1. AMLA Consultation on Draft RTS: Context and Objectives

On 9 February 2026, AMLA published its consultation paper on the draft RTS under Article 28(1) of Regulation (EU) 2024/1624 (AMLR), specifying how obliged entities should apply CDD requirements in practice, including the information and documents to be collected. The consultation closed on 8 May 2026. AMLA held a public hearing on 24 March 2026.

The draft RTS builds on the EBA’s response to the European Commission’s Call for Advice, delivered on 30 October 2025, and incorporates amendments following AMLA’s review and input from the Commission’s expert group on ML/TF. AMLA has provided a track-changes version against the EBA’s original to facilitate review.

Rationale

The AMLR harmonises CDD obligations as a directly applicable regulation across all Member States from 10 July 2027. The RTS provides the technical detail for implementation: what information must be collected, from which sources, under what conditions, and to what standard of verification. It covers standard, simplified, and enhanced due diligence, as well as targeted financial sanctions screening, PEP identification, and specific provisions for complex corporate structures, collective investment undertakings, and electronic identification.

Objective

The RTS aims to ensure a proportionate, risk-based, and harmonised application of CDD across all categories of obliged entities, including new entrants under the expanded AMLR scope. These include crypto-asset service providers, high-value goods dealers and, from 2029, football agents and professional football clubs. AMLA specifically sought non-financial sector input given limited participation in the EBA’s 2025 consultation.

Estimated timeline to entry into force

The consultation closed on 8 May 2026. AMLA is expected to issue a feedback statement summarising the responses received and to submit the final draft RTS to the Commission by 10 July 2026; the final text has not been published at the date of this paper.

In parallel, AMLA opened a second wave of consultations in April 2026:

·        One on group-wide AML/CFT requirements (Articles 16(4) and 17(3) AMLR, with submission to the Commission due by 30 September 2026); and

·        One on the business-wide risk assessment (Article 10(4) AMLR), with public hearings held on 20 and 28 May 2026.

These workstreams are connected, as: the customer-level information collected under the CDD RTS is the raw material that feeds both the business-wide risk assessment and group-wide obligations.

2. The proportionality question

2.1 What the consultation revealed

The consultation produced a consistent message from across the financial and non-financial sectors.

Respondents broadly support harmonisation, but they warn that the draft RTS is more prescriptive than the AMLR it implements, and that this risks weakening the risk-based approach the Level 1 framework is built on. This is the central tension in the file, and it is the one an obliged entity has to manage.

A credible operational response is to make proportionality explicit, evidenced and reviewable, and automation can support that where it preserves risk-based judgement, rather than replacing it.

The AMLR generally uses risk-sensitive wording such as “where necessary” or “may include”, while several provisions of the draft CDD RTS adopt a mandatory register such as “shall obtain” or “shall at least”, which converts measures intended to be optional into compulsory ones. Industry responses to the EBA’s earlier consultation, carried into the AMLA process, made this point directly and asked for the text to be realigned with the proportionality principle. Accountancy Europe raised the same concern for the non-financial sector, noting that detailed CDD measures leave limited room for sector-specific judgement and that short refresh timeframes for existing high-risk customers are operationally heavy for smaller firms. The European Banking Federation warned that overly prescriptive requirements raise cost and harm financial inclusion without improving outcomes.

CleverChain’s position is that the proportionality objection is well founded and that the resolution is operational. A prescriptive standard becomes manageable when the work of collecting, sourcing and reconciling information is automated, and when the calibration decisions (what was checked, why a measure was applied or stood down, what remains outstanding) are recorded as evidence rather than left implicit. That is what turns a heavier rulebook from a cost problem into a controlled, defensible process. It is also what a supervisor will look for, meaning not maximal data on every customer, but a demonstrable, risk-based rationale for the measures taken on each.

2.2 Three angles worth weighing

The burden objection is quantifiable, and it is the strongest case for automation. The most cited figure in the wider package is the volume of data points that the risk-assessment and supervision standards would require institutions to assess, which the European Banking Federation described as a disproportionate burden under tight timeframes and asked to be reduced to a core set for initial implementation. Whether or not that figure is trimmed, the direction of travel is more structured data, collected more often, across more entity types, including new obliged entities such as crypto-asset service providers and high-value goods dealers. Manual processes do not scale to that, while automation that produces a consistent, sourced, auditable record per entity in a short time is the mechanism by which an obliged entity meets a demanding standard without a proportionate increase in cost and headcount.

