AML for investment companies in the Czech Republic in 2025 is no longer a formality, but a full operational framework that largely determines whether you will obtain a license, retain access to the European financial infrastructure and whether you will actually be able to scale the business in the EU, Asia and the CIS.
Over the past years I have seen funds with strong products and investment companies lose momentum, clients and money only because they underestimated three things: the real AML requirements, the expectations of regulators (FAU and ČNB) and the need to think of AML as part of the business‑model rather than a “legal overlay”.
AML in the Czech Republic for investment companies
Czech AML‑regulation for investment companies is based on several levels:
- Act No. 253/2008 Sb.
The basic anti‑money laundering law, which sets out obligations for customer identification, identification of beneficial owners, transaction monitoring and reporting suspicious transactions (SAR/STR). - EU AML Directives (AMLD) and FATF recommendations
They define the framework of the risk‑based approach: a risk‑oriented approach that has become the key compliance philosophy for investment companies in Europe. - Supervision and practice:
- Financial Analytical Office (FAU): the Czech financial intelligence unit and the primary recipient of SAR/STR.
- Česká národní banka (ČNB) – supervises banks, investment companies, licensed financial services, funds.
At the theoretical level everything is clear, but in reality what matters is not the names of the acts, but how this is reflected in everyday tasks: from investor onboarding to the daily monitoring of the portfolio and transactions. That’s what comes next.
New AML requirements for investments in the Czech Republic — 2025
From 2024–2025 I see three key blocks of changes that affect investment companies in the Czech Republic:
Appointment and registration of an AML contact in the FAU
For a number of companies falling under Act No. 253/2008 Sb., a requirement has been introduced to appoint an AML contact person and register them with the FAU by the established deadline (for some entities, by February 1, 2025).
From COREDO’s practice:
- An AML contact is not just a lawyer, but a person who:
- truly understands the fund’s business model;
- can communicate persuasively with the FAU;
- controls internal AML procedures and the SAR/STR workflow.
- A mistake I often saw: appointing a formal “responsible person” but without authority and access to data. For the FAU this is a quick signal that compliance in the company is merely decorative.
Tightening of beneficiary identification
AML compliance in the Czech Republic is no longer limited to “collecting a passport and an extract”. The regulator’s real focus is on:
- identifying the Beneficial Owner (the ultimate beneficiary), taking into account complex ownership chains and trust structures;
- regular review checks (beneficiary verification frequency), not one-time KYC at onboarding;
- accuracy and timeliness of data in the Beneficial Ownership Register (corporate transparency).
Increasing automation and digitalization of AML
In the Czech Republic and across the EU, AML is increasingly shifting towards:
- digital identification of clients (e‑ID, eKYC, remote identification);
- integrations with state and commercial databases;
- the requirement for an audit trail and data lineage for blocking, escalation and SAR decisions.
The COREDO team implemented several projects where an investment company successfully passed an AML audit precisely because it was able to:
- show the decision-making structure for each high‑risk client;
- demonstrate how the AML platform records the history of events, changes in risk profile, and escalations.
KYC and due diligence for investments in the Czech Republic 2025
The question I hear most often: “What are the real AML requirements for an investment company in the Czech Republic after 2025? What exactly should be checked for clients and investors?”
Basic KYC and risk‑based approach
Today it’s not enough just to collect a set of documents. A risk‑scoring model is important:
- client assessment (investor type, jurisdiction, PEP status, reputation);
- product assessment (fund type, liquidity, presence of crypto assets);
- channel assessment (online onboarding, via intermediaries, partner networks);
- geography assessment (EU, Asia, CIS, high‑risk countries).
Enhanced Due Diligence for PEPs and high‑risk jurisdictions
For Politically Exposed Persons (PEPs) and clients from high‑risk countries, formal document collection does not work. You need:
- Source of Funds and source of wealth analysis;
- detailed screening against sanctions and adverse media lists;
- understanding how the client’s profile aligns with your investment strategy.
