Your Essential CNB Compliance Checklist:

Operating a licensed financial entity in a foreign jurisdiction presents unique challenges. This practical checklist provides clear answers to your most pressing concerns about the legal obligations for license holders from the Czech National Bank (CNB). As a foreign business, understanding these local requirements is critical for success. Our leading Czech law firm in Prague, EU, has prepared this guide to help you navigate the regulatory landscape, avoid significant penalties, and ensure your operations are secure.

Do you need advice on this topic? Contact the ARROWS law firm by email office@arws.cz or phone +420 245 007 740. Your question will be answered by "Mgr. Jáchym Petřík", an expert on the subject.

Understanding the Czech Financial Market: Why the CNB is Different

For international firms, the first step to successful compliance is understanding the unique role of the Czech National Bank. Unlike jurisdictions with multiple, sector-specific agencies, the CNB is the single, unified supervisory authority for the entire Czech financial market. This integrated structure means one regulator oversees banking, capital markets, insurance, payment systems, and pension funds, a significant departure from the regulatory frameworks in many other countries.

This model contrasts sharply with the dual-regulator system in the United Kingdom, where the Prudential Regulation Authority (PRA) handles prudential supervision for systemic institutions, while the Financial Conduct Authority (FCA) oversees conduct for all firms. It is also fundamentally different from the multi-agency system in the United States, where entities like the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) have distinct and sometimes overlapping jurisdictions.

The CNB’s core mandate is to maintain the stability and integrity of the entire financial system. This objective drives a supervisory philosophy that is proactive and holistic. A compliance failure in one area, such as a late report, is not viewed as an isolated administrative error. Instead, the CNB sees it as a potential symptom of a wider weakness in your internal control systems, which can trigger broader and more intrusive scrutiny of all your licensed activities.

This interconnected approach creates a unique risk environment. A minor issue in one domain can quickly contaminate your firm's entire relationship with its sole regulator. It is therefore essential that your compliance functions are not siloed. Your reporting, prudential management, and internal governance teams must operate as a perfectly integrated unit, because that is how the CNB will view your firm. For immediate assistance in structuring your compliance framework, write to us at office@arws.cz.

Your Core Obligations: A Practical Compliance Checklist

For any foreign entity holding a CNB license, compliance rests on three fundamental pillars: continuous regulatory reporting, adherence to strict prudential rules, and the maintenance of a robust internal governance framework. Mastering these areas is essential for avoiding penalties and ensuring smooth business operations in the Czech Republic.

Pillar I: Continuous Regulatory Reporting (Výkaznictví)

The cornerstone of CNB supervision is the requirement for regular and detailed reporting, known in Czech as Výkaznictví. This is not a simple annual filing. It involves the ongoing submission of comprehensive financial and operational data, often on a monthly or quarterly basis, giving the CNB a continuous overview of your firm's health and activities.

All regulatory submissions must be made through the SDAT (sběr dat výkaznictví), the CNB's mandatory electronic portal. Correctly navigating this system is a primary compliance task. Failure to use the SDAT portal properly, or submitting inaccurate or late reports, is considered an immediate compliance breach and will attract regulatory attention.

Furthermore, for reporting transactions under the EU's Markets in Financial Instruments Regulation (MiFIR), which is fully implemented in Czech law, your entity must obtain and use a Legal Entity Identifier (LEI). Reporting obligations commence immediately upon receiving your license, though it is possible to request a temporary deferral if your entity is not yet fully operational.

FAQ – Legal tips about CNB Reporting

• What is the SDAT system?
  It is the CNB's mandatory electronic portal for all regulatory reporting. Failure to use it correctly can lead to immediate compliance issues. ARROWS can guide you through the registration and submission process. For assistance, contact us at office@arws.cz.
• Is a Legal Entity Identifier (LEI) required?
  Yes, an LEI is mandatory for reporting transactions under EU MiFIR rules. Our team can assist with the application process to ensure you are compliant. Get help by writing to office@arws.cz.
• How often do we need to report?
  Reporting frequency varies from monthly to annually depending on the type of data and your firm's classification. We can create a tailored compliance calendar for your firm to ensure all deadlines are met. Need a tailored solution? Email us at office@arws.cz.

