architecture is largely correct and that the useful question is whether it is being used.
The work typically has four elements. A cold read of the last four Board packs, the associated MI and the minutes, looking at the material financial crime decisions taken and the trail behind them. A structured conversation with the Chair, the CEO, the MLRO, the Head of Risk and, where relevant, internal audit, focused on the three tests described above. A short thematic file sample to test whether the operational reality supports the governance narrative. A findings note, written for the Board, that distinguishes clearly between issues requiring a decision and issues requiring a change in practice.
The intended output is not a redesign. It is a small number of specific, named-owner improvements that shift the framework from documented to demonstrable.
- 01Board packs open with the firm's residual financial crime risk position and its direction of travel, not with activity volumes.
- 02Minutes record specific challenge, specific evidence and specific resolution for every material financial crime decision.
- 03The escalation register shows a consistent pattern of items raised, resolved and closed on the record, with named owners and dated evidence.
- 04The Board can identify, unprompted, at least one financial crime decision in the last year that changed as a result of substantive challenge.
- 05Governance improvements progress on a defined cycle and are not driven principally by supervisory events.
- SEPBLAC. Memoria 2025 (Annual Report, June 2026). www.sepblac.es/wp-content/uploads/2026/06/MemoriaSepblac2025_ES.pdf
- Financial Conduct Authority, Final Notice: Starling Bank Limited (October 2024). www.fca.org.uk/publication/final-notices/starling-bank-limited-2024.pdf
- National Bank of Belgium, enforcement action against ING Belgium (2024).
- European Banking Authority, Guidelines on Internal Governance (EBA/GL/2021/05).
- European Banking Authority, Guidelines on Policies and Controls for the Effective Management of ML/TF Risks (EBA/GL/2022/05).
- European Union, Anti-Money Laundering Regulation (AMLR).
- Perspective 002, Five questions every Board should ask about its financial crime controls
- Perspective 003, Why independent challenge matters more than another policy review
- Perspective 005, Preparing for an AML inspection before you receive the letter
- Perspective 008, Waiting for AMLA won't make preparation any easier


