The AML Law Explained: Everything You Need to Know

What is the AML law and why does it exist?

AML stands for Anti-Money Laundering — measures against money laundering. In the Czech Republic, the main legislation is Act No. 253/2008 Coll., on certain measures against the legalisation of proceeds of crime and financing of terrorism.

The law exists to protect the financial system from misuse. Money laundering is a global problem that affects an estimated 2–5% of world GDP annually. The AML law helps state authorities detect suspicious transactions and prevent the financing of terrorism and organised crime.

The law is based on European directives (AMLD I–VI) and recommendations from the international organisation FATF. From 2027, the new directly applicable AMLR regulation (EU 2024/1624) will further tighten and harmonise the rules across the entire EU.

Key terms you need to know

Before we dive into the details, let's explain the basic AML terminology:

• Obliged entity — a subject that must legally fulfil AML measures (banks, real estate agents, accountants, lawyers, etc.)
• KYC (Know Your Customer) — identification and verification of client identity
• CDD (Customer Due Diligence) — client checks — assessing the purpose of the transaction, source of funds, beneficial owner
• EDD (Enhanced Due Diligence) — enhanced checks for high-risk clients
• PEP (Politically Exposed Person) — a politically exposed person (higher corruption risk)
• Internal policies (SVZ) — the company's internal AML manual with procedures and responsibilities
• Suspicious transaction report (OPO) — mandatory reporting of suspicious transactions to the Financial Analytical Office (FAU)

Who does the AML law apply to?

The AML law doesn't just apply to banks. It covers a wide range of subjects — so-called obliged entities. The law distinguishes three main groups:

Financial sector

Banks, insurance companies, investment firms, currency exchanges, payment institutions, pension companies. For credit institutions, AML applies to all activities.

Non-financial sector

Real estate agents, lawyers, notaries, accountants, tax advisers, auditors, dealers in precious metals and art, trust and company service providers, crypto intermediaries, gambling operators, pawnshops. 11+ categories in total.

Other entities

Any entrepreneur accepting cash payments over EUR 10,000 (approx. CZK 250,000). This applies on a one-off basis even to entities that are not typical obliged entities.

8 key obligations under the AML law

If you are an obliged entity, you must fulfil these key obligations:

• Client identification (KYC) — verifying identity from an identity document or commercial register
• Customer due diligence (CDD) — assessing the purpose of the transaction, source of funds, and determining the ultimate beneficial owner (UBO)
• Enhanced due diligence (EDD) — for high-risk clients, PEPs, or entities from sanctioned countries
• Screening — checking clients against sanctions lists (EU, UN, OFAC), PEP registers, and adverse media
• Risk assessment — assigning a risk score to each client and transaction
• Internal policies (SVZ) — preparing an internal AML manual with clearly defined procedures
• Suspicious transaction reporting (OPO) — obligation to report suspicious transactions to the FAU without undue delay
• Record archiving — retaining all AML documentation for 5–10 years

How does it all work in practice? 5 steps

In practice, AML compliance follows these steps:

• Determine if you are an obliged entity — review § 2 of the AML Act or take our test
• Prepare internal policies and a risk assessment — a mandatory internal document defining your AML procedures
• Identify and screen every client — KYC, CDD, screening before starting a business relationship
• Continuously monitor business relationships — update risk assessments, respond to changes
• Report suspicious transactions to the FAU — without undue delay, without warning the client

The entire process doesn't have to be complex. With a modern tool like AML PROOF, you can handle everything in one environment — from documentation to screening to archiving.

What's changing? AMLR and the future of regulation

AML regulation is constantly evolving. The most important change is the new AMLR regulation (EU 2024/1624), which from 2027 will:

• Introduce uniform rules for all EU member states — ending national variations
• Lower the mandatory identification threshold for cash payments to EUR 3,000
• Expand the circle of obliged entities to include new categories (e.g. football clubs, luxury goods over EUR 10,000)
• Establish a new European supervisory authority, AMLA, headquartered in Frankfurt

Companies that prepare for these changes early will have a significant competitive advantage. Those that underestimate them risk heavy fines and reputational damage.

What penalties do you face for non-compliance?

The Financial Analytical Office (FAU) is inspecting and sanctioning with increasing rigour:

• Fines from hundreds of thousands to millions of Czech crowns — a record fine of CZK 2.4 million in 2025
• Public disclosure of sanctions — lasting reputational damage
• Activity bans for up to one year — in serious cases

The vast majority of fined businesses are not fraudsters. They are ordinary companies that underestimated formal obligations — missing internal policies, failure to identify clients, inadequate archiving. These are precisely the problems that can be easily prevented.

Conclusion

The AML law is not unnecessary bureaucracy. It is a key tool for protecting the financial system that applies to a much wider range of entities than most entrepreneurs realise. If you carry out a regulated activity, the AML law applies to you — and compliance is actively monitored and enforced.

Not sure if the AML law applies to you? Take our quick test and find out in 2 minutes. And if it does — AML PROOF will guide you through the entire process.