Upcoming AML reform in the Czech Republic: what to expect
The Czech Republic is planning to replace the current Czech AML Act (Act No. 253/2008 Coll.) with three new local laws: (i) the law on economic protection of the state (“EOS Act”), (ii) the Law on the Financial Analytical Office (“FIU Act”) and (iii) an accompanying amendment act.
All these acts are scheduled to take effect on 10 July 2027, coinciding with the application date of EU Regulation 2024/1624 (“AMLR”) and the transposition deadline for EU AML Directive 2024/1640 (“AMLD6”) and other regulations1.
These planned legislative changes follow the EU’s adopted comprehensive AML reform package adopted in 2024. From 10 July 2027, the bulk of obligations currently set out in the Czech AML Act – client due diligence, transaction monitoring and beneficial ownership identification – will thus be primarily governed by AMLR. Examples of upcoming changes are set out below.
Obliged entities: are there new obliged entities?
The new legal framework distinguishes between “European” obliged entities (arising directly from Article 3 of AMLR) and “national” obliged entities (designated pursuant to AMLD6 on the basis of a national risk assessment).
Newly added entities include: football agents, professional football clubs (effective 10 July 2029), non-financial mixed-activity holding companies, investment migration operators, crowdfunding service providers and intermediaries, mortgage and consumer credit intermediaries, private cash transport companies and developers trading in real estate on their own account.
Removed obliged entities include: dealers in used goods and pawnbrokers, investment intermediaries and pension companies, as these are no longer considered sufficiently high risk.
The new framework further imposes comprehensive fit-and-proper (in Czech “bezúhonnost”) requirements on beneficial owners and senior management of obliged entities. These provisions bar persons convicted of money laundering, predicate offences or terrorist financing from holding such positions.
What changes in identification, KYC and due diligence?
The most notable operational change is that client identification, CDD2, ongoing monitoring and enhanced due diligence will be governed directly by AMLR. Obliged entities will therefore need to restructure their internal policies to refer to AMLR directly.
As an example of the new rules, Article 20 of the AMLR prescribes a comprehensive harmonised catalogue of mandatory CDD measures that exceeds the current Czech requirements. Notable additions include mandatory verification of whether the customer (client) or beneficial owners are subject to targeted financial sanctions (including whether sanctioned persons control the entity or hold more than 50% proprietary rights), assessment of the customer’s business or occupation and identification of any person on whose behalf a transaction is conducted.
On the other hand, AMLR explicitly permits identity verification through electronic identification means meeting the eIDAS Regulation’s3 “substantial” or “high” assurance levels. This is expected to facilitate more streamlined remote onboarding.
The EOS Act aims to fill gaps where AMLR does not fully apply, including procedural rules for postponing client instructions where there is a risk that immediate execution could frustrate or substantially impede the seizure of proceeds of crime or assets linked to terrorist financing, as well as rules on reporting discrepancies in beneficial ownership records. As another example, the EOS Act introduces the possibility for an obliged entity to postpone CDD on its own initiative, without a prior FIU4 instruction, where it concludes that performing CDD would compromise ongoing AML analysis.
New definition of beneficial owner
The AMLR introduces a harmonised and substantially broadened definition of “beneficial owner” that will apply directly across all EU Member States, replacing divergent national interpretations.
Under the current Czech framework, beneficial ownership is defined by Act No. 37/2021 Sb. on evidence of beneficial owners. From 10 July 2027, the rules set out in Articles 51 – 61 of the AMLR will apply directly.
As an example of the upcoming changes, ownership interest and control via other means will have to be assessed in parallel, rather than sequentially, meaning both tests will apply simultaneously to every entity.
Indirect ownership will be calculated by multiplying shareholdings through intermediate entities in each chain and adding the results, with all levels of ownership taken into account.
The concept of “control” will also be broadened to encompass not only majority voting rights but also the right to appoint or remove board members, veto rights, profit distribution decisions and informal means such as family relationships and nominee arrangements. The European Commission may further lower the 25% threshold to a maximum of 15% (or between 15% and 25% where justified by risk) for categories of entities exposed to higher risks. Any change to beneficial ownership will have to be reported to the central register within 28 calendar days and the information will have to be verified at least annually.
Entities with complex ownership or management structures should thus reassess whether additional persons now qualify as beneficial owners under the broadened rules.
New compliance governance functions: compliance manager and compliance officer
One of the most important structural changes introduced by the AMLR is the establishment of a formalised two-tier compliance governance model within every obliged entity, replacing the current Czech system of a “contact person” (in Czech “kontaktní osoba”) and a “designated person” (in Czech “pověřená Osoba”).
