Regular AML Reporting Towards the Czech National Bank:

Are you a foreign entity operating under Czech National Bank (ČNB) oversight? Navigating local Anti-Money Laundering (AML) compliance and regular reporting is mandatory but complex, especially for international businesses. This report provides specific answers and practical guidance on who, what, and when you must comply, helping you avoid crippling administrative fines.

Need advice on this topic? Contact the ARROWS law firm by email office@arws.cz or phone +420 245 007 740. Your question will be answered by "Mgr. Jáchym Petřík", an expert on the subject.

Why Czech AML Compliance is Critical for International Firms

The Czech Republic, as a stable member state of the European Union, imposes stringent Anti-Money Laundering (AML) regulations upon financial market participants and designated non-financial businesses. The regulatory framework is derived from relevant European Union legislation and directly applicable EU regulations, transposed into domestic law. This stringent environment is aimed at impeding the financing of terrorist organizations and money laundering.  

The primary national legislation governing these preventative measures is Act No. 253/2008 Coll., known as the AML Act. For corporate leaders, Chief Financial Officers (CFOs), and in-house counsel of foreign companies, understanding and rigorously adhering to these local requirements is essential for securing operational continuity. Non-compliance in this field poses a significant financial threat, with administrative penalties potentially reaching up to CZK 130 million.  

The ČNB's supervisory philosophy is proactive and holistic, focusing on maintaining the stability and integrity of the entire financial system. Consequently, all supervised entities must implement a high-quality, integrated internal control system, which forms the core of regulatory defense. 

Defining the AML Mandate: Core Legal Terms

The Czech legal environment is structured around specific concepts that every foreign entity must grasp to ensure effective compliance and reporting.

1. AML Act (Act No. 253/2008 Coll.): This is the foundational domestic legislation that defines selected preventative measures against the legitimization of proceeds of crime and the financing of terrorism.  
2. Obliged Entity: This term refers to any person or entity designated by the AML Act, such as banks, investment firms, payment institutions, and certain non-financial professionals (e.g., real estate agents, auditors) who are mandated to implement preventative AML measures.  
3. System of Internal Principles (SVZ or ŘKS): This is the comprehensive, mandatory written framework established by the Obliged Entity. It documents the internal policies, procedures, and control measures necessary to manage risk and comply with statutory obligations.  

What Do You Need to Comply With? Defining Your Oversight

The Regulatory Landscape: CNB vs. FAU – Understanding Dual Oversight

Compliance in the Czech Republic involves navigating the requirements of two key governmental bodies that cooperate closely.  

ČNB’s Role (Systemic Supervisor)

The Czech National Bank (ČNB) serves as the single, unified supervisory authority for the entire Czech financial market, overseeing banking, capital markets, insurance, and payment systems. The CNB's integrated structure contrasts sharply with multi-agency systems found in countries like the United States or the dual-regulator system in the United Kingdom.

The CNB primarily scrutinizes the adequacy and effectiveness of the firm's overall governance structure, specifically focusing on the internal control system (SVZ/ŘKS) as a measure of sound operational practice.  

FAU’s Role (AML Enforcement)

The Financial Analytical Unit (FAU) operates as the dedicated Financial Intelligence Unit (FIU) of the Czech Republic. The FAU's mandate includes receiving, investigating, and analyzing Suspicious Transaction Reports (STRs) from Obliged Entities. The FAU is the coordinator of the national risk assessment process, and it acts as a control and administrative body authorized to impose sanctions for breaches of preventative AML duties.  

The Importance of Internal Governance Architecture

For international firms operating under ČNB supervision, the administrative risk is heavily weighted toward the structural and systemic effectiveness of their compliance architecture. When the ČNB imposes significant fines, such as the CZK 20 million penalty levied against Expobank CZ, the stated reason frequently points to the failure to possess an "effective managing and control system" (ŘKS).

This confirms that the highest administrative risk stems from the regulator’s judgment of the structure and documentation of the firm's compliance framework (the SVZ) rather than solely focusing on isolated failures in transaction reporting. Therefore, sophisticated foreign entities must allocate resources to creating a comprehensive, documented, and auditor-ready SVZ, a process in which ARROWS specializes.

Our experts on the topic:

Who is an Obliged Entity Subject to ČNB Supervision?