Technological neutrality is widely recommended. Respondents cautioned against the RTS privileging a single solution, in particular electronic identification under eIDAS, over other secure remote verification methods, on the basis that mandating one rail would limit flexibility and innovation where other safeguards are adequate. The same principle supports source-agnostic due diligence. A process that draws on official registries, licensed commercial data and open sources, and that records the reliability of each source against the Article 8 criteria, is more durable than one tied to any single data rail or identity scheme. Technological neutrality is an argument supporting evidenced, multi-source diligence.

There are two provisions numbered Article 12, and they should not be confused. Article 12 of the CDD RTS defines the complex corporate structure and the enhanced measures that follow, and is the subject of Section 4 below. Article 12 of the AMLA Regulation (Regulation (EU) 2024/1620) is a separate provision governing the methodology for selecting institutions for direct supervision. Some commentary on “Article 12 thresholds being too rigid” refers to the supervisory-selection methodology, not to complex corporate structures. The distinction matters for anyone mapping obligations, and this paper draws it explicitly for the sake of clarity.

2.3 What may change in the final RTS

The provisions most likely to move between the consulted draft and the final text are also those under the most pressure from respondents. Both this paper and any obliged entity’s planning should treat the following as live rather than settled:

•        The mandatory register (“shall obtain”, “shall at least”) may be softened towards the AMLR’s risk-sensitive language;

•        The scope of senior managing officials as a residual category may be clarified, after concern (raised by AFME) that it widens the population subject to identification without a commensurate risk benefit;

•        Refresh timeframes for existing high-risk customers may be made more proportionate for smaller and non-financial firms;

•        The treatment of electronic identification and remote verification may be revised in favour of technological neutrality;

•        Article numbering may shift relative to the EBA draft, so the references in this paper should be checked against the final text.

Against that background, the sections that follow set out how contextual, agentic due diligence supports the obligations as drafted, while remaining robust to the calibration changes the final text is likely to bring.

3. Contextual Intelligence: VERA’s Role in the CDD Control Framework

VERA is CleverChain’s autonomous AI Due Diligence Agent capable of end-to-end CDD/EDD on physical and legal entities, including in complex cases. VERA combines proprietary, internal and open-source intelligence to deliver targeted contextualized insights and screening, consistently with the user’s individual policies and procedures. It generates entity reports capturing and explaining every investigative step, surfacing key data sources, spotlighting risk outcomes and anchoring findings with verifiable links and sources. It surfaces indicators of AML, fraud, operational, financial and reputational threats to accelerate onboarding, reviews and remediation on customers, partners and suppliers.

VERA supports rather than replaces the obliged entity’s CDD, EDD, escalation and acceptance decisions. Its function is to collect, reconcile, contextualise and evidence due diligence information and to surface risk indicators and information gaps. Its limits, and the institution’s retained accountability, are set out in Section 6.

The following capabilities of VERA are directly relevant to the draft RTS.

3.1 From verification to contextual KYB

A foundational distinction underlies the entire RTS: verification confirms that a legal entity exists, while KYB establishes and maintains a documented, evidence-based understanding of who a customer is, what it actually does, who controls it, and how its risk profile evolves over time.

The RTS operationalises the four regulatory obligations that separate KYB from verification: establishing the purpose and intended nature of the relationship (Art. 18), identifying beneficial ownership and control structures (Arts. 11–12), conducting a customer risk assessment grounded in activity intelligence, and maintaining that assessment through ongoing monitoring customer information updates under AMLR Art. 26, with entry into force as per draft RTS (Art. 33). These obligations are codified expectations of FATF, JMLSG, BCBS, EBA, and FinCEN. VERA is built to address all four, not merely the first.

Registry data reflects what a company is on paper at the point of its last filing, not what it does operationally, not who exercises actual control, and not how its risk profile is changing. A business that pivots into new products, onboards new counterparties, or expands into higher-risk jurisdictions may not trigger any registry event for months or years. From a verification standpoint, nothing has changed. From a risk standpoint, everything has. VERA addresses that gap by producing contextual intelligence that goes beyond static identity confirmation to deliver the business understanding the RTS requires.

