EU AML 2024/1624 and football agents: the definitive guide to what applies to you from July 2029

Article 3(3)(n) of EU Regulation 2024/1624 is unambiguous. Every natural or legal person who, for remuneration, provides intermediary services by representing or acting on behalf of natural or legal persons in the negotiation or conclusion of transactions involving the transfer of a football player is an obliged entity under EU AML law from 10 July 2029. That definition applies equally to the largest multi-national agency and the solo operator representing two players in the third division. This guide explains, in precise and practical terms, what that means for you.

Why are football agents affected by EU AML 2024/1624

The inclusion of football agents in EU Regulation 2024/1624 is not incidental. It is a deliberate legislative choice, and understanding why it was made helps clarify what regulators expect agents to do about it.

According to FIFA's Football Agents Report 2025, clubs paid a record USD 1.37 billion in agent service fees in the course of 2025 -- a 90% increase on the previous year, itself a record. FIFA also noted that a significant part of this increase reflects previously unreported or under-reported commissions now being captured through mandatory disclosure in its Transfer Matching System. The implication is direct: agent fee flows in professional football have been, at scale, insufficiently documented and insufficiently scrutinised.

The financial crime risk that flows from that combination -- large sums, cross-border flows, opacity around beneficial ownership of receiving agencies, subjective commission structures and a historic absence of mandatory controls -- is exactly the risk profile that AML regulation is designed to address. The European legislator did not bring football agents inside the AML perimeter because agents are assumed to be criminals. It brought them inside because the absence of formal controls in a sector moving this volume of capital is itself a vulnerability that organised financial crime has historically exploited.

For context on how those risks operate in practice, see the Lagom Sports Compliance article on how criminals launder money through football. This article focuses on what those risks mean for the compliance obligations that agents must now build.

The definition: who is captured and who is not

Article 3(3)(n) defines a football agent as "a natural or legal person who, for remuneration, provides intermediary services by representing or acting on behalf of natural or legal persons in the negotiation or conclusion of transactions involving the transfer of a football player." The critical elements of this definition are worth unpacking precisely.

  1. First: for remuneration. An agent who has never received a fee, or who operates on a voluntary basis, is not captured by this definition. But the threshold is low: any commercial arrangement that involves payment for intermediary services, including deferred payments, success fees or fee-sharing arrangements with a third party, falls within the definition.

  2. Second: intermediary services. The regulation captures the activity of representation, acting on behalf of a player, a club, or both in the context of a transfer, rather than any specific formal status. A person operating as an agent without being formally licensed under FIFA's regulations, or operating in a jurisdiction where licensing requirements are minimal, is still captured if they are providing intermediary services for remuneration.

  3. Third: transactions involving the transfer of a football player. This covers permanent transfers, loan agreements and any equivalent arrangement that constitutes a player transfer under applicable football regulations. Advisory work that does not relate to a specific transfer transaction -- commercial endorsement negotiation, image-rights management, general career advisory -- may fall outside the definition, depending on how it is characterised in practice. However, agents whose work regularly intersects with transfer activity should assume they are in scope and take appropriate advice before concluding otherwise.

There is no size threshold. There is no volume exemption. There is no carve-out for smaller agencies or solo operators. A sole trader representing a single player who completes one transfer per year is, under Article 3(3)(n), an obliged entity from July 2029 with formally identical obligations to the largest agency in the world. What differs between them is not whether the obligations apply, but how intensively those obligations need to be implemented, and that is where proportionality becomes important.

Proportionality: what it means and what it does not mean

EU Regulation 2024/1624 is built on a risk-based approach. Article 8 requires obliged entities to implement measures, policies, controls and procedures proportionate to the nature and size of the entity and to the specific money laundering and terrorist financing risks it faces. This proportionality principle is the single most important concept for smaller agents and solo operators to understand correctly -- because it is both genuinely significant and frequently misunderstood.

Proportionality does not mean that smaller agents have lighter obligations. It means that a smaller agent with lower-risk clients and simpler transaction structures can implement a lighter-touch version of the same obligations. The obligation to conduct customer due diligence applies to every agent. The obligation to screen counterparties for sanctions and PEP status applies to every agent. The obligation to have a documented AML policy, a risk assessment and a designated compliance responsibility applies to every agent. What varies is the complexity and formality of those controls, calibrated to the agent's actual risk profile.

A solo agent representing domestic players in domestic transfers with no PEP exposure, no cross-border commission flows and a simple agency structure does not need the same framework as a major international agency managing EUR 50 million in annual commission flows across multiple jurisdictions. But the solo agent still needs something -- a documented, risk-assessed, operational framework. Proportionality determines the scale of that framework, not whether it exists.

Proportionality Callout

Proportionality is not an exemption. It is a calibration. Every agent needs a compliance framework. What changes is how sophisticated that framework needs to be, based on the agent's specific risk profile.

