Why Every Obliged Entity Needs an Experienced MLRO and MLCO: The Czech AML/CFT Law Perspective

 


Mgr. Hovsep Kocharyan, Ph.D.

Mgr. Lusine Vardanyan, Ph.D.


1. Introduction

Currently, in the context of a dynamically developing regulatory framework, compliance with all applicable AML/CFT standards, guidelines and requirements is a strategic necessity. In accordance with the Czech Anti-Money Laundering Act No. 253/2008 Coll. (referred to as the “Czech AML Act”), every obliged entity must implement comprehensive, detailed, proportionate and effective AML/CFT (anti-money laundering and terrorist financing) policies, procedures, measures, and controls. 

The Czech AML landscape is changing fast. MiCA, DORA, AMLA Regulations  — all raise the stakes for fintech and crypto firms.

This article explores why, in light of evolving EU regulations, it is now more critical than ever for obliged entities, including primarily for CASPs, Payment Service Providers (PSPs), Banks, Investment Firms, and Electronic Money Institutions (EMIs) to have a dedicated and experienced AML/CFT Compliance team.

It is more than necessary to have experienced Money Laundering Reporting Officer (MLRO) and Money Laundering Compliance Officer/Chief Compliance Officer (MLCO/CCO) — not just in name, but in action. The right combination of professionals, particularly well-qualified MLRO, MLCO/CCO, risk officers, and KYC analysts, can mean the difference between your business growth and regulatory expectations, as well as lead your business to success.

Please note: The obliged entities are all businesses listed in the Article 2 of the Czech AML/CFT Act, including CASPs, Payment Service Providers, Banks, Investment Firms, etc.

2. MLRO and MLCO – Differences, Roles, Requirements, and Responsibilities

2.1. MLRO (“Contact Person”)

In accordance with Article 22 of the Czech AML Act, obliged entities must appoint a specific employee as a MLRO (Contact Person) (in Czech: Kontaktni osoba) to fulfill the following legal obligations:

1) Suspicious transaction reporting (STR/SAR); and

2) Maintaining continuous communication with the Financial Analytical Office (FAÚ) as a contact point during business hours and trading times of the company.

The Czech AML Act also allows directors (CEO) to be appointed as a MLRO, however if you plan to receive CASP license under MiCA regime, it is strongly discouraged by regulators, as the regulators (including the Czech National Bank) expect that the MLRO will be an independent employee.

Based on the Article 22, all obliged entities must notify the Czech Financial Analytical Office (FAÚ) via the official government data box system (in Czech: “datová schránka”) within: 1) 30 days of becoming an obliged entity, or 2) 15 days of any change, with the following details:

  • Full name of the Contact Person;
  • Job position;
  • Contact information (phone number and email);
  • Availability days and hours;
  • Type of the obliged entity (as defined in the Article 2(1) of the Czech AML Act).

Please note: The “official government data box system” (“datová schránka”) means an electronic repository, assigned to each legal entity registered in the Commercial Register of the Czech Republic, for the purpose of secure, authenticated, and legally effective communication with public authorities, and the delivery of documents.

Please also note: Employees directly involved in transaction execution, legal team, or internal audit functions are generally excluded from acting as MLROs. If the Contact Person (MLRO) is not part of the obliged entities’ statutory body, direct access to the statutory body must be ensured.

At the same time, the MLRO (Money Laundering Reporting Officer) as the Contact Person under the Czech AML Act:

  • Must be a Czech citizen or legal resident (holding Czech permanent residence or Czech long-term residence permit);
  • Employed via employment contract (not as a contractor under service agreement) in accordance with Article 22 of the Czech AML Act (full-time or part-time based on the complexity of your business and volume of your business activities);
  • Acts as the main liaison with the FAU (Financial Analytical Office);
  • Oversees suspicious transaction reporting and internal AML controls.

2.2. MLCO: Chief Compliance Officer

The Czech AML Act itself does not explicitly mention this function, but it plays an essential role in accordance with the Czech Decree No. 67/2018 Coll., which sets out specific obligations regarding internal policies, procedures and controls to prevent money laundering and terrorist financing, as well as EBA and ESMA guidelines for obtaining a CASP license in accordance with the MiCA regime.

The MLCO’s requirements are the following:

  • May reside outside the Czech Republic;
  • May work under a service contract (outsourced role);
  • Develops and implements internal AML procedures, KYC/KYB onboarding plans, policies and procedures, as well as overall compliance systems;
  • Supports the MLRO and helps ensure regulatory compliance.

