CMS Expert Guide to AML and CTF law and regulation in CEE

Overview of relevant laws and regulations

  • Act No. 253/2008 Coll., on certain measures against money laundering and financing of terrorism (the “AML Act”);
  • Decree No. 281/2008 Coll., on certain requirements for the system of internal policies, procedures and control measures against money laundering and terrorist financing (the “AML Decree”);
  • Act No. 40/2009 Coll., Criminal Code;
  • Act No. 69/2006 Coll., on carrying out of international sanctions (the “International Sanctions Act”),
  • The Anti-Money Laundering and Financing of Terrorism Act, adopted in 2017, and amended in 2018 and 2019 (the “AML Act”) and supporting bylaws;
  • Limitation of Disposal of Property to prevent Terrorism and trade in Weapons of Mass Destruction Act adopted in 2015 and amended in 2017 and 2018 (the “Limitations Act”) and supporting bylaws;
  • The Central Registry of Ultimate Beneficial Owners Act adopted in 2018 and amended (“UBO Act”) and supporting bylaws.

2. Are the 4th AML Directive and the 5th AML implemented in your jurisdiction?

Yes, the 4th AML Directive was implemented into Czech law via Act No. 368/2016 Coll. which amends (i) the AML Act; (ii) the International Sanctions Act; (iii) Act No. 304/2013 Coll., on public registers of legal entities and individual persons; and other acts. 

The 5th AML Directive is currently being implemented into two separate acts: (i) an amendment act which will amend the AML Act and Act No. 186/2016 Coll., on hazardous games; and (ii) a new act on the Ultimate Beneficial Owner Registry. 

Yes, with the adoption of the AML Act the basic provisions of the 4th AML Directive were implemented. Additional amendments to the AML Act were adopted in December 2019 implementing the provisions of the 5th AML Directive.

3. Which is the AML/CTF supervisory authority in your jurisdiction?

The Financial Analytics Office is the main AML/CTF supervisory authority. Other authorities authorised to monitor compliance with the key obligations under the AML Act in certain sectors include the Czech National Bank, the Ministry of Finance, and the Czech Inspection Authority. 

The Administration for the Prevention of Money Laundering (the “Administration”) is the main AML/CTF supervisory authority. This body is part of the Ministry of Finance and has the authority to collect, store, investigate, analyse and disclose to the competent authorities documents and data as well as to conduct other procedures aimed at counteracting money laundering and financing terrorism, in accordance with the AML Act.

Other authorities authorised to monitor compliance with the key obligations under the AML Act in certain sectors include the National Bank of the Republic of Serbia, the Securities Commission, the National Customs Agency, and the Republic of Serbia Gambling Authority. 

4. Who are the obliged/reporting entities in your jurisdiction? Are there any local derogations from the scope of the obliged entities as provided for in the 4th and 5th AML Directives? 

There are almost 40 categories of reporting entities under the AML Act, including banks, financial institutions, operator of hazardous games, persons active in the real estate industry and intermediaries in the field, notaries, attorneys etc. In the Czech Republic, the scope of reporting entities under the AML Directives is extended also to include persons authorised to conduct business at cultural sites or with items of cultural value, persons authorised to conduct business with used goods or intermediaries in the field, national administrators of registries of permits and persons providing services connected with virtual currencies. 

Under the AML Act, a large number of entities have this duty and they include banks, financial institutions, payment services providers, insurance companies and intermediaries. In this regard, the entirety of the full scope of the obliged entities is covered, but in Serbia, the scope of the obliged entities under the AML Directives is extended to also include attorneys when they assist in certain types of transactions. 

The KYC requirements in the Czech Republic follow the requirements of the 4th and 5th AML Directives and include the following minimum information:

  • Individual persons: name, surname, birth certificate number, date of birth (if birth certificate number is not provided), place of birth, permanent or other residence, citizenship and if the person is the entrepreneur, also company name, place of business and the identification number;
  • Legal entities: company name, registered seat, identification number, identification data on persons who are members of the company’s statutory bodies which enable their identification;
  • Trust funds and other institutions without a legal personality: title, identification data of the administrator or of a person in a similar position. 

