KYC.IO

Global Regulations and Requirements for KYC Onboarding
(powered by KYC-Chain)

KYC to onboard domestic persons

namedate of birthplace of birthsexaddressnationalityidentity cardpassport

KYC to onboard international persons

namedate of birthsurnameidentification numberplace of birthaddresscitizenshipidentity cardpassport

corporate requirements

full nameregistered seatidentificationcertificate of incorporation

National ID card name

Občanský průkaz

National ID Photo

back of national id photo back

Does the country have Esignature Laws?

Act on Electronic Signature

E-sig law files

What year did the relevant AML laws and regulations become effective?

1996

Further details on AML regime

1996 (amended 2004, 2006 and 2008 - Act No. 253/2008 Coll. effective as of 1 September 2008) and last amended in Oct 2015 (http://www.mfcr.cz/cs/verejny-sektor/regulace/boj-proti-prani-penez-afinancovani-tero/legislativa-aml-cft).

Who is the regulator for AML controls for Banking

Czech National Bank

Link to site

http://www.cnb.cz/miranda2/export/sites/www.cnb.cz/en/legislation/acts/download/act_on_cnb.pdf , http://www.cnb.cz/cs/index.html

Other financial Services

Czech Trade Inspectorate (www.coi.cz/en/) administrative authorities supervising lotteries and other similar games, and holders of licences to operate betting games.

Website of Regulator

http://www.coi.cz/en/

Financial Sector regulator

N/A

Practical Guidance for AML

Yes

Practical guidance PDF's

metodiky_vyklady.html

Is there a requirement to verify the identity of customers retroactively?

No.

Retroactive details

No.

Has the country been the subject of FATF mutal evaluation in the last 3 years?

MONEYVAL

PDF of FATF review

Czech_en.asp

Are there minimum transaction thresholds (Y/N)

Yes

More details on minimum transaction thresholds.

Yes, any single transaction below EUR15,000 does not require any customer due diligence unless it is a: a) a suspicious transaction; b) an agreement to enter into a business relationship; c) an agreement to establish an account, to make a deposit into a deposit passbook or a deposit certificate, or to make any other type of deposit; d) an agreement to use a safety deposit box or an agreement on custody; e) a transaction with a PEP; and f) as part of the business relationship.

What are the requirements for customer identification information for individuals

Name, surname, birth identification number or date of birth, place of birth, sex, address and citizenship. These would normally be verified by an identity card or passport.

Details to be Collected on Corporates

the full name, residency/seat, identification (or similar identification received from foreign offices) showing evidence of the company’s existence (i.e. certificate of incorporation, trade register statement or other). The same principles for individuals apply for the identification of individuals in the company’s statutory body. If the company’s statutory body or the owner is another legal entity, identification documentation must also be collected for that entity

What are the high level requirements around beneficial ownership (identification and verification)?

The shareholders of a legal entity (with more than 25% holding) must be ascertained. Identification requirements are the same as for the relevant legal entity.

What circumstances are enhanced customer due diligence measures required?

Enhanced customer due diligence is applicable for: a) a remote financial services agreement under the Civil Code; b) a transaction and business relationship with a PEP: and c) a correspondent bank relationship with a foreign credit or similar institution (“Correspondent Institution”).

How should FI's deal with Politically exposed persons

Legislation requires financial institutions to: a) have sufficient procedures to determine whether the customer is a PEP who is a resident of another country; b) obtain approvals from senior management on a daily basis for establishing business relationships with such customers; c) take reasonable measures to gather information about the sources of income and funds that are involved in the business relationship or transaction; and d) continuously monitor the business relationship.

What enhanced due diligence must be performed for correspondent banking relationships?

All transactions with PEPs are subject to due diligence including the provision of information and supporting documentation relating to: a) the purpose and intended nature of the transactions or business relationship; b) the beneficial owner, if the client is a legal entity; c) the information required for continuous monitoring of the business relationship; and d) a review of the income source.

Are relationships with banks who might be considered a 'shell' and without substance permitted?

Yes

In what circumstances is additional due diligence required for non face-to-face transactions and/or relationships?

In the case of a remote financial services agreement under the Civil Code, the entity shall review the customer as follows: a) the first payment under this agreement shall be made via an account kept in the customer's name held at a credit institution or a foreign credit institution operating in the European Union (“EU”) or the European Economic Area (“EEA”); and b) the customer shall submit to the entity a copy of a document verifying the existence of this account together with copies of the relevant parts of his identity card and at least one more identification document to validate the customer's identification data of this card i.e. the type, serial number, issuing country or institution and validity.

To whom are SAR's made? (suspicious activity reports)

Ministry of Finance of the Czech Republic Financial analytical department (“FAU”)

Link to website of SAR reporting

http://www.mfcr.cz/cs/verejny-sektor/regulace/boj-proti-prani-penez-a-financovanitero/oznameni-podezreleho-obchodu

Other Suspicious or unusual transactions obligations.

Suspicious transactions are identified based on criteria such as unusual transactions, international wire transfers etc. However, no special report is required.

Are there any de-minimis thresholds below which transactions do not need to be reported?

Are there any penalties for non compliance with reporting requirements e.g. tipping off?

Yes, penalties are described in detail in Section 43 to 53 of the Act No. 253/2008 Coll

Are there any requirements (legal or regulatory) to use automated Suspicious Transaction monitoring technology?

Is there a requirement to obtain authority to proceed with a current/ongoing transaction that is identified as suspicious?

Yes, in general a transaction that is identified/reported as suspicious can be continued after 24 hours from the time when it has to be notified and received by the Ministry of Finance, unless the Ministry of Finance postpone the transaction.

Does the local legislation allow transactions to be monitored outside the jurisdiction?