One COREDO case: a large private equity fund with a portfolio of investors from the EU and Asia. After implementing structured EDD for PEPs and high‑risk jurisdictions, the fund:
- reduced the average time to approve complex clients;
- received positive feedback from the custodian bank, which saw well‑prepared AML dossiers.
Registration of the AML contact at FAU: checklist
A typical approach that the COREDO team has followed in recent projects:
- Determining the role and authorities of the AML‑contact
- access to all AML data and systems;
- the right to escalate cases to top management;
- participation in approving the AML policy.
- Preparation of the AML‑contact dossier
- a CV, evidence of experience in compliance / jurisprudence / finance;
- confirmation of absence of conflicts of interest;
- a description of how their role is integrated into the model three lines of defence.
- Registration with the FAU
- filling out the form and submitting the contact person’s data;
- setting up internal procedures so that all SARs/STRs go through the designated channel.
- Integration of the AML‑contact into the operational framework
- participation in KPI reports;
- coordination of AML audits and interaction with ČNB (if the company holds licenses).
Transaction monitoring and AI in AML at an investment company
investment company in the Czech Republic, especially one that works with a multi-jurisdictional portfolio and high-frequency operations, cannot rely only on “check-lists in Excel”.
- a rules set (rules engine) by types of operations:
- incoming/outgoing transfers;
- subscription/redemption of fund shares;
- operations with crypto-assets;
- risk-scoring models for clients and transactions;
- escalation and case management system (case management).
AI and ML models against false positives
One of the main pains clients brought to COREDO was a high percentage of false positives: the system “clogs” the compliance department with false alerts, people burn out, and real risks get lost in the overall noise.
In several projects the COREDO team helped to:
- implement Machine Learning for AML on top of basic rules;
- optimize three key KPIs:
- % of false positives;
- MTTR (Mean Time To Respond) for cases;
- SAR conversion rate – the share of cases that actually turn into reports for the FAU.
The use of Explainable AI (XAI) became a critical point: the regulator needs to see why the AI made a particular decision. Without model explainability, an investment company risks receiving questions already at the licensing or audit stage.
Data lineage, audit trail and GDPR
Modern AML compliance is unthinkable without:
- data lineage, understanding where data came from, how it was transformed, and on what basis the decision was made;
- audit trail, logs of all actions, status changes, escalations;
- a proper data retention policy compatible with GDPR requirements and the AML law regarding retention periods.
VASP and crypto-assets in the Czech Republic
A separate layer of issues — requirements for VASP and the crypto industry. If a fund:
- invests in crypto‑projects;
- works with tokenized assets;
- itself obtains VASP registration,
then the regulator expects:
- compliance with specific AML‑requirements for VASP;
- having an Internal AML officer with experience specifically in crypto;
- meeting minimum capital requirements (ranges are typically around €50k–€150k depending on the model and services);
- physical presence: an office, a local director, clear governance.
In one project the COREDO team supported a structure where a traditional fund added a crypto‑arm. The key question was not only the registration of the VASP, but also how a single AML‑model covers both traditional assets and crypto, so as to:
- not duplicate processes;
- maintain a coherent picture of portfolio risk;
- avoid overloading with false positives.
AML audit and interaction with the Financial Analytical Unit / Czech National Bank
Even mature teams sometimes encounter “bottlenecks”: outdated procedures, outdated risk‑models, weak PEP controls, manual processes without an audit trail. In such situations, not only diagnosis is important, but also a regulatory remediation plan, a plan of corrective measures.
- Gap‑analysis:
- comparison of current procedures with Act No. 253/2008 Sb., EU directives and local guidelines;
- assessment of actual implementation (not just the presence of documents).
- Risk prioritization:
- quick fixes (quick wins) affecting daily operations;
- medium‑term changes (rewriting policies, revising the risk‑model);
- long‑term changes (IT‑architecture, automation, integrations).