The compliance manager (in Czech “manažer dodržování předpisů”) will have to be a member of the management body (e.g. board of directors). This person will have strategic responsibility for ensuring that AML/CFT policies, procedures and controls are consistent with the entity’s risk exposure, that sufficient resources are allocated and that deficiencies are remedied. The compliance manager will report to the management body.
The compliance officer (in Czech “pracovník pro dodržování předpisů”) will perform an operational role with sufficiently high hierarchical standing. The compliance officer will manage day-to-day AML/CFT compliance, serve as the contact point for competent authorities and will be responsible for submitting suspicious transaction reports to the FIU.
For smaller or lower-risk entities, both functions may be performed by the same person. Both individuals will have to be registered in the new central register of obliged persons (CRPO).
New disclosure rules, reporting duties and other obligations
Suspicious transaction reporting will be governed directly by AMLR. Upon request from the FIU, obliged entities will be required to provide information within five working days; in urgent cases, within less than 24 hours.
The cash payment limit will be reduced to EUR 10,000, replacing the current national limit of CZK 270,000. This will apply to all persons5. Payments made at credit institutions will be exempted from the prohibition but will have to be reported to the FIU.
Cross-border cash transport rules will remain unchanged: EUR 10,000 for EU external borders (mandatory declaration) and EUR 15,000 for intra-EU transports (information upon request). The Czech Police will be authorised to carry out intra-EU cash transport controls alongside customs authorities.
New threshold-based reporting requirements will apply. Dealers in luxury goods will be required to report above-threshold sales for non-commercial purposes to the FIU. Credit institutions and payment service providers will be required to report all cash payments or deposits exceeding EUR 10,000 made on their premises.
Internal AML whistleblowing system – all obliged entities, except sole practitioners, will be required to establish an internal whistleblowing system for AML/CFT breaches that will allow for anonymous reporting.
Further, regulation (EU) 2024/1620 (AMLAR) establishes a new European Anti-Money Laundering Authority (“AMLA”). This new authority aims to coordinate the supervision of obliged entities and cooperation among FIUs across the EU and should be also taken into account as part of preparations for the new regulatory framework.
What should obliged entities do – and by when?
Obliged entities should thus commence preparation immediately. The hard deadline for full compliance with the EOS Act, the FIU Act and the AMLR is 10 July 2027. Within 15 days of that date, required registrations in the CRPO must be completed, with sole exception of the football sector, whose obligations commence on 10 July 2029.
Recommended steps include:
- conducting a comprehensive gap analysis comparing current AML processes with the requirements of the AMLR and the EOS Act;
- revising all internal AML/KYC manuals with respect to AMLR;
- updating internal risk assessment to reflect AMLR risk factors including the revised definition of beneficial owners;
- designating and registering a compliance manager and a compliance officer;
- establishing or upgrading the internal whistleblowing system to comply with the AMLR;
- ensuring IT systems can support CRPO registration and threshold-based reporting of cash deposits; and
- training all relevant staff on the new regulatory architecture, including the increased sanctions.
This reform represents the most significant restructuring of the Czech AML/CFT framework since 2008 and will create a materially more demanding regulatory environment, with sanctions potentially reaching up to 10% of annual turnover. As AMLR aims to harmonise sanctions across all EU member states, the level of sanctions in the Czech Republic may increase as a result.
The shift from national transposition to directly applicable EU regulation requires a fundamental reassessment of compliance programs.
Obliged entities should begin preparation without delay, as the scope of required changes – legal, operational, technological and organisational – is unlikely to be achievable in the final months before 10 July 2027.
We will continue to monitor the legislative process closely as it advances, particularly given the significant public debate that has shaped these draft laws.
Download the Client Alert in English
- Including (i) Regulation (EU) 2023/1113 of the European Parliament and of the Council of 31 May 2023 on information accompanying transfers of funds and certain crypto-assets and amending Directive (EU) 2015/849 (ToFR) and (ii) Regulation (EU) 2024/1620 of the European Parliament and of the Council of 31 May 2024 establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism and amending Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010 (AMLAR). ↩︎
- Client or customer due diligence (in Czech “kontrola”). ↩︎
- Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC. ↩︎
- FIU (Financial Intelligence Unit), in the Czech Republic (Finanční analytický úřad – FAÚ). ↩︎
- Natural persons not acting professionally are to be exempted. ↩︎