Obligations of obliged entities and penalties for non-compliance
Overview of obligations under the AML Act (No. 253/2008 Coll.) and the Act on the Implementation of International Sanctions (No. 69/2006 Coll.).
Who are obliged entities and what are their obligations?
Act No. 253/2008 Coll. on certain measures against the legalisation of proceeds of crime and the financing of terrorism (the AML Act) imposes specific obligations on selected businesses and institutions — so-called obliged entities (§ 2).
Check whether you are an obliged entity under the AML Act
An obliged entity is a subject designated by law (a “gatekeeper” of the financial system) whose business activity presents an increased risk of being misused for money laundering or terrorist financing. The law engages these businesses and institutions in the prevention system because, within their profession, they routinely mediate financial transactions, manage third-party assets, incorporate companies, or execute high-value transactions. Besides traditional credit and financial banks, obliged entities include so-called non-financial professions — for example, real estate agents, accountants, auditors, tax advisors, attorneys, notaries, dealers in precious metals, or providers of virtual asset services. Once your business falls within any of the sectors listed in § 2 of the AML Act, the obligations described below automatically apply to you.
Obligations applicable to all obliged entities
Every obliged entity, regardless of sector, must prepare a risk assessment and an internal policy framework (SVZ), perform client identification and due diligence, retain records, report suspicious transactions to the Czech Financial Intelligence Unit (FIU, FAÚ), and ensure regular training of employees and persons in similar positions.
Sector-specific obligations
Some types of obliged entities are subject to additional rules. For example, real estate agents must notify their SVZ directly to the FIU, while attorneys and notaries submit Suspicious Transaction Reports (STRs) through their professional chamber.
Non-compliance is subject to administrative penalties — fines reach up to CZK 50,000,000 (approx. EUR 2M) in the most serious cases.
Obligations applicable to all obliged entities
| Obligation | § of the Act | Penalty for non-compliance |
|---|---|---|
| Prepare a risk assessment | § 21a(2) | up to CZK 1,000,000 (approx. EUR 40K) (§ 48(7)) |
| Keep the risk assessment up to date | § 21a(3) | up to CZK 1,000,000 (approx. EUR 40K) (§ 48(7)) |
| Prepare an internal policy framework (SVZ) | § 21(2) | up to CZK 1,000,000 (approx. EUR 40K) (§ 48(7)) |
| Establish an internal reporting (whistleblowing) system | § 21(6) | up to CZK 10,000,000 (approx. EUR 400K) (§ 48(9)) |
| Designate the designated person (Section 22a) in writing | § 22a | up to CZK 1,000,000 (approx. EUR 40K) (§ 48(7)) |
| Notify the FIU of a contact person | § 22 | up to CZK 1,000,000 (approx. EUR 40K) (§ 48(7)) |
| Perform client identification | § 7–8 | up to CZK 10,000,000 (approx. EUR 400K) (§ 44(3)) |
| Perform client due diligence | § 9 | up to CZK 10,000,000 (approx. EUR 400K) (§ 44(3)) |
| Continuously monitor the business relationship | § 9(1) | up to CZK 10,000,000 (approx. EUR 400K) (§ 44(3)) |
| Refuse the transaction if the client cannot be identified or subjected to due diligence | § 15(1) | up to CZK 10,000,000 (approx. EUR 400K) (§ 44(1)(c)) |
| Do not execute a transaction with a PEP without a known source of funds | § 15(2) | up to CZK 10,000,000 (approx. EUR 400K) (§ 44(3)) |
| Screen clients against sanctions lists | Act No. 69/2006 Coll. | up to CZK 50,000,000 (approx. EUR 2M) (§ 19(3)(a)) |
| Report suspicious transactions to the FIU | § 18 | up to CZK 5,000,000 (approx. EUR 200K) (§ 46(2)) |
| Maintain confidentiality about the report and investigation of a suspicious transaction | § 38 | up to CZK 200,000 (approx. EUR 8K); up to CZK 1,000,000 (approx. EUR 40K) where it frustrates the seizure of proceeds (§ 43(4), (5)) |
| Retain records for 10 years | § 16 | up to CZK 10,000,000 (approx. EUR 400K) (§ 44(1)(d)) |
| Ensure training of employees and persons in similar positions | § 23(1), (2) | up to CZK 5,000,000 (approx. EUR 200K) (§ 48(8)) |
| Maintain training records for 5 years | § 23(4) | up to CZK 5,000,000 (approx. EUR 200K) (§ 48(8)) |
Sector-specific obligations by type of obliged entity
Attorneys
| Obligation | § of the Act and penalty |
|---|---|
| Submit STRs through the Czech Bar Association | § 27(3) |
| Exemption from certain obligations in legal advice and representation | § 27(1), (2) |
Notaries
| Obligation | § of the Act and penalty |
|---|---|
| Submit STRs through the Notarial Chamber of the Czech Republic | § 27(3) |
| Exemption from certain obligations in legal advice and representation | § 27(1), (2) |
Auditors
| Obligation | § of the Act and penalty |
|---|---|
| Submit STRs through the Chamber of Auditors of the Czech Republic | § 26(3)(a) |
Tax advisors
| Obligation | § of the Act and penalty |
|---|---|
| Submit STRs through the Chamber of Tax Advisors of the Czech Republic | § 26(3)(c) |
Court bailiffs
| Obligation | § of the Act and penalty |
|---|---|
| Submit STRs through the Chamber of Court Bailiffs of the Czech Republic | § 26(3)(b) |
Real estate agents and gambling operators
| Obligation | § of the Act and penalty |
|---|---|
| Notify the SVZ to the FIU (60-day deadline, 15 days for changes) | § 21(8) — penalty up to CZK 1,000,000 (approx. EUR 40K) (§ 48(7)) |
Insolvency and restructuring administrators
| Obligation | § of the Act |
|---|---|
| Report suspicious transactions to the FIU | § 18 |
| Notify the FIU of a contact person | § 22 |
| Comply with the duty to provide information | § 24(1) and (3) |
| Maintain confidentiality | § 38 |
Trust administrator
A trust administrator (§ 2(1)(l) of Act No. 253/2008 Coll.) is subject to the general obligations applicable to all obliged entities — with no specific exemptions or different regime.
