Decree No. 67 / 2018 Coll.
Decree on certain requirements for the system of internal principles, procedures and control measures against the legalisation of proceeds from crime and terrorist financing
Valid
Effective from 01.10.2018
Zobrazeno prvních 200 z celkem 224 ustanovení tohoto předpisu.
Zobrazit celý předpis →
Pro stažení celého znění použijte tlačítko Stáhnout výše.
67
DECLARATION
of 11 April 2018
on certain requirements for the system of internal principles, procedures and control measures against the legalisation of proceeds from crime and terrorist financing
The Czech National Bank provides pursuant to Article 21 (9) of Act No. 253 / 2008 Coll., on certain measures against the legalisation of proceeds from crime and terrorist financing, as amended by Act No. 368 / 2016 Coll.:
Subject matter
This Decree regulates the requirements for the introduction and application of:
(a) procedures for carrying out customer control and determining the scope of customer control appropriate to the risk of legalisation of proceeds from crime and terrorist financing (hereinafter referred to as "risk"), depending on the type of client, business relationship, product or trade; and
(b) adequate and appropriate methods and procedures for risk assessment, risk management, internal control and control of compliance with the obligations laid down by Act No 253 / 2008 Coll., on certain measures against the legalisation of proceeds from crime and terrorist financing, as amended ("the Act")
Institutions under the Internal Principles System under Section 21 (2) of the Act.
Personal scope
(1) The decree applies to an institution which is supervised by the Czech National Bank1) and is subject to the obligation to develop a system of internal principles.
(2) An institution which, in respect of a client, applies an exemption from the obligation to identify and control a client in accordance with Section 13a of the Act is not obliged to comply with the requirements laid down in Sections 6 to 10 in respect of that client, to the extent that the exemption is applied.
(3) An institution that carries out simplified client identification and control in accordance with Article 13 of the Act in relation to a client fulfils the requirements of § 6 to 10 accordingly the scope of simplified client identification and control.
Definition of terms
(1) For the purposes of this decree:
(a) the institution is a obliged entity under § 2 (1) (a) and (b) (1) to (10), (15) and (h) (5) and (a) of the Act under the supervision of the Czech National Bank;
b) an opaque property structure in a situation where the actual owner or the client's ownership and management structure cannot be identified from
1. public register, trust fund register or register of beneficial owners maintained by the public authority of the Czech Republic,
2. a similar register or register of another State, or
3. other sources or combinations of resources which the institution reasonably considers to be credible and which it reasonably considers to provide in their entirety complete and up-to-date information on the beneficial owner and the ownership and management structure of the client, in particular if they are issued by a public authority or are officially verified; a declaration of honour in itself cannot be regarded as a reliable source for the purposes of identifying the beneficial owner and the ownership and management structure.
(2) For the purposes of Articles 7, 9 (3) and (4) and 11, a legal person shall also be understood as a trust fund to which those provisions apply mutatis mutandis.
General provisions
(1) The institution shall establish and apply procedures for the development, adoption, amendment, implementation and application of risk assessment and internal principles (hereinafter referred to as internal rules).
(2) The institutions shall take into account in their internal rules the general guidelines and recommendations of the European Banking Authority (2), the European Securities and Markets Authority (3), the European Insurance and Occupational Pensions Insurances4), the Joint Committee of the European Supervisory Authorities (5) and the Body to combat money laundering and terrorist financing (9) in the field of preventing the legalisation of proceeds from crime and terrorist financing to the extent that they apply to the institution, published in the Czech language by the Czech National Bank on its website.
(3) When drawing up and complying with its internal rules, including client identification and control procedures, the institution takes into account recognised and proven principles and procedures in the field of preventing the legalisation of proceeds from crime and terrorist financing (hereinafter referred to as "recognised standards"), which are published by the Czech National Bank on its website. This is without prejudice to the right of the institution to choose and to take into account in internal rules other recognised standards that are up-to-date and proportionate to the nature, scale and complexity of its activities; However, their content or use shall not be contrary to or circumvent the requirements of the legislation.