Foreign entities that operate financial services within the Czech Republic, typically through a license or a local branch, are subject to ČNB supervision. This group includes, but is not limited to, the following regulated participants :  

• Investment firms and foreign investment firm branches.
• Banks and branches of foreign banks.  
• Payment institutions and electronic money institutions.
• Insurance and reinsurance companies.

The ČNB also enforces the requirement for a genuine physical presence in the Czech Republic. The regulator strictly rejects "letterbox companies" without real substance or local management, as this lack of local control can be grounds for license revocation.  

How Does Czech Supervision Differ from the UK and Germany?

For multinational corporations and financial groups accustomed to other European regulatory models, the unified nature of the ČNB's supervision represents a significant procedural difference.  

Jurisdiction	Regulatory Model	AML Oversight Structure
Czech Republic	Unified Integrated Supervisor (ČNB)	CNB oversees all prudential, market conduct, and governance risks, including the adequacy of the AML internal control system (SVZ).
United Kingdom	Dual-Regulator (PRA/FCA)	Prudential Regulation Authority (PRA) handles prudential supervision for systemic firms; Financial Conduct Authority (FCA) oversees market conduct and prudential supervision for others.
Germany	Shared Responsibility (BaFin/Bundesbank)	Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) shares supervisory responsibilities with the German Federal Bank (Deutsche Bundesbank).

The integrated mandate of the ČNB means that AML risk is never assessed in isolation. Instead, it is evaluated holistically within the firm’s entire enterprise risk framework, often through processes such as the Supervisory Review and Evaluation Process (SREP). This contrasts with dual-regulator systems where AML compliance might be segmented under a specific conduct authority.

Foreign firms must recognize that they cannot simply transfer international headquarters structures; they must integrate their local AML SVZ deeply into their overall risk governance, including responsibility maps and organizational charts, to demonstrably meet the ČNB’s high standard for integrated oversight.

Legal tips about Regulatory Scope

Question	Answer
Does the CNB Decree 67/2018 Sb. apply to all AML Obliged Entities?	No, the Decree specifically applies only to institutions supervised by the CNB, defining requirements for their internal AML systems (SVZ). Need legal consultation to confirm your status? Contact us at office@arws.cz.
What primary Czech law governs general AML duties like Customer Due Diligence?	The core duties, including identification, control, and Suspicious Transaction Reporting (STR), are defined by the Czech AML Act (Act No. 253/2008 Coll.). Our lawyers can draft documentation to prevent fines and penalties – email us at office@arws.cz.

What is the Required AML Reporting System?

The Foundation: Implementing a Robust Internal Control System (SVZ)

The System of Internal Principles (SVZ) is the primary line of documented defense against CNB regulatory scrutiny. Decree No. 67/2018 Sb. details the requirements for the implementation and application of customer due diligence procedures, risk assessment, risk management, internal controls, and compliance monitoring within the SVZ.  

ČNB inspectors conducting reviews will specifically request a firm’s SVZ documentation. This includes organizational charts detailing the allocation of compliance duties, responsibility maps, comprehensive internal policies, internal audit reports, minutes from management meetings discussing compliance, and documented records of employee training.  

Assessing Risk: The Mandate for Regular Updates

Obliged Entities must adopt a risk-based approach to compliance. This begins with conducting and regularly updating a comprehensive risk assessment. According to legislative guidance, compliance training for appropriate employees is required at least once a year. The assessment must consider all risk factors, including geographical risk, the complexity of products, the type of client, and the nature of transactions.  

Risk Assessment Granularity

Regulatory bodies across the EU are emphasizing that firms must go beyond merely classifying a client or transaction as "high risk." Instead, the risk assessment must identify the specific typology of the risk (e.g., identity fraud, use of opaque structures, or money laundering of foreign proceeds) to ensure that tailored and effective enhanced due diligence (EDD) controls are applied.

The Czech National Risk Assessment (NRA) specifically highlights domestic vulnerabilities, such as the use of instruments of fictitious entrepreneurships and the laundering of foreign proceeds, which must be incorporated into a locally compliant SVZ.

Failure to achieve this level of detail compromises the firm's claim to follow a genuine risk-based approach. ARROWS assists foreign firms by providing legal analysis and training to build this detailed, locally responsive risk model.  

