AML inspection

31.1.2026 | ARROWS law firm

An AML audit by the Financial Analytical Office (FAÚ) is no longer an exception in the Czech Republic – for many "obliged entities," it represents a real risk that can result in corrective measures or significant fines. In this article, our Prague-based legal team provides a specific overview of how these inspections typically proceed, what the FAÚ most frequently scrutinizes, how to respond to requests for documentation, and what the subsequent administrative proceedings look like. We also highlight common areas where companies make errors under Czech AML legislation that can be costly to rectify.

Who is an "Obliged Entity" and why the FAU may concern you

The Financial Analytical Office (FAU) supervises compliance with obligations under the Czech AML Act (Act on Certain Measures against Money Laundering and Terrorist Financing). Obliged entities are not just banks – they often include entities from the financial sector, real estate professionals, certain advisory professions, dealers of selected goods, or services involving high-value transactions where a risk of misuse exists in the Czech Republic.

In practice, it depends on whether your activities fall under the Czech AML regime and whether you perform transactions or services for which the law assumes increased risk. AML is built on the risk-based approach principle: compliance is not "the same for everyone," but according to the risk of the client, transaction, and business model. This is precisely where disputes often arise during an inspection regarding whether your procedure was proportionate under Czech law.

If you want to quickly assess whether you are an obliged entity and what obligations apply to you, write to us at office@arws.cz. Our Prague-based attorneys handle the AML agenda daily and can prepare a practical "gap analysis" and a proposal for corrective steps.

What the FAU actually verifies during an AML inspection

An inspection is usually not about a single mistake. The FAU looks at the overall picture: whether you have a system, whether it is used in practice, and whether you leave an audit trail – meaning traceable reasons and documentation for why you acted in a specific way in a given situation under the Czech legal system.

The most frequently reviewed areas include:

Customer Due Diligence (CDD): when you identify, what you verify, and what you record.
Ultimate Beneficial Owner (UBO): working with ownership chains, records, and updates.
Politically Exposed Persons (PEP): evaluation of PEPs and follow-up measures.
Enhanced Due Diligence (EDD): when you trigger it and what specifically you do "extra."
Suspicious transactions and their evaluation: internal criteria, decision-making process, and documentation.
Internal regulations, training, and responsibilities: who holds which role and how it is implemented in operations.
Data retention and traceability: whether you can provide the file and the logic of the decision upon request.

A common reality: a company has AML "on paper," but in specific cases, it cannot document what it did, when, why, and on what basis. However, an inspection is built precisely on specific cases.

FAQ – Legal tips for AML inspections and documentation for the FAU

Do you have to provide the FAU with everything they request?
In most cases, yes, but it is crucial to monitor the scope of the request, deadlines, the method of submission, and the regime for sensitive information (e.g., trade secrets). Unclear or disproportionate requirements must be addressed procedurally and in a timely manner.

What is the most common "quick loss" during an inspection?
Lack of traceability: missing records, missing risk justifications, or information scattered across emails and spreadsheets without connections.

Does it make sense to take corrective action during the inspection?
Yes, this often reduces the impact. However, it is necessary to correctly separate the correction from the historical state and document it demonstrably so that it does not appear as "rewriting reality."

If you want to prepare answers and documentation so that they stand up to scrutiny while ensuring you do not provide the FAU with more than necessary, write to our Czech legal team at office@arws.cz.

How an AML inspection typically proceeds step-by-step

The specific procedure varies by the type of obliged entity and the situation, but a typical scenario looks like this:

1) Notification of inspection and request for cooperation.
The FAU requests documents – typically internal regulations, risk assessments, client identification and due diligence records, sample files, training records, processes for suspicious transactions, and retention rules.

2) Inspection findings and protocol.
The inspection team describes the findings (what is missing, what is weak, what is in violation). Here, it is often decided whether it will result only in corrective measures or also in administrative proceedings for an offense.

3) Corrective measures and their documentation.
For many companies, this is the fastest way to reduce the risk of a penalty. However, the correction must be demonstrable: updated regulations, training, new checklists, updated processes, and traceability of steps.

4) Follow-up administrative proceedings (if the FAU evaluates the violation as an offense).
At this stage, procedural discipline is essential: deadlines, statements, evidence, proposals for evidence, legal arguments, and appeals in Czech courts.

This is not a "manual." AML has many exceptions, procedural details, and links to other regulations. Even a seemingly simple step can have hidden impacts that a layperson typically does not see.

Most common risks that turn an AML inspection into an expensive problem

Risks and Sanctions	How ARROWS (office@arws.cz) assists
Undocumented client due diligence: missing records, risk justifications, or key documents.	Review and completion of files + setting up checklists: our Prague-based attorneys prepare a defensible structure for documentation and processes.
Incorrect UBO/PEP evaluation: underestimating ownership chains or political exposure.	Partner screening + internal methodology: we set up verification, responsibilities, and recording of steps.
Formal internal regulation without practice: "paper" that is not used in operations, outdated risk assessment.	Adjustment of AML program + training with certificate: we rework the regulation so it passes inspection and works in reality.
Weak setup for suspicious transactions: missing decision logic, records, or uniform procedure.	Evaluation process + legal opinions: we set up the workflow to be consistent and traceable.

What are "proceedings before the FAU" and when is a fine imminent?

If the FAU evaluates a breach of obligations as an administrative offense, it may initiate administrative proceedings. At that moment, it is necessary to switch from "operations" to procedural mode: monitoring deadlines, the scope of the alleged violation, evidence, and argumentation.

