AMLR Articles 13–15: employee integrity, whistleblowing and internal control

View as Markdown
5 mins read • Legal Writer • ANTI–MONEY LAUNDERING • 3 February 2026
  1. The risk-based approach as a system of AML internal controls
  2. Article 13 AMLR – Employee integrity
  3. Article 14 AMLR – Reporting of breaches and protection for reporters
  4. Article 15 AMLR – Specific situations of certain employees
  5. AMLR 13–15: AML internal controls, governance and oversight

Welcome to the fifth article in Morling Consulting’s blog series on the EU’s AMLR. This instalment marks a thematic shift: earlier parts addressed definitions, obliged entities, organisational requirements and sector-specific exemptions. Here we turn to the overarching framework, focusing on how human factors, internal control mechanisms and organisational culture are integrated into the risk-based approach that runs through the AMLR.

This post examines Articles 13–15 of the AMLR, which address employee integrity and reporting of AML breaches. These provisions clarify that risks of money laundering, terrorist financing and the circumvention of economic sanctions are not linked solely to products, customers or geography, but also to people, roles and internal processes. The rules must also be read in light of sectoral risks and business-specific vulnerabilities.

At Morling Consulting, our lawyers support companies and organisations with AMLR implementation, including the design of general and sector-specific risk assessments, interpretation of EU-level requirements and adaptation to national supervisory practice across Europe. Through our expert advisory services on AMLR and AMLD6, we help obliged entities structure their compliance work in line with EU law as well as national law and supervision across Europe.

The risk-based approach as a system of AML internal controls

The AMLR’s risk-based approach is not a single analysis or a bounded document; it is a cohesive system of judgements, controls and follow-up designed to ensure the obliged entity identifies, understands and manages its risks. This system spans both external risks, such as customer behaviour and transaction patterns, and internal risks tied to structure, governance and personnel. Effective governance and oversight, clear procedures and documentation, and proportionate internal control mechanisms are central to risk management and mitigation.

Article 13 AMLR – Employee integrity

Article 13 establishes requirements to assess employees and other comparable persons involved in ensuring compliance with the AMLR, Regulation (EU) 2023/1113 and related implementing acts issued by supervisory authorities. The provision also covers agents and distributors, underscoring that the risk-based approach extends beyond internal staff to those performing outsourced AML compliance functions.

The assessment must be proportionate to the risks associated with the person’s tasks and approved by the compliance officer. It must address two main factors: first, the individual’s competence, knowledge and expertise to perform the functions; second, good repute, honesty and integrity. The AMLR thereby creates a clear link between individual assessments and the obliged entity’s overall risk assessment of money laundering risk.

The assessment is to be completed before the person begins work related to application of the AML framework and then repeated regularly. Frequency should reflect the nature of the tasks and their inherent risks. In practice, individuals with access to sensitive information or responsibility for reporting to authorities may require more extensive and more frequent updates to controls, supported by robust procedures and documentation.

Article 13(2) introduces an explicit duty for employees and other relevant persons whose tasks concern AMLR compliance to inform the compliance officer about close private or professional relationships with customers or prospective customers. Such ties create potential conflicts of interest and must lead to recusal from compliance tasks related to those customers. This highlights that risks must be identified not only structurally but also at individual level—particularly in sectors with pronounced relationship-driven business or strong local ties.

Article 13(3) further requires obliged entities to establish measures to prevent and manage conflicts of interest that could affect tasks relating to AMLR compliance. These measures are part of the risk-based approach and ensure that identified risks do not undermine governance and oversight or the effectiveness of internal control mechanisms.

Finally, Article 13(4) provides an exemption for obliged entities that are a natural person, or a legal person operated solely by a single natural person. This aligns with proportionality, but does not place such businesses outside the risk-based approach as a whole.

Article 14 AMLR – Reporting of breaches and protection for reporters

Article 14 links the AMLR to the EU whistleblowing framework via a direct reference to Directive (EU) 2019/1937. That Directive establishes effective protection for whistleblowers reporting breaches of Union law. When reporting breaches of the AMLR, Regulation (EU) 2023/1113 or implementing acts of supervisory authorities, the Whistleblowing Directive applies. Under Article 14(2), obliged entities must set up internal reporting channels that meet the Directive’s requirements, enabling workers to report internally and ensuring appropriate follow-up.

In sectors with elevated or complex transaction flows, accessible and trusted channels are especially important. They complement formal controls with practical insight from staff and strengthen risk management and mitigation. By ensuring protection for those who report, the AMLR reinforces incentives for internal reporting. This is not only about individual rights; it is also crucial to an organisation’s capacity to maintain effective AML internal controls within a dynamic, risk-based framework.

Article 14 also exempts natural persons, and legal persons operated solely by a single natural person, from the Article 14(2) duty to maintain internal reporting channels. The exemption illustrates how proportionality and risk are balanced against administrative obligations.

Article 15 AMLR – Specific situations of certain employees

Article 15 clarifies how the AMLR applies where a natural person within Article 3(3) of the Regulation practises their profession as an employee of a legal person. Article 3(3) persons include, among others, certain auditors, lawyers, estate agents and football agents. Where such a natural person is employed by a legal person, the AMLR requirements apply to the legal person.

AMLR 13–15: AML internal controls, governance and oversight

Articles 13–15 make clear that human and organisational dimensions—employee integrity, the ability to report breaches, and clear lines of responsibility—are decisive. For obliged entities, the provisions require governance and oversight, documented processes, and ongoing follow-up, while creating stronger conditions to build sustainable, effective systems to counter money laundering, terrorist financing and the circumvention of economic sanctions. Where appropriate, elements of outsourced AML compliance may be used to reinforce internal control mechanisms and strengthen procedures and documentation.

Material Design illustration showing three legal professionals in front of an AI chip, playground and surveillance symbols, representing IMY’s focus areas public AI, children’s privacy and law enforcement.

5 February 2026

IMY’s priorities for 2026 – what do they mean for your organisation?
Read more
Illustration of a startup GDPR compliance briefing, with team members reviewing a security checklist and data protection policy on a screen.

4 February 2026

GDPR in your start-up – how to build assurance and compliance
Read more
Anonymous lawyer in a suit presses a digital whistleblowing button inside a protective sphere, symbolising secure whistleblowing systems, employee privacy and internal controls under the AMLR.

3 February 2026

AMLR Articles 13–15: employee integrity, whistleblowing and internal control
Read more