AML Penalties for Venture Capital Firms in the European Union and Bulgaria

Corporate Clients Insights, AML, Venture Capital

Anti-money laundering (AML) compliance for venture capital (VC) companies operating in the European Union has undergone a fundamental transformation following the adoption of the EU AML Package in 2024 and the intensification of national enforcement measures, particularly in Bulgaria. The previous model, characterised by minimum harmonisation through directives and divergent national practices, is being replaced by a centralised and enforcement-oriented framework with directly applicable rules, enhanced supervisory coordination, and materially increased sanctions.

For VC companies, these developments significantly elevate AML compliance from a formal regulatory obligation to a core governance and risk-management function. Failures in this area now carry not only financial penalties but also reputational, operational, and transactional consequences that may directly affect fund structuring, investor onboarding, and portfolio management.

EU AML Legal Framework Applicable to VC companies

The AML Regulation (Regulation (EU) 2024/1624)

Regulation (EU) 2024/1624 (the AML Regulation or AMLR) constitutes the central pillar of the EU AML Package. Unlike previous AML directives, the AMLR is directly applicable in all Member States and establishes a uniform “single rulebook” governing AML and counter-terrorist financing obligations. Subject to transitional provisions, the Regulation will apply from 10 July 2027.

The AMLR harmonises substantive obligations for all obligated entities, including investment-related entities falling within its scope. Key provisions of relevance to VC companies include:

• Risk assessment obligations, requiring companies to identify, assess, and document money laundering and terrorist financing risks arising from their business model, investor base, geographic exposure, and transactional activity.
  
• Customer due diligence and ongoing monitoring, extending beyond initial investor onboarding to cover continuous assessment of risk throughout the lifecycle of the relationship.
  
• Beneficial ownership identification and verification, with a harmonised minimum threshold of 25 % ownership or control. Crucially, obligated entities may no longer rely exclusively on central beneficial ownership registers and must independently verify ownership information using reliable and independent sources.
  
• Internal governance requirements, including the appointment of a compliance officer with sufficient seniority, independence, and direct access to the management body. Responsibility for AML compliance is expressly embedded at senior management level.

The AMLR also introduces group-wide AML obligations, under which parent undertakings bear responsibility for ensuring effective AML controls across subsidiaries and controlled entities, including those established in higher-risk third countries. For VC structures involving multiple layers of holding entities, special purpose vehicles, or cross-border fund arrangements, this materially increases compliance complexity.

Directive (EU) 2024/1640 (AMLD6)

Directive (EU) 2024/1640 (commonly referred to as AMLD6) complements the AMLR by regulating matters that require national implementation, including:

• The organisation and powers of national supervisors and Financial Intelligence Units (FIUs);
  
• Access to and quality standards for beneficial ownership registers;
  
• Cooperation and information exchange between competent authorities.
  

Member States are required to transpose AMLD6 into national law within the prescribed implementation period dated 10 July 2027 aligned with the AMLR. While the Directive does not itself impose direct obligations on VC companies, it shapes the enforcement environment and supervisory architecture within which AML obligations are applied.

Supervision and Sanctions at EU Level

The Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA)

A central institutional innovation of the AML Package is the establishment of the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA). AMLA has become operational since 2025, with a phased expansion of its supervisory and coordinating functions. AMLA:

• Directly supervise a limited number of high-risk, cross-border financial institutions;
  
• Issue binding regulatory technical standards and implementing standards;
  
• Coordinate national AML supervisors and FIUs to ensure consistent enforcement across the EU.
  

Although most VC companies will remain subject to national supervision, AMLA’s role in standard setting and coordination is expected to reduce national discretion and increase convergence in enforcement practices.

Administrative Sanctions Under EU Law

The AML Package significantly strengthens the sanctions regime. For serious, repeated, or systematic breaches of AML obligations, competent authorities may impose:

• Administrative fines of up to €10 million or 10 % of total annual turnover, whichever is higher;
  
• Public statements identifying the responsible entity and the nature of the breach;
  
• Temporary or permanent bans on members of the management body;
  
• Withdrawal or suspension of licences or authorisations;
  
• Periodic penalty payments designed to compel compliance.

