Table of contents
What are AML obligations and why do they exist
Money laundering is a process by which criminals transfer illegally obtained money into the legal financial system. Therefore, the state requires selected businesses to screen clients and report suspicious transactions — so illegal money cannot be hidden behind common business relationships.
These obligations are set out in the AML Act, which is based on European directives (AMLD) and the new EU AMLR 2024 regulation. In the Czech Republic, the supervisory authority is the Financial Analytical Office (FAÚ).
Who is an obliged entity?
An obliged entity is a natural or legal person doing business in a sector defined by Section 2 of the AML Act. It's not just banks — the law applies to a wide spectrum of professions:
- Real estate brokers and persons trading in real estate
- Accountants, tax advisors, and auditors
- Lawyers, notaries, and judicial executors
- Currency exchanges and payment service providers
- Gambling operators
- Virtual asset service providers (from Dec 30, 2024)
- Persons establishing legal entities or providing registered offices
- Used goods dealers and pawnshops
- Providers of credit, leasing, or guarantees outside the banking sector
An obliged entity can be a freelancer or a large company. What matters is the nature of the activities performed — not turnover or number of employees.
Overview of AML Obligations
1. Client Identification and Control (§ 7–12)
Before establishing a business relationship or for one-off transactions over 1,000 EUR, you must:
- Verify the client's identity from a valid ID document
- Identify the ultimate beneficial owner if the client is a legal entity — and verify them in the beneficial owner register (Act No. 37/2021 Coll.)
- Determine the purpose and intended nature of the business relationship
- Assess client risks
If a client does not present a valid ID or refuses cooperation, you must not establish a business relationship.
2. Client Screening
As part of the control, you must screen the client against:
- EU, UN, and OFAC sanctions lists (Act No. 69/2006 Coll.)
- The list of politically exposed persons (PEP) according to FAÚ methodological guideline No. 7/2024
- Negative media mentions
A politically exposed person is, for example, a politician, high-ranking state official, judge, or their family members. Stricter rules apply to PEPs — enhanced due diligence (EDD).
3. System of Internal Policies (§ 21)
Every obliged entity must process a system of internal policies in writing — an internal document describing the exact procedures for fulfilling AML obligations. It must contain:
- A risk assessment specific to your business (§ 21a)
- Procedures for identifying and controlling clients
- Rules for reporting suspicious transactions
- A regular employee training plan
Selected obliged entities (financial institutions, exchanges, gambling operators) must send the system to FAÚ or the CNB within 60 days of the obligation arising.
4. Reporting Suspicious Transactions (§ 18)
If you detect a transaction or situation indicating a possible link to money laundering, you must report it to FAÚ immediately. This also applies to transactions that were ultimately not carried out.
Important: tipping off the client is prohibited — the obliged entity must not reveal that a report was submitted to FAÚ.
5. Document Archiving
All records of client identification and control must be kept for at least 10 years after the end of the business relationship or execution of the transaction.
6. Employee Training
Employees must undergo regular AML training — at least once every 12 months.
What are the penalties for non-compliance?
FAÚ has significantly tightened its checks in recent years. Penalties for violating AML obligations:
| Offense | Maximum Fine |
|---|---|
| Failure to perform client identification | 10,000,000 CZK |
| Missing or poor quality system of internal policies | 10,000,000 CZK |
| Failure to introduce risk assessment | 1,000,000 CZK |
| Failure to report a suspicious transaction | 10,000,000 CZK |
| Natural person (employee, statutory body) | up to 100,000 CZK |
For serious, repeated, or systematic violations, fines can reach up to 130,000,000 CZK or a ban on activities. In extreme cases, there is criminal liability under Section 217 of the Criminal Code. The most common cause of a fine is not intent — it is missing documentation and unreadiness for an audit.
How to fulfill AML obligations in practice
Traditionally, this meant hiring a legal advisor, spending weeks drafting documentation, and then repeating the whole process every time the law changed. For smaller companies without a legal department, it was a financially and time-consuming process.
AML PROOF automates the whole process — from setting up the obliged entity profile and the system of internal policies, through identification and client screening, to risk assessment and generating reports ready for FAÚ. The result of every case is structured documentation with an audit trail.
Pricing starts at 99 CZK per case. Credits do not expire. The obliged entity profile, system of internal policies, and team management are free.
Frequently Asked Questions
Must I fulfill AML obligations even as a freelancer?
Yes. The law applies to both natural and legal persons. If you do business in a sector listed in Section 2 of the AML Act, you are an obliged entity regardless of legal form or business size.
When does the obligation to identify a client arise?
When establishing any business relationship and for one-off transactions over 1,000 EUR. For suspicious transactions, the obligation applies regardless of the amount.
What is a PEP and why is it important?
A politically exposed person (PEP) is a person holding or who held a prominent public function in the last 12 months — a politician, judge, high-ranking state official, or their family member. The law requires enhanced due diligence for PEPs.
How long must I archive records?
For a minimum of 10 years after the end of the business relationship or execution of the transaction.