Table of contents
How FAU Announces an Inspection and What Happens Next
Under Section 32 of Act No. 253/2008 Coll., FAU has the authority to carry out an inspection without prior notice. In practice, most inspections are announced with some lead time — FAU usually sends written notice of the inspection and sets a date. But not always.
Once an inspector arrives, they identify themselves with an authorization and request access to all AML documentation. The first hour matters: the inspector quickly checks whether the obliged entity has internal policies, identification records and PEP screening records at all. If basic documentation is missing, it is an immediate signal for a deeper inspection.
An obliged entity has the right to have legal counsel present. If you know the inspection date in advance, use that time — an attorney familiar with AML can significantly influence both the course and the outcome of the inspection.
What FAU Inspectors Actually Review
An FAU inspection is not a random look through files. Inspectors follow predefined areas based directly on Act No. 253/2008 Coll.:
- Internal policies (Section 21) — whether the document exists, is up to date and matches the obliged entity’s risk profile. Internal policies dated 2022 with no record of review will raise questions.
- Risk assessment (Section 21a) — how the obliged entity assesses risks in its client base and transactions. A written methodology must exist.
- Client identification records (Sections 7–8) — completeness and legibility of records. A missing mandatory data point, such as birth number or method of identification, is a concrete deficiency.
- PEP screening and sanctions checks (Section 9) — how the check was performed, the date and the source used. The result alone is not enough — FAU wants to see the process.
- Audit trail (Section 9(1)) — who performed the check, when and how. Without an audit trail, ongoing monitoring of the business relationship cannot be proven.
- Employee training (Section 23) — records of completed training, dates, content and test results.
- Designated contact person (Section 22a) — written appointment and actual availability for communication with FAU.
Keep an audit trail ready for every FAU inspection
AML PROOF records every step automatically — date, time, person and result. During an FAU inspection, you open the case and present it.
Try for freeWhy Paper Records May Not Be Enough During an Inspection
The law does not require a digital system. But it does require provability — and that is where a paper-based approach reaches its limits.
Concrete examples of what an FAU inspector may see:
- A paper note saying “PEP: NO” without a date, source or the name of the person who performed the check. From FAU’s perspective, such a record may be incomplete — it does not show when, by whom and against which sanctions list the client was checked.
- A sanctions check performed “at the time of signing the contract” without a specific timestamp. Sanctions lists are updated daily — without the exact date, it is difficult to prove that the list used was current at that time.
- Internal policies dated 2022 with no record of review or update. FAU may see this as non-compliance with Section 21, which requires internal policies to be kept up to date.
As we described in our analysis for epravo.cz, paper-based AML has four major weaknesses — and an FAU inspection can expose all of them. Read the full article: Digitalization of AML obligations: how technology is changing compliance for thousands of obliged entities.
Important: an unreliable paper record does not automatically mean a fine. It depends on the context, the extent of the deficiency and the overall assessment of the system. Still, provability is a statutory requirement — and paper makes it harder.
What an Audit Trail Must Contain According to FAU Expectations
The law does not explicitly prescribe the technical format of an audit trail. But Section 9(1) and FAU methodological expectations make clear what must be traceable:
| Required data point | Paper | Digital system |
|---|---|---|
| Date and time of the check | manual entry (unreliable) | automatic timestamp |
| Identity of the person who performed the check | signature (often illegible) | name and role |
| Sanctions list used and its version | not specified | automatically recorded source |
| Result with reasoning | “NO” | structured output with matching details |
| 10-year retention (Section 16) | physical archive | cloud archiving with retention |
See our FAU inspection preparation checklist — 14 questions that reveal weak spots in your documentation before an inspector arrives.
How to Prepare in One Day
If you know an FAU inspection is coming, go through this checklist:
- Check the date of the last internal policies update — it should be within the last 12 months.
- Verify that every client record contains the date of PEP and sanctions checks and the source used.
- Review employee training records for the last 12 months — dates, names and content.
- Make sure the designated contact person is appointed in writing and is actually reachable.
- Check whether the risk assessment under Section 21a reflects your current client portfolio.
If one or more items cannot be completed within an hour, that is a signal for a system change — not for a one-off paper fix before an inspection. A digital AML system helps mainly because it does not leave the audit trail until the last minute.
Prepare for an FAU inspection today
You can set up a digital AML system in one day. Paper documentation may not protect you during an FAU inspection.
Start with AML PROOF