Updates in the Anti-Money Laundering and Counter-Terrorism Financing measures
Amendments Effective from 15 January 2025
On 15 January 2025, the amendment to Act No. 297/2008 Coll.[1] on the Prevention of Legalization of Proceeds from Criminal Activity and on the Prevention of Terrorist Financing (hereinafter the "AML Act") came into force, introducing several significant changes. This amendment reflects the need to harmonize Slovak legislation with the European Union's requirements and international standards in combating financial crime. Below is a concise but detailed overview of the most important changes and their implications.
Expansion of Terms and New Definitions: How the Amendment Rewrites the Rules of the Game
The amendment introduces, for the first time in § 9 (1) (d) of the AML Act, the definitions of "crypto-asset" and "transfer of crypto-assets". These definitions are adopted from EU Regulation No. 2023/1113[2], which defines a crypto-asset as a "digital representation of value or rights that can be transferred and electronically stored using distributed ledger technology or similar technology." A crypto-asset transfer includes any transaction involving the transfer or relocation of crypto-assets.
Another innovation is the definition of "high-risk country" in § 9 (1) (o) (p) of the AML Act, previously absent in Slovak legislation. The law now explicitly states that high-risk countries include those identified in the Commission Delegated Regulation (EU) 2016/1675 of 14 July 2016, and countries identified by intergovernmental institutions or international organizations setting globally recognized standards for preventing money laundering and terrorist financing. This clarification aligns the legislation more precisely with international standards, particularly those of the Financial Action Task Force (FATF).
The amendment also introduces, for the first time in Slovak legislation, in § 6a (5) (d) of the AML Act, a specific category of entities for which the ultimate beneficial owner (hereinafter the "UBO") must be identified—namely, "trust funds" established under the legal systems of other countries. Before the amendment took effect, UBOs of such entities could only be identified based on the criteria applicable to "asset associations," which did not fully reflect the conditions of the AML Directive. The aim of this change is to enhance the transparency of asset structures and improve the efficiency of identifying persons considered to be UBOs (such as the settlor, trustee, supervisor, beneficiary of the trust fund, and other individuals who have effective control over the trust fund).
Under the new rules, any natural person who is a partner in a public company or a limited partnership, or an individual who directly or indirectly controls a legal entity that is a partner, is also considered a UBO. Additionally, a silent partner is classified as a UBO if they hold a right to at least 25% of the economic benefits from the business activities of the legal entity in which they are a silent partner.
The proposed legislative amendments respond to the recommendations of the OECD Global Forum on Transparency and Exchange of Information, which arose from the peer review of the Slovak Republic[3]. The aim is to address identified shortcomings in the recording of UBOs for general partnerships, limited partnerships, and silent partners. The new rules enhance transparency and align the legislation with global standards, thereby ensuring better identification of economic interests in business entities.
Expansion of Identification Scope: Address of Actual Business Operations
Pursuant to § 7 (1) (a) and (b) of the AML Act, mandatory entities are now required to ascertain and record not only the registered office or place of business but also the address of the actual place of business operations. This change is significant for better monitoring of the real activities of entities, especially in cases where their activities do not align with official records. As a result, the range of facts that obliged persons are obligated to verify as part of their activities has been broadened.
Ultimate Beneficial Owners Under Scrutiny: New Obligations Under the Law
UBOs are now required to actively cooperate in providing accurate and up-to-date information to obliged persons. This obligation, pursuant to § 10a (4) of the AML Act, includes providing all necessary details for the purpose of their identification and verification. Prior to the amendment of the AML Act, this obligation rested solely with the client (and not the UBO). Obliged persons, such as banks, insurance companies, or other financial institutions, will now have improved access to the data necessary for their operations.
Stricter Sanctions for Members of Statutory Bodies and Management Officials
Under the new provision § 33 (4) of the AML Act, the Financial Intelligence Unit can impose strict sanctions not only on obliged persons themselves but also on:
Members of the statutory body of the obliged person
Members of the supervisory board
Members of the management body
Proxy holders of the obliged person
The penalty imposed can amount to up to 10 times the average monthly income of the sanctioned individual received from the obliged person over the previous 12 months. If the individual received income from the obliged person for less than 12 months, the average monthly income is calculated based on the period during which the income was provided. This measure increases the accountability of members of statutory and management bodies of obliged persons for compliance with obligations under the AML Act.
Client Due Diligence
Basic Due Diligence – Emphasis on Ongoing Monitoring
The amendment expands the situations in which an obliged person is required to conduct basic due diligence on a client. According to § 10 (2) of the AML Act, basic due diligence is now required not only when establishing a business relationship or conducting occasional transactions above a certain value but also in additional scenarios reflecting increased risk assessment requirements:
Ongoing monitoring during the business relationship: Obliged persons must carry out basic due diligence throughout the entire duration of a business relationship. The intensity of this monitoring depends on the risk assessment. This approach underscores the importance of continuous client monitoring.
