Being an obliged entity under the AML Act is not a formality. In 2026, supervisory practice is tightening further, European regulation is flowing into Czech law, and tolerance for errors is falling. This article summarises everything an entrepreneur – an obliged entity – should know and keep under control.
Table of contents
- The aim of AML is not administrative harassment
- What is AML, CFT and KYC (in simple terms)
- Who is an obliged entity
- Sanctions: why not to underestimate them
- Transaction vs. business relationship
- Suspicious transaction: a key AML concept
- PEP – politically exposed persons
- Customer identification (KYC)
- Customer due diligence (CDD)
- Beneficial owner (UBO)
- Reporting a suspicious transaction (OPO)
- Internal policies and procedures (SVZ)
- Risk assessment (§ 21a AML Act)
- Summary for entrepreneurs
The aim of AML is not administrative harassment
The aim of AML is not administrative harassment. The aim is to prevent money laundering, terrorist financing, and sanctions circumvention. Obliged entities are a key part of this system.
What is AML, CFT and KYC (in simple terms)
AML (Anti-Money Laundering) – measures against money laundering. CFT (Counter-Financing of Terrorism) – measures against terrorist financing. KYC (Know Your Customer) – procedures to know and verify the customer.
For entrepreneurs this means one thing: you must know who you are doing business with, where the money comes from, and whether the business makes sense.
Who is an obliged entity
An obliged entity is not just a bank. AML typically applies to, for example:
- real estate intermediaries
- lawyers and notaries (for defined acts)
- accountants, tax advisers
- leasing companies
- traders in precious metals, art, luxury goods
- crypto services
- certain advisers and intermediaries
What matters is not the company name, but the specific activity or transaction you carry out.
Does your company fall under AML?
Find out immediately whether your business is subject to AML and which measures and requirements apply to you.
Sanctions: why not to underestimate them
Breaching AML obligations is not a minor offence.
- fines can run into millions of crowns
- sanctions are imposed even for formal and procedural errors
- FAÚ supervisory activity is more frequent and thorough
- reputational impact can be worse than the fine itself
AML is not "extra paperwork". It is a supervised regulatory regime.
Transaction vs. business relationship
Transaction – a one-off. Business relationship – longer-term cooperation.
The distinction matters because the scope of obligations differs. For a business relationship, ongoing monitoring of the client is expected, not just a one-off verification.
Suspicious transaction: a key AML concept
A suspicious transaction is not just "something illegal". It is enough that it:
- makes no economic sense
- does not match the client profile
- has an unclear source of funds
- the client avoids explanation or documentation
Once suspicion arises, obligations kick in: assessment, documentation and possibly reporting to the FAÚ.
PEP – politically exposed persons
A PEP is a person in a prominent public function (or closely associated with one): senior politicians, higher-court judges, members of state-owned enterprise boards, their family members and close associates.
Important: the enhanced regime continues even after the function ends. PEP automatically means higher risk and stricter scrutiny.
Customer identification (KYC)
Identification answers the question: who is the client. It is carried out in particular: when establishing a business relationship, when conducting a one-off transaction above the threshold, when there is suspicion of a suspicious transaction.
It includes: identification of a natural or legal person, verification of data from reliable sources, and the possibility of in-person, remote or intermediary identification.
Customer due diligence (CDD)
Due diligence goes beyond identification. It addresses context and risk. It includes in particular: the purpose and nature of the business, the beneficial owner (UBO), ownership and control structure, source of funds (SoF), and ongoing monitoring of the relationship.
CDD is a living process, not a one-off checklist.
Beneficial owner (UBO)
The beneficial owner is a natural person who: has ultimate influence or control, actually benefits from the activity.
Copying data from the register is not enough. The obliged entity must: understand the structure, be able to justify it, and have evidence for it.
Reporting a suspicious transaction (OPO)
If suspicion persists, a report to the FAÚ follows. Key principles: the report is made without undue delay, the client must not be informed (no "tipping-off"), everything must be documented.
Internal policies and procedures (SVZ)
Every obliged entity must have internal policies and procedures – its own AML manual. They typically include: a description of activities subject to AML, customer identification and due diligence procedures, risk handling, reporting of suspicious transactions, and responsibilities of persons.
Internal policies are not a template to file away. They are a controlled document.
Risk assessment (§ 21a AML Act)
Mandatory risk assessment builds on internal policies: type of clients, products and services, geographic risks, distribution channels.
The level of control is set based on risks. Without risk assessment, AML is not defensible.
Summary for entrepreneurs
AML in 2026 means: knowing your AML scope, having identification and CDD under control, understanding PEP and UBO, being able to work with suspicion, having up-to-date internal policies and risk assessment, documenting everything and being ready for inspection.
AML is not about "having a piece of paper". It is about demonstrable control of risks.