Client identification and due diligence under the AML Act
Overview of procedures, triggers, and measures for client due diligence under Act No. 253/2008 Coll.
Framework for client due diligence
Client due diligence is a key tool for preventing money laundering and terrorist financing. The law distinguishes three basic levels:
Simplified
Applies only where the lower risk is duly justified in the risk assessment under § 21a, the category is not designated as risky at the national level, and the conditions for enhanced due diligence are not met (§ 13(1)).
Standard
The basic scope of verification under § 9 — applies whenever the conditions for simplified or enhanced due diligence are not met.
Enhanced
Mandatory for PEPs, high-risk third countries, or increased risk identified in the risk assessment (§ 9a(1), (2)).
Incorporation of the National Risk Assessment into Practice
Our system automatically detects risks according to the current National Risk Assessment report. Ongoing monitoring of the business relationship immediately reveals attempted structuring of payments (sub-limit transactions). For one-off real estate transactions and for clients operating in cash-intensive sectors, the system automatically adjusts the risk profile and flags the need for enhanced customer due diligence in accordance with Act No. 253/2008 Coll.
When does the obligation to conduct customer due diligence arise? (Section 9(1))
The obligation to conduct customer due diligence does not arise automatically at every contact — it requires a specific statutory trigger.
| Situation | Statutory provision |
|---|---|
| Establishment of a business relationship | Section 9(1)(b) in conjunction with Section 7(2)(b) |
| Suspicious transaction | Section 9(1)(b) in conjunction with Section 7(2)(a) |
| One-off transaction of EUR 15,000 or more | Section 9(1)(a) point 1 |
| Transaction with a politically exposed person | Section 9(1)(a) point 2 |
| Client whose country of origin is a high-risk third country | Section 9(1)(a) point 3 |
| Client identified remotely under Section 11(7) | Section 9(1)(a) point 4 |
| Transfer of funds of EUR 1,000 or more | Section 9(1)(a) point 6 |
| Throughout the duration of the business relationship (ongoing obligation) | Section 9(1)(c) |
Standard client due diligence (§ 9)
| What the check involves | § of the Act |
|---|---|
| Obtaining information on the purpose and nature of the transaction or business relationship | § 9(2)(a) |
| Identification of the beneficial owner and verification from reliable sources. Where the client is subject to registration in the beneficial ownership register or an equivalent register, the obliged entity shall always verify the beneficial owner from that register or equivalent register and at least one additional source. The obliged entity shall also establish whether the beneficial owner is a politically exposed person or a sanctioned person. | § 9(2)(b) |
| Determining the ownership and control structure of a legal entity or trust | § 9(2)(c) |
| Ongoing monitoring of the business relationship and review of transactions | § 9(2)(d) |
| Review of the source of funds or other assets | § 9(2)(e) |
| Reasonable measures to establish the source of wealth of a PEP | § 9(2)(f) |
Simplified client identification and due diligence (§ 13)
Applies only where all three conditions are met cumulatively: (a) the lower risk is duly justified in the risk assessment under § 21a, (b) the category is not designated as risky at the national level, (c) the conditions for enhanced identification and due diligence are not met (§ 13(1)).
| Condition | § of the Act |
|---|---|
| Lower risk justified in the risk assessment | § 13(1)(a) |
| Category not designated as risky at the national level | § 13(1)(b) |
| Conditions for enhanced due diligence not met | § 13(1)(c) |
Steps that cannot be omitted even under simplified identification and CDD (Section 13(2))
Simplified identification and customer due diligence does not mean skipping steps — the law sets a minimum that must always be completed.
| Required step | Statutory provision |
|---|---|
| Verify and record that the conditions of Section 13(1) are met (justification of lower risk) | Section 13(2) |
| Establish and record the identification data of the client and any person acting on behalf of the client | Section 13(2) in conjunction with Section 5 |
| Verify that the client and the acting person are not a politically exposed person or a sanctioned person | Section 8(8) |
| Identify the beneficial owner and verify their identity from reliable sources (register + one additional source) | Section 9(2)(b) |
| Verify that the beneficial owner is not a politically exposed person or a sanctioned person | Section 8(8) |
| Record the procedure used to identify the beneficial owner | Section 9(6)(a) |
Simplified identification and customer due diligence shall not be applied where there are doubts about whether the conditions for its use are met (Section 13(4))
Enhanced client identification and due diligence (§ 9a)
Subsection A — Mandatory triggers (§ 9a(2))
| Trigger | § | When |
|---|---|---|
| PEP | § 9a(2)(c) | Before the transaction or when entering the business relationship |
| Client from a high-risk third country | § 9a(2)(a) | Both at the start and throughout the business relationship |
| Transaction connected with a high-risk third country | § 9a(2)(b) | Before the transaction is executed |
Subsection B — Risk factors based on risk assessment (Section 21a + Section 7 of Decree No. 67/2018 Coll.)