Changes in the client’s circumstances: If a client undergoes significant changes (e.g., in business activities, ownership structure, or allocation of new authorizations), the obliged person is required to review these changes and perform basic due diligence. The aim is to reassess risk factors and prevent any potential increase in risk.
Review of information about the UBO: Obliged persons must examine UBO information whenever there are changes to such data or when required by specific regulations.
Occasional transactions outside a business relationship: The obligation to perform basic due diligence extends to occasional transactions outside an existing business relationship if they involve electronic transfers of funds or crypto-assets exceeding EUR 1,000.
In certain circumstances, § 10 (9) of the AML Act allows for the omission of basic due diligence, particularly if:
Performing due diligence could impede or jeopardize the processing of an unusual business transaction (§ 10 (9) (a) of the AML Act).
The Financial Intelligence Unit issues a written instruction not to perform due diligence (§ 10 (9) (b) of the AML Act).
If an obliged person acts according to these provisions, § 17 (4) of the AML Act imposes an additional requirement, that the obliged person must include in their report on the unusual business transaction the circumstances and reasons for not performing basic due diligence. Therefore, it is essential to pay special attention to meticulous documentation of decisions and circumstances related to the omission of due diligence.
Simplified Due Diligence: More Conditions, Greater Oversight
The new wording of the AML Act in § 11 (1) (a) and § 11 (4) introduces significant changes to simplified due diligence for clients. On one hand, it allows obliged persons to apply simplified due diligence to clients who have not been assessed as high-risk under the national risk assessment. On the other hand, it establishes new obligations that clarify and further regulate the process. An obliged person may apply simplified due diligence to a client if:
The obliged person provides a well-reasoned justification for the low-risk classification of the relevant category of clients, business relationships, transactions, or products and appropriately documents this in specific records.
The client has not been assessed as high-risk under the national risk assessment.
There are no grounds to apply enhanced due diligence under § 12 of the AML Act, meaning there are no suspicions or factors that would increase the risk of money laundering or terrorist financing.
What is the National Risk Assessment? The national risk assessment, as defined in § 26a of the AML Act, is a document prepared by the Financial Intelligence Unit. This document provides a comprehensive analysis of risks related to money laundering and terrorist financing in specific areas and helps obliged persons effectively identify potential high-risk entities. In the appendix to this article, , we have summarized the national risk assessment based on key evaluation factors.
New Obligations for Simplified Due Diligence
The amendment to the AML Act also clarifies the rules for simplified due diligence on clients. According to § 11 (4) of the AML Act, obliged persons are required to follow rules that previously applied to them only indirectly:
Documentation of conditions: The obliged person must verify and record the fulfillment of all conditions that justify the application of simplified due diligence. This documentation is crucial in case of inspections and to demonstrate compliance with legislation.
Client identification: Even under simplified due diligence, obliged persons must identify the client and any individuals acting on their behalf.
Record of transaction purpose and nature: Obliged persons must document information about the purpose and nature of the business relationship, as well as the origin of financial funds, in compliance with the requirements of § 10 (1) (b) and (d) of the AML Act.
Risk assessment: The obliged person must assess whether the client or business transaction exhibits characteristics of an unusual business operation. Simplified due diligence can only be applied if no risk is identified.
It is important to note that these changes impose increased formal administrative demands on obliged persons, as it was previously not mandatory to document the fulfillment of conditions for simplified due diligence to this extent.
Obligation to Refuse a Business Relationship or Specific Transaction – New Rules
Under the amended § 15 of the AML Act, the requirements for obliged persons regarding the refusal to establish a business relationship, its termination, or the refusal to execute a specific transaction have been tightened. Obliged persons are now required to:
Not only refuse to establish a business relationship, terminate it, or refuse to execute a specific transaction if they are unable to perform basic due diligence on the client or if the client refuses to disclose on whose behalf they are acting,
but also assess whether the transaction constitutes an unusual business operation. If it is determined that the transaction does not qualify as an unusual operation, a written record with the reasoning for the assessment must be prepared. This record must be archived and made available for inspection if required.
We also note that, effective 1 January 2025, reports on unusual business transactions can only be submitted via the goAML information system. This centralized tool streamlines the reporting process and provides the Financial Intelligence Unit with better oversight of the activities of obliged persons. The change in the reporting process was introduced by the Ministry of Interior prior to the amendment’s effective date. In practice, the implementation of the goAML system represents a more efficient and transparent method of processing reports. Additionally, this new tool offers better insight into the activities of obliged persons and ensures more transparent communication with the Financial Intelligence Unit.
