Enforcement of the Anti-Money Laundering Act
Regional State Administrative Agencies enforce the Anti-Money Laundering Act in Finland. The agency responsible for the enforcement across Finland is the Regional State Administrative Agency for Southern Finland.
The Anti-Money Laundering Act sets forth the obligations and measures the companies, organisations and other traders subject to monitoring must observe in their operations. These measures are in place to prevent money laundering and terrorist financing and to make it easier to detect such activities.
Information about money laundering and enforcement of the Anti-Money Laundering Act
Money laundering refers to measures aimed at concealing or covering the origin of assets acquired through crime and to make the assets appear to have come from a legitimate source. Money and assets generated by a criminal activity can be acquired through any crime. In other words, a stolen vehicle and monetary gains obtained through tax evasion can both be considered money laundering crimes.
The goal of money launderers is to re-introduce funds from illegitimate sources into the legitimate financial system. Due to this, companies and private traders are often used as a tool for money laundering. Entrepreneurs in different industries play a key role in the detection and prevention of money laundering.
Companies and traders operating in certain industries are subject to the requirements of the Anti-Money Laundering Act. These operators have the obligation to report money laundering offences.
By providing guidance and advice, we aim to ensure that those obliged to report money laundering offences observe the act in all of their operations.
Companies and traders with reporting obligation must
- prepare a risk assessment for their own operations
- identify their customers
- monitor the operations of their customers
- report any suspicious transactions to the National Bureau of Investigation’s Financial Intelligence Unit
- ensure that the obligations under the Anti-Money Laundering Act are known and that employees can observe the act in their everyday operations.
In addition to enforcement activities, we also provide information and issue instructions for industries subject to anti-money laundering enforcement. We also provide guidance on matters related to money laundering and terrorist financing.
General and industry-specific instructions for the prevention of money laundering are available in the Instructions menu.
Enforcement methods include inspecting the facilities of businesses subject to enforcement and conducting document audits. In addition to the right to inspect commercial premises, Regional State Administrative agencies also have extensive rights to information about the operations of the supervised party. We are also authorised to impose sanctions for failure to comply with the law. We also conduct proactive enforcement in certain sectors and evaluate the reliability of company executives when the company is added to the money laundering supervision register.
We supervise businesses and other traders who may detect money laundering and terrorist financing offences as part of their normal operation or who might be used for these purposes. Businesses and traders covered by the enforcement regulations play a key role in the prevention of money laundering and terrorist financing as they are the best channel through which authorities can obtain information about suspicious business activities.
The sectors subject to monitoring are:
- Legal professionals (excluding lawyers)
- Financial service providers (excluding those supervised by the Financial Supervisory Authority)
- Currency exchange services
- Providers of ancillary investment services
- Real estate and rental accommodation brokers
- Debt collection agencies
- Business service providers
- Tax advisors
- Accountants and accounting firms
- Goods dealers
- Parties selling art
Providers of legal services (excluding lawyers) are subject to our supervision to the extent in which they act on behalf of or for the client in any financial or real estate transaction. Providers of legal services are also subject to our supervision when they participate in the planning or carrying out of the following transactions for their client:
- buying and selling properties or business units, for example, by drawing up a bill of sale
- the management of the customer’s cash and cash equivalents, securities or other assets
- opening or managing bank, savings or book-entry accounts
- organising funds for the creation, operation or management of companies
- founding or managing foundations, companies or similar organisations.
Parties selling art
- Parties selling art, to the extent that a total of at least EUR 10,000 is paid or received in a single or linked transaction
- Goods dealers
- Selling or brokerage of goods, to the extent that a total of at least EUR 10,000 in cash is paid or received in a single or linked transaction
Business service providers
The provision of business services refers to the commercial provision of the following services to third parties:
- Founding a company on behalf of someone else.
- Acting as a responsible person under company law, a partner or a legal person in another similar role.
- Provision of registered office addresses and other similar services.
- Acting as a trustee of an express trust or a similar legal arrangement in Finland.
- Acting as a nominee entered into a shareholder register of a limited company other than a publicly listed company.
