namedate of birthplace of birthsexaddressnationalityidentity cardpassport
namedate of birthsurnameidentification numberplace of birthaddresscitizenshipidentity cardpassport
full nameregistered seatidentificationcertificate of incorporation
Act on Electronic Signature
1996 (amended 2004, 2006 and 2008 - Act No. 253/2008 Coll. effective as of 1 September 2008) and last amended in Oct 2015 (http://www.mfcr.cz/cs/verejny-sektor/regulace/boj-proti-prani-penez-afinancovani-tero/legislativa-aml-cft).
Yes, any single transaction below EUR15,000 does not require any customer due diligence unless it is a:
a) a suspicious transaction;
b) an agreement to enter into a business relationship;
c) an agreement to establish an account, to make a deposit into a deposit passbook or a deposit certificate, or to make any other type of deposit;
d) an agreement to use a safety deposit box or an agreement on custody;
e) a transaction with a PEP; and
f) as part of the business relationship.
Name, surname, birth identification number or date of birth, place of birth, sex, address and citizenship. These would normally be verified by an identity card or passport.
the full name, residency/seat, identification (or similar identification received from foreign offices) showing evidence of the company’s existence (i.e. certificate of incorporation, trade register
statement or other). The same principles for individuals apply for the identification of individuals in the company’s statutory body. If the company’s statutory body or the owner is another legal entity,
identification documentation must also be collected for that entity
The shareholders of a legal entity (with more than 25% holding) must be ascertained. Identification requirements are the same as for the relevant legal entity.
Enhanced customer due diligence is applicable for: a) a remote financial services agreement under the Civil Code; b) a transaction and business relationship with a PEP: and c) a correspondent bank relationship with a foreign credit or similar institution (“Correspondent Institution”).
Legislation requires financial institutions to:
a) have sufficient procedures to determine whether the customer is a PEP who is a resident of another country;
b) obtain approvals from senior management on a daily basis for establishing business relationships with such customers;
c) take reasonable measures to gather information about the sources of income and funds that are involved in the business relationship or transaction; and
d) continuously monitor the business relationship.
All transactions with PEPs are subject to due diligence including the provision of information and supporting documentation relating to: a) the purpose and intended nature of the transactions or business relationship; b) the beneficial owner, if the client is a legal entity; c) the information required for continuous monitoring of the business relationship; and d) a review of the income source.
In the case of a remote financial services agreement under the Civil Code, the entity shall review the customer as follows:
a) the first payment under this agreement shall be made via an account kept in the customer's name held at a credit institution or a foreign credit institution operating in the European Union (“EU”) or the European Economic Area (“EEA”); and
b) the customer shall submit to the entity a copy of a document verifying the existence of this account together with copies of the relevant parts of his identity card and at least one more identification document to validate the customer's identification data of this card i.e. the type, serial number, issuing country or institution and validity.
Ministry of Finance of the Czech Republic Financial analytical department (“FAU”)
Suspicious transactions are identified based on criteria such as unusual transactions, international wire transfers etc. However, no special report is required.
Yes, penalties are described in detail in Section 43 to 53 of the Act No. 253/2008 Coll
Yes, in general a transaction that is identified/reported as suspicious can be continued after 24 hours from the time when it has to be notified and received by the Ministry of Finance, unless the Ministry of Finance postpone the transaction.
No. However, if the external auditor during performance of the regular audit procedures finds out facts which indicate suspicion of committing economic crime, crime against property or crime of corruption, he is obliged to inform the FAU, statutory representatives and control body of the given bank thereof. The central bank is however authorised to ask the bank to appoint the auditor for review of their internal control system which might also include a review of the AML function if requested by the central bank
If such a request is made by the central bank, it covers a selected year of operations and the report is due by the end of Feb of the next year. The auditor provides this report to the bank and the bank delivers the report to the central bank. This review is done independent to the financial statement audit and may even be done by a different auditor.
Such report is focused primarily on internal controls as defined by the Basel Committee on Banking Supervision best practice, however it would also include a compliance review with the key legal requirements. No sample testing or risk assessment examination is required.
yes, the Data Protection Act stipulates a separately protected category of personal data. It is forbidden to process personal data on racial or ethnic origin, political opinions, religious or philosophical beliefs, membership in political parties or political movements, trade union membership and data concerning health or sex life.
Generally, the consent regarding the transfer of data must comply with requirements in the Article 4 letter n) and Article 5 par. 4 of the Data Protection Act. Furthermore, the criminal records and medical data are also considered as the sensitive data according to the Article 4 letter b) of the Data Protection Act. The sensitive data may be transferred only with the consent or instruction of the subject of the data together with other requirements of the Article 9 letter a) of the Data Protection Act. For further details please see the above mentioned provisions of the Data Protection Act (https://www.uoou.cz/en/vismo/zobraz_dok.asp?id_ktg=1107&p1=1107).
Real estate purchases or leases are exempted from the law.
Section 3 specifies that a document is considered signed if it is signed with an electronic signature. Parties may still request handwritten signatures.
Summary of law
The Czech Republic follows the UNCITRAL model law and is similar to the laws of many European Union member states. It is considered a two-tier jurisdiction because it gives digital signatures the same status as handwritten signatures but also recognizes simple electronic signatures as legal and enforceable. Countries that follow this model give companies the opportunity to select different forms of signatures and customize their business processes based on the form that is most convenient and appropriate for each use case.
Electronic signatures are presumed valid unless proof to the contrary is produced. Section 3 of the 227/2000 Coll. ACT states, “A data message shall be signed if it is furnished with an electronic signature.”
These should be certified by an appropriate person e.g. a notary, local authorities etc. Specific rules apply to credit and financial institutions, where certain employees are authorised to verify these when
opening account, concluding contract etc.
Transfers of personal data outside EEA and EU have been recently affected by the decision of No. C-362/14 Maximillian Schrems v. Data Protection Commissioner from 06 Oct 2015 of the Court of Justice of the European Union cancelling the Safe Harbor Regime. As a result, the Czech Office for Personal Data Protection recommends to use standard contractual clauses according to the Commission decision No. 2010/87/EU from 05 Feb 2010 (http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF) and/or Binding Corporate Rules (http://ec.europa.eu/justice/dataprotection/international-transfers/binding-corporate-rules/index_en.htm) to govern the transfer of information to the US
Yes, the general business secrecy is stipulated in the Act No. 89/2012 Coll., the Civil Code, and specific bank secrecy is stipulated in the Act No. 21/1992 Coll., on banks. Bank secrecy means keeping confidential all the information and documents on matters relating to the client of the bank that is not publicly accessible. In particular, information on transactions, account balances and deposit balances. The bank is obliged to keep this information confidential and protected from disclosure, misuse, damage, destruction, loss or theft. Information and documents on matters that are protected by bank secrecy cannot be disclosed to third parties without the prior written consent of the client. There are also other types of confidentiality prescribed by the relevant laws, such as attorney-client confidentiality, medical confidentiality, auditor confidentiality.