- Regulatory remediation plan:
- step‑by‑step plan with deadlines and KPIs;
- allocation of responsibilities: AML‑officer, CIO, lawyers, business‑units;
- preparation of the rationale for dialogue with FAU/ČNB.
- preparation for AML‑audit:
- testing a sample of clients and transactions;
- simulating FAU requests;
- team training (including compliance culture and employee training).
Technologies, ROI and TCO in an AML Project
I usually suggest looking at three levels:
TCO (Total Cost of Ownership)
Owning an AML solution includes:
- software licenses and access to external databases (sanctions, PEPs, adverse media);
- integrations (core systems, CRM, banking interfaces, API with FAU: where possible);
- internal resources (IT team, analysts, AML officer);
- training and an annual AML audit.
Economic impact
The ROI of an AML project is not always expressed solely in direct savings. It more often manifests in:
- reducing operating costs through:
- reducing the share of manual checks;
- reducing false positives;
- speeding up investor onboarding, especially from the EU, Asia, and the CIS;
- reducing the likelihood of:
- fines and sanctions;
- account blocks by banks and custodians;
- loss or non-renewal of a license.
In one COREDO project we calculated ROI by:
- almost halving %FP (false positives);
- reducing MTTR for cases from several days to hours;
- an increase in institutional client onboarding conversion, because AML checks became part of the ‘orchestration’ of onboarding rather than a bottleneck in the process.
AML model for the EU, Asia and the CIS: how to build it?
Many COREDO clients start with a Czech license and infrastructure, and then expand into other jurisdictions: the EU, Asia, the Middle East. It is a mistake to build local AML processes “from scratch” in every country.
- create a single AML framework, based on:
- EU requirements (AMLD);
- FATF standards;
- best practice of the risk‑based approach;
- and layer local requirements (Singapore, Dubai, certain CIS countries) as add-ons.
In several projects the COREDO team built exactly this model:
- unified policies, risk models and KPIs;
- local add‑ons for specifics:
- e‑ID and remote identification;
- amount thresholds;
- reporting and SAR/STR formats;
- the impact of acts such as DORA (operational resilience for the EU financial sector).
As a result, the company can quickly open new jurisdictions without reinventing AML each time and without falling into the trap of incompatible processes.
Practical roadmap for investments in the Czech Republic
Summarizing COREDO’s experience, a practical roadmap for an investment company in the Czech Republic that wants to be ready for AML 2025 requirements and beyond looks like this:
- Map of regulatory obligations
- identify which specific articles of Act No. 253/2008 Sb. apply to you;
- document obligations to the FAU and ČNB.
- Appointment and registration of an AML‑contact
- select a real, not a formal, responsible person;
- register them with the FAU and integrate them into the three lines of defense.
- Review of KYC / EDD and the beneficial ownership framework
- ensure that Beneficial Owners are correctly recorded both in the system and in the register;
- implement a clear periodic verification cycle for beneficiaries.
- Modernization of transaction monitoring
- implement or update scenario‑based monitoring;
- if necessary, add AI/ML and XAI to reduce false positives;
- set up a SAR/STR workflow with clear SLAs.
- GDPR and data retention
- review the policy on retention periods and access rights;
- ensure a transparent audit trail and data lineage.
- External AML‑audit and remediation‑plan
- conduct an independent assessment;
- prepare and implement a remediation plan;
- prepare a readiness package for FAU/ČNB inspections.
- Scaling strategy
- synchronize the Czech AML framework with plans to expand into the EU, Asia, Dubai, and Singapore;
- embed compliance by design into new products and funds.
Over the years I have become convinced: an investment company that treats AML as a strategic asset gains advantages not only with the regulator but also with banks, partners, and major investors.
COREDO builds projects according to this logic: from company registration and obtaining a license to a flexible AML‑architecture that withstands audits, scales to new markets, and does not “break” business processes. If you are looking at the Czech Republic as a base jurisdiction for investment activity or a European fund, embedding this approach into AML is no longer optional but a mandatory condition for long‑term growth.