A new decree of the Czech National Bank on selected requirements for the system of internal rules, procedures and control measures against legitimisation of proceeds of crime and financing of terrorism became effective on October 1, 2018, sometimes known as the AML Decree. This decree further expands and specifies the obligations of financial and credit institutions as well as non-banking providers of consumer loans and their brokers according to the so called AML Act. Some of the obligations arising under the AML Decree apply adequately also to institutions which were under the AML Act either not obliged to do any identification and due diligence of the clients at all (under Section 13a of the AML Act) or they carried only the simplified identification (under Section 13 of the AML Act).
The Czech National Bank increased the demands imposed on selected institutions which are under the decree obliged to actively search for and to evaluate risks of legalization of proceeds of criminal activities. Whereas the AML Act imposed the obligation to have a system of internal policies, in which the institutions would determine the acceptable level of risk and how such risk should be dealt with, the AML Decree further specified this system. The decree also set out the obligation to prepare an evaluation report at least once in every twelve months.
System of Internal Policies
As part of the system of internal policies, the institutions shall, first of all, determine the risks in the area of money laundering, with which they may encounter during their activities and set them out in writing. They have to respect the national as well as European risk assessment, information from the Czech National Bank, the Financial Analytical Office and information obtained during clients’ identification and due diligence. The next part of the system of internal policies shall be formed by a risk assessment process, which would evaluate clients’ AML risk profiles. Factors influencing such profile include e.g. the clients’ country of origin, persons acting on their behalf, persons having an interest in clients which are legal entities or persons in position of statutory body of such clients, ownership and controlling structure of the clients or origin of clients’ funds. After setting up the AML risk profile of a client, the institution shall choose effective means of identification and due diligence of such client.
In the evaluation report the institution shall state whether the abovementioned internal policies are effective. If some insufficiencies of the system are found, the institution shall list such in the report together with the risks which such insufficiencies may cause. The evaluation report shall be discussed and approved by the statutory and supervisory body of the institution. The decree imposes an obligation to keep the evaluation report for a period of at least 5 years, commencing on the last day of the period to which it refers to.
 Decree no. 67/2018 Coll., on selected requirements for the system of internal rules, procedures and control measures against legitimisation of proceeds of crime and financing of terrorism.
 Act no. 253/2008 Coll., on selected measures against legitimisation of proceeds of crime and financing of terrorism, as amended.