3.2 Entity identification and multi-source verification

VERA collects and cross-references entity data (legal name, trade name, aliases, registration numbers, LEI, addresses, legal form, jurisdiction, status) from official registries, commercial data sources and public directories. Each data point is sourced and cited independently, enabling obliged entities to demonstrate the reliability and independence of their verification sources as required by Art. 8 of the RTS (credibility, official status, up-to-dateness, accuracy, forgery resistance).

3.3 Ownership, control and complex-structure intelligence

VERA traverses the full ownership chain from target entity to ultimate beneficial owners, identifying each intermediate entity, its jurisdiction, legal form, and percentage holdings. The output includes a structured organigram and a narrative description of the chain. Where no natural person meets the applicable UBO threshold, VERA identifies senior managing officials by the residual method and documents the exhaustion of identification means.

Genuine control intelligence requires mapping more than legal ownership. VERA analyses direct and indirect shareholding, circular ownerships, trust and foundation layers, shared directorships across entities, and the informal control relationships that sit outside formal structures. For complex, multi-tier groups (such as those with holding structures spanning multiple jurisdictions, publicly listed parents with institutional and family-controlled shareholding blocks, or entities where control is exercised through family arrangements and board composition rather than majority shareholding), VERA leverages documentation of public domain beyond registry extracts, such as annual reports, audited financial statements, corporate governance disclosures, regulatory filings, and LEI data.

VERA also assesses automatically whether a customer’s ownership structure meets the Art. 12 complexity test and, where it does, produces the additional information the RTS requires. Section 4 sets this out in full.

3.4 Additional dimensions of risk

Address screening. VERA performs a structured assessment of registered and trading addresses against multiple checkpoints including e.g. property type and occupancy, virtual-office and mail-forwarding detection, marketing/directory presence, adverse media and legal filings linked to the address, other resident/occupant associations, telephone and domain reverse-lookups, and regional crime/risk profiling. This goes beyond confirming that an address exists (verification) and into understanding what the address reveals about the entity’s operational reality.

Nature of business. VERA cross-references all available activity codes (SIC, NAICS, NACE, local codes) against actual observed behaviour: web presence, trading footprint, directory listings, product/service descriptions, regulatory permissions, and import/export records. Where the declared activity diverges from the evidenced activity, the gap is flagged. This directly supports Art. 18(e) (business activity) and the broader obligation under Art. 25 to obtain additional information enabling the obliged entity to assess ML/TF risks comprehensively. The user is systematically notified about data being verified/univocal, indeterminate, or inferred.

Financial health and operational risk. For legal entities, VERA provides not just raw financial data but analytical indicators: liquidity and solvency ratios, profitability trends, debt and leverage, cash position, group support dynamics, and sector/market risk factors. These enable obliged entities to assess whether a customer’s financial profile is consistent with its declared activity and transaction patterns, directly supporting Art. 18(b) (estimated amount of envisaged activities) and Art. 28 (transaction consistency in EDD).

3.5 Risk-relevant natural persons

The RTS applies not only to legal entities but also to relevant natural persons, including beneficial owners, senior managing officials identified through the residual method, PEPs, family members and close associates, persons purporting to act on behalf of the customer, and directors where they fall into one of those categories or are otherwise risk-relevant.

VERA’s due diligence on individuals produces structured, investigator-grade output covering, among the others, the following data blocks:

•      Identity and PEP classification. Full name (including transliterations across scripts), date of birth, nationality, jurisdiction. PEP status assessed against parliamentary, governmental, and regulatory records, with tenure dates and ongoing post-tenure risk classification per FATF guidance.

•      Source of Funds/Wealth. Career and wealth timeline, wealth drivers, corporate scale indicators, estimated wealth range. Self-reported claims are cross-referenced against corroborated evidence, reputable media and corporate filings. Information gaps and confidence levels are documented explicitly. This enables obliged entities to populate the SoF/SoW information fields the RTS specifies for both standard (Art. 18(c)) and enhanced due diligence (Art. 27).

•      Associations map: companies, business associates, and family members. Each associated entity is identified by sector, jurisdiction, relationship type, ownership/control classification, status, and risk flags. Associated individuals are classified by role, relationship, jurisdiction, and risk indicators. Family members used as proxy asset holders are flagged with supporting evidence.