Both the MLRO and MLCO should have the following practical experience:

1) Know and have hands-on experience working with:

  • Czech AML Act (Act No. 253/2008 Coll.) – understanding the legal obligations and responsibilities, as well as compliance with legal requirements related to combating money laundering and terrorist financing in the Czech Republic.
  • Act No. 69/2006 Coll. on the Implementation of International Sanctions – ensuring proper monitoring of sanctions and compliance with national and international restrictive measures.
  • Decree No. 67/2018 Coll. – knowledge of the requirements for internal anti-money laundering procedures, control mechanisms and risk management methods in obliged persons.
  • FATF Recommendations and Standards, especially recommendation 16 (Travel Rule), which regulates the transfer of sender and recipient information in financial and crypto-transfers.
  • EU AML Directives and Regulations, including EU Transfer of Fund Regulation (TFR) and MiCA regulation, with a focus on how they apply to traditional financial and crypto-services.
  • FAÚ Methodologies – familiarity with the risk indicators, guidelines and reporting practices published by the Financial Analytical Office of the Czech Republic (FAU);
  • EBA and ESMA Guidelines – understanding the expectations of supervisors and the regulatory framework of the European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA), especially in areas such as risk-based approach, due diligence, and compliance with requirements for crypto assets.

2) Understand how crypto and FinTech businesses work, and be familiar with the relevant laws and regulations that apply to them.

3) Ideally, hold a professional AML certification, such as:

  • CAMS (Certified Anti-Money Laundering Specialist);
  • ICA (International Compliance Association);
  • CySEC AML certification;
  • Any other similar AML qualifications or documents demonstrating their skills, knowledge, and experience in the AML/CFT framework.

2.3. The Director/CEO (“Jednatel”) as an Authorised Person

Under the Article 21 of the Czech AML Act, each obliged entity must formally appoint a member of its statutory body (Authorised Person) (in Czech: “Pověřená osoba”) to oversee compliance with obligations arising from the Czech AML/CFT legislation.

The key requirements of the Authorised Person are the following:

  • The obliged entity must issue written authorization assigning one of its statutory body members to ensure full compliance with the Czech AML Act.
  • This appointment must be made within 60 days of: 1) the date the entity becomes an obliged person, or 2) the date the previously authorized person’s membership in the statutory body ends.
  • If the statutory body has only one member (Director/CEO), the Director/CEO is automatically considered Authorized Person under the Czech AML Act.
  • There is no need to notify FAÚ about the Authorised Person (unlike the MLRO (“Contact Person”)), but internal documentation must be maintained and presented upon request during inspections.

3. Why Are MLCO and MLRO Functions Essential?

3.1. Regulatory Compliance

Czech AML/CFT legislation — in accordance with EU directives and FATF standards — requires all obliged entities to implement internal control mechanisms, risk-based procedures, as well as continuous monitoring and reporting systems. These include:

  • Initial and ongoing risk assessments of clients and transactions;
  • Ongoing monitoring of client relationships;
  • Client risk categorization (low, medium, high, prohibited (black list));
  • Enhanced Due Diligence (EDD) for high-risk clients, activities, and jurisdictions:
  • Timely reporting of suspicious activities/transactions (SAR/STR reports) to the Czech Financial Analytical Office (FAU).

Additionally, all obliged entities must:

  • Appoint a designated Money Laundering Reporting Officer (MLRO) and Chief Compliance Officer (MLCO);
  • Develop clear, detailed internal AML/CFT policies, including risk assessment, management and transaction monitoring policies and risk matrices, regularly updated to reflect evolving risks, laws, and business realities;
  • Provide ongoing staff training tailored to specific AML/CFT duties and responsibilities;
  • Conduct periodic internal or external audits, identifying practical weaknesses and proposing corrective action.

3.2. Regulatory Shifts: MiCA, DORA, TFR, and AMLA

The Czech Republic, in line with all other EU member states, has adopted significantly stricter compliance rules as part of broader changes in European legislation. This includes the implementation of the MiCA and DORA regulations, the Transfer of Funds Regulation (TFR), as well as the Czech Act No. 31/2025 on Digitalization of the Financial Market. These legal tools collectively place increased demands on CASPs, financial institutions, and other regulated (obliged) entities, especially in the areas of operational transparency and anti-money laundering.

In addition, the establishment of the Anti-Money Laundering Authority (AMLA) and related reforms at the EU level will lead to further harmonization and centralization of AML/CFT supervision across the Union, which will increase compliance requirements in all EU Member States.