To facilitate the obligations of the reporting entities, the AML Act provides a general obligation on commercial companies, trust funds, associations, public legal entities, foundations, and institutes to disclose their UBOs to the court which keeps the relevant register, e.g. commercial companies will register at the court maintaining the commercial register. Please note that the UBO registry is not publicly accessible.

The KYC requirements in the AML Act follow the requirements of the 4th and 5th AML Directives.

The AML Act obliges reporting entities to acquire information regarding the UBO’s of their clients (customers). The UBO Act governs the establishment, content, bases of recording and manner of keeping the Central Register of beneficial owners of legal entities and other entities registered in the Republic of Serbia. The UBO Act provides a general obligation on all entities to disclose their UBOs to the Central Registry. 

6. Is there any legislation in your country allowing for online/digital onboarding of customers? What are the restrictions, if any?

Yes, the legislation in various sectors, such as the banking sector, allows for the digital onboarding of customers, provided that the requirements for customer identification and customer verification under the AML Act are observed.  

Yes, the legislation in various sectors, such as the banking sector, allows for the digital onboarding of customers, provided that the requirements for customer identification and customer verification under the AML Act are observed. Still, this method of onboarding of customers is not widely used in practice, and so far only a handful of obliged entities have adopted full online onboarding of customers, while many more are frequently using digital tools to make the onboarding of customers user friendly and save time.

7. What are the other main obligations of the reporting entities? Do the obligations of some of them go beyond those required by the 4th and 5th AML Directives in terms of internal safeguards, KYC duties, reporting obligations, etc.?

The main obligations of the reporting entities under the AML Act follow the 4th and 5th AML Directives. These include customer due diligence (CDD), the collection of information and documents and their storage, an assessment of the risk of money laundering and terrorist financing, and the disclosure of information on suspicious operations, transactions and customers. The Czech AML Act further specifies requirements for a system of internal principles, risk assessment, staff training and information obligation.

The reporting entities’ obligations under the AML and CTF Act follow the 4th and 5th AML Directives. These include customer due diligence (CDD), the collection and storage of information and documents; an assessment of the risk of money laundering and terrorist financing, and the disclosure of information on suspicious operations, transactions and customers. There are no obligations that go beyond the scope of the AML Directives.

8. Is a National Risk Assessment adopted in your jurisdiction? If yes, what are the main identified risks?

Yes, the first round of the National Risk Assessment for Money Laundering and Terrorist Financing (the “NRA”) was finalised and approved on 9 January 2017 by the Government of the Czech Republic (the idea is to repeat the NRA regularly). 

The NRA report provides an assessment of the role of each public authority entrusted with the task of enforcing the AML and individual controlling mechanisms.

The NRA report provides a strategy and useful measures for monitoring and limiting the risks of money laundering and terrorist financing regarding the following bodies:

  • financial institutions;
  • mobile payment services providers;
  • insurers;
  • legal and advisory services;
  • service providers for companies and trust funds.

The main identified risks include: 

  • tax-related crimes followed by money laundering;
  • corruption followed by money laundering;
  • interference with public procurement followed by money laundering;
  • public aid crimes followed by money laundering;
  • terrorist financing; and
  • drug-related crimes followed by money laundering.

Yes, a National Risk Assessment for Money Laundering and Terrorist Financing (the “NRA”) was adopted on 31 May 2018 in Serbia. Based on this risk assessment, Serbia has adopted the Strategy and the Action plan for implementing the Strategy for the Fight against Money Laundering and Financing of Terrorism, 2020–2022. These documents provide a strategy and useful measures for monitoring and limiting the risks of money laundering and financing terrorism.