•      Corroboration and information gaps. The report explicitly distinguishes between well-corroborated findings (official records, reputable investigative journalism, multiple independent sources) and lower-confidence claims (single-source, kompromat-style publications, unverified registry matches). Where information is missing or fragmentary, the gap is documented rather than papered over.

This structure enables obliged entities to satisfy their identification and verification obligations for beneficial owners and SMOs (Arts. 10, 13), PEP screening requirements (Art. 19), and the EDD requirement for additional information on the source of wealth of beneficial owners (Art. 27).

3.6 Network analysis and risk-relevant directorship patterns

VERA identifies links of individuals and businesses to a network of third parties globally, mapping where a person acts as director, UBO, or shareholder across jurisdictions. Each connection is validated against name and date of birth, with match status graded as positive, indeterminate, or unmatched. This surfaces hidden corporate clusters, cross-border directorship overlaps, and entity proliferation patterns that static screening cannot detect.

VERA also detects behavioural indicators at the individual-corporate nexus: compulsory strike-off patterns, rapid entity churn, address clustering across multiple registrations, dormant or paper-capital filings, SIC mismatches between registered and actual activity, wave incorporation, and mass dissolution bursts. These patterns are relevant to the RTS’s requirement to understand the ownership and control structure (Art. 11) and to assess whether structures obfuscate ownership with no legitimate rationale (Art. 12(1)(d)). For instance, an individual registered as director of multiple recently incorporated, dormant entities at a single shared address, with no verifiable trading activity, represents a materially different risk profile from a director of a single operating company at its own commercial premises. VERA flags these patterns systematically, enabling the obliged entity to make informed Art. 12 determinations.

3.7 Screening, adverse media and reputational intelligence

Sanctions, PEP and adverse media screening use multi-attribute, contextual entity resolution (name, date of birth, role, geography, corporate identifiers) rather than string matching alone, which discounts false positives while reducing the false negatives that list-based screening misses. Screening covers a configurable universe of sanctions lists and major leak databases, and media is analysed across languages, transliterations and scripts (including e.g. Arabic, Cyrillic and Chinese), capturing signals that monolingual watchlists omit. Each finding is attributed, timestamped, and graded by type, status and confidence, with allegations, investigations, convictions, settlements, sanctions and acquittals treated as distinct events rather than equivalent ones. Positive signals such as acquittals and regulatory clearances are captured alongside adverse ones, avoiding the one-sided risk accumulation of watchlist-only approaches.

VERA also performs behavioural consistency checks: testing the alignment between a company’s public statements (corporate governance disclosures, ESG commitments, sustainability reports, investor communications) and its evidenced behaviour. Where a company publicly commits to exiting a sanctioned or conflict jurisdiction but continues to operate there, or where declared compliance postures are contradicted by regulatory penalties, product recalls, or supply chain findings, the gap is flagged as a reputational risk indicator. Similarly, a company designated by a foreign government as a “war sponsor” while maintaining that its operations are limited to “essential goods” presents a consistency gap that requires documented assessment, not a binary screening result. This type of analysis is not typically captured by watchlists and mainstream screening approaches, as it requires the contextual reasoning that agentic due diligence provides.

3.8 Audit trail, policy mapping and deployment

Every investigative step is explained, logged and timestamped. Reports include a detailed entity resolution methodology (exact/fuzzy matching, multi-language transliteration, alias consolidation, multi-factor validation, false positive mitigation controls) and a complete evidence appendix with source URLs and retrieval dates. This native audit trail aligns with the RTS’s requirements for demonstrating verification measures to competent authorities. Transparency, auditability, bias testing and explainability controls are core elements of the VERA testing that CleverChain is conducting as part of the UK FCA Regulatory Sandbox.

VERA’s DD protocol, format, data blocks, and risk sensitivity are configurable by institution, product, customer segment, and jurisdiction. Obliged entities can calibrate output in line with the RTS’s risk-based proportionality principle (Art. 1), within the overarching AMLR and RTS framework. Each VERA report then concludes with a structured control checklist mapping the obliged entity’s CDD/EDD policy and regulatory requirements against the information collected, with completion status per item (completed, partial, outstanding). The checklist serves as both an operational quality control and an audit-ready compliance artefact, directly demonstrating to supervisors that the information and documents required by the RTS have been obtained, or that the gaps have been identified and documented. Where items remain outstanding, the checklist makes the gap visible and actionable rather than concealed within a narrative report.