Notes on interpretation
Abbreviations
- OPO = STR = Suspicious Transaction Report
- SVZ = internal policy framework (internal compliance document)
- FAÚ = FIU = Financial Intelligence Unit (the Czech FIU is FAÚ — Finanční analytický úřad, the supervisory authority for AML)
- PEP = politically exposed person
- ČAK = Czech Bar Association (Česká advokátní komora)
On sanctions screening
The obligation to screen clients against sanctions lists stems from both Act No. 253/2008 Coll. (§ 9(2)) and Act No. 69/2006 Coll. on the Implementation of International Sanctions. Penalties for breaches under Act No. 69/2006 Coll. reach up to CZK 50,000,000 (approx. EUR 2M) (§ 19(3)(a)) — the highest single penalty in the entire AML framework.
On confidentiality (§ 38)
The obliged entity must not inform the client or third parties that:
- a Suspicious Transaction Report has been filed,
- an FIU investigation is in progress.
Breach of basic confidentiality: up to CZK 200,000 (approx. EUR 8K). Where it frustrates the seizure of proceeds of crime: up to CZK 1,000,000 (approx. EUR 40K).
On notifying the SVZ to the Financial Intelligence Unit
Real estate agents and gambling operators must:
- notify their SVZ to the FIU within 60 days of the obligation arising,
- notify any change to the SVZ within 15 days.
Penalty for non-compliance: up to CZK 1,000,000 (approx. EUR 40K) (§ 48(7) of Act No. 253/2008 Coll.)
Mapping the Law to AML PROOF Features
| Section | Title | Feature in AML PROOF | Status |
|---|---|---|---|
| Section 7 | Customer identification | Identification section in the obliged entity's checklist | ✅ Implemented |
| Section 8 | Methods of identifying individuals and legal entities | Tools for secure processing of ID cards and registry extracts | ✅ Implemented |
| Section 9 | Customer due diligence | Comprehensive customer due diligence — purpose of transaction, beneficial owner, ownership structure, ongoing monitoring, source of funds | ✅ Implemented |
| Section 9(2)(b) | Monitoring ultimate beneficial owner information | Beneficial owner field + connection to the UBO register | ✅ Implemented |
| Section 9a | Enhanced Identification and Customer Due Diligence (Section 9a) | Enhanced identification and customer due diligence workflow — document collection, multi-source verification, enhanced monitoring, approval by designated person | ✅ Implemented |
| Section 9b | Failure to conduct due diligence | Recording the reason for failure to conduct due diligence + automatic connection to STR form (Section 18(7)) | 📋 Planned |
| Section 11 | Remote customer identification | Online onboarding — submission of ID copies, verification without physical presence | ✅ Implemented |
| Section 13 | Simplified customer due diligence (SDD) | Simplified due diligence for low-risk clients | ✅ Implemented |
| Section 15 | Non-execution of a transaction | Transaction rejection / client blocking | ✅ Implemented |
| Section 15a | Discrepancies in the register of beneficial owners | Alert upon detecting a discrepancy in the UBO register | 📋 Planned |
| Section 16 | Record keeping | Secure archive and data logging in the platform | ✅ Implemented |
| Section 17a | Personal data protection in AML activities | Limitation of information obligation towards the data subject when fulfilling AML obligations | ✅ Implemented |
| Section 18 | Suspicious transaction reporting (STR) | FAU reporting form | ✅ Implemented |
| Section 20 | Deferral of client order execution | Deferral of client order execution — transaction blocking for 24 hours in case of suspicious transaction | ✅ Implemented |
| Section 21 | System of internal policies, rules and procedures | Internal policies generator and AML documentation | ✅ Implemented |
| Section 21a | Risk assessment | Customer risk assessment and business-level risk assessment | ✅ Implemented |
| Section 22 | Contact person | Contact person settings in the user profile | ✅ Implemented |
| Section 22a | Designated person (Contact Person (FAÚ)) | Role allocation and designated person settings in the team section | ✅ Implemented |
| Section 23(1), (2) | Training of persons pursuant to § 23 | Team training module | ✅ Implemented |
| Section 23(4) | Record of training (5 years) | Archive of completed training records | ✅ Implemented |
The obligation of sanctions screening stems from Act No. 69/2006 Coll., Section 19(3)(a) — penalties for violation up to 50,000,000 CZK (approx. EUR 2M). Sanctions screening is implemented as part of customer due diligence (Section 9).
Potřebujete pomoci s plněním AML povinností?
Máme připravené všechny postupy a metodiky pro snadné plnění vašich zákonných povinností.