Pillar II: Adhering to Prudential Rules and Capital Adequacy

A central principle of CNB regulation is Capital Adequacy. This is the legal obligation for your firm to hold sufficient capital reserves to cover the risks inherent in your business activities. This is not just a financial metric; it is a key indicator of your firm's stability and resilience, and the CNB monitors it closely.

A key component of this requirement is the Capital Conservation Buffer. This is a mandatory buffer set at a fixed rate of 2.5% of your total risk exposure amount and must be composed of the highest quality capital (Common Equity Tier 1). For certain institutions like banks, the CNB also sets a Minimum Requirement for Capital and Eligible Liabilities (MREL), which is tailored to each firm's specific risk profile.

While the broader prudential framework is harmonized at the EU level through regulations like the Investment Firm Regulation and Directive (IFR/IFD), national regulators like the CNB retain significant discretion. The CNB can, and does, set specific national capital buffers to address what it perceives as local or systemic risks. It is therefore critical not to assume that compliance with rules in another EU member state is sufficient for the Czech market.

Risks and penalties	How ARROWS helps
Incorrect or late reporting via the SDAT system: Leads to immediate compliance flags, potential fines, and increased scrutiny of all operations.	Legal consultations: We ensure your reporting framework is correct from day one. Get tailored legal solutions by writing to office@arws.cz.
Failure to maintain Capital Adequacy: Can result in CNB-imposed business restrictions, mandatory recapitalization orders, and ultimately, license suspension.	Legal opinions: Our experts analyze your capital structure against Czech and EU rules. For immediate assistance, write to us at office@arws.cz.
Miscalculation of risk exposures or capital buffers: Triggers regulatory intervention and significant financial penalties for violating prudential rules.	Preparation of internal company policies: We help you design and document compliant capital management policies. Need legal help? Contact us at office@arws.cz.
Non-compliance with MiFIR/LEI requirements: Results in inability to legally execute transactions and fines for breaching EU-level regulations.	Help with obtaining regulatory approvals: We manage the LEI application process for you. Our lawyers are ready to assist you – email us at office@arws.cz.

Pillar III: Building a Resilient Internal Governance Framework

The CNB mandates that all license holders establish and maintain a comprehensive governance and risk management system that is proportionate to the scale and complexity of their business. This is not a "check-the-box" exercise; it is a fundamental requirement for holding a license. Your internal framework is your first line of defense against operational, financial, and compliance risks.

Key components of a compliant governance system include:

• A Clear Organizational Structure: Well-defined lines of responsibility and accountability.
• Effective Internal Controls: Robust processes to safeguard assets, ensure reliable financial reporting, and comply with laws and regulations.
• Independent Risk Management: A dedicated risk management function with the authority to monitor all significant risks and report its findings directly to the firm's control body (e.g., a supervisory board), bypassing management if necessary.

Crucially, all members of your management board and key function holders must continuously meet the CNB's strict "fit and proper" standard. This involves a deep and ongoing examination of both professional competence (including relevant experience) and personal integrity (including a clean criminal and regulatory record). Any changes in management must be promptly reported and approved.

Finally, the CNB requires a genuine physical presence in the Czech Republic. A "letterbox company" with no real substance or local management is unacceptable and can be grounds for license revocation. This must be complemented by secure IT systems that are fully compliant with the EU's General Data Protection Regulation (GDPR).

Special Focus: Navigating Anti-Money Laundering (AML) Requirements

For all financial institutions, compliance with Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) regulations is a top priority for the CNB. While the CNB supervises its license holders in this area, the primary AML/CFT authority in the Czech Republic is the Financial Analytical Office (FAU). The two bodies cooperate closely, and you must be prepared to engage with both.

Your core obligations are defined by the Czech AML Act (No. 253/2008 Coll.) and include several key duties:

• Customer Due Diligence (CDD): You must implement procedures to identify and verify the identity of all your clients, including their beneficial owners.
• Risk Assessment: You are required to develop and apply a risk-based approach, classifying clients and transactions according to their potential money laundering risk.
• Suspicious Transaction Reporting: You have a legal duty to report any suspicious activity directly to the FAU.
• Employee Training: You must provide regular, documented AML training to all relevant employees at least once per year.

The foundation of your AML framework is a critical internal document known as the System vnitřních zásad (SVZ), or System of Internal Principles. This is your company's internal AML "constitution," detailing your specific procedures for client onboarding, risk assessment, transaction monitoring, and reporting. This document must be tailored to your specific business risks and kept constantly updated.