(4) The institution shall ensure that its internal rules and its chosen recognised standards are up to date and are proportionate to the nature, scale and complexity of the activities performed. Institutions in internal rules shall determine the minimum intervals in which they assess and, where appropriate, update their internal rules. These intervals shall be appropriate to ensure that the institution's internal rules remain up-to-date and correspond to the actual situation and shall always take into account the products and services offered by the institution before they are placed on the market and the technology before the institution uses them.
(5) Furthermore, institutions shall assess the accuracy of internal rules without undue delay and shall ensure that they are updated whenever this is necessary.
(a) the conclusion reached in the risk assessment;
(b) the information obtained by the institution which leads to the conclusion that the risk assessment or the supporting documents used are no longer up to date;
(c) a change in the business activity or strategy of the institution;
(d) amending legislation; or
(e) information on the change in the national risk assessment under Section 30a of the Act.
(6) An institution shall always record the outcome of the assessment referred to in paragraphs 4 and 5 and its reasons.
(7) Where justified, the institution shall also update client risk profiles following an update in accordance with paragraphs 4 and 5 within a period appropriate to their risk profile.
Risk assessment
(1) When assessing risks, the institution shall always take into account:
(a) national risk assessment in accordance with Section 30a of the Act;
(b) a European risk assessment by the European Commission( 6);
(c) methodological and interpretative materials and decisions of the Czech National Bank and the Financial Analysis Office;
(d) information provided by the Financial Analysis Office and the law enforcement authorities; and
(e) information obtained in identifying and checking clients.
(2) When assessing risks, institutions shall take into account at least the extent and types of sources of information that ensure that the risk assessment actually indicates the real risks associated with the institution's activities.
(3) Institutions shall always take into account in the risk assessment:
(a) the nature of his business;
(b) the products and services offered and provided and the possibilities for their misuse to legalise the proceeds of crime and the financing of terrorism;
(c) risks associated with the use of new technologies in their business activities;
(d) the risks associated with distribution channels which it uses to offer and supply its products and services; and
(e) the measures taken and applied by the institution for risk management.
(4) Institutions shall also take into account other measures, specific risks and specific factors not referred to in Section 5 (3) where they result from the specific nature of their activities.
(5) An institution shall record the procedures it has used to establish its risk assessment and the reasons for making the conclusions contained in the risk assessment.
Determination of the risk profile and other procedures for the establishment and during the business relationship and for the execution of the business outside the business relationship
An institution shall establish and apply within its internal principles system the rules and procedures according to which, when a business relationship is established and in the course of a business relationship, it shall:
(a) determine the client's risk profile, taking into account:
1. client information obtained,
2. to the institution known factors increasing or reducing the risk associated with the client, business relationship or ongoing business outside the business relationship; and
3. its own risk assessment; and
(b) take appropriate action against the client following its risk profile.
(1) As part of the rules and procedures for determining the client's risk profile, the institution shall determine the factors it takes into account when determining the client's risk profile, the weight of the individual factors and their relationship. These rules and procedures shall be implemented and applied by the institution in a manner that ensures effective risk management. This is without prejudice to the obligation under Paragraph 9 (2).
