The AML Law Explained: Everything You Need to Know

What is the AML law and why does it exist?

AML stands for Anti-Money Laundering — measures against money laundering. In the Czech Republic, the main legislation is Act No. 253/2008 Coll., on certain measures against the legalisation of proceeds of crime and financing of terrorism.

The law exists to protect the financial system from misuse. Money laundering is a global problem that affects an estimated 2–5% of world GDP annually. The AML law helps state authorities detect suspicious transactions and prevent the financing of terrorism and organised crime.

The law is based on European directives (AMLD I–VI) and recommendations from the international organisation FATF. From 2027, the new directly applicable AMLR regulation (EU 2024/1624) will further tighten and harmonise the rules across the entire EU.

The Czech Republic implemented the AML Act on the basis of the European AMLD directives. The currently applicable sixth directive (6AMLD) tightened the definition of money laundering offences and extended criminal liability to legal entities. The new EU regulation AMLR 2024/1624 will introduce uniform rules across the EU and will be fully effective from 2027.

Key terms you need to know

Before we dive into the details, let's explain the basic AML terminology:

• Obliged entity — a subject that must legally fulfil AML measures (banks, real estate agents, accountants, lawyers, etc.)
• Client identification (KYC) — verifying identity from an identity document or commercial register (§ 7–8 of Act No. 253/2008 Coll.)
• Customer due diligence (CDD) — assessing the purpose of the transaction, source of funds, and determining the ultimate beneficial owner (§ 9 of Act No. 253/2008 Coll.)
• enhanced identification and customer due diligence (Section 9a) — for high-risk clients, politically exposed persons, or clients from high-risk countries (§ 9a, § 13 of Act No. 253/2008 Coll.)
• Politically exposed person (PEP) — a natural person who is or has been entrusted with a prominent public function (§ 4 para. 5 of Act No. 253/2008 Coll.)
• Internal policies (SVZ) — the company's internal AML manual with procedures and responsibilities
• Suspicious transaction report (OPO) — mandatory reporting of suspicious transactions to the Financial Analytical Office (FAU)

Who does the AML law apply to?

An obliged entity may be a natural or legal person regardless of size or turnover. What matters exclusively is the nature of the activity carried out. A sole trader providing accounting services or an independent estate agent is an obliged entity just like a large law firm or investment company.

Financial sector

Banks, insurance companies, investment firms, currency exchanges, payment institutions, pension companies. For credit institutions, AML applies to all activities.

Non-financial sector

Real estate agents, lawyers, notaries, accountants, tax advisers, auditors, dealers in precious metals and art, trust and company service providers, crypto intermediaries, gambling operators, pawnshops. 11+ categories in total.

Other entities

Any entrepreneur accepting cash payments over EUR 10,000. This applies on a one-off basis even to entities that are not typical obliged entities.

11 key obligations under the AML law

If you are an obliged entity, you must fulfil these key obligations:

• Client identification (§ 7–8) — verifying identity from an identity document or commercial register
• Customer due diligence (§ 9) — assessing the purpose of the transaction, source of funds, and determining the ultimate beneficial owner
• Enhanced due diligence (§ 9a, § 13) — for high-risk clients, PEPs, or entities from sanctioned countries
• Screening — checking clients against EU and UN sanctions lists (Act No. 69/2006 Coll.), PEP registers, and adverse news from public sources
• Risk assessment — assigning a risk score to each client and transaction
• Internal policies (SVZ) — preparing an internal AML manual with clearly defined procedures
• Suspicious transaction reporting (OPO) — obligation to report suspicious transactions to the FAU without undue delay
• Record archiving — retaining all AML documentation for 10 years
• Training of employees and persons in a comparable position — at least once every 12 months before assigning to the relevant position (§ 23)
• Designated person — member of the statutory body responsible for AML (§ 22a)
• Notification of FAU contact person — within 30 days of becoming an obliged entity; exception: lawyers and notaries (§ 22)

How does it all work in practice? 5 steps

In practice, AML compliance follows these steps:

• Determine if you are an obliged entity — review § 2 of the AML Act or take our test
• Prepare internal policies and a risk assessment — a mandatory internal document defining your AML procedures
• Identify and screen every client — client identification and due diligence, sanctions screening, before starting a business relationship
• Continuously monitor business relationships — update risk assessments, respond to changes
• Report suspicious transactions to the FAU — without undue delay, without warning the client

The entire process doesn't have to be complex. With a modern tool like AML PROOF, you can handle everything in one environment — from documentation to screening to archiving.

What's changing? AMLR and the future of regulation

AML regulation is constantly evolving. The most important change is the new AMLR regulation (EU 2024/1624), which from 2027 will:

• Introduce uniform rules for all EU member states — ending national variations
• Lower the mandatory identification threshold for cash payments to EUR 3,000
• Expand the circle of obliged entities to include new categories (e.g. football clubs, luxury goods over EUR 10,000)
• Establish a new European supervisory authority, AMLA, headquartered in Frankfurt

Companies that prepare for these changes early will have a significant competitive advantage. Those that underestimate them risk heavy fines and reputational damage.

What penalties do you face for non-compliance?

The Financial Analytical Office (FAU) is inspecting and sanctioning with increasing rigour:

• Fines from hundreds of thousands to millions of Czech crowns — a record fine of CZK 2.4 million (approx. EUR 96K) in 2025
• Public disclosure of sanctions — lasting reputational damage
• Activity bans for up to one year — in serious cases

The level of fines depends on the severity of the breach. Failure to carry out client identification or a missing internal policies system may result in sanctions of up to CZK 10,000,000. For serious or repeated violations, sanctions can reach up to CZK 130,000,000 and FAÚ may also impose a ban on activity. In extreme cases, criminal liability under § 217 of the Criminal Code applies for negligent money laundering.

FAÚ regularly publishes decisions on offences on its website. Public disclosure of a fine has reputational consequences for the obliged entity — particularly for lawyers, notaries and accountants who build relationships on client trust. Prevention is always significantly cheaper than the consequences of an inspection.

Conclusion

The AML law is not unnecessary bureaucracy. It is a key tool for protecting the financial system that applies to a much wider range of entities than most entrepreneurs realise. If you carry out a regulated activity, the AML law applies to you — and compliance is actively monitored and enforced.

Not sure if the AML law applies to you? Take our quick test and find out in 2 minutes. And if it does — AML PROOF will guide you through the entire process.

AML PROOF automates the entire process — from the internal policies system and risk assessment, through client identification and screening, to archiving and generating documentation for FAÚ. You pay only for actually processed cases from CZK 99, credits with no expiry. Try it free at amlproof.ai.