PwC’s 2nd EMEA AML Survey - CEE Edition

Mind the Gap - what the 2026 EMEA AML Survey means for the CEE region

hero
  • June 29, 2026
1/4

of CEE financial institutions expect to be ready for the EU AML Package by July 2027

80%

of CEE financial institutions have launched a gap analysis to be compliant with the EU AML Package

10-30%

cost increases are expected by 45% of the CEE financial institutions in the coming years

70%+

of CEE financial institutions cite data quality as the top blocker in adopting AI for AML functions

The CEE edition - Key takeaways

  • CEE is advanced in preparation for the EU AML Package but closing the implementation gap remains a critical challenge
    The CEE region demonstrates relatively strong strategic preparedness for the EU AML Package, with many institutions having developed initial roadmaps and conducted early analysis. However, progress remains concentrated at the planning stage, with full end-to-end implementation still lagging. This reflects a broader pattern observed across the EU, where institutions have advanced in defining change programmes but are yet to translate these into operational capabilities.  

  • The 2027 deadline to be compliant with the new rules is driving structural AML cost pressure
    The fixed July 2027 compliance deadline is accelerating investment cycles and creating sustained cost pressure. In CEE, institutions expect comparatively high increases in AML compliance costs, driven by the need for system upgrades, data transformation, and enhanced operational capacity. Spending is likely to be front-loaded, with a strong focus on achieving near-term readiness.

  • Operational capacity is emerging as a key risk
    Operational scalability is becoming a key constraint across the region. A strong preference for in-house remediation, combined with the scale of required changes, is likely to place significant strain on existing teams. Institutions must manage both one-off remediation efforts and the ongoing increase in workload driven by more prescriptive and data-intensive requirements. In parallel, limited talent availability in some CEE markets may constrain the ability to scale capabilities quickly.

  • CEE is highly ambitious on AI and pragmatic in its application
    Institutions in the CEE region show strong ambition in adopting AI, but their approach remains pragmatic and use-case driven. Rather than pursuing broad, enterprise-wide transformation, firms are prioritising targeted deployment within core AML processes such as CDD, transaction monitoring, and screening.

  • Data quality will determine whether AI scales successfully
    Data has emerged as the primary constraint on scaling AI in AML. While investment appetite is strong, institutions continue to face challenges related to data quality, system fragmentation and governance. Without robust data foundations, AI solutions risk delivering inconsistent or non-compliant outcomes.

 Tomasz Joniec

Tomasz Joniec

Partner, Financial Crime Unit, PwC Poland 

Petr Kranda

Petr Kranda

Partner, Financial Crime Advisory, PwC Czech Republic

The second edition of PwC's EMEA AML Survey, Mind the Gap, captures a sector at an inflection point: the EU AML Package and Anti-Money Laundering Authority (AMLA) are reshaping operating models ahead of the 10 July 2027 go-live. For CEE institutions, the focus has shifted from awareness to action, with firms working on alignment to the requirements under the new regulatory framework. Layered on top of that is an AI agenda that has accelerated dramatically since our last edition, with GenAI and, more recently, Agentic AI redefining what is operationally possible within AML functions. The CEE region appears more advanced than most EU peers in preparing for the implementation of the EU AML Package.


However, early preparation does not necessarily translate into readiness: detailed implementation plans are still being developed across many institutions, resourcing and delivery capacity are rising as core vulnerabilities and data quality remain the dominant blocker preventing firms from using AI within their AML functions.


This edition is intended to serve as both a benchmark and a practical reference point for AML leaders in the CEE region as they shape the next 12 months of their compliance journey with the EU AML Package.

Making the best of the regulatory frameworks

Regulatory and supervisory effectiveness

The EU AML Package introduces a directly applicable single rulebook with a firm compliance deadline of 10 July 2027. With less than two years remaining, CEE financial institutions need to move from planning to delivery. The scale of the challenge ahead is reflected in the question on the impact of the changes: 78% of the financial institutions in the CEE region expect a significant (33%) or strong (45%) impact on processes and technical adjustments by 2027, one of the highest rates of anticipated impact across the EMEA. 

Yet awareness is not the same as readiness. Only a quarter of CEE respondents expect to be compliant with the new EU AML Package ahead of the implementation deadline. Most see compliance as a two-year journey, with 28% of financial institutions expecting it to take three years or more. With the applicability date of the new rules firmly on the horizon, this points to a clear execution gap - echoing the EMEA-wide finding that "only about one-third of respondents believe they will be ready on time".

Costs, priorities and investments

This compressed timeline carries direct cost implications. CEE expects some of the sharpest long-term AML cost increases from the new EU AML Package, with 45% of respondents anticipating AML compliance costs between 10%-30% and 15% of respondents increasing by even more than 30%. This continues the 2024 trajectory, when CEE already reported one of the highest AML cost increases in EMEA, confirming that AML cost pressure in the region is becoming structural rather than cyclical.