Is there a legal requirement for a bank’s external auditor/other external organisation to report on the bank’s AML systems and controls?

No. However, if the external auditor during performance of the regular audit procedures finds out facts which indicate suspicion of committing economic crime, crime against property or crime of corruption, he is obliged to inform the FAU, statutory representatives and control body of the given bank thereof. The central bank is however authorised to ask the bank to appoint the auditor for review of their internal control system which might also include a review of the AML function if requested by the central bank

If an external report on the bank’s AML systems and controls is required: a) how frequently must the report be provided?

If such a request is made by the central bank, it covers a selected year of operations and the report is due by the end of Feb of the next year. The auditor provides this report to the bank and the bank delivers the report to the central bank. This review is done independent to the financial statement audit and may even be done by a different auditor.

To whom should the report on AML systems be submitted?

N/A

Is an AML system part of the financial statement audit?

N/A

What are the requirements for the content of this external report on a bank’s AML systems and controls? Does it require: a) sample testing of KYC files? b) sample testing of SAR reports? c) examination of risk assessments?

Such report is focused primarily on internal controls as defined by the Basel Committee on Banking Supervision best practice, however it would also include a compliance review with the key legal requirements. No sample testing or risk assessment examination is required.

Data Protection Laws And Personal Data

yes

Data Protection for Corporate Data

Data protection for "sensitive Data" and additional protections.

yes, the Data Protection Act stipulates a separately protected category of personal data. It is forbidden to process personal data on racial or ethnic origin, political opinions, religious or philosophical beliefs, membership in political parties or political movements, trade union membership and data concerning health or sex life.

Do any restrictions on the transfer of credit reports exist?

Generally, the consent regarding the transfer of data must comply with requirements in the Article 4 letter n) and Article 5 par. 4 of the Data Protection Act. Furthermore, the criminal records and medical data are also considered as the sensitive data according to the Article 4 letter b) of the Data Protection Act. The sensitive data may be transferred only with the consent or instruction of the subject of the data together with other requirements of the Article 9 letter a) of the Data Protection Act. For further details please see the above mentioned provisions of the Data Protection Act (https://www.uoou.cz/en/vismo/zobraz_dok.asp?id_ktg=1107&p1=1107).

Regulator Acronym

CNB

Year of last FATF mutual evaluation

2014

Field 67

first paymentrelevant part of identity card

National ID card details

Compulsory at 15.

Compulsory?

National ID source

https://en.wikipedia.org/wiki/Czech_national_identity_card

Passport Photo

practical Guidance yes / no

Is there a risk based approach

Legal Requirement

Requirement to proceed

Yes

requirement to use automated suspicious transaction tools

Who are SARS made to?

FAU

shell banks

Yes

EDD for correspondent banking

Yes

PDF of case law

Minimum transactions

EUR 15,000

Min transaction USD

16394

Personal Data protection

Personal Data Protection Act

https://www.uoou.cz/en/vismo/zobraz_dok.asp?id_ktg=1107

key restrictions

Real estate purchases or leases are exempted from the law.

Summary

Section 3 specifies that a document is considered signed if it is signed with an electronic signature. Parties may still request handwritten signatures. Summary of law The Czech Republic follows the UNCITRAL model law and is similar to the laws of many European Union member states. It is considered a two-tier jurisdiction because it gives digital signatures the same status as handwritten signatures but also recognizes simple electronic signatures as legal and enforceable. Countries that follow this model give companies the opportunity to select different forms of signatures and customize their business processes based on the form that is most convenient and appropriate for each use case. Electronic signatures are presumed valid unless proof to the contrary is produced. Section 3 of the 227/2000 Coll. ACT states, “A data message shall be signed if it is furnished with an electronic signature.”

Are e-signatures acceptable

If the AML laws and/or regulations became effective in the last 2 years, what were the requirements of the previous AML regime?

N/A

Non financial sector (e.g. casinos, high value goods etc.)

N/A

Does the country have a risk based approach?

Yes.

Where copies of identification documentation are provided, what are the requirements around independent verification or authentication?

These should be certified by an appropriate person e.g. a notary, local authorities etc. Specific rules apply to credit and financial institutions, where certain employees are authorised to verify these when opening account, concluding contract etc.

Is there case law, other constitutional law or any other laws or regulations that may impact upon the transfer of information to this jurisdiction?

Transfers of personal data outside EEA and EU have been recently affected by the decision of No. C-362/14 Maximillian Schrems v. Data Protection Commissioner from 06 Oct 2015 of the Court of Justice of the European Union cancelling the Safe Harbor Regime. As a result, the Czech Office for Personal Data Protection recommends to use standard contractual clauses according to the Commission decision No. 2010/87/EU from 05 Feb 2010 (http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF) and/or Binding Corporate Rules (http://ec.europa.eu/justice/dataprotection/international-transfers/binding-corporate-rules/index_en.htm) to govern the transfer of information to the US

List of case law, constitutional law or any other laws or regulations that may impact upon the transfer of information.

Yes, the general business secrecy is stipulated in the Act No. 89/2012 Coll., the Civil Code, and specific bank secrecy is stipulated in the Act No. 21/1992 Coll., on banks. Bank secrecy means keeping confidential all the information and documents on matters relating to the client of the bank that is not publicly accessible. In particular, information on transactions, account balances and deposit balances. The bank is obliged to keep this information confidential and protected from disclosure, misuse, damage, destruction, loss or theft. Information and documents on matters that are protected by bank secrecy cannot be disclosed to third parties without the prior written consent of the client. There are also other types of confidentiality prescribed by the relevant laws, such as attorney-client confidentiality, medical confidentiality, auditor confidentiality.