The Timing Myth: Why There is No Single ‘Annual AML Report’ Submission

A common confusion among foreign clients stems from searching for a single, comprehensive "annual AML compliance report" submission deadline for the ČNB.

The reality is that no single, universal annual AML compliance report is filed by all Obliged Entities directly to the ČNB covering all AML activity. Instead, compliance involves several ongoing, specific reporting duties:  

1. Suspicious Transaction Reporting (STR): Obliged Entities have a legal duty to report unusual activities, transactions, or clients to the FAU without undue delay upon detection.  

2. Prudential Reporting: Licensed financial institutions are subject to regular (e.g., monthly, quarterly, semi-annual) submissions of financial, prudential, and statistical statements to the ČNB through dedicated electronic systems like SDAT or MtS-ISL-SUD-SDNS. These reports, governed by decrees like No. 346/2013 Coll., implicitly require a functional internal control system to ensure data integrity.  

3. Audit Readiness: The most critical form of "reporting" is the maintenance and continuous execution of the SVZ. This documentation, including the risk analysis, internal audit reports, and training records, must be immediately available upon request during an on-site CNB inspection.  

Failure in AML System Foundation

Risks and Penalties	How ARROWS Helps
Lack of a documented, locally compliant System of Internal Principles (SVZ)	Preparation of internal company policies, ensuring full alignment with the AML Act and Decree 67/2018 Sb. Need legal help? Contact us at office@arws.cz.
Outdated or insufficiently granular Risk Assessment failing to identify new typologies	Legal consultations to prevent inspections or penalties by reviewing and updating your risk methodology. Want to understand your legal options? Email us at office@arws.cz.
Missing or inadequate AML training records (required at least annually)	Professional training for employees or management (with certificates) to document required compliance levels. Do not hesitate to contact our firm – office@arws.cz.

Managing Customer Due Diligence (CDD) Across Borders

International firms are expected to help ensure consistent and effective AML/CFT controls in all jurisdictions where they operate, even where local regulations are perceived to be less stringent than those within the European Union. Customer Due Diligence (CDD) involves identifying and verifying the client, including their beneficial owners, and requires continuous monitoring.  

Common compliance failures frequently identified by regulators include errors in identifying Beneficial Owners (BOs), inadequate verification of the source of funds, and failing to conclude the identification process before executing transactions.

The detailed application of CDD, Simplified Due Diligence (SDD), and Enhanced Due Diligence (EDD) is explicitly regulated by ČNB Decree No. 67/2018 Sb.. Furthermore, if a customer refuses to be identified or the identification cannot be concluded, the Obliged Entity is legally required to refuse the transaction. 

The Non-Negotiable Requirement: Ultimate Beneficial Ownership (UBO) Compliance

The Czech Republic rigorously enforces Ultimate Beneficial Ownership (UBO) transparency through the Register of Beneficial Owners (Evidence skutečných majitelů), governed by Act No. 37/2021 Coll. This register implements the requirements of the 5th EU AML Directive and is publicly accessible for designated authorities. Compliance mandates the timely and accurate registration of the natural person who ultimately owns or controls the company.  

The Risk of Operational Paralysis

For foreign investors and holding companies, UBO compliance carries severe implications beyond financial penalties. While failing to provide UBO information following a court request can result in a fine up to CZK 500,000 (approximately EUR 20,000), the more critical risk is operational. If an unregistered UBO fails to remedy a discrepancy, they can be banned from receiving dividends and exercising crucial shareholder rights, such as voting on the appointment of a managing director.

This sanction can render a corporate entity incapable of fundamental decision-making, representing a potentially catastrophic risk to foreign corporate stability. ARROWS provides legal representation to resolve UBO registry disputes and ensure corporate governance continuity.  

Compliance and Sanctions Screening

Obliged Entities have specific reporting requirements concerning international sanctions. If an entity becomes credibly aware that it possesses property subject to international sanctions, it must notify the FAU without undue delay. Obliged Entities must screen against international sanction lists, particularly when the customer or the beneficial owner is listed, or when the transaction involves sanctioned goods or services.

The FAU acts as the competent authority for the implementation and enforcement of these sanctions. For multinational firms, it is also necessary to note that non-EU jurisdictions, such as the UK, operate their own regimes (e.g., the Sanctions and Anti-Money Laundering Act 2018), which may feature a broader scope or lower threshold for imposing sanctions than the EU framework.  

