In recent years, the AML Act has been significantly tightened not only in the Czech Republic but across Europe. From 2026, it is imperative to fulfill all your AML obligations 100%, driven by the newly established EU AML authority (AMLA). This guide outlines what AML is, who it applies to, and how to manage it without unnecessary stress.
Table of contents
- 1. What is AML and why should you care?
- 2. Who is an AML obliged entity under the law (for 2026)
- 3. Client Identification, KYC Check, and the AML Questionnaire Template
- 4. AML Training: A Requirement for Staff
- 5. AML training — mandatory for employees
- 6. What 2026 brings — new obligations
- 7. How to start — practical steps
1. What is AML and why should you care?
AML stands for Anti-Money Laundering. It is a set of rules and procedures designed to protect the economic space from dirty money. In the broader context of 2026, these regulations mandate an active stance from your business.
Enforcement of these rules will become stricter starting in 2026, overseen by the nascent European AMLA body. It's no longer just about signing a paper and storing it in a drawer. If you are an obliged entity under AML, you must know your clients and prove it continuously.
2. Who is an AML obliged entity under the law (for 2026)
The most common mistake is believing that AML only applies to large banks or cryptocurrency exchanges. The truth is that so-called obliged entities under the AML Act cover a much broader range of professions.
- Financial institutions (§ 2(1)(a)–(b))
Banks, savings banks, insurance companies, payment institutions, pension funds, currency exchanges, investment firms. - Gambling (§ 2(1)(c))
Casinos, online betting — excluding tombola and non-online bingo. - Real estate (§ 2(1)(d))
Real estate agents (including rentals), persons buying or selling property in their own name, auctioneers conducting property auctions. - Accounting and tax professions (§ 2(1)(e))
Auditors, tax advisors, accountants — the typical target audience of AML PROOF. - Legal professions (§ 2(1)(f)–(g))
Attorneys, notaries, court bailiffs, insolvency administrators. - Corporate service providers (§ 2(1)(h))
Providers of services for limited liability companies and trusts (formation, administration, registered office). - Virtual assets (§ 2(1)(l))
Cryptocurrency exchanges, custody services, trading platforms. - Cash traders (§ 2(1)(i)–(n) and § 2(2)(e))
Pawnshops, dealers in art, gold, and antiques — for cash payments of EUR 10,000 or more.
Check if you are an obliged entity
Unsure which category you fall into? Run our quick 3-minute test and get a definitive answer instantly.
3. Client Identification, KYC Check, and the AML Questionnaire Template
If you are an obliged entity, you must not initiate a transaction or provide a service without proper "client identification and control". This is where the famous AML questionnaire comes into play. Professionals often look for an "AML questionnaire template", but the authorities recommend a nuanced approach adapted to your specific field.
- Internal Policy Framework (SVZ) — § 21
Written document describing how your firm performs AML obligations. The FIU asks for it first during an inspection. - Risk assessment — § 21a
Written assessment of money laundering risks specific to your activity. Part of the internal policy framework. - Client identification — § 7–8
Before entering into a business relationship, you must verify the client's identity. - Client due diligence — § 9
Identify the ultimate beneficial owner, purpose of the transaction, source of funds, and screen against sanctions lists and politically exposed persons. - Ongoing monitoring of the business relationship — § 9(1)
Client checks are not a one-off — you monitor them throughout the entire business relationship. - 10-year record retention — § 16
All documentation must be retained for 10 years after the business relationship ends. - Suspicious transaction reporting to FIU — § 18
If you identify a suspicious transaction, you are required to report it to the Czech Financial Intelligence Unit (FIU). - Sanctions screening — Act No. 69/2006 Coll.
Every client must be screened against EU and UN sanctions lists. - Staff training under § 23
At least once every 12 months, and always before assignment to a relevant role. - designated person (Section 22a) — § 22a
Member of the statutory body responsible for AML compliance. - FIU contact person — § 22
From February 2025, most obliged entities must notify the FIU of a contact person within 30 days. Exception: attorneys and notaries. - Whistleblowing — Act No. 171/2023 Coll.
Since August 2023, an internal reporting system is mandatory for all obliged entities.
4. AML Training: A Requirement for Staff
The law mandates that regular AML training must be conducted for every employee and person in a comparable position who comes into contact with transactions. Furthermore, you are required to keep a precise record of this, also known as the "AML training protocol".
Instead of paying high fees for physical training seminars and losing valuable time, online certified training courses are an efficient way to automate the process and ensure instant proof of compliance for auditors.
The Act distinguishes three levels of client due diligence:
- Simplified client due diligence (§ 14) — for low-risk clients and situations expressly listed in the Act
- Standard client due diligence (§ 9) — the basic obligation for all clients
- Enhanced identification and client due diligence (§ 9a, § 13) — for politically exposed persons, high-risk clients, or high-risk third countries
You must document the outcome of due diligence and retain it for 10 years.
5. AML training — mandatory for employees
The Act requires regular AML training for every employee who may encounter a suspicious transaction in the course of their work. On top of that, you must keep records — a so-called "AML training protocol".
The Act (§ 23) requires training:
- Before assignment to the relevant role
- At least once every 12 months
- Whenever the SVZ or risk assessment changes
Training records must be retained for at least 5 years (§ 23(2)). Failure to provide training is subject to a fine of up to CZK 10,000,000 (approx. EUR 400K) (§ 48(6)).
6. What 2026 brings — new obligations
2025 and 2026 have brought or are bringing the following changes:
All obliged entities (except attorneys and notaries) must notify the FIU of a contact person for ongoing communication. Deadline: 30 days from becoming an obliged entity. Penalty for non-compliance: up to CZK 10,000,000 (approx. EUR 400K).
The amendment has tightened requirements for identity verification and client due diligence.
EU Regulation 2024/1620 establishes the Anti-Money Laundering Authority headquartered in Frankfurt. From 2027, part of the rulebook will be directly applicable without transposition — Act No. 253/2008 Coll. will be substantially revised.
7. How to start — practical steps
If you don't know where to start, proceed as follows:
- Check whether you are an obliged entity → our test at /obligatorytest
- Prepare a risk assessment (§ 21a)
- Prepare the internal policy framework, SVZ (§ 21)
- Notify the FIU of a contact person (§ 22)
- Train your employees (§ 23)
- Set up the client identification and due diligence process (§ 7–9)
AML PROOF guides you through every step automatically.