- Provision of tax advice or tax support as the primary business or profession (more than 50% of the company’s operations).
Anti-money laundering register
Regional State Administrative Agencies keep a register of businesses and operators that are subject to the Finnish Anti-Money Laundering Act. The information is in the public domain, and anyone can access the register without creating an account. A link to the register is provided at the bottom of this page.
All the operators that are our responsibility must have their details included in one of our registers or in the licence list. We keep separate registers of, for example, licensed pawnbrokers. As long as an operator’s details are included in one of our registers, there is no need to register specifically for anti-money laundering purposes. Operators that do not need to register separately include pawnbrokers, debt collection agencies, consumer credit providers, estate agents and letting agents. Everyone else we supervise must register in the Anti-Money Laundering Register.
See our list of operators that fall within the enforcement authority of Regional State Administrative Agencies.
You can take our test to see whether you need to register. A link to the test is provided at the bottom of this page.
We have prepared an online form that you can use to have your details entered into our anti-money laundering register. A link to the form is provided at the bottom of this page.
Follow these steps:
- Open Regional State Administrative Agencies’ customer service portal.
- Click on ‘Anti-money laundering registration’.
- Log into the portal. Logging in to the online service requires strong identification. You can use a certificate card, a mobile certificate or your personal online banking details. Do not use your business banking details.
- Start by reading the terms and conditions. Confirm that you accept the terms and conditions and then click ‘Start’.
- Basic information about your business and your contact details: Check your contact information and make any necessary changes or additions. Click the green ‘Save’ button at the bottom of the page. Do NOT click the ‘Close’ button unless you want to discard your application! Make sure to fill in all the fields that are marked with an asterisk.
- Regardless of whether you are self-employed or represent a business or an organisation, start by entering your or your organisation’s business ID and then click ‘Find’. If you represent a business or an organisation, you must have authorisation to do so. To indicate that you have authorisation, tick the ‘I am authorised to represent this business/organisation’ box. If your authorisation to represent the business or organisation in question is not evident from the Trade Register, you must prove your authorisation by emailing a power of attorney to the registry of the Regional State Administrative Agency for Southern Finland at [email protected]. If you are self-employed, remember to also tick the ‘I am self-employed’ box.
- Click ‘Proceed’ to start filling in your application.
It usually takes two weeks to process an application, but delays are possible if a lot of applications are submitted at the same time or if further enquiries are needed. Your company can continue to operate normally during the processing of the application.
The application to the money laundering supervision register is subject to a fee. We charge a one-off fee of EUR 305 for the application. If we have to carry out a compliance report based on the information in the application, the one-off fee is EUR 515. We will prepare a compliance report if the company registering in the register exchanges currency or offers a business service. The fees are based on government decrees.
You will be billed separately for the fee.
Fees are enforceable without a court order.
For more information on our fees, visit page Fees and charges.
Reporting suspicious transactions
If your operations are subject to the reporting obligation, you must know your customers and monitor the customer relationship throughout its duration. The monitoring must be comprehensive enough that you are able to detect deviations from the customer relationship’s typical transactions.
If you notice an abnormal transaction, you must examine the basis and purpose of the transaction in further detail and, if necessary, the origin of the assets related to the transaction. A transaction can be unusual, for example, if it does not fit the customer’s profile or is different from the customer’s previous transactions.
To test whether a transaction should be considered unusual, you can compare it against
- transactions that are typical of the industry,
- transactions that are typical of other similar customers, or
- typical transactions involving other similar products or services.
If your conclusion is that there is something suspicious about the transaction, report it immediately to the National Bureau of Investigation’s Financial Intelligence Unit. Even the slightest suspicions must be reported. It is not your responsibility to determine whether or not a crime has been committed.
Always file a report if:
- the transaction still appears suspicious after you have received an explanation from the customer,
- you decide to refuse a transaction based on its unusual or suspicious nature, or
- you find the transaction suspicious after it has already taken place.
Do not tell the customer about your report. Keep the evidence that you collected for your report for a period of five years and store it separately from other customer documents.