Most common mistakes made by companies in this phase:

submitting statements without a strategy (explaining but not proving),
failing to work with evidence (logs, training, historical versions of documents, internal instructions),
admitting more than necessary or, conversely, trivializing obvious deficiencies,
failing to manage the key framework: why the procedure was proportionate to the risk in their business.

If you are at the stage of a request, protocol, or notification of the initiation of proceedings, contact us as soon as possible at office@arws.cz. In these matters, decisions are often made in days, not weeks.

How to prepare so that an AML inspection does not end in chaos

Practical preparation is surprisingly "simple" – but it must be thorough. The following procedure typically works best:

AML document inventory: internal regulations, risk assessment, training, responsibilities, record templates.
Testing on real cases: select typical and high-risk transactions and verify if you can document CDD/EDD/UBO/PEP and the reasons for decisions.
Single point of truth: document versions, approvals, training, and records of steps in a unified regime.
Communication regime for the inspection: who is responsible, who approves, how data is sent, and how deadlines are monitored.

Risks and Sanctions	How ARROWS (office@arws.cz) Assists
Fragmented Records: Data scattered across multiple systems without links, unclear document versions.	Governance and Audit Trail Setup: Our Czech legal team will unify records, versions, responsibilities, and step-by-step traceability.
Inconsistent Practice: Different people handle the same situations differently without justification.	Methodology + Training: We unify decision-making and provide a documentation standard under Czech legislation.
International Elements: Foreign ownership structures, cross-border payments, international suppliers.	Cross-border Experience: We handle cases with international elements daily, supported by the ARROWS International network.

AML in practice is often more complex than it first appears

AML obligations seem simple until a specific case arises: a non-standard ownership structure, pressure to close a deal quickly, a client's reluctance to provide information, or a situation where a transaction makes economic sense but behaves irregularly from a "procedural" standpoint.

The value of legal assistance is not just in "having a policy," but in being able to defend your decisions and reduce the impact of sanctions during an inspection or proceeding. Without experience from real-world Czech inspections and disputes, this is significantly harder to achieve.

At ARROWS, we maintain a long-term portfolio (over 150 joint-stock companies, 250 LLCs, and 50 municipalities and regions). We represent clients during inspections and in disputes, helping them set up compliance that works in day-to-day operations. We are insured for damages up to CZK 500,000,000, providing our clients with higher security when managing high-risk situations in the Czech Republic.

If you want to set up or defend your AML processes so they are operationally viable and audit-ready, contact us at office@arws.cz.

How ARROWS assists you during AML inspections and proceedings before the FAU

Depending on your current stage, our Prague-based attorneys typically provide:

Representation during inspections and communication with the Financial Analytical Office (FAU), the Czech supervisory authority;
Preparation and review of AML documentation (internal regulations, policies, checklists, workflows) under Czech law;
Defense against potential fines and in administrative proceedings (statements, evidence, appeals);
Vetting of business partners (UBO/PEP/risk profiles) and process setup;
Professional training for teams, including certification;
Business consultations to ensure AML protects the company without halting trade.

If your business involves financing, new partners, or investment opportunities, we can also connect you with relevant contacts within our long-established network. We are also interested in hearing about compelling business ventures.

For a specific strategy for your situation, contact us at office@arws.cz.

FAQ – Frequent legal questions regarding AML inspections and FAU proceedings

1) How quickly do I need to respond to a request from the FAU?
Follow the deadline stated in the request, but in practice, we recommend responding immediately: confirm receipt, map out the scope of requirements, and set up an internal regime for gathering documents. If the deadline is unrealistic, a request for an extension must be filed promptly. If you are facing a similar issue, contact us at office@arws.cz.

2) What if some AML documents are not in order?
It depends on the stage of the inspection. Sometimes a quick remedy and documentation of the fix helps; other times, it is necessary to choose a procedural strategy and precisely define the historical state vs. corrective actions under the Czech legal system. If you are facing a similar issue, contact us at office@arws.cz.

3) Is it better to admit everything and rely on leniency?
Not automatically. The correct approach is structured: facts, legal qualification, evidence set, proportionality of measures to risk, and demonstrable remedy. Unmanaged "admissions" often unnecessarily expand the scope of the problem. If you are facing a similar issue, contact us at office@arws.cz.

4) How long can administrative proceedings take in the Czech Republic?
The duration depends on the complexity, the scope of evidence, and procedural steps (statements, supplements, appeals). The decisive factor is having a strategy and evidence in order from the start – "catching up" later is usually more expensive. If you are facing a similar issue, contact us at office@arws.cz.

5) Does a lawyer make sense if you have internal compliance or a legal department?
Yes – typically for specialized areas (AML methodology, procedural defense, proportionality arguments) and situations involving potential sanctions or reputational impact. Our Prague-based attorneys often act as partners to internal legal teams for the more "critical" phases of an inspection. If you are facing a similar issue, contact us at office@arws.cz.

What to do right now if you expect an inspection or if one is already underway

If you want to minimize the risk of fines, damages, or protracted proceedings, the safest course is to take control of the process: align documents, prepare files, set responsibilities, and establish a defensible logic for "why we proceeded this way."

You can safely leave the entire matter to ARROWS – write to us at office@arws.cz and we will propose a specific course of action based on your situation (from inspection preparation to representation in proceedings and defense against sanctions).

Read also: