KYC Compliance in France 2026: ACPR Rules, AMLA and 6AMLD Requirements

In 2024, AML/CFT related penalties totaled to an amount of EUR 5.2 million in France. By 2025, France had climbed to second globally among AML enforcers, issuing penalties for AML, KYC and CDD breaches of over 1.11 billion USD.  For regulated businesses, France KYC compliance and financial compliance France-wide are only becoming more demanding. This guide maps what ACPR rules, the EU AMLA framework, and 6AMLD requirements mean for your compliance program in 2026.

What is KYC compliance in France?

KYC compliance in France requires regulated entities to identify and verify customers before entering a business relationship, maintain that verification on an ongoing basis, and report suspicious activity through the proper channels. The legal framework draws from the French Monetary and Financial Code, successive EU AML directives, and ACPR guidelines that spell out how those rules are applied in practice.

Who must comply with France KYC regulations?

The scope of KYC France regulations extends well beyond banks. Under the Monetary and Financial Code, obliged entities include credit institutions, insurance companies, investment firms, payment service providers, crypto-asset service providers (CASPs), notaries, accountants, and lawyers involved in financial transactions. Since 2021, CASPs operating in France must register with ACPR and meet the same customer due diligence (CDD) and enhanced due diligence (EDD) standards as banks, including periodic KYC updates for high-risk clients.

Core obligations under French KYC law

KYC verification in France rests on three interconnected steps. First, the entity must collect and verify identity data using a valid official document before entering a business relationship or before an occasional transaction crosses the regulatory threshold. Second, for corporate clients, beneficial ownership must be established by identifying any natural person holding more than 25% ownership or control. Third, ongoing monitoring must continue throughout the relationship. Entities must also document their procedures, train staff, and appoint a designated AML officer responsible for internal governance.

How does ACPR enforce AML rules in France?

The ACPR is France’s primary prudential supervisor for AML/CFT compliance, with authority over banking, insurance, and payment services. As of 2026, ACPR enforcement has grown more document-intensive, with inspectors scrutinising the reasoning behind suspicious transaction reports and the governance frameworks supporting them, not just whether filings were submitted on time.

ACPR supervisory scope and penalties

ACPR’s oversight spans more than 7,000 regulated entities across banking, insurance, and financial markets. Under ACPR AML rules that transposed the fourth and fifth EU directives into French law, penalties for legal entities can reach EUR 100 million or 10% of annual net turnover, whichever is greater. For individuals, liability reaches EUR 5 million. Enforcement attention in 2026 concentrates on three areas: adequacy of customer risk assessments, quality and timeliness of TRACFIN suspicious transaction filings, and the governance structures used to oversee AML compliance requirements across the business. Firms that treat these as documentation exercises rather than operational controls face the highest risk of formal action.

TRACFIN and suspicious activity reporting

TRACFIN (Traitement du renseignement et action contre les circuits financiers clandestins) is France’s financial intelligence unit. Regulated entities must file a suspicious transaction report whenever there are reasonable grounds to suspect funds are connected to money laundering or terrorist financing, with no minimum transaction threshold applying. For France AML compliance 2026, TRACFIN expects reports to be well-reasoned and substantiated, not filed defensively to cover regulatory exposure. Entities in high-risk sectors, including crypto, gaming, and cross-border payments, face elevated expectations for the specificity and frequency of their filings.

What do 6AMLD requirements mean for French businesses?

The Sixth Anti-Money Laundering Directive (6AMLD) reshaped how money laundering offenses are defined and prosecuted across EU member states, and France has incorporated its provisions into national law. 6AMLD requirements shift the compliance question from whether screening happened to whether the firm can demonstrate it understood the risk behind each decision it made.

Extended predicate offenses and corporate liability

6AMLD expanded the EU’s money laundering framework by establishing 22 harmonised predicate offenses, including cybercrime and environmental crime, which previously received inconsistent treatment across member states. The directive also extended criminal liability to legal entities, meaning a company can face prosecution for money laundering offenses committed on its behalf. Minimum prison terms for responsible individuals reached four years, and economic sanctions rose to EUR 5 million. For French compliance programs, these changes require AML controls to account for a broader range of underlying criminal activities than earlier directives demanded.

How EU AMLA change oversight from 2026?

The European Anti-Money Laundering Authority (AMLA) formally began operations on 1 July 2025, per the authority’s official launch statement. AMLA’s role in 2026 is to coordinate national supervisors including ACPR, develop binding regulatory technical standards, and finalise a common risk-assessment methodology ahead of taking direct supervisory authority over 40 high-risk EU financial institutions from 2028. For regulated businesses in France, AMLA’s influence is already present. ACPR has aligned its supervisory practices with AMLA’s evolving standards, raising the benchmark for adequate KYC toward the most stringent EU model rather than the national average.

Building a KYC compliance program in France

Building financial compliance in France for 2026 requires integrating digital identity verification, event-driven monitoring, and automated transaction screening into a single auditable workflow that ACPR can trace from end to end. According to the United Nations Office on Drugs and Crime (UNODC), between EUR 715 billion and EUR 1.87 trillion is laundered globally each year, representing 2 to 5% of global GDP. Approximately $750 billion of that flows through Europe annually, according to a Nasdaq Verafin financial crime analysis. That scale of illicit activity is precisely why ACPR inspectors now expect firms to demonstrate real-time controls, not summaries of periodic reviews.

Digital Identity Verification France

Digital Identity Verification France has shifted from a process upgrade to a regulatory baseline. ACPR guidance increasingly favours automated verification systems that capture and validate identity documents in real time, reducing the manual review queues that characterise legacy onboarding. Under AMLA’s forthcoming technical standards, digital verification must meet specific requirements around data integrity, liveness detection, and audit trail completeness. Fraud prevention KYC software that integrates document capture, biometric checks, and sanctions screening through a single API has become the operational standard for France-regulated onboarding flows.

Perpetual KYC France and continuous monitoring

Perpetual KYC France replaces scheduled periodic reviews with trigger-based monitoring that updates customer risk profiles when relevant events occur, such as a change in beneficial ownership, a new adverse media alert, or a transaction flagged by the screening engine. Continuous KYC Monitoring France reflects this model in practice: risk-score changes are surfaced automatically, prompting a targeted review rather than waiting for the next annual cycle. ACPR’s 2026 supervisory examinations increasingly probe whether firms’ monitoring systems can demonstrate this kind of event-driven responsiveness rather than calendar-based batch processing.

AML transaction screening for France banks

In 2026, AML Transaction Screening for France banks must extend beyond standard payment flows to cover crypto transfers, inter-company flows, and cross-border transactions within TRACFIN’s reporting scope. The European Commission’s guidance on money laundering prevention supports real-time screening against sanctions lists, politically exposed person (PEP) registries, and adverse media feeds as baseline requirements. Batch-mode screening programmes that process results on a delay no longer meet ACPR’s expectations for high-risk entity categories operating in France in 2026.