The NRA provides a strategy and useful measures for monitoring and limiting the risks of money laundering and terrorist financing. The sectors that are most exposed to money laundering threats are the real estate sector, the organisation of games and the banking sector, followed by the exchange office, casinos and accountants.

9. What are the main CTF measures in your country?

The AML Act prescribes a number of key obligations that must be respected to the maximum extent by all reporting persons and all individuals and legal entities: 

  • client identification and control obligation;
  • information obligation;
  • reporting obligation;
  • obligation to postpone client’s instruction;
  • preventive measures obligation;
  • obligations related to transfers of funds;
  • reporting obligation regarding cross-border transfers;

Measures adopted in response to a breach of these obligations will depend on the nature of the breach, e.g. an assessment of whether the nature of the breach amounts to civil or criminal liability.

The only measures provided under the AML and CTF Act relate to KYC, and include a prohibition on providing financial services, funds and other financial assets and economic resources if these cannot be carried out properly. 

Following suspicious activity, the Administration must be notified and will carry out an investigation or monitor the subject.

10. What are the criminal and/or regulatory and/or other risks for corporate bodies/directors/employees under your national law if failing to comply with AML/CTF legislation? Is there regular enforcement of the AML/CTF legislation in your country?

Money laundering and terrorist financing are criminalised under the Czech Criminal Code as standalone crimes. The legalisation of the proceeds of crime is subject to imprisonment up to ten years. Terrorist financing is subject to imprisonment up to 15 years. Further sanctions, such as forfeiture of property etc., can be imposed.

Czech law recognises corporate criminal liability, therefore companies may also be criminally liable for money laundering and terrorist financing. There is a wide range of sanctions which can be imposed on legal entities, e.g. dissolution of the company, forfeiture of property, monetary penalty, and publishing the judgment. 

The AML Act provides a range of sanctions for non-compliance with the key obligations and sets out individual fines and penalties depending on the type of infringement, the type of infringer (an individual or entity or type of entity, banks, insurers, etc.).

The Serbian Criminal Code recognises both money laundering and financing terrorism as standalone criminal offences. Predicate crimes that are committed either in or outside Serbia can support a money laundering charge brought in Serbia. 

The penalties prescribed in the Criminal Code for money laundering are:

  • imprisonment for a period of six months up to 12 years depending on the sum of the laundered money and circumstances, as well as a fine;
  • the funds which were laundered will be confiscated.

The penalties prescribed in the Criminal Code for financing terrorism are:

  • imprisonment from one to ten years and the funds used to fund terrorism will be confiscated.

Legal entities can, in principle, bear criminal liability under Serbian law. Namely, the Responsibility of Legal Entities Act states that if a legal entity has enriched itself through the proceeds of a crime committed by an employee or a director, the legal entity can be sanctioned with a fine. This fine ranges from RSD 100,000 (EUR 850) up to RSD 500,000,000 (EUR 4,250,000) and will depend on the jail time prescribed for the criminal offence committed by the employee or director.

The AML Act provides a range of sanctions for non-compliance with the key requirements, such as customer checks, record-keeping, and suspicious transaction reporting. The sanctions take the form of fines and penalties which vary depending on the type of the infringement and range from RSD 50,000 (EUR 425) to RSD 3,000,000 (EUR 25,500), for the legal entity and RSD 10,000 (EUR 85) to RSD 200,000 (EUR 1700) for the responsible person.

Banks and other special categories of obliged entities are fined in accordance with the Banks Act.

Further, the Registry Agency as administrator of the Central UBO Register may also impose fines for non-compliance.

The number of prosecutions, convictions and administrative sanctions has increased in recent years.  

Picture of Tomas Matejovsky
Tomáš Matĕjovský
Partner
Prague
Lukas Valusek
Lukas Valusek
Senior Associate
Prague
Picture of Radivoje Petrikic
Radivoje Petrikić
Partner
Vienna
Milica-Popovic-CMS-MN
Milica Popović
Partner
Belgrade