Table of contents
Legal Framework
The basis is Act No. 253/2008 Coll., on measures against the legalisation of proceeds of crime and financing of terrorism. It is supplemented by Act No. 69/2006 Coll. on international sanctions, CNB Decree No. 67/2018 Coll., the EU MiCA Regulation (on crypto-asset markets), and other directly applicable EU regulations.
Which entities have obligations?
The Act defines so-called obliged entities in § 2. These include:
- real estate agents and developers
- currency exchange offices
- accountants and tax advisors
- credit and insurance intermediaries
- payment service providers
- casino and online lottery operators
- car dealerships and second-hand goods traders
- dealers in precious stones and metals (for transactions over EUR 10,000)
- asset managers
- providers of virtual asset services (newly included among financial institutions since December 2024)
- insolvency and restructuring administrators (since May 2024)
Key obligations and deadlines
Immediate steps (within 60 days of becoming an obliged entity)
- Designation of a statutory body member with AML responsibility
- Creation of internal policies and procedures
- Conducting a risk assessment specific to your business
- Registration of contact person with FAÚ (30 days; changes 15 days)
Ongoing activities for each transaction
- Client identification — identity verification before establishing a relationship or for transactions over EUR 1,000
- Sanctions list checks — verification against international restrictions (lists updated multiple times per month)
- Politically exposed persons (PEP) screening — identification of risk categories
- Identification of beneficial ownership for legal entities
- Checking unhosted addresses for virtual assets (since December 2024)
- Documentation and archiving for 10 years
- Reporting suspicious transactions to FAÚ
- Regular staff training at least once a year
Sanctions for breaches in 2026
The level of fines has increased significantly in recent years. Current threats:
Standard offences
- Failure to report contact person: up to CZK 10 million
- Absence of internal policies or risk assessment: up to CZK 1 million
- Failure to designate designated person: up to CZK 1 million
- Insufficient client identification: up to CZK 10 million
- Failure to prove training: up to CZK 5 million
- Failure to report suspicious transaction: up to CZK 5 million (up to CZK 30 million for repeat offences)
Serious breaches
- For financial institutions (including crypto service providers): up to CZK 130 million
- Possibility of prohibition of activity
- Public disclosure of decisions ("naming & shaming")
Individual liability
- Fines for management and employees: up to CZK 1 million (increased from original CZK 100,000)
- Prohibition on acting as statutory body member
Criminal law risks
The Criminal Code recognises not only intentional but also negligent forms of money laundering. This means you may face criminal prosecution even if you were unaware of the unlawful conduct — insufficient care in fulfilling preventive obligations is sufficient.
2025/2026 developments
Crypto service providers
- Included among financial institutions since 30 December 2024 (stricter regime)
- Need for FAÚ licence (applications accepted until 31 July 2025)
- Implementation of Travel Rule (TFR regulation)
- Obligation to assess risks for unhosted addresses
Contact persons
- Shortened deadlines: 30 days on establishment, 15 days on change
- New reporting format under Decree No. 420/2024 Coll.
- Availability during business hours and for transactions (24/7 for banks)
International sanctions
- FAÚ may issue general measures (OOP) for asset freezing
- Bridging period between UN and EU sanctions
- Control of cross-border cash over EUR 15,000 also on internal EU borders
Simplifications for lawyers and notaries
Possibility to identify only the client's representative on the basis of a certified power of attorney
Recommended implementation steps
- Designate a specific member of management with full responsibility
- Create or update internal policies
- Conduct a current risk assessment of your business
- Register contact person with FAÚ (new format)
- Organise training for the whole team
- Establish routine processes and regular checks
- Implement technical tools for sanctions and PEP screening
When to expect an inspection?
Inspection risk increases when:
- formal obligations are not met (especially failure to report contact person)
- there is an absence of suspicious transaction reports
- your client is involved in financial flow investigations
- operating in high-risk sectors (crypto average fine CZK 600k vs. CZK 60k for accountants)
Supervisory authorities
- Financial Analytical Office (FAÚ) — main supervisory authority
- Czech National Bank — for entities under its supervision
- Ministry of Justice — for insolvency administrators
- Czech Trade Inspection — in certain cases
Exemptions from compliance
The Act allows you to apply to FAÚ for an exemption if you perform the relevant activity only marginally as a supplement to your main business. Obtaining an exemption requires meeting strict criteria and presenting convincing evidence.