Risks and penalties	How ARROWS helps
Inadequate System of Internal Principles (SVZ): Leads to systemic AML failures and can attract the highest fines, up to CZK 130 million.	Drafting legally required documentation: We create a defensible, risk-based SVZ tailored to your business. Need legal help? Contact us at office@arws.cz.
Failure to report a suspicious transaction to the FAU: A serious offense with fines up to CZK 5,000,000 and potential criminal liability.	Professional training for employees: We train your staff and MLRO on identifying and reporting suspicious activity. For immediate assistance, write to us at office@arws.cz.
Management failing the "Fit and Proper" test: Can lead to individuals being banned from holding managerial positions and force a complete restructuring of your leadership.	Legal consultations: We vet potential managers against CNB standards to prevent issues before they arise. Our lawyers are ready to assist you – email us at office@arws.cz.
Lack of a genuine physical presence: The CNB can determine your license is for a "letterbox company" and initiate proceedings to revoke it.	Legal opinions: We advise on structuring your Czech operations to meet substance requirements. Get tailored legal solutions by writing to office@arws.cz.

A unique emphasis of the Czech regulatory approach is the principle of "rekonstruovatelnost" (reconstructibility). It is not enough to simply have an AML policy in place. During an inspection, which can occur years after a transaction, you must be able to produce clear documentation that reconstructs and defends the logic behind your compliance decisions. This transforms compliance from a simple administrative task into the creation of a legally defensible narrative, elevating the need for expert legal advice on designing a resilient and justifiable risk management framework.

FAQ – Legal tips about AML Compliance

• Who is the main AML regulator?
  The Financial Analytical Office (FAU) is the central AML authority, but the CNB is responsible for supervising its license holders for AML compliance. We can manage your communications with both authorities. Do not hesitate to contact our firm – office@arws.cz.
• What is a "System of Internal Principles" (SVZ)?
  This is your firm's core AML policy document, which must detail your risk-based procedures for client identification, monitoring, and reporting. ARROWS specializes in drafting robust SVZ documents. Get tailored legal solutions by writing to office@arws.cz.
• What is a Money Laundering Reporting Officer (MLRO)?
  The MLRO is a senior individual responsible for your AML framework and acts as the point of contact with the FAU. Regulators strongly prefer an MLRO with a significant presence in the local jurisdiction. For guidance on appointing a suitable MLRO, contact us at office@arws.cz.

The High Cost of Non-Compliance: Understanding CNB Sanctions

The CNB has a wide array of enforcement tools at its disposal, and it does not hesitate to use them to maintain market stability and protect consumers. The consequences of non-compliance are severe and can threaten the very existence of your business in the Czech Republic.

The spectrum of sanctions includes:

• Admonition (Warning): The mildest form, used for minor offenses as a formal warning.
• Corrective Measures: Legally binding orders requiring you to remedy identified deficiencies within a specific timeframe.
• Financial Penalties: The most common sanction. Fines can range into the millions of Czech crowns. For example, failing to perform client identification can result in a fine of up to CZK 10,000,000, while systemic breaches of AML rules can lead to penalties as high as CZK 130,000,000 for financial institutions. Recent enforcement actions, such as the CZK 9.5 million fine imposed on Fio banka for AML failings, demonstrate the regulator's seriousness.
• Restriction or Revocation of License: In the most serious cases, the CNB can suspend certain business activities or completely revoke your license to operate, effectively ending your business in the country.

These sanctions are not private matters. The CNB is legally required to publish its final administrative decisions, meaning any penalty imposed will become public knowledge, causing significant and lasting reputational damage with clients, partners, and your home-country regulators. As an international law firm operating from Prague, European Union, we have extensive experience representing clients in these sensitive matters.