Legal tips about Cross-Border CDD

Question	Answer
What if my client refuses to provide documents for CDD?	The Obliged Entity must refuse the transaction or business relationship if identification or CDD cannot be concluded, as stipulated by the AML Act. For representation in court or before public authorities related to enforcement, write to us at office@arws.cz.
Are there specific penalties for failing to register a UBO?	Yes, fines up to CZK 500,000 apply, but more importantly, the unregistered UBO can be blocked from receiving dividends and exercising voting rights. Get tailored legal solutions by writing to office@arws.cz.

The Financial Threat: Penalties Reaching CZK 130 Million

The Czech AML framework establishes a clear and often punitive structure for non-compliance. The maximum administrative fine for financial institutions can be exceptionally high—up to CZK 130 million—if the breach involves failure to implement group strategies or concerns repeated violations of the AML Act. This maximum fine threshold may be further increased if the Obliged Entity gained a financial benefit from the illicit activity.  

The Disproportionate Risk to Financial Groups

The penalty threshold is significantly elevated for financial groups (CZK 130 million) compared to the general maximum for other breaches (CZK 30 million). This tiered structure indicates that the ČNB views a failure in group-level AML management—where a centralized international policy proves inadequate for local implementation—as a critical systemic risk.

This necessitates that foreign parent companies must ensure that their Czech branch or subsidiary possesses autonomous, robust, and locally managed compliance resources, including adequate personnel, to manage the SVZ and adhere to local requirements while respecting group governance needs.  

Lessons from the CNB: Case Studies in Systemic Failure

Recent enforcement actions by the ČNB demonstrate a clear focus on the adequacy of the internal control environment, not just isolated breaches.

• In 2023, Fio banka was fined CZK 3 million for AML violations.  
• Expobank CZ received a severe fine of CZK 20 million because the bank lacked an effective managing and control system (ŘKS). This decision highlights that the regulator targets the underlying System of Internal Principles (SVZ) as the root cause of non-compliance.  
• International cases also reflect this emphasis on governance: the US fine against City National Bank ($65 million) was imposed specifically for systemic deficiencies in risk management and compliance oversight, mirroring the high governance standards the ČNB demands.  

These cases confirm that proactive, expert-driven preparation of the SVZ is the most effective way to protect a foreign business operating in the Czech financial market.

Protecting Your Business: Strategic Representation

Proactive compliance is always financially less demanding than reactive litigation. ARROWS, as a leading Czech law firm in Prague, EU, specializes in assisting foreign companies with pre-inspection audits, preparing management and staff for interviews, and documenting the defensibility of the SVZ. Should proceedings commence, specialized representation is vital, particularly in appeals against ČNB decisions before administrative courts.  

Penalties for Systemic Failures

Risks and Penalties	How ARROWS Helps
Imposition of multi-million CZK fine (up to CZK 130M) for systemic deficiencies in AML control systems (ŘKS/SVZ)	Representation in court or before public authorities, including CNB and FAU proceedings. Need legal representation? Write to office@arws.cz.
Loss of license or imposition of remedial measures due to serious violations of investment/banking rules	Help with obtaining licenses or regulatory approvals, ensuring the foundational legal requirements are met. Do you need a license prepared? Contact us at office@arws.cz.
Penalties for non-reporting of suspicious transactions (STRs) to the FAU (up to CZK 5 million)	Professional training for employees and management to recognize "red flags" and ensure timely, correct reporting. Our lawyers are ready to assist you – email us at office@arws.cz.

A Safe European Harbour: International Law Firm Operating from Prague, European Union

ARROWS is a leading international law firm operating from Prague, European Union, offering indispensable support to foreign entities. Our team of English-speaking lawyers combines deep knowledge of local markets and the critical legal differences between the Czech Republic and other major jurisdictions.

Our reputation is built on speed and high quality in adapting complex legal solutions to meet urgent business needs. We support a substantial corporate client base, including over 150 joint-stock companies and 250 limited liability companies.  