VERA produces structured due diligence reports in minutes where source availability and case complexity permit, including for many complex corporate structures. More complex cases may still require customer outreach, additional documentation or analyst review. Deployment is available through a secure web application, with API and MCP endpoints supporting integration into onboarding, periodic review, remediation and case-management workflows.

4. Focus on Article 12: Complex Corporate Structures

Article 12 is among the most significant additions in the AMLA version of the RTS. It introduces, for the first time, a formal definition of “complex corporate structure” and requires obliged entities to obtain additional information and apply risk-sensitive measures to satisfy themselves that the ownership and control information is accurate, complete and sufficiently understood.

4.1 Definition (Art. 12(1))

The RTS defines a complex corporate structure as one where there are three or more layers between the customer and the beneficial owner, and in addition, more than one of the following conditions is met:

•        (a) a legal arrangement or similar legal entity such as a foundation in any of the layers

•        (b) the customer and any legal entities present at any of these layers are registered in jurisdictions outside the EU

•        (c) there are nominee shareholders or nominee directors involved in the structure

•        (d) the structure obfuscates or diminishes transparency of ownership with no legitimate economic rationale or justification

A deliberately narrowed threshold, and the gap it leaves. The three-layer test is itself the product of a recent narrowing. An earlier draft would have treated a structure with only two intermediate layers as complex, while the revised definition requires three or more layers and more than one of conditions (a) to (d), so that ordinary multi-layer structures with an evident rationale are no longer caught automatically. Such recalibration leaves a gap because a two-layer structure that is deliberately opaque, with nominee involvement or no legitimate rationale, now sits below the automatic Article 12 trigger. This is where contextual intelligence earns its place, and  VERA assesses opacity and rationale on their own evidence, independent of the layer count, so a structure that escapes the formal threshold but behaves like a shell is still surfaced for the obliged entity to assess.

Assessing condition (d): guidance and best practice. Condition (d) is the most operationally demanding of the four Art. 12(1) criteria. Unlike conditions (a) to (c), which can be determined from structural facts (legal form, jurisdiction, nominee status), condition (d) requires a two-stage qualitative assessment: first, detecting indicators of opacity; second, testing whether a legitimate economic rationale exists for the structure observed. This assessment should be documented as a structured record (indicators detected, per category; legitimate rationale identified, with explanation either way), creating the auditable trail that Art. 12(2) and (3) contemplate.

International standard-setters and supervisory authorities have developed converging indicator frameworks for detecting opacity without legitimate purpose. FATF’s updated guidance on beneficial ownership of legal persons under Recommendation 24, together with its guidance on beneficial ownership and transparency of legal arrangements under Recommendation 25, emphasises the need for adequate, accurate and up-to-date beneficial ownership information, effective access to such information, and measures addressing the misuse of complex ownership structures, nominees and legal arrangements. The joint FATF/Egmont Group report on Concealment of Beneficial Ownership remains relevant for typologies, identifying recurring concealment indicators including mass nominee arrangements, informal nominees, addresses associated with trust and company service providers, and multi-jurisdictional layering designed to frustrate tracing. The JMLSG Guidance (Part I, Chapter 4) frames the assessment as a direct question for obliged entities: if the customer's ownership and control structure is complex or opaque, is there an obvious commercial or lawful rationale? It lists bearer shares, nominee shareholders, and structures that could serve as asset-holding vehicles as relevant risk factors requiring documented assessment. Similar expectations on ownership transparency, bearer share disclosure, and related-party aggregation appear in the Wolfsberg Group's Correspondent Banking Due Diligence Questionnaire (CBDDQ v1.4, 2023). Looking at individual EU Regulators, the Bank of Italy’s Financial Intelligence Unit (UIF) published a synthetic indicator (Quaderno dell’antiriciclaggio No. 15, 2020) combining balance-sheet ratios to identify shell companies used for invoice fraud, demonstrating that shell entities leave a measurable financial footprint such as revenue-to-employee anomalies, cost structure irregularities, capital adequacy gaps, and turnover volatility that diverge systematically from operating companies in the same sector.