The core obligations: what every agent must have in place

The following obligations apply to every football agent in scope, regardless of size. The implementation intensity varies by risk profile; the existence of each obligation does not.

  1. Business-wide risk assessment. Before implementing any specific controls, an agent must conduct and document a risk assessment of their business: what are the specific money laundering and terrorist financing risks arising from their client base, transaction types, geographic exposure and service offering? This assessment is the foundation on which all other controls are built. It needs to be updated when material changes occur. AMLA's March 2026 consultation on customer due diligence regulatory technical standards makes clear that supervisory expectations are for contextual, evidence-based risk assessments rather than generic templates.

  2. Customer due diligence on clients and counterparties. An agent must identify and verify the identity of every client they represent: the player, the club, or both. Where the client is a legal entity -- a holding company, an image-rights vehicle, a club ownership structure -- the agent must also identify the beneficial owners behind that entity. CDD must be completed before a transaction is agreed, not after. Existing clients must also be subject to ongoing monitoring for changes in their circumstances. The AMLR also introduces extended CDD requirements for higher-risk relationships -- enhanced due diligence applies where there is higher risk, including PEP relationships, high-risk jurisdiction exposure and complex multi-layer structures.

  3. Sanctions and PEP screening. Every client, beneficial owner and relevant counterparty must be screened against consolidated sanctions lists and politically exposed persons databases before a relationship is established, and monitored on an ongoing basis throughout the relationship. A clean screen at onboarding is not sufficient; the regulatory expectation is continuous monitoring that triggers a review when a previously clean counterparty's status changes. For agents working across multiple jurisdictions, the screening must cover the relevant lists for each jurisdiction involved in the transaction.

  4. AML policy, procedures and governance. Every agent must have a documented AML policy setting out their approach to financial crime risk, the controls they operate, their escalation procedures and their approach to suspicious activity reporting. The policy must be approved at the most senior level within the agency -- which, for a solo operator, means self-approved and self-owned. The policy must be reviewed and updated regularly.

  5. Designated compliance responsibility and MLRO function. Article 9 of the AMLR requires every obliged entity to designate a person responsible for compliance with AML obligations and a Money Laundering Reporting Officer. For large agencies, these may be separate roles. For a solo operator, the same individual fulfils both functions. The MLRO is responsible for receiving internal suspicion reports, deciding whether to file a suspicious activity report with the relevant financial intelligence unit, and maintaining the SAR log. This is a formal legal responsibility, not an administrative role.

  6. Suspicious activity reporting. Where an agent forms a suspicion or has reasonable grounds to suspect that a transaction or client relationship involves money laundering or terrorist financing, they are legally required to file a suspicious activity report with the relevant national financial intelligence unit. The obligation to report exists regardless of the size of the transaction and regardless of whether the agent ultimately proceeds with the deal. Tipping off the subject of a SAR is a separate criminal offence.

  7. Record-keeping. All CDD documentation, transaction records, screening results and compliance decisions must be maintained for a minimum of five years from the end of the business relationship or the completion of the transaction. The record must be sufficient to allow a supervisor or financial intelligence unit to reconstruct the due diligence performed and the decision reached.

The implementation challenge: why this is harder for agents than for clubs

Football clubs have one significant advantage over football agents in building AML compliance frameworks: they already have infrastructure. Finance teams, legal advisers, company secretaries, compliance-adjacent governance functions. None of those exist at a solo agency or a small boutique operation.

The 10,525 licensed agents recorded by FIFA in 2025 represent an enormously varied population. The largest multi-national agencies have dozens of consultants, legal teams, finance functions and, in some cases, existing compliance capabilities built for other regulated activities. But the overwhelming majority of those 10,525 licensed agents operate in structures far closer to the solo end of the spectrum -- a handful of clients, commission flows routed through a personal company or directly received, no compliance team, no compliance experience, and no existing framework of any kind.

For this population, the implementation challenge is threefold. First, they do not know what they need to build. The regulation is written for a financial services audience, and its language -- obliged entity, beneficial ownership, enhanced due diligence, suspicious activity report -- is not the language of football agency. Understanding what these concepts mean in the specific context of an agent's practice requires someone who can translate between regulatory obligation and football operational reality.

Second, they do not have the time or resource to build it themselves. A solo agent whose revenue depends on closing deals and maintaining player relationships cannot simultaneously become a compliance practitioner. Building a risk assessment, designing due diligence processes, implementing screening tools, establishing a SAR procedure and documenting all of it to a standard that would satisfy a regulator is specialist work.

Third, they do not know what good looks like. Without prior exposure to AML compliance frameworks in a regulated sector, there is no reference point for assessing whether what has been built is adequate. An agent who drafts a generic AML policy from a template and assumes the obligation is met is not compliant. They have a document. Compliance is the operational reality behind the document.