Client risk factors (Section 7(2) of Decree No. 67/2018 Coll.)
| Factor | § |
|---|---|
| Business relationship entered under unusual circumstances | Section 7(2)(a) Decree |
| Client from a geographic area of higher risk | Section 7(2)(b) Decree |
| Personal asset-holding vehicle (trust, holding company) | Section 7(2)(c) Decree |
| Nominee shareholders or bearer shares | Section 7(2)(d) Decree |
| Client makes significant use of cash | Section 7(2)(e) Decree |
| Unusual or complex ownership structure | Section 7(2)(f) Decree |
| Life insurance beneficiary | Section 7(2)(g) Decree |
| Business activity associated with increased risk | Section 7(2)(h) Decree |
Product, service and delivery channel factors (Section 7(2) of Decree No. 67/2018 Coll.)
| Factor | § |
|---|---|
| Private banking | Section 7(2)(i) Decree |
| Products or transactions facilitating anonymity | Section 7(2)(j) Decree |
| Non-face-to-face transaction without security measures | Section 7(2)(k) Decree |
| Incoming payments from unknown or unrelated third parties | Section 7(2)(l) Decree |
| New products, new technologies, new delivery systems | Section 7(2)(m) Decree |
Geographic risk factors (Section 7(2) of Decree No. 67/2018 Coll.)
| Factor | § |
|---|---|
| Country without an effective AML regime (FATF, EU lists) | Section 7(2)(o) Decree |
| Country with high corruption or crime rates | Section 7(2)(p) Decree |
| Country subject to sanctions or embargo (EU, UN) | Section 7(2)(q) Decree |
| Country supporting terrorism or hosting terrorist organisations | Section 7(2)(q) Decree |
Recent amendments — new risk factors (2024)
| Factor | § |
|---|---|
| Negative information about the client or their beneficial owner obtained from media or other relevant sources | Section 7(2)(r) Decree — effective from 1 May 2024 (Amendment No. 108/2024 Coll.) |
| Transfer of virtual assets to or from an unhosted address | Section 7(2)(s) Decree — effective from 30 December 2024 (Amendment No. 403/2024 Coll.) |
Subsection C — Mandatory EDD measures (§ 9a(3))
| Measure | § |
|---|---|
| Additional documents on the ultimate beneficial owner | § 9a(3)(a) point 1 |
| Additional documents on the intended nature of the business relationship | § 9a(3)(a) point 2 |
| Source of funds and other assets (SoF/SoW) | § 9a(3)(a) point 3 |
| Verification from multiple reliable sources | § 9a(3)(b) |
| Regular and enhanced monitoring of the business relationship | § 9a(3)(c) |
| Approval of the designated person (Section 22a) or a person authorised by them for AML management, to enter into or continue the business relationship | § 9a(3)(d) |
| First payment from an account held in the client’s name | § 9a(3)(e) |
| Other measures based on the entity’s own risk assessment | § 9a(3)(f) |
Subsection D — Minimum measures by trigger type (§ 9a(4))
| Trigger | Minimum mandatory measures |
|---|---|
| High-risk third country (relationship or transaction) | at least measures under (3)(a) to (d) and (f) — further documents on beneficial owner, nature of relationship and source of funds/wealth; verification from multiple sources; enhanced monitoring; approval of designated person (Section 22a); other measures based on risk assessment |
| PEP | at least measures under (3)(a) point 3, (c) and (d) — source of funds and wealth; enhanced monitoring; approval of designated person (Section 22a) |
Notes on interpretation
Abbreviations
PEP (politically exposed person), SoF (source of funds), SoW (source of wealth), FAÚ (Financial Intelligence Unit — Czech Republic).
Non-exhaustive list
The list of risk factors in Annex 2 is non-exhaustive — an obliged entity may identify additional risk factors in its own risk assessment under § 21a.
High-risk third country
“High-risk third country” is defined by reference to directly applicable EU law — the current list is issued by the European Commission.
SoF and SoW
SoF = source of funds, SoW = source of wealth — these are not direct statutory terms, but their substance corresponds to § 9a(3)(a) point 3 (identifying the source of wealth and source of funds).
Potřebujete pomoci s plněním AML povinností?
Máme připravené všechny postupy a metodiky pro snadné plnění vašich zákonných povinností, včetně automatických procesů standardní i zesílené kontroly klienta.