For the opacity detection stage, these frameworks converge on a common set of indicator categories:

     i.        Financial anomalies: e.g. revenue disproportionate to employee count, minimal operational expenditure relative to declared turnover, capital inadequacy;

    ii.        Operational substance gaps: e.g. virtual offices, mail-forwarding addresses, mass-registration addresses, absence of verifiable web or commercial presence;

   iii.        Director and UBO behavioural patterns: e.g. mass directorships, rapid entity churn, compulsory strike-off histories, dormancy, wave incorporation;

   iv.        Offshore leak exposure: e.g. ICIJ Offshore Leaks, Panama Papers, Paradise Papers, Pandora Papers; and

    v.        Activity code mismatches: e.g. declared SIC/NACE codes inconsistent with, or unsupported by, any evidenced commercial activity.

The EU’s proposed so-called ATAD III / Unshell Directive reflected a similar analytical framework through its substance-test gateway indicators, focusing on predominantly passive income, cross-border activity, and outsourcing of administration or decision-making. In its June 2025 ECOFIN tax report, Council document 9960/25, ECOFIN recorded that the latest Unshell compromise text overlapped with DAC6 hallmarks and that many delegations considered the objectives of the Unshell proposal could be pursued through clarifications or amendments to DAC6 hallmarks, possibly in the context of a future DAC legislative proposal. The report therefore indicated that work on the standalone Unshell proposal should not continue in Council.

For the rationale assessment stage, the obliged entity must consider whether recognised justifications exist for the observed structure. Legitimate rationales may include: tax efficiency within lawful parameters, regulatory ring-fencing (e.g. capital or licensing requirements), asset protection in jurisdictions with creditor-friendly regimes, joint venture structuring, intellectual property holding arrangements, group treasury centralisation, or political/security risk mitigation for UBOs in hostile jurisdictions. Where no such rationale is apparent from the documentation, business context, or customer explanation, and where opacity indicators are present, condition (d) is satisfied. VERA’s approach to this assessment is described in Section 4.3 below.

4.2 Additional information & risk-sensitive accuracy measures (Art. 12(2)–(3))

Where the Article 12 conditions are met, obliged entities must take reasonable measures and, where necessary, obtain additional information, such as an organigram, to complement the information collected under Article 11. They must also apply risk-sensitive measures to satisfy themselves that the information obtained is accurate and provides a comprehensive understanding of the ownership and control structure.

These requirements are distinct from formal enhanced due diligence under the RTS, although the presence of a complex corporate structure may inform the obliged entity’s overall customer risk assessment and may contribute to an EDD decision where the broader risk profile justifies it.

4.3 How VERA addresses Article 12

VERA supports the Art. 12 workflow without requiring obliged entities to build complex-structure detection and evidence collection from scratch.

In fact, the complex structure detection, organigram, complementary intelligence, and accuracy controls are embedded in the standard and advanced due diligence product.

More specifically:

Layer traversal and condition detection. VERA automatically traverses the full ownership chain, counting layers and assessing each against the Art. 12(1) conditions. VERA identifies the number of intermediate layers, flags extra-EU jurisdictions in the chain as potentially relevant to condition (b), subject to the full Art. 12 test, and tests for the presence of legal arrangements (condition (a)), nominee structures (condition (c)), and opacity without legitimate rationale (condition (d)). The obliged entity can make the Art. 12(1) determination directly from the output.

Conversely, for widely-held listed entities with dispersed institutional shareholders, VERA identifies that no natural person meets the applicable UBO threshold, applies the residual method (naming senior managing officials with role and source citation), and traces each institutional shareholder block upstream to confirm that none individually or collectively triggers the ownership threshold. This dual capability, handling both concentrated family-controlled chains and dispersed public ownership structures, is essential for Art. 12 compliance across customer types.

Organigram generation. Both standard and advanced due diligence reports include a structured ownership chart showing the full chain from target entity to UBOs, with percentage holdings, legal forms, and jurisdictions at each level. This supports the organigram-type information contemplated by Art. 12(2).