(2) The factors taken into account by the institutions under paragraph 1, where justified, include in particular:
(a) the country of origin of the client, the beneficial owner and the person entitled to act on behalf of the client;
(b) the country of origin of the person who has direct or indirect participation in a client who is a legal person and the country of origin of the person in whom such client has direct or indirect participation;
(c) the country of origin of the person who is a member of the statutory body of a client, a representative of a legal person in that body, or is in a similar position to that of a member of the statutory body, and of a person who is a person in the management structure of the client under the second sentence of Article 11 (4) or otherwise has the ability to exercise influence in a client who is a legal person;
(d) the country in which the branch or establishment has a client who is a legal person subject to obligations under Paragraph 24a of the Act or equivalent under the law of another State;
(e) the country from or to which the object of the transaction has been transferred or is to be made available in connection with the transaction;
(f) the ownership and management structure of a client who is a legal person;
(g) the legal form of the client;
(h) the business or profession of the client and its beneficial owner;
(i) the residence or registered office of the client;
(j) the conduct of the client or the person representing him in the context of a transaction or a business relationship;
(k) the characteristics of the products and services used, the nature of the trade or the commercial relationship;
(l) the characteristics of the distribution channel used and the participation of persons different from the client in the transaction or business relationship;
(m) the origin of the client's funds;
(n) the origin of the client's assets and its beneficial owner;
(o) information on a person who is a legal person and to whom the client has direct or indirect participation or otherwise has the ability to exercise influence;
(p) how the first client identification is carried out;
(q) the method of identifying and verifying the client's ownership and management structure, which is a legal person;
(r) negative information about the client or the beneficial owner obtained from the media or other relevant sources of information;
(s) transfer of virtual assets to or from an unhosted address.
(3) In the case of a business relationship, the institution regularly checks the validity and completeness of the client data and updates the client risk profile where appropriate. An institution shall establish and apply procedures in its internal principles system for the implementation of the client risk profile update and determine the facts on the basis of which the update will always be implemented. At the same time, institutions shall set maximum regular intervals for the implementation of the client risk profile update depending on its risk profile. The institution shall record information on the assessment of the client's risk profile and update it, together with a justification for the conclusions made, even if it concludes that changes are not appropriate.
(4) Where an institution uses an automated system to assess the risk of a client, it shall be able to change the automated rating in justified cases.
(5) In the case of the provision of life insurance services by an institution, when assessing the risks of a given business relationship, it shall always take into account the information available to it on the person who has the right to benefit from life insurance.
(6) Institutions will also take into account the risk associated with ongoing, executed and considered business in the context of a business relationship when determining the client's risk profile in the context of a business relationship.
Customer control
(1) An institution shall, within the framework of the internal principles system, implement and apply to the client, following its risk profile, measures to ensure effective risk management, in particular that the institution always has sufficient information to assess the risk associated with the client, business and business relationship, and is able to identify any suspicious transaction.
(2) Within the framework of the measures applied to the client referred to in paragraph 1, the institution shall establish and apply in particular:
(a) deciding on the execution or refusal of a transaction or establishing a business relationship with a client or terminating an existing business relationship;
(b) to carry out the customer's inspection, in particular the scope and frequency of the measures implemented.
(1) In the case of a higher risk profile, the institution shall carry out enhanced client identification and control in a manner that ensures effective management of the identified risk.
(2) The enhanced identification and control of the client consists in particular of or in combination with any of the following:
(a) enhanced monitoring of trading relationships and transactions within a trading relationship;
(b) the wider scope of the required information on the client, in particular information on its beneficial owner, the ownership and management structure of the client, which is a legal person, the nature of the business relationship, the business or the source of funds,
(c) prior approval of the establishment of a business relationship or the execution of a business relationship, both within and outside the business relationship, by at least one employee of an institution whose functional classification is higher than the functional classification of the employee or employees of the institution involved in the transaction in question, or, where appropriate, the statutory body of the institution or its authorised person, in order to manage the institution in the field of measures against the legalisation of proceeds from crime and terrorist financing;
(d) restrictions on access to certain products and services which, according to the assessment of the institution, are associated with higher risk;
(e) the requirement that the first payment be made from an account held in the name of a client with a credit institution or with a foreign credit institution which is subject to customer identification and control obligations which are at least equivalent to the requirements of European Union law;
(f) verification of the information obtained from multiple trusted sources; or
(g) other appropriate measures in relation to the characteristics of the institution and its activities.