AML infringements are no longer treated as technical or procedural failures but as indicators of deficient governance and internal controls, with enforcement measures designed to produce both financial and reputational deterrence.

Bulgarian AML Framework

Applicable Legislation

In Bulgaria, AML obligations are primarily governed by the Prevention of Money Laundering Act (PMLA), as amended to reflect EU requirements and MONEYVAL recommendations. The Act applies to a broad range of obligated entities and is supplemented by secondary legislation and supervisory guidelines.

Amendments adopted between 2023 and 2025 have focused on:

• Expanding the scope of obligated entities and clarifying internal control requirements;
  
• Strengthening beneficial ownership transparency;
  
• Introducing obligations to report discrepancies between beneficial ownership information obtained through due diligence and data recorded in official registers.

Failure to notify and rectify such discrepancies within statutory deadlines constitutes an administrative offence.

Supervisory Authorities

AML supervision in Bulgaria is conducted primarily by the Financial Intelligence Directorate within the State Agency for National Security, in cooperation with sector-specific supervisors such as the Bulgarian National Bank and the Financial Supervision Commission. Recent reforms have shortened reporting timelines, expanded information-sharing powers, and intensified cooperation with foreign authorities.

Administrative and Criminal Penalties Under Bulgarian Law

Administrative Sanctions

Under the PMLA, administrative sanctions may be imposed on both legal entities and responsible natural persons, including senior managers and compliance officers. Depending on the nature and gravity of the breach:

• Fines for managers and responsible officers typically range from BGN 1 000 to BGN 10 000, with higher amounts for repeated violations;
  
• Legal entities may be subject to fines ranging from BGN 20 000 to BGN 2 000 000 for serious or systematic non-compliance;
  
• Additional measures may include licence suspension or withdrawal and public disclosure of the infringement.

Sanctions are cumulative and may be imposed concurrently on the entity and the individuals responsible for the breach.

Criminal Liability

Money laundering offences are criminalised under the Bulgarian Criminal Code. Where AML breaches amount to active participation, facilitation, or intentional failure to prevent money laundering in the course of professional duties, criminal liability may arise. Penalties include imprisonment, fines, and professional disqualification. While the threshold for criminal prosecution is higher than for administrative sanctions, enforcement authorities have increasingly emphasised personal accountability in aggravated cases.

FATF Grey List Implications

Bulgaria’s inclusion on the FATF grey list in October 2023 has significantly increased supervisory pressure. Although grey listing is not itself a sanction, it has tangible commercial effects. Bulgarian entities are subject to enhanced scrutiny by foreign financial institutions, and AML deficiencies are more likely to result in enforcement action, restricted access to correspondent banking, and reputational damage.

Implications for Venture Capital Companies

VC companies are expected to implement AML frameworks proportionate to their risk profile, covering:

• Investor due diligence and beneficial ownership verification;
  
• Ongoing monitoring of transactions and capital flows;
  
• Enhanced oversight of portfolio companies operating in higher-risk sectors or jurisdictions.

Passive reliance on external service providers is insufficient where the companies exercises control or significant influence. AML compliance must be embedded in governance structures, supported by documented risk assessments, active management involvement, and regular independent review.

Conclusion

AML regulation in the European Union and Bulgaria has entered a phase of consolidation and enforcement maturity. Through the AML Regulation, AMLD6, and Bulgaria’s post-grey-list reforms, regulators have demonstrated a clear intolerance for fragmented controls, managerial disengagement, and formalistic compliance.

For VC companies, AML compliance now represents a substantive governance obligation rather than a peripheral regulatory requirement. Failure to adapt exposes firms not only to substantial financial penalties but also to reputational damage, operational disruption, and impaired access to investors and financial markets.

New Balkans Law Office advises Bulgarian and international clients on compliance with anti-money laundering regulations and cross-border structuring, providing guidance on corporate, tax, and governance matters in light of the EU’s strengthened AML framework, including exposure to substantial administrative fines for serious, repeated, or systematic breaches.

For further assistance, please contact: AML@newbalkanslawoffice.com