Simultaneously, another major change is that CEOs (Directors) can no longer act as MLROs (Contract Persons) for CASPs. In particular, the Czech regulator requires:

  • A dedicated local director (Czech citizen or long-term resident) with full-time commitment and sufficient AML/CFT knowledge and management skills;
  • Two additional directors (ideally from low-risk (EU/EEA) jurisdictions) to be registered in the Trade Licensing and Commercial Registers of the Czech Republic;
  • Separate MLRO and MLCO roles (these functions cannot be held by the same person);
  • Additional support roles, such as Risk Officers and KYC/KYB analysts, depending on the scale and volume of operations and business activities.

This reflects a broader EU trend toward true functional independence and accountability. AML roles are not symbolic — they must be operational, qualified, and active.

3.3. Risk Management and Reputation Protection

In today’s Fintech, crypto and investment environments, weak AML frameworks, policies and controls are red flags for regulators, banks, clients, and investors alike.

Failure to meet AML/CFT obligations exposes Fintech and crypto firms to:

  • Hefty administrative fines;
  • Loss or denial of licenses;
  • Criminal liability for company executives;
  • Loss of banking relationships;
  • Reputational damage and media scrutiny;
  • Investor withdrawal or hesitation.

In this framework, an experienced MLRO and MLCO are vital to identify, prevent and mitigate these risks before they impact the business.

4. We Offer: End-to-End AML/CFT Compliance Services

Artlex Consult provides specialized AML/CFT compliance services for CASPs, FinTech-businesses, investment platforms, as well as other obliged entities operating in the Czech Republic and any other EU member State.

Our services include:

  • Acting as your certified MLRO and MLCO;
  • Providing full-scope AML/CFT compliance support;
  • Drafting comprehensive and detailed AML/CFT policies, risk matrices, and internal control rules taking into account your business model and objectives;
  • Assisting with onboarding, ongoing SDD/CDD/EDD, and SAR/STR reporting;
  • Preparing for AML/CFT audits, FAU inspections, and AML/CFT documents, necessary for CASP and PSD2 licensing procedures.

5. Why Work With Us?

Our Team has:

  • Deep knowledge of Czech and EU AML law;
  • Extensive experience with CASPs, PSPs, EMIs, Fintech, and investment platforms;
  • Certified specialists (certified CAMS members, CySEC AML certification, and other AML qualifications);
  • Flexible engagement: in-house MLRO and outsourced MLCO;
  • Full AML/CFT support in the framework of MiCA and PSD2 licensing procedures.

For more information about our AML compliance services, please do not hesitate to contact us at: info@artlexconsult.com.

Comments

Post a Comment

Popular posts from this blog

SDD, CDD, and EDD under Czech AML Law: How to Conduct Proper Client Due Diligence and Avoid Costly Mistakes

Image
Since January 1, 2021, the Czech Republic has implemented the provisions of the 5th Anti-Money Laundering Directive (AMLD5) into national legislation. Act No. 253/2008 Coll., on Certain Measures Against the Legalization of Proceeds of Crime (commonly referred to as the AML Act), governs the obligations of obliged entities with respect to customer identification and the prevention of money laundering.  At the heart of this framework is a risk-based approach to customer, which includes three escalating levels:  SDD – Zjednodušená kontrola (Simplified Due Diligence); CDD – Standardní kontrola (Standard Due Diligence); EDD – Zesílená kontrola (Enhanced Due Diligence). The correct application of each level is essential not only for regulatory compliance, but also to protect businesses from reputational, financial, and supervisory risks.  1. Simplified Due Diligence (SDD) According to §13 of the AML Act, simplified due diligence (SDD) may only be applied when:  The risk of...
Read more

EMT, PSD2, and MiCA: How to Avoid Double Regulation? A New Perspective from the EBA

Image
As the MiCA regulation enters into force and the 2026 compliance deadline approaches, the legal landscape for crypto-asset service providers (CASPs) is becoming increasingly complex. A recent clarification from the European Banking Authority (EBA) sheds light on a crucial regulatory dilemma: Do transactions involving electronic money tokens (EMTs) fall under PSD2—and if so, when?  At Artlex Consult, we have reviewed the EBA’s position and prepared a concise guide for businesses operating with fiat-backed stablecoins.  EBA: EMTs Are Both Crypto Assets and Electronic Money   According to the EBA, EMTs (such as USDC) fall under a dual classification: a) as crypto-assets under MiCA , and b) as electronic money under PSD2 . This dual status means that CASPs engaging in certain types of EMT-related activity may be deemed to provide payment services—triggering the application of PSD2 and its licensing requirements.  When Does PSD2 Apply   The EBA emphasizes that not al...
Read more