Internal Compliance Program – Risk-Based Adjustments and New Requirements for Obliged Persons
The amendment to the AML Act introduces significant changes to the internal compliance program requirements for obliged persons, reflecting modern risk management approaches.
Risk-Based Program Adjustments
The approach to client due diligence must be tailored to the identified risks, as outlined in § 20 (2) (b) of the AML Act. Therefore, the internal program must include:
Measures aimed at mitigating risks.
Categorization of clients and business operations into low, medium, and high-risk categories.
This framework aligns with established "best practice" guidelines under the AML Directive and enables obliged persons to manage risks more effectively while adapting their internal processes to current challenges. The reassessment of risk categories should be regular and dynamic.
New Requirements for Responsible Persons
The law also places greater emphasis on the qualifications and competencies of individuals responsible for AML tasks (referred to as compliance officers). According to the new wording in § 20 (2) (h) of the AML Act, such individuals must:
Be professionally qualified and sufficiently informed about the risks faced by the obliged person.
Be authorized to make decisions to mitigate risks.
Risk Management System for PEPs and Sanctioned Persons
One of the key innovations is the requirement to include procedures for identifying politically exposed persons (PEPs) and sanctioned persons in the internal program, as stipulated in § 20 (2) (l) of the AML Act. In practice, this means that obliged persons must implement or utilize effective and actionable measures, taking into account their internal processes and commercially available tools, such as:
Mechanisms for verifying data in relevant registers and databases (e.g., commercially available tools for PEP and sanctions screening like those provided by FinStat).
Rules for regularly updating information on clients and UBOs.
Procedures for addressing situations where it is determined that a client or UBO falls into one of these categories.
Addressing New Products and Technologies
Under § 20a (1) of the AML Act, obliged persons must include procedures for identifying and managing risks associated with new products and technologies in their internal program. This ensures that obliged persons can effectively perform their duties even in the event of technological advancements that influence how their services are provided or transactions are processed.
Conclusion
The new AML rules, effective from 15 January 2025, introduce significant changes for obliged persons, particularly in the areas of risk management, client due diligence, and transaction recording. For obliged persons, this amendment represents an opportunity to strengthen their internal processes and minimize the risks associated with non-compliance.
Mgr. Patrik Führich & Mgr. Tereza Ľuptáková
Appendix – Summary of the National Risk Assessment
1. Risk Factors Related to Clients
· Client Type:
o Politically exposed persons (PEPs) and their close associates.
o Clients with unclear or complex ownership structures.
o Entities from jurisdictions with a high risk of money laundering or terrorist financing.
o Entities operating in high-risk sectors, such as gambling, real estate, or the trade of precious metals.
· Geographical Origin:
o Clients from countries identified as high-risk under EU regulations (e.g., Commission Delegated Regulation (EU) 2016/1675).
o Clients operating in countries with low levels of AML/CFT rule implementation.
· Transactional Behavior:
o Frequent and large international transactions without a clear economic reason.
o Unusual behavior or operations that do not align with the client’s profile.
2. Risk Factors Related to Products, Services, Transactions, or Distribution Channels
· Types of Products and Services:
o Products enabling anonymity (e.g., prepaid cards, cryptocurrencies).
o Services involving high mobility of funds (e.g., bank transfers with minimal oversight).
· Distribution Channels:
o Online platforms or unconventional distribution systems that may limit client identification.
o New technologies and systems that are not adequately regulated.
· New Products and Technologies (§ 20a of the AML Act):
o Emerging or new technologies (e.g., payments using digital currencies).
o Risks associated with innovations that are insufficiently regulated or monitored.
· Complex Transactions:
o Operations involving multiple jurisdictions or the interconnection of various entities.
o Transactions utilizing new or emerging products, increasing their lack of transparency.
[1]) Amendment Act No. 387/2024 Coll., amending and supplementing Act No. 297/2008 Coll. on the Prevention of Legalization of Proceeds from Criminal Activity and on the Prevention of Terrorist Financing and on Amendments and Supplements to Certain Acts, as amended, and amending and supplementing certain other acts.
[2]) Article 3, Points 10 and 14 of Regulation (EU) 2023/1113 of the European Parliament and of the Council of 31 May 2023 on information accompanying transfers of funds and certain crypto-assets, currently available at: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32023R1113.
[3]) Global Forum on Transparency and Exchange of Information for Tax Purposes: Slovak Republic 2020 (Second Round) Peer Review Report on the Exchange of Information on Request, currently available at: https://www.oecd.org/en/countries/slovak-republic.html.