Given the requirements set out in the EU AML Package, CEE institutions indicated that they prioritise investments in CDD onboarding and periodic review, transaction monitoring, and sanctions screening, core AML functions that directly support day-to-day delivery and operational readiness before the 2027 deadline. By contrast, investment in training and recruitment is lower, suggesting that institutions are focused on adapting existing operations to the new requirements rather than building long-term capabilities. Very few respondents indicated investments in outsourcing of parts of the AML/CFT activities, indicating a clear preference to retain these capabilities in-house during the implementation period.  

Current operations and controls

The overarching AML framework

The CEE region leads EMEA in mobilization around the EU AML Package, but this early lead has not yet translated into detailed execution. 80% of respondents have launched a gap analysis (vs. 69% EU average), 50% have set up a dedicated task force (vs. 39% EU average), 43% have begun team training, and 28% have started staff recruitment, the highest figures in EMEA. The main gap lies in deeper framework enhancement, such as policy redesign, governance recalibration, and end-to-end Target Operating Model redesign, where CEE still trails some peers.

100%

of CEE respondents have started to prepare for the new EU AML Package

76% of CEE respondents have launched an initiative to update their AML Target Operating Models, either at the group (48%) or local (28%) level, exceeding the EU average of 65%. Looking more closely at the stage of these initiatives, however, the picture is more nuanced. Approximately half of CEE respondents have a high-level roadmap, the highest share in EMEA, but only 17% report a clear, detailed implementation plan. This suggests that while CEE respondents initiated early work on preparing for the EU AML Package, these efforts have not yet converted into full execution maturity.

Core operations and controls 

CEE appears relatively advanced in its readiness for the draft Customer Due Diligence requirements and more action-oriented than the broader EU market. 81% of CEE respondents report to be partially or fully aligned with the requirements under the draft RTS of the AML Regulation concerning CDD.

Where gaps in CDD requirements remain, CEE is moving quickly to close them primarily through local ownership and execution rather than group-led action. More than half of respondents report local initiatives to review KYC processes in line with draft RTS on CDD requirements, versus 37% EU average. This suggests that CEE firms actively analyse new regulatory requirements and translate them into local implementation rather than wait for centralized guidance. To achieve compliance with their existing client portfolio, CEE institutions appear to prefer in-house remediation, leverage existing First Line and Compliance teams rather than external support. Compared with other regions, institutions in CEE seem less reliant on third parties and more focused on building this capability internally. The new KYC review cycles will increase operational KYC efforts for most institutions. CEE institutions that have chosen to absorb this workload in-house will need to assess their capacity to meet this ongoing workload well before July 2027 go-live-date.

Talent, internal resources and outsourcing  

CEE enters the EU AML Package era with one of the most distinctive AML staffing profiles in EMEA. 38% of CEE respondents plan to increase resources across multiple functions rather than in Compliance alone (13%) or First line of Defence (8%). Most CEE respondents expect headcount to grow by 10%-20%. The EU AML Package creates pressure across organizations and CEE institutions appear to expect implementation to require coordinated effort across the business. This also reflects the region's structural starting point: many institutions operate with leaner specialist teams, so scaling a single function would not be enough. The picture, however, is not uniform. 41% report no resource increase - the highest share in EMEA - indicating that many firms still expect to absorb change through existing teams, efficiency measures, and AI or automation rather than net new hiring. 

CEE has a mature market for business-process outsourcing (BPO), shared service centres (SSC), and specialist delivery centres (SDC). Despite this, the region's approach to Managed Services to meet the new EU AML requirements remains narrow. CEE firms favour outsourcing activities to dedicated group entities (31%) over third-party outsourcing (13%), reflecting a preference for control and group alignment. CEE views Managed Services primarily as a lever for high-volume operational processing, mainly transaction monitoring, rather than as a broader operating-model solution covering remediation backlogs, recurring reviews, or second-line oversight. With the five-year CDD remediation cycle starting in July 2027, this represents a critical gap leaders should address before operational pressures intensify.

Technology: Is AI having an impact on AML?

The 2024 CEE Edition of the AML survey established the CEE region as one of the most AI-curious in EMEA, with 83% of CEE institutions already considering AI for AML, well ahead of other EMEA regions. The 2026 picture confirms that curiosity has matured into a clear AI strategy. On average CEE is more open to AI than the rest of the EU, decisively oriented toward proven machine-learning use cases, almost entirely reliant on internally built solutions, and bottlenecked by the maturity of its own data and systems.

New technologies and the AI opportunity

Nearly 90% of CEE respondents are considering AI in AML workflows, with only 11% not yet engaged, confirming the region’s 2024 AI ambition that has translated into a clear 2026 strategy. CEE is clearly focused on proven AI and machine learning use cases (67% vs. 49% EU), rather than exploring GenAI or Agentic AI. Agentic AI, autonomous systems that can plan and execute multi-step tasks with limited human input, has attracted less attention so far, though much of the progress in this area occurred since the survey closed. While the industry may not yet be ready for widespread adoption of agentic AI, this is likely to change by the next edition.