Complementary intelligence beyond Art. 11. VERA’s output goes beyond the Art. 11 baseline by adding shell company checks, residual ownership reconciliation (quantifying how the remaining unattributed ownership is composed and why it does not trigger additional UBO identification), and linkage tests (assessing whether residual holders are connected parties, state-linked, or acting in concert). These are precisely the types of “additional information” Art. 12(2) contemplates.

Opacity assessment and shell company detection (Art. 12(1)(d)). VERA addresses Art. 12(1)(d) through a convergence of multiple detection layers rather than a single binary indicator. Financial anomaly detection analyses filed financial statements to identify ratios inconsistent with stated sector activity, anomalous cost structures, minimal or zero operational expenditure relative to declared turnover, and capital adequacy gaps, mirroring the analytical approach of synthetic indicators such as the one developed by the Bank of Italy’s UIF for shell company identification. Operational substance verification tests for virtual offices, mail-forwarding services, mass-registration addresses, and absence of verifiable physical premises, combined with web presence analysis, directory listings, and telephone/domain reverse-lookups. Director and UBO pattern analysis identifies mass directorships, rapid entity churn, compulsory strike-off patterns, address clustering across multiple registrations, dormancy, SIC mismatches, wave incorporation, and dissolution bursts, as described in Section 3 above. Offshore leak and enforcement database cross-referencing screens against e.g. ICIJ Offshore Leaks, Panama Papers, Paradise Papers, and Pandora Papers. Nature-of-business consistency testing flags cases where declared activity codes diverge from evidenced activity or where no evidenced activity exists. Collectively, these layers enable VERA to present the evidence on both sides of the Art. 12(1)(d) assessment: opacity indicators found and potential legitimate explanations available from the documentary record. The obliged entity can then make and document the determination.

Residual ownership reconciliation. For dispersed ownership structures, VERA performs a full residual reconciliation: summing identified institutional blocks, quantifying treasury/self-held shares, estimating the composition of the remainder (retail, institutional sub-threshold, nominee/custodian), and testing for connected-party aggregation. Where the sum of UBO path and residual equals 100%, each exclusion is justified explicitly. This supports the broader Article 11/12 objective of understanding ownership and control, while contributing to the Art. 12(3) accuracy check.

Group-level risk surfacing. A verified entity at subsidiary level may present no adverse findings of its own, while the parent group in another jurisdiction has been subject to significant criminal or regulatory enforcement. VERA independently screens each entity in the chain against adverse media, enforcement databases, and regulatory filings. The subsidiary’s operational cleanliness is documented alongside the group-level risk, ensuring the obliged entity captures the full picture. This group-level intelligence is often missed by verification-only processes and by screening configurations that examine the target entity in isolation.

Multi-source accuracy assurance. VERA’s entity resolution methodology (documented in each report) covers exact and fuzzy matching, multi-language transliteration, alias database consolidation, multi-factor validation, and false positive mitigation. Each ownership datum is cross-referenced across at least two independent sources (registry, commercial data, market data, annual reports). This addresses the Art. 12(3) requirement that obliged entities take risk-sensitive measures to ensure accuracy.

5. Mapping of VERA’s Capabilities and the Draft RTS

The table below maps VERA’s capabilities to the relevant obligations. It is anchored on the Level 1 obligations in the AMLR, which are settled, and uses the draft RTS article references for the technical detail. Because the RTS is still in consultation, individual article numbers and some wording may change in the final text; the underlying AMLR obligations, and VERA’s coverage of them, do not depend on that detail.

6. Limitations, Governance and Control Considerations

A proportionate due diligence process must recognise the limits of the information environment in which it operates. Accordingly, VERA is designed to surface and document those limits.

First, source availability and quality vary materially across jurisdictions, entity types and data categories. Registry filings may be delayed, incomplete, inconsistent or unavailable. Commercial data providers may differ in coverage and may sometimes rely on overlapping upstream sources. Open-source information may be fragmented, outdated, duplicated, mistranslated or difficult to attribute. For that reason, VERA records the source basis for each material finding and distinguishes between verified, corroborated, inferred, indeterminate and missing information.

