Table of contents
How FAU Announces an Inspection and What Happens Next
Under the law, FAU has the authority to carry out an inspection without prior notice. In practice, most inspections are announced with some lead time — FAU usually sends written notice of the inspection and sets a date. But not always.
Once an inspector arrives, they identify themselves with an authorization and request access to all AML documentation. The first hour matters: the inspector quickly checks whether the obliged entity has internal policies, identification records and PEP screening records at all. If basic documentation is missing, it is an immediate signal for a deeper inspection.
An obliged entity has the right to have legal counsel present. If you know the inspection date in advance, use that time — an attorney familiar with AML can significantly influence both the course and the outcome of the inspection.
What FAU Inspectors Actually Review
An FAU inspection is not a random look through files. Inspectors follow predefined areas based directly on zákon č. 253/2008 Sb.:
- Internal policies (Section 21) — whether the document exists, is up to date and matches the obliged entity’s risk profile. Internal policies dated 2022 with no record of review will raise questions.
- Risk assessment (Section 21a) — how the obliged entity assesses risks in its client base and transactions. A written methodology must exist.
- Client identification records (Sections 7–8) — completeness and legibility of records. A missing mandatory data point, such as birth number or method of identification, is a concrete deficiency.
- PEP screening and sanctions checks (Section 9) — how the check was performed, the date and the source used. The result alone is not enough — FAU wants to see the process.
- Audit trail (Section 16(1)(e) and (f)) — who performed the check, when and how. Without an audit trail, ongoing monitoring of the business relationship cannot be proven.
- Employee training (Section 23) — records of completed training, dates, content and test results.
- Designated contact person (Section 22a) — written appointment of the person responsible for fulfilling AML Act obligations within the organization.
Keep an audit trail ready for every FAU inspection
AML PROOF records every step automatically — date, time, person and result. During an FAU inspection, you open the case and present it.
Try for freeWhy Paper Records May Not Be Enough During an Inspection
The law does not require a digital system. But it does require provability — and that is where a paper-based approach reaches its limits.
Concrete examples of what an FAU inspector may see:
- A paper note saying “PEP: NO” without a date, source or the name of the person who performed the check. From FAU’s perspective, such a record may be incomplete — it does not show when, by whom and against which sanctions list the client was checked.
- A sanctions check performed “at the time of signing the contract” without a specific timestamp. Sanctions lists are updated daily — without the exact date, it is difficult to prove that the list used was current at that time.
- Internal policies dated 2022 with no record of review or update. FAU may see this as non-compliance with Section 21, which requires internal policies to be kept up to date.
As we described in our analysis for epravo.cz, paper-based AML has four major weaknesses — and an FAU inspection can expose all of them. Read the full article: Digitalization of AML obligations: how technology is changing compliance for thousands of obliged entities.
Important: an unreliable paper record does not automatically mean a fine. It depends on the context, the extent of the deficiency and the overall assessment of the system. Still, provability is a statutory requirement — and paper makes it harder.
What an Audit Trail Must Contain According to FAU Expectations
The law does not explicitly prescribe the technical format of an audit trail. But Section 16(1)(e) and (f) of zákon č. 253/2008 Sb. makes clear what must be traceable:
| Required data point | Paper | Digital system |
|---|---|---|
| Date and time of the check | manual entry (unreliable) | automatic timestamp |
| Identity of the person who performed the check | signature (often illegible) | name and role |
| Sanctions list used and its version | not specified | automatically recorded source |
| Result with reasoning | “NO” | structured output with matching details |
| 10-year retention (Section 16) | physical archive | cloud archiving with retention |
This audit trail can be ensured automatically by a digital AML system. Also see our FAU inspection preparation checklist — 14 questions that reveal weak spots in your documentation before an inspector arrives.
How to Prepare in One Day
If you know an FAU inspection is coming, go through this checklist:
- Check the date of the last internal policies update — it should be within the last 12 months.
- Verify that every client record contains the date of PEP and sanctions checks and the source used.
- Review employee training records for the last 12 months — dates, names and content.
- Make sure the designated contact person (Section 22a) is appointed in writing and fulfils AML Act obligations.
- Check whether the risk assessment under Section 21a reflects your current client portfolio.
If one or more items cannot be completed within an hour, that is a signal for a system change — not for a one-off paper fix before an inspection.
Frequently Asked Questions About FAU Inspections
Can FAU conduct an inspection without prior notice?
Yes. Under the law, FAU has the authority to carry out an inspection without prior notice. In practice, most inspections are announced in advance and in writing, but an unannounced inspection is permitted by law.
What happens if I do not have an audit trail during an FAU inspection?
Without an audit trail, you cannot prove when, by whom and how the client check was performed. FAU may consider such documentation insufficient. Fines for insufficient client due diligence may reach up to CZK 10,000,000, but the specific outcome depends on the context and extent of the deficiency.
How long must I retain AML documentation?
Under § 16 of zákon č. 253/2008 Sb., an obliged entity must retain AML records and documents for at least 10 years. This retention period applies to identification data, client due diligence records and screening records.
Do I need a digital AML system, or is paper documentation enough?
The law does not require a specific form. It does, however, require provability and auditability. In practice, paper documentation is harder to defend during an inspection because it lacks automatic timestamps and a structured audit trail.
Prepare for an FAU inspection today
You can set up a digital AML system in one day. Paper documentation may not protect you during an FAU inspection.
Start with AML PROOF