Our experts on the topic:

Comprehensive Service Suite for Foreign Clients

ARROWS provides integrated regulatory support designed to ensure your Czech operations are compliant and resilient:

• Preparation of internal company policies: Including robust, defensible SVZ documentation tailored to the CNB’s requirements.  
• Drafting legally required documentation: To prevent fines and ensure compliance with reporting and notification obligations.
• Legal opinions: Providing expert assessment of regulatory status and complex UBO verification requirements.
• Professional training for employees and management: Offering specialized AML/CFT instruction (with certificates) to ensure staff compliance knowledge.  
• Representation: Providing representation in all proceedings before the ČNB, FAU, and administrative courts.  

Cross-Border Expertise Built Over 10 Years

Navigating the nuances of cross-border Customer Due Diligence (CDD) and compliance with international sanctions requires specialized expertise. This capability is codified in the ARROWS International network, built over 10 years and operating in 90 countries worldwide. This extensive network is instrumental in resolving complex CDD and UBO verification scenarios involving multi-layered foreign ownership structures.  

We also act as a strategic facilitator, welcoming innovative business ideas and proactively connecting clients in case of mutual business or investment interests.

UBO & Cross-Border CDD Failures

Risks and Penalties	How ARROWS Helps
Client refusal to provide CDD information, leading to mandatory refusal of business relationship (risk of lost revenue)	Legal analysis and drafting of compliant CDD procedures that streamline client onboarding while meeting all Customer Due Diligence (CDD) requirements. For immediate assistance, write to us at office@arws.cz.
UBO non-registration or discrepancy notification failure, resulting in sanctions (loss of voting rights, frozen dividends)	Representation in court for UBO registration disputes and legal verification of complex ownership structures. Need legal help? Contact us at office@arws.cz.
Enforcement action for insufficient control over outsourced AML functions	Drafting and review of contracts (Contract drafting or review) with outsourced providers to allocate and mitigate AML risk. Do you need a contract prepared? Contact us at office@arws.cz.

Next Steps: Securing Your Czech Compliance

Proactive compliance is the single greatest defense against high financial and operational risks in the Czech financial market. Secure your operations today by partnering with ARROWS. Our lawyers are ready to assist you – email us at office@arws.cz.

Most common legal questions about Regular AML Reporting

1. Is our AML system established in another EU member state (e.g., Germany or UK) sufficient for our Czech branch? While underlying EU directives are harmonized, the Czech system requires strict localization and adaptation of the SVZ to meet specific CNB expectations for internal controls and risk granularity. Compliance must be demonstrably effective locally, factoring in Czech national risk factors. For immediate assistance, write to us at office@arws.cz.  

2. What is the minimum documentation we must prepare annually for AML purposes, even if we don't submit an 'Annual AML Report'? You must maintain an up-to-date Risk Assessment, detailed internal audit reports addressing AML/CFT, records of management oversight, and documented annual training for relevant staff. We can help you prepare a complete and organized file for any inspection. Get tailored legal solutions by writing to office@arws.cz.  

3. Does the ČNB supervise compliance with international sanctions, or is that solely the FAU's role? The FAU is the primary coordinator and enforcement authority for international sanctions implementation. However, Obliged Entities must integrate sanctions screening into their AML procedures, which falls under the CNB's oversight of your Internal Control System (SVZ). Need legal consultation? Contact us at office@arws.cz.  

4. How long must we keep AML records for clients and transactions? Generally, records must be kept for a period of at least 10 years after the transaction or after the business relationship is terminated, especially if the transaction reaches or exceeds EUR 10,000. ARROWS offers legal opinions on precise data retention requirements. Do not hesitate to contact our firm – office@arws.cz.  

5. What specific penalties apply if we fail to notify the court of a UBO discrepancy? The firm can face fines up to CZK 1 million for failing to notify the court of a UBO discrepancy within 30 days. We can help you draft legally required documentation. Our lawyers are ready to assist you – email us at office@arws.cz.  

6. We need specialized help with complex cross-border CDD issues. Why choose a Czech law firm in Prague, EU? As a specialized international law firm operating from Prague, European Union, ARROWS provides the necessary combination of local legal precision (understanding the AML Act and CNB Decree 67/2018 Sb.) and global reach (through ARROWS International) to resolve complex cross-border Customer Due Diligence matters effectively. Get tailored legal solutions by writing to office@arws.cz.

Don't want to deal with this problem yourself? More than 2,000 clients trust ARROWS Law Firm, and we have been named Law Firm of the Year 2024. Take a look HERE at our references, and we will be honored to help you solve your problem. The inquiry is free of charge.