AML law. Three letters that appear more and more frequently — in the media, in corporate obligations, and in fines from state authorities. But what is the AML law actually about? Why does it exist? And what does it mean for you if you run a business? In this article, we explain it clearly, concisely, and without unnecessary legal jargon.
Table of contents
What is the AML law?
AML stands for Anti-Money Laundering — measures against money laundering. In the Czech Republic, this is Act No. 253/2008 Coll., on certain measures against the legalisation of proceeds of crime and financing of terrorism.
The law sets out rules designed to prevent money obtained through criminal activity — such as fraud, corruption, tax evasion, or drug trafficking — from being 'laundered' and used as legitimate funds. It also protects the financial system from being misused for terrorist financing.
The AML Act has gone through several amendments since its inception. The most recent significant change extended the scope of obliged entities to include providers of services related to virtual assets (CASPs) as of 30 December 2024. The new EU regulation AMLR 2024/1624 introduces uniform rules across the entire European Union and will be fully effective from 2027.
Why does the AML law exist?
Money laundering is not movie fiction. It is a global problem that affects an estimated 2–5% of world GDP annually. The AML law exists to:
- Protect the financial system from misuse
- Make it harder for illegally obtained money to flow through the economy
- Help state authorities detect suspicious transactions
- Prevent the financing of terrorism and organised crime
The law is based on European directives (AMLD) and recommendations from the international organisation FATF. From 2027, the new AMLR regulation (EU 2024/1624) will apply across the EU, further harmonising and tightening the rules.
What does the AML law require?
The law defines a set of obligations that so-called obliged entities must fulfil. The most important include:
- Client identification (KYC) — verifying the identity of every client before starting a business relationship
- Customer due diligence (CDD) — assessing the purpose of the transaction, source of funds, and beneficial owner
- Screening — checking clients against sanctions lists, PEP registers, and adverse media
- Risk assessment — assigning a risk score to each client and transaction
- Internal policies (SVZ) — an internal AML manual with procedures and responsibilities
- Suspicious transaction reporting — the obligation to report suspicious transactions to the FAU
- Record archiving — retaining documentation for 10 years
Client identification means verifying identity from a valid document before entering into any business relationship and for one-off transactions above EUR 1,000. For legal entities, the obliged person must identify and verify the ultimate beneficial owner (UBO) in the Beneficial Ownership Register pursuant to Act No. 37/2021 Coll.
Client screening includes mandatory checks against EU, UN and OFAC sanctions lists pursuant to Act No. 69/2006 Coll. and in the politically exposed persons (PEP) register pursuant to FAÚ Methodological Instruction No. 7/2024. For PEP clients the law requires enhanced identification and customer due diligence (Section 9a) including establishing the source of wealth pursuant to § 13.
The internal policies system (§ 21) is a written document describing the exact procedures for fulfilling AML obligations. It must include a risk assessment specific to the given business (§ 21a), client identification procedures, rules for reporting suspicious transactions and an employee training plan. Selected obliged entities must submit it to FAÚ or the CNB within 60 days of becoming obliged.
Does the AML law apply to you?
Find out immediately whether your business is subject to AML and which measures apply to you.
Who does the AML law apply to?
The AML law does not only apply to banks. It covers a wide range of subjects — so-called obliged entities. These typically include:
- Banks, insurance companies, and financial institutions
- Real estate agents and intermediaries
- Lawyers and notaries (for certain transactions)
- Accountants and tax advisers
- Dealers in precious metals, art, and luxury goods
- Crypto-asset service providers
- Any entrepreneur accepting cash payments over EUR 10,000
What matters is not the company name or its size, but the specific activity it carries out. Even a sole trader with one employee can be an obliged entity.
An obliged entity may be a natural or legal person. What matters is the nature of the activity carried out — not the size of the company, turnover or number of employees. A sole trader providing accounting services is an obliged entity just like a large law firm. If you are unsure whether the Act applies to you, you can find out using the test at amlproof.ai.
How does the AML law work in practice?
In practice, this means that before every transaction or business relationship, you must go through several steps:
1. Client identification
You verify the client's identity — for natural persons from an identity document, for legal entities from the commercial register. You determine the ultimate beneficial owner (UBO).
2. Risk assessment
You assign a risk level to each client based on their profile, type of transaction, geography, and other factors. For high-risk clients, you carry out enhanced identification and customer due diligence (Section 9a).
3. Ongoing monitoring
AML is not a one-off exercise. You must continuously monitor business relationships, update risk assessments, and respond to changes in the client's profile.
4. Suspicious transaction reporting
If you encounter a transaction that doesn't make economic sense, doesn't match the client's profile, or has unclear sources of funds, you must report it to the Financial Analytical Office (FAU).
What are the consequences of violating the AML law?
Failure to comply with AML obligations has real consequences. The Financial Analytical Office (FAU) is inspecting and sanctioning with increasing rigour:
- Fines ranging from hundreds of thousands to millions of Czech crowns — in 2025, the FAU imposed a record fine of CZK 2.4 million (approx. EUR 96K)
- Public disclosure of sanctions — reputational damage to the business
- Activity bans for up to one year — in serious cases
Breaches of AML obligations may result in fines of up to CZK 10,000,000 or 10% of annual turnover for legal entities. Natural persons risk fines of up to CZK 1,000,000. For serious or repeated violations, sanctions can reach up to CZK 130,000,000 and there is also the risk of a ban on activity or criminal liability under § 217 of the Criminal Code.
FAÚ has significantly increased the number of inspections and fines imposed in recent years. The most common cause of sanctions is not deliberate circumvention of the law — but a missing or outdated internal policies system, inadequate client identification and the absence of screening. An FAÚ inspection can arrive unannounced and documentation must be immediately available.
Conclusion
The AML law is not unnecessary bureaucracy. It is a key tool for protecting the financial system from misuse. If you operate in a regulated sector, the AML law applies to you — and compliance is monitored and enforced.
Not sure if the AML law applies to you? Take our quick test and find out in 2 minutes.
AML PROOF automates the entire process of fulfilling AML obligations — from setting up the internal policies system and risk assessment, through client identification and screening, to generating documentation ready for FAÚ. Pricing starts at CZK 99 per credit, credits with no expiry, organisational features free of charge.