Commercial Consequence Box
Note

The commercial consequence that is already arriving

The AMLR deadline of July 2029 is not the only pressure agents face. European clubs are already applying their own enhanced due diligence to agents as part of meeting their own banking and governance obligations. An agent whose ownership structure is opaque, whose commission receipts cannot be cleanly documented, or whose beneficial ownership cannot be verified to a club's satisfaction is already finding that some transactions move more slowly and some relationships are harder to maintain.

From 2029, that pressure becomes legally formalised on both sides of the transaction simultaneously.

The difference between large agencies and solo operators: what changes

The obligations are the same. The implementation differs materially across the size spectrum, and it is worth being precise about what that means in practice.

Large multi-national agencies

A large multi-national agency, representing dozens of players across multiple European leagues, receiving commissions through a corporate structure with multiple subsidiaries, has a risk profile that demands a sophisticated framework: a formal compliance function with a designated compliance officer and MLRO, an automated screening platform with coverage across multiple jurisdictions and sanctions regimes, a documented CDD process calibrated for different client and counterparty types, and governance capable of escalating concerns through a clear chain without the process being compromised by commercial relationships within the business. The framework cost and operational burden for a large agency is significant but manageable within a professional business infrastructure.

Solo Operators

A solo operator, one licensed agent, a handful of active client relationships, commission flows received through a personal services company, has a fundamentally simpler risk profile. The risk assessment can be shorter and more focused. The CDD process can be leaner. The screening can be conducted through lower-cost tools designed for lower-volume use. The MLRO function is self-held. But the documentation must still exist, the screening must still happen, and the SAR capability must still be operational before the first transaction after 10 July 2029. A two-page risk assessment is proportionate for a solo operator. No risk assessment at all is non-compliance.

Where to start: the four foundations every agent needs

Without providing the full build that requires specialist engagement, the logical starting sequence for any agent beginning to address their AMLR obligations is clear. These four foundations need to exist before any specific transaction controls can be built on top of them.

  1. Conduct a risk assessment of your practice. Map who your clients are, what jurisdictions they operate in, what transaction types you handle, and what the specific financial crime risks in your specific practice look like. This does not need to be long. It needs to be honest, specific to your actual activities, and documented. Generic templates do not produce adequate risk assessments.

  2. Establish a CDD process for new and existing clients. Define what information you need to collect and verify before acting for a client. For individual players: identity verification, PEP status, any relevant adverse media. For club clients: corporate structure, beneficial ownership, any relevant sanctions exposure. For existing clients: a review cycle that keeps that information current. The process needs to be written down and followed consistently.

  3. Implement a screening tool. Manual checks against individual sanctions lists are inadequate at any meaningful volume and are not a defensible compliance approach. A screening tool that checks counterparties against consolidated sanctions lists, PEP databases and adverse media sources -- with documentation of every check run -- is the minimum technology requirement. The market now includes options scaled and priced for smaller businesses, and the cost of adequate screening is a fraction of a single commission payment.

  4. Designate your MLRO and establish a SAR process. Even as a solo operator, you need to know what to do when you encounter a potential concern: who assesses it, what the threshold for external reporting is, how you file with the National Crime Agency or the relevant FIU, and how you maintain the record. This cannot be worked out at the point when the concern arises. It needs to be documented before it does.

The complexity of getting each of these right for a football agency -- as opposed to a generic business -- is where specialist support becomes necessary. Football's specific transaction structures, the AML typologies that recur in the agent market, the way proportionality applies to different agency profiles, and the documentation standard that would satisfy a regulator reviewing an agent's compliance programme are all areas where generic compliance advice does not translate cleanly. Click here to see our dedicated guidance on AML compliance for football agents.

The deadline is July 2029. The preparation window is now.

Lagom Sports Compliance is the only specialist AML advisory firm built exclusively for professional football. The firm advises football agents -- from solo operators to major agencies -- on building AML compliance frameworks that are proportionate, football-native and operationally practical.

At Lagom Sports Compliance, we have launched a free compliance checker. This online tool is genuinly free to use and will assess your current position against EU AML 2024/1624. As an out put, you will get a simple report detailing what has been done and what needs to still be done by 10 July 2029.

To directly support with EU AML 2024/1624, we can undertake aReadiness Assessment that produces a documented gap analysis and prioritised roadmap. If you need an AML framework, we can build a bespoke one for your club or agency. Additionally, we can help by providing outsourced support including MLRO function, saving clubs and agencies fees on hiring directly.

10,525 licensed agents. One regulatory deadline. The agents who start now will be the partners European clubs prefer in 2029.

Frequently asked questions: EU AML 2024/1624 and football agents

Previous
Previous

UEFA financial sustainability regulations 2025: what the June 2026 enforcement round means for English football

Next
Next

Can a football club outsource its AML and compliance function? Yes, and here is how