89% of CEE respondents plan to apply AI in transaction monitoring, far above the EU average (57%), and the highest in EMEA. This represents the clearest signal in this year's AI data and a direct continuation of the 2024 CEE trend, when transaction monitoring was already CEE’s top investment priority. CEE also shows above average adoption in screening and customer due diligence, whereas reporting, archiving, and firm-wide AML risk scoring remain limited. This suggests the region is using AI primarily to strengthen core AML operations, where cost pressures are more acute, rather than broader enterprise-wide analytics.

Most strikingly, 100% of AI used by CEE respondents is developed internally or at the group level, versus 57% in the EU, making CEE the most self-built AI region in the survey. This likely reflects the sensitivity around AI use in AML, where regulatory accountability, data confidentiality, model transparency, and alignment with group standards make outsourcing less attractive. It also reflects the broader regional pattern: CEE tends to favour controlled, group-supported solutions, building AI in-house to retain governance, consistency, and ownership.

Resource allocation and blocking factors 

After leading EMEA in technology adoption for two years, CEE’s 2026 digital tools investment profile is more cautious. Institutions are still investing, but at smaller levels than peers: 40% plan to allocate up to 3% of their AML budget to digital tools. This is a clear shift from 2024, when 73% of CEE institutions allocated more than one tenth of their AML budget to digital tools.

That caution, however, does not extend to AI. CEE significantly outpaces the 74% EU average on AI investment (88%) and continues the direction seen in 2024, when 83% of institutions were already considering AI for AML. Rather than pulling back, CEE is concentrating AML spend on AI, typically allocating up to 5% of AML budget, a measured approach reflecting staged implementation and a preference for a proven outcomes.

88%

of CEE respondents plan to invest in AI over the next 24 months

CEE’s main challenge does not appear to be an appetite for AI, but the ability to operationalize it at scale. Data quality is the clear blocker, cited by 78% of respondents versus 61% in the EU, followed by outdated systems (44%) and skills gaps (44%). The pattern suggests that CEE firms broadly accept the case for AI, but still need stronger data, technology, and internal capabilities to deploy it effectively.

For CEE, the next stage depends less on ambition and more on strengthening the operational backbone, as AI adoption requires stronger data lineage, infrastructure, and specialist skills than earlier generations of digital tools.

Top 5 Priorities for CEE AML Compliance Leaders

The data in this edition points to a region that has moved early on the EU AML Package adoption but now needs to convert that head start into measurable execution before the July 2027 deadline. These priorities stand out for CEE AML Leaders over the next 12–24 months:

1. Move from roadmap to detailed implementation plan

Translate your high-level Target Operating Model roadmap into a milestone-driven implementation plan with clear owners, dependencies, and quarterly deliverables aligned to the 10 July 2027 go-live. 

2. Fix the data foundation before scaling AI

With 78% of CEE respondents citing data quality as the top AI blocker, firms need stronger data lineage, golden-source customer records and AML reporting data structures. Data remediation should be treated as a prerequisite for AMLA reporting.

3. Pre-build operational capacity for the incoming uplift of client profiles 

The requirement to uplift all client profiles by 2032 will create major operational pressure on financial institutions. Over the next 12 months, firms should design a delivery model that combines internal teams, Managed Services, and selective external support before the workload arrives.

4. Reassess the AML operational delivery split between in-house teams and Managed Services

The CEE region favours retaining control over AML processes and the current outsourcing strategy concentrates narrowly on transaction monitoring. Firms could consider broader use of Managed Services in remediation backlogs, recurring reviews, and second-line support to absorb peaks.

5. Expand AI AML technology where the use case is proven

CEE’s focus on AI in transaction monitoring is well placed, but it now needs stronger model risk management, human oversight, and clear KPIs. At the same time, firms should start preparing governance for Agentic AI as the topic matures.

Taken together, these priorities reflect a single underlying message: While the CEE region has started preparing early for the implementation of the EU AML Package, institutions must now close the remaining gap between planning and execution by building on a solid foundation of data, operational capacity, and an effective operating model.

About the Survey

PwC’s 2nd EMEA AML Survey - CEE Edition

This survey is based on the EMEA AML Survey 2026 Mind the Gap, published in April 2026 and covers responses from financial institutions based in the CEE region. A total of 46 financial institutions from 9 countries in the CEE region (Bulgaria, Croatia, Czech Republic, Hungary, Poland, Romania, Serbia, Slovenia, Ukraine) participated in the survey, representing 10% of all EMEA respondents. Among these CEE respondents, 67% represented the banking sector, 17% the insurance sector, 13% electronic and virtual payments and 2% asset and wealth management (rounded).

 

Follow us on social media