Risks and penalties	How ARROWS helps
Initiation of a CNB on-site inspection or sanction proceeding: Disrupts business operations and can lead to unpredictable outcomes if not managed correctly.	Representation before public authorities: Our lawyers manage the entire inspection process, protecting your rights and interests. Need legal representation? Write to office@arws.cz.
Public disclosure of a final sanction decision: Causes severe, lasting reputational damage with clients, partners, and home-country regulators.	Legal consultations: We negotiate with the CNB to achieve the best possible outcome and manage public communications. For assistance, contact us at office@arws.cz.
Imposition of a "corrective measure": Forces costly and rapid changes to your internal systems under the direct supervision of the regulator.	Preparation of internal company policies: We proactively audit and update your policies to prevent the need for corrective measures. Need legal help? Contact us at office@arws.cz.
License revocation: The complete termination of your business in the Czech Republic, leading to massive financial losses and shareholder value destruction.	Legal analysis: In critical situations, we explore all legal avenues, including administrative appeals, to defend your license. Do not hesitate to contact our firm – office@arws.cz.

Your Partner for Secure Operations in Prague: How ARROWS Can Help

Navigating the CNB's complex regulatory environment requires deep local expertise and a proactive approach. A compliance strategy that works in another country cannot simply be transferred to the Czech Republic. ARROWS, a law firm based in Prague, European Union, combines deep knowledge of local regulations with a nuanced understanding of the challenges international businesses face.

Our firm supports over 150 joint-stock companies and 250 limited liability companies, and through our ARROWS International network, we operate in 90 countries worldwide. We offer a comprehensive suite of services designed to protect your business, prevent penalties, and ensure your operations are built on a secure legal foundation.

Our legal services include:

• Preparation of internal company policies, including robust, defensible AML Systems of Internal Principles (SVZ).
• Drafting all legally required documentation for reporting and notifications to the CNB.
• Legal consultations to prepare your management and staff for CNB inspections and prevent penalties.
• Representation in all proceedings before the CNB and the Financial Analytical Office.
• Professional training for your employees and management on their specific regulatory duties, complete with certificates.

What’s the next step?

Proactive compliance is the most effective way to protect your investment and reputation in the Czech market. Do not wait for a regulatory issue to arise. To ensure your operations in the Czech Republic are built on a secure legal foundation, contact our team of experts for a preliminary compliance review. Write to us at office@arws.cz.

FAQ – Most common legal questions about CNB Obligations

1. We are compliant in Germany/the UK; is that sufficient for the Czech Republic?
No. While many rules are harmonized under EU law (MiFID II, IFR/IFD), the CNB has its own specific national decrees, a unique integrated supervisory approach, and different enforcement priorities. A compliance framework must be tailored to the Czech legal environment. We can perform a gap analysis of your existing framework to identify Czech-specific requirements. To understand your legal options, contact us at office@arws.cz.

2. What is the single biggest compliance mistake foreign firms make?
The most common error is underestimating the CNB's holistic supervisory model and failing to integrate their reporting, prudential, and governance systems. A weakness in one area is seen as a systemic failure, inviting deeper scrutiny across the entire business. Our lawyers can help you build an integrated compliance system that satisfies the CNB's expectations. 

3. How long does the CNB licensing process typically take?
The official review period is six months, but the entire process, including the crucial preparation phase, often takes between six and twelve months. The key to a faster approval is submitting a flawless and comprehensive initial application. We manage the entire licensing application process for you. Get started by writing to office@arws.cz.

4. Can our existing management team run the Czech entity?
Only if they meet the CNB's strict and continuous "Fit and Proper" standard. This includes demonstrating relevant professional experience in financial markets and maintaining a clean personal and regulatory record. We can assess your management team's suitability against CNB criteria. For a confidential review, contact office@arws.cz.

5. What are the first things we should do after receiving our CNB license?
You should immediately activate the internal control, risk management, and governance frameworks detailed in your license application. Establish your regulatory reporting calendar within the SDAT system and ensure your appointed Money Laundering Reporting Officer (MLRO) is fully operational. For a comprehensive post-licensing checklist, get in touch with our experts at office@arws.cz.

6.How can ARROWS help us beyond just legal documentation?
As a leading Czech law firm in Prague, EU, we provide ongoing strategic advice, professional training for your staff, and representation before authorities. We are also known for our speed and high quality, and we can connect clients with mutual business or investment interests from our extensive network. To discuss how we can support your business growth, contact us at office@arws.cz.

Don't want to deal with this problem yourself? More than 2,000 clients trust ARROWS Law Firm, and we have been named Law Firm of the Year 2024. Take a look HERE at our references, and we will be honored to help you solve your problem. The inquiry is free of charge.