(3) An institution shall always determine a higher risk profile for a client if one of the following higher risk factors is identified:
(a) one of the countries of origin of the client, the person authorised to deal with the institution on behalf of the client, or one of the countries of origin of the actual owner of the client, is a third country which has strategic deficiencies in combating the legalisation of the proceeds of crime and terrorist financing under the directly applicable European Union7) or is thus designated as a high risk jurisdiction subject to a call for action by the Financial Action Committee (FATF) in a public declaration published on its website or is to be considered as high risk for another reason;
(b) the client, the person authorised to act as a client with the institution, the actual owner of the client, the person in the ownership and management structure of the client who is a legal person, or, where those persons or the owner of the institution are known, the person with whom the client is engaged, the natural person for whom the transaction is being conducted, or the actual owner of the person with whom the client is being conducted, shall be entered on the list of persons, bodies or organised groups to whom restrictive or other measures are applied in accordance with other legislation serving to implement international sanctions (8);
(c) the client or the beneficial owner is politically exposed or the institution is known to act for the benefit of the politically exposed person;
(d) the client has an opaque ownership structure; the non-transparent ownership structure is not the case where the client is a legal person whose securities are admitted to trading on a European regulated market or on a foreign market similar to a European regulated market, subject to disclosure requirements equivalent to those of European Union law,
(e) the client is not the natural person for which the transaction is conducted;
(f) the client who is a legal person does not, as far as the institution is aware, perform any economic activity;
(g) the suspicion that the beneficial owner of a client who is a legal person is obscured as a result of a contract between the beneficial owner and the person acting as a member, a member of the statutory body or a person in a similar position as a member of the statutory body.
(4) Institutions shall always apply enhanced client identification and control in case of identification of any of the following increased risk factors:
(a) according to the information available to the institution, the object of the transaction has been transferred or is to be made available in connection with the transaction from a third country which has strategic deficiencies in the fight against the legalisation of the proceeds of crime and terrorist financing under the directly applicable European Union7), or which is designated as a high risk jurisdiction subject to a call for action by the Financial Action Committee or which is to be considered as high risk for another reason, or the object of the transaction has been, or is to be, transferred or is otherwise related to the transaction in relation to such a third country;
(b) one of the subjects of the client's activities, which is a legal person, is at risk;
(c) it is an unusually complex or bulky transaction, an unusual way of dealing, or a transaction for which its economic and legal purpose is not apparent, or an abnormal behaviour of a client that does not correspond to the current course of a business relationship;
(d) the information at the disposal of the institution indicates that the client has acted illegally in the last 5 years, where the proceeds of crime or terrorist financing may have been legalised by such an infringement or a fear of subsequent legalisation of the proceeds of crime or terrorist financing is associated with that infringement; in particular, where such infringements associated with the fear of legalising the proceeds of crime or terrorist financing are listed in the national risk assessment;
(e) the first identification of the client has been carried out in accordance with Article 11 (7) of the Act or in a similar manner under foreign law, unless the client uses a product with a potentially lower risk of misuse for the legalisation of proceeds from crime or terrorist financing in accordance with the risk assessment under Article 21a of the Act or uses a service with a potentially lower risk of abuse for the legalisation of proceeds from crime or terrorist financing in accordance with the risk assessment under Article 21a of the Act.
(5) Institutions under the Internal Principles System shall establish criteria for determining the trade or manner of trading or behaviour referred to in paragraph 4 (c). The institution shall further establish and apply rules and procedures to identify such transactions and methods of trading and behaviour.
(6) In the case of the identification of the increased risk factor referred to in paragraph 4, institutions shall apply at least the enhanced customer identification and control measures referred to in paragraph 2 (b), in particular always examining the background and purpose of such transactions and the manner of trading.
(1) An institution shall always verify, without undue delay, the information at its disposal on the client if it has doubts as to the trueness, completeness or correctness of the information previously obtained.
