Germany has unveiled updated guidelines and an accompanying application note to bolster its fight against money laundering and terrorist financing. Released by the Federal Financial Supervisory Authority (BaFin), the new document outlines the responsibilities of financial and non-financial institutions under the Money Laundering Act (Geldwäschegesetz – GwG), with a strong focus on risk-based management and internal safeguards.
A Pillar of Financial Integrity
At the heart of the guidance is the principle that preventing money laundering is essential to maintaining the integrity of the financial system and public trust. Suspicious activity reports from regulated entities often serve as the foundation for law enforcement investigations. In this ecosystem, BaFin plays a dual role: overseeing compliance and helping obligated entities interpret and apply the law effectively.
Aligning with EU Mandates
The July 2025 update comes amid sweeping anti-money laundering reforms across the European Union. The EU’s Anti-Money Laundering Package, introduced in 2021, laid the groundwork for consistent regulation across member states. Among the most significant changes is the creation of the Anti-Money Laundering Authority (AMLA), which will become operational in July 2027. The forthcoming EU Money Laundering Regulation will be directly applicable to entities under BaFin’s supervision.
Who’s Obligated and What’s Required
The updated guidelines clearly define who is subject to the GwG. Obligated entities include:
-
Traditional financial players like banks, insurers, and investment firms
-
Cryptocurrency service providers and payment institutions
-
Self-employed traders and real estate agents
Each of these entities must adopt a risk-based approach to identify, evaluate, and mitigate potential risks associated with money laundering and terrorist financing.
A central requirement is the implementation of a comprehensive risk management system, tailored to the institution’s size and business model. Internal safeguards—ranging from due diligence procedures to transaction monitoring—must be built upon this risk analysis and updated regularly.
Management Accountability and Oversight
Senior management is now explicitly accountable for the adequacy of internal risk management. A designated manager must oversee the system, ensure regular risk assessments, and approve major changes. The guidelines also stress the importance of documenting and updating the risk analysis annually, or more frequently if significant changes occur.
For entities operating within groups, parent companies are responsible for group-wide risk assessments, a mandate detailed further in Chapter 11 of the guidance.
Practical Steps: From Customer Checks to Training
Institutions are expected to conduct thorough customer due diligence before initiating business relationships or high-value transactions. This includes:
-
Verifying the identities of natural and legal persons
-
Identifying economic beneficiaries—those with ownership or control over an entity
-
Monitoring for suspicious activity throughout the business relationship
Enhanced due diligence must be applied in higher-risk situations, including when dealing with politically exposed persons (PEPs). Institutions must screen not only the PEPs themselves but also their close family and associates.
To support these efforts, staff training is mandatory. Employees must understand the risks, red flags, and their responsibilities under the GwG. Training programs should be tailored to specific roles and updated regularly.
Money Laundering Officers: A Central Role
A critical internal safeguard is the appointment of a Money Laundering Officer (Geldwäschebeauftragter, or GWB). This individual must be independent, qualified, and fluent in German to liaise with regulators. The GWB is tasked with overseeing risk assessments, developing procedures, and reporting directly to senior management.
The appointment and dismissal of the GWB must be pre-approved by BaFin, which retains the authority to revoke appointments if qualifications are deemed insufficient.
Digital and Simplified Identification
Recognizing technological advances, BaFin reaffirms the validity of electronic and video-based identification methods, especially for onboarding natural persons. In some circumstances—such as working with elderly or mobility-impaired clients—simplified procedures may apply, provided there’s no compromise on risk detection.
Adaptation and Continuous Monitoring
The guidelines emphasize that compliance is not a static requirement. Obligated entities must continuously monitor client behavior, transaction patterns, and external threats. Internal controls must evolve alongside emerging risks, regulatory changes, and technological developments.
BaFin has also provided examples of internal measures but clarifies that the list is non-exhaustive. Institutions are encouraged to go beyond minimum standards when warranted by their risk profile.
Conclusion: A System in Transition
The July 2025 update marks a significant evolution in Germany’s anti-money laundering framework. With the EU’s AMLA and direct regulations on the horizon, BaFin’s latest guidance positions German institutions to meet both current and future challenges. It sends a clear message: proactive risk management and transparency are non-negotiable in today’s financial landscape.
As BaFin tightens expectations and oversight, the onus is now on obligated entities—large and small—to turn policy into practice. Failure to comply not only threatens reputational damage but could also trigger regulatory action in a world where financial crime leaves no borders untouched.
For more information, the full guidance can be accessed below.
By FCCT Editorial Team