Second, ownership and control analysis remains subject to structural and legal constraints. Some jurisdictions do not provide public shareholder or beneficial ownership information. Nominee arrangements, trusts, foundations, bearer-like instruments, contractual control rights, family arrangements and informal influence may not be fully visible from public or commercial sources alone. Where the available evidence does not support a definitive conclusion, VERA flags the limitation and supports escalation, customer outreach or enhanced documentary review by the obliged entity.

Third, screening and entity resolution are probabilistic controls, not guarantees. Multi-attribute matching across names, aliases, transliterations, dates of birth, jurisdictions, addresses and corporate identifiers can reduce false positives and false negatives, but it cannot eliminate them. VERA therefore records match confidence, unresolved candidates and the basis on which matches are discounted or escalated.

Fourth, contextual and adverse media analysis requires governance. Risk findings should be assessed by source reliability, date, jurisdiction, status, severity, relevance and corroboration. Allegations, investigations, convictions, settlements, sanctions, acquittals and regulatory clearances should not be treated as equivalent events. VERA structures these distinctions, but the obliged entity remains responsible for applying its own risk appetite, policies and escalation standards.

Fifth, VERA supports but does not replace the obliged entity’s regulatory accountability. The institution remains responsible for customer acceptance, risk rating, EDD decisions, suspicious activity reporting, sanctions compliance, customer outreach, recordkeeping and final interpretation of applicable law and regulation.

Finally, deployment must be governed through appropriate controls on data protection, access rights, retention, audit logs, model and prompt configuration, output review, exception handling and change management. These controls are particularly important where VERA is integrated through APIs into onboarding, periodic review, remediation or case-management workflows.

Selected sources

The following sources inform this paper, while the RTS remains in draft form:

•        AMLA, consultation on the draft RTS under Article 28(1) AMLR (customer due diligence), published 9 February 2026; public hearing 24 March 2026; consultation closed 8 May 2026. amla.europa.eu

•        Regulation (EU) 2024/1624 (AMLR), Article 28(1), and Article 12 of the draft CDD RTS (complex corporate structures). eur-lex.europa.eu

•        Regulation (EU) 2024/1620 establishing AMLA, Article 12 (methodology for selecting obliged entities for direct supervision). eur-lex.europa.eu

•        EBA, response to the European Commission’s Call for Advice on AML/CFT, 30 October 2025. eba.europa.eu

•        European Banking Federation, response to the AMLA consultation on the draft RTS under Article 28(1) AMLR. ebf.eu

•        AFME, response to the AMLA consultation on the draft RTS under Article 28(1) AMLR. afme.eu

•        Accountancy Europe, response to the AMLA consultation on customer due diligence obligations under Article 28(1) AMLR. accountancyeurope.eu

•        Herbert Smith Freehills Kramer, note on the 2026 AML/CFT consultations. hsfkramer.com

•        Loyens and Loeff, AMLR is approaching: AMLA holds first public hearings on the draft RTS, 2026. loyensloeff.com

•        ECOFIN, Report 9960/25 on the proposed ATAD III (Unshell) Directive, June 2025. consilium.europa.eu

•        FATF, Guidance on Beneficial Ownership of Legal Persons, Recommendation 24, March 2023; FATF, Guidance on Beneficial Ownership and Transparency of Legal Arrangements, Recommendation 25, March 2024; FATF and Egmont Group, Concealment of Beneficial Ownership, July 2018. fatf-gafi.org

•        Bank of Italy, UIF, Quaderni dell’antiriciclaggio, No. 15, December 2020, “A synthetic indicator for the identification of shell companies”. uif.bancaditalia.it

© 2026 CleverChain.ai. All rights reserved. The original analysis, synthesis, structure and wording of this research are proprietary to CleverChain Limited. Public laws, regulatory materials and third-party sources cited remain the property of their respective owners. Reproduction or redistribution without prior written consent is prohibited, except for brief quotations with appropriate attribution or as otherwise permitted by law.

This document is provided for informational purposes only and does not constitute legal or regulatory advice. It reflects the draft RTS as published by AMLA on 9 February 2026 and the state of the consultation at the date of publication. The draft RTS may be amended before adoption, including in the provisions and article numbers referenced here; this paper is anchored on the Level 1 AMLR obligations, which are settled. Obliged entities should independently assess the final adopted text and take their own legal counsel on implementation. References to VERA’s capabilities are based on the platform’s production functionality as of June 2026.