(2) An institution shall, within the framework of the internal principles system, establish and apply rules and procedures according to which, when amending legislation on the fight against the legalisation of proceeds from crime and terrorist financing or related legislation, it shall verify whether the amount and type of information it has on its existing clients continues to comply with the requirements of the new legislation, including the rules and procedures for ensuring redress, if necessary. Unless otherwise provided in the law, an institution may take into account the client's risk profile when determining the time frame for carrying out this verification.
(3) An institution shall, within the framework of the internal principles system, establish and apply the procedures and rules governing the assessment of whether the conduct of an inspection or part thereof could lead to the destruction or threat of a suspicious transaction investigation under Article 9b of the Act. These rules shall include at least a procedure to establish the reason for not carrying out the customer's inspection, its evaluation and the procedure for the execution of the transaction and the notification of the suspicious transaction in such cases, including the formalities for notification provided for in Article 18 (7) of the Act. In such cases, the institution shall record the reasons and circumstances for not carrying out the check or part thereof.
(1) An institution shall exercise customer control to the extent and in such a way that it is able to fully assess, understand and manage the risks associated with that client, business or business relationship.
(2) An institution shall take all reasonable steps to identify all the countries of origin of the client, the country of origin of its beneficial owner and the country of origin of the person authorised to deal with the institution on behalf of the client.
(3) In the case of a client who is a legal person or who is a natural person, the institution shall obtain information on the client's activities sufficient to understand that activity. Institutions shall identify and take into account all activities carried out by the client when assessing the risk of a client that is a legal person or a natural person.
(4) In order to understand the management structure of a client who is a legal person, the institution shall always identify at least all persons who are a member of the statutory body of the client or in a similar position as a member of the statutory body and record this information. Where a client is also a legal person in accordance with the sentence of the first member of his statutory body or in a similar position as a member of the statutory body, the institution shall always identify all persons who are members of the statutory body or in a similar position as a member of that legal entity.
(5) In order to understand the ownership structure of a client who is a legal person, the institution shall identify the beneficial owner and assess the ownership structure.
International sanctions
(1) An institution shall establish and apply within the internal principles system rules and procedures to identify the increased risk factor in accordance with Article 9 (3) (b).
(2) An institution shall establish and apply within the internal principles system rules and procedures for the effective management of risks related to the identification of the increased risk factor referred to in paragraph 1. Those rules and procedures shall include at least the rules and procedures for the timely fulfilment of the obligations under the legislation which serve to implement international sanctions.
Correspondence relations
(1) An institution shall ensure that, when a correspondent relationship is established with a respondent institution under Article 25 (1) of the Act, the obligations and responsibilities of each individual institution related to the correspondent relationship are documented in terms of the application of measures against the legalisation of proceeds from crime and terrorist financing.
(2) When a correspondent relationship is established that allows clients of the respondent institution to access the correspondent account, the institution shall satisfy itself, and for the duration of that relationship, at regular intervals set in accordance with Article 7 (3), shall further satisfy itself that:
(a) the respondent institution has made the identification and control of all its clients that have access to the respondent institution's account; and
(b) the respondent institution is able, on request, to provide the institution with information obtained in identifying and controlling its clients who have access to the respondent institution's account.
(3) The institution shall carry out an ongoing check and update, where appropriate, of the information on the respondent institution available to it under the obligations imposed in Sections 25 (2) and 25b (3) of the Act and in paragraphs 1 and 2.
Taking over identification and remote identification
The institution shall implement and apply within the internal principles system rules and procedures to determine whether the acceptance of the identification under Section 11 of the Act is acceptable following the identified risk. These rules and procedures shall include measures to ensure appropriate risk management associated with the possibility of using a payment account held with a foreign credit institution to carry out remote identification in accordance with Article 11 (7) of the Act and may include additional measures to ensure appropriate risk management associated with the taking over of the identification.
Specific provisions on the institutions forming part of the group
(1) An institution which is part of a group shall, within the framework of the internal principles system, take into account group strategies and procedures to prevent the legalisation of the proceeds of crime and the financing of terrorism which comply with the legal order of the Czech Republic. The internal principles system of the institution that is part of the group shall also take into account other factors associated with the participation of the institution in the group. Participation in the group and the characteristics of the group and its business activities shall also be taken into account in the assessment of the risks of the institution.
(2) An institution which is part of a group shall also take into account its individual characteristics and the risks associated with it within the internal principles system. These individual characteristics shall also be taken into account in its risk assessment. If the institution is part of a group that also operates in a country other than the Czech Republic, the internal regulations of the institution shall take into account the rules and environment of the Czech Republic.
(3) The institution that is part of the group shall take into account:
(a) within the framework of group-based strategies and procedures for sharing information, at least information on reported suspicious transactions, refusal of trade, establishment of a business relationship with a client or termination of an existing business relationship due to the risk of legalisation of proceeds from crime or terrorist financing and information affecting the client's risk profile; and
(b) information obtained from intra-group sharing in the client risk profile; taking into account the specific risks of the products and services it offers.
Personal collateral
(1) Institutions under the Internal Principles System shall establish and apply rules and procedures to ensure that the personnel resources of the institution are proportionate to the nature, scale and complexity of the activities they carry out and ensure effective fulfilment of obligations to prevent the legalisation of the proceeds of crime and the financing of terrorism.
(2) An institution under the Internal Principles System shall establish a compliance officer position in the field of preventing the legalisation of proceeds from crime and terrorist financing, unless this is proportionate to the scale and nature of its business.
(3) The procedures and principles ensuring the adequate personnel resources of the institution to the extent specified in paragraphs 1 and 2 include at least:
(a) identification of the staff involved in the institution's system to prevent the legalisation of proceeds from crime and terrorist financing, including persons who may encounter suspicious transactions in the course of their activities (hereinafter referred to as "responsible staff");
(b) the procedures and principles for the selection of responsible staff, setting out at least the knowledge and experience requirements of responsible staff corresponding to their employment and inclusion;
(c) the minimum frequency and manner of training of responsible staff and persons involved in the activity of the institution other than in the basic employment relationship, as provided for in Article 23 of the Act;
(d) the procedures for the selection and assignment of a member of a statutory body under Article 22a of the Act and the scope of his duties and powers in the performance of the obligations arising under the law and this decree; where justified by the scope and nature of the activity, institutions shall ensure functional and efficient separation of incompatible functions in the selection and mandate procedures;
(e) procedures, principles and rules for the selection of a compliance officer in the field of the prevention of the legalisation of proceeds from crime and terrorist financing and the definition of its responsibilities and powers.
(1) The institution shall ensure that the person who assesses the possible suspicion of legalisation of the proceeds of crime or terrorist financing,
(a) have access to all information necessary to evaluate the suspicious nature of the transaction; and
(b) have access to information contained in the institution's information system enabling the rapid and effective search, monitoring and evaluation of the necessary information.
(2) The search for information shall be provided by the institution in an automated manner, unless this is disproportionate to its size or size or the nature of its business.
Time limit for investigation
In its internal rules, an institution shall set a reasonable time limit for investigating possible suspected legalisation of proceeds from crime or terrorist financing in order to be able to effectively fulfil its obligations to prevent the legalisation of proceeds from crime and to finance terrorism. The institution shall calculate this period from the moment it has obtained information on the conduct of the client's business or conduct that gives rise to a possible suspicion of legalisation of the proceeds of crime or terrorist financing.
Technical equipment
Institutions shall define in their internal rules the technical equipment to the extent necessary for the effective, proportionate and timely implementation of the procedures set out in the internal principles system.
Retrofit
(1) The institution shall ensure that the approval and decision-making processes and control activities within the framework of the internal principles system, including their reasons, related responsibilities, powers, supporting documents and assessment of the institution's evaluation activity in the field of the prevention of the legalisation of proceeds from crime and terrorist financing pursuant to Article 19 (the "assessment report"), including the client identification and control process, the assessment and determination of the client's risk profile, the choice of the appropriate measures applied to the client or the assessment related to the submission of suspected trade notifications, are redesigned.
(2) In order to ensure the requirement under paragraph 1, the institution shall establish and apply a system of retention of information to the extent provided for in Article 16 of the Act, which shall also include information on the findings and actions made in identifying and controlling the client and on reviewing transactions and correspondence relating to trade and trade relations, as well as information on the measures applied to the client on the basis of its risk profile. In the context of the information storage system, the institution shall ensure that the compilation, evaluation and updating of the client's risk profile is redesigned.
(3) An institution shall ensure the retrofitting referred to in paragraph 1 by keeping records in such a way as to enable them to identify, where necessary, which specific persons relate to the actions and findings made in the framework of client identification and control, who and when has carried out the action or findings for the institution and with what result, on the basis of which supporting documents and reasons, and when and by whom the underlying or data has been entered in the documentation accompanying the client.
Evaluation report
(1) An institution shall, in the context of internal control activities, draw up an evaluation report at least every 12 consecutive calendar months assessing the following:
(a) whether the procedures and measures applied by the institution in the field of preventing the legalisation of proceeds from crime and terrorist financing are sufficiently effective;
(b) whether deficiencies have been identified in the institution's internal principles system over the past period and what risks may arise for the institution;
(c) the measures taken by the institution to eliminate or mitigate the risks referred to in (b); and
(d) the identification of internal audit, statutory audit or other appropriate verification where such audit or other verification has been carried out during the period and the follow-up to such verification.
(2) The conclusions and evaluations contained in the evaluation report must be duly justified. The assessment report shall always be approved by at least the authorised person under Section 22a of the Act. Where an institution has established a compliance officer in the field of the prevention of the legalisation of proceeds from crime and terrorist financing, it shall process the assessment report or at least express itself to the completeness and regularity of the assessment report. In the event that the position of the controller in the field of preventing the legalisation of proceeds from crime and terrorist financing is not established by the institution, the evaluation report shall be drawn up by the contact person in accordance with Article 22 of the law or the evaluation report at least contains a statement by the contact person on the completeness and regularity of the evaluation report.
(3) The institution shall enter in the assessment report the statistics on suspicious transaction notifications for the period for which it is processed. Where appropriate, such data shall be broken down by organisation or by business activities of the institution. The institution shall also include in the assessment report an evaluation of the information on the use made of suspicious transaction notifications received from the Financial Analysis Office.
(4) In the event of deficiencies in the prevention of the legalisation of the proceeds of crime and the financing of terrorism, the institution shall make a proposal to eliminate them in the evaluation report.
(1) An institution shall draw up an evaluation report no later than the end of the fourth calendar month following the end of the period for which it is processed.
(2) Where an institution has a statutory body, that authority shall discuss the evaluation report by the end of the fourth calendar month following the end of the period for which it is processed at the latest and shall comment on the deficiencies identified and the proposals contained therein.
(3) If the institution has a Supervisory Board, a Management Board or a Audit Board, it also carries out these duties.
(4) In the case of a foreign institution operating on the territory of the Czech Republic through its branch, organisational component or establishment, these obligations shall be fulfilled by the manager of that branch, organisational component or establishment.
(1) The assessment report, together with the statement referred to in Articles 19 (2) and 20, shall be kept by the institution for at least five years from the end of the period for which it is processed.
Sign in for notes, favorites and notifications
Regulation Information
| Citation | Decree No. 67 / 2018 Coll., on certain requirements for the system of internal principles, procedures and control measures against the legalisation of proceeds from crime and terrorist financing |
|---|---|
| Regulation Type | - |
| Author | - |
| Collection | Code of Laws |
| Date of Promulgation | 27.04.2018 |
|---|---|
| Effective from | 01.10.2018 |
| Effective until | - |
| Status | Valid |
The regulation text is for informational purposes only.
Comments 0