Where should I send my report?
The body responsible for handling anti-money laundering reports in Finland is the National Bureau of Investigation’s Financial Intelligence Unit. It takes care of all suspected cases of money laundering and terrorist financing and produces information to combat the phenomena.
The report is made via an online reporting application to which you must register. A link to the reporting tool is provided at the bottom of this page.
Reporting suspected violations of the Anti-Money Laundering Act
You can tip us off if you suspect that an operator that falls within our enforcement authority is violating the Anti-Money Laundering Act.
You can find a list of operators that fall within the enforcement authority of Regional State Administrative Agencies under ‘Who does Regional State Administrative Agency supervise under the Anti-Money Laundering Act’.
File a report in our online reporting tool. You can find a link to the reporting tool at the bottom of this website. We will protect your identity and will not disclose your personal details to the operator that you are reporting.
We use reports of suspected violations to identify high-risk operators for enforcement purposes. We have no obligation to disclose the action we take based on a report to the person who submitted the report.
Note that a suspicious transaction must be reported to the Financial Intelligence Unit of the National Bureau of Investigation, not to the Regional State Administrative Agency.
We encourage anyone who suspects that the provisions of the Anti-Money Laundering Act are being violated to get in contact with their nearest Regional State Administrative Agency.
You can report, for example, your employer or an operator that provides goods or services to you. It is always better to report a potential violation than not to report it. You do not need to be able to prove your suspicions.
All kinds of violations of the Anti-Money Laundering Act can be reported. This includes, for example, an operator’s failure to
- perform a proper risk assessment,
- observe the know-your-customer rules,
- ask customers for proof of identity,
- investigate and report suspicious transactions, or
- stop or refuse to execute a transaction that is suspicious or potentially linked to terrorist financing.
Even business secrets can be reported to the authorities if doing so is in the public interest and necessary to expose fraudulent or illegal activity.
The more information you are able to provide about a potential violation of the Anti-Money Laundering Act, the easier it will be for us to determine what action to take.
Try to include at least
- the name of the business or organisation that you wish to report,
- the industry in which they operate,
- the place of business where you believe the violation was committed,
- the timeframe of the violation (including whether it is ongoing),
- a description of how the violation was committed, and
- your role in the organisation, i.e. whether you are an employee, a customer or otherwise connected to the operator.
Risk-based assessment, procedures and staff training
Risk-based assessment is one of the key concepts in the fight against money laundering and terrorist financing. Risk-based assessment is at the core of all actions to prevent money laundering and terrorist financing on a supranational level and in respect of individual operators alike.
For individual operators, risk-based assessment means identifying, analysing and understanding the risk of money laundering and terrorist financing inherent in their business. The steps that need to be taken to ensure compliance with the Anti-Money Laundering Act depend on the level of risk. The level of risk is assessed taking into account the nature, size and scope of each operator’s business.
Risk-based action can only be taken once the risk inherent in each operator’s business has been identified.
All operators to which the Anti-Money Laundering Act applies have a duty to identify and analyse the risk of money laundering and terrorist financing inherent in their business and to document their findings. Risk assessments must be reviewed at regular intervals. Regional State Administrative Agencies can ask operators for copies of their risk assessments and any revised versions. If you are asked to submit a copy, please do so promptly.
The objective of risk-based assessment is to make each operator understand its role in combating money laundering. Risk-based assessment helps operators to identify priorities and plan procedures and follow-up consistently with the risk of money laundering and terrorist financing inherent in their business.
The Anti-Money Laundering Act applies to a wide range of operators, and the risks can be very different in different industries. The aim is to save low-risk operators from excessive bureaucracy while also ensuring that high-risk operators have sufficient safeguards in place.
Your risk-based assessment should cover at least the following:
- Identification and analysis of the risk of money laundering and terrorist financing inherent in your business
- Analysis of your customers and services and the geographical scope of your business Incorporation of information about risks from different sources
- Analysis of the significance of different kinds of risks in your business
- Identification and deployment of ways to minimise and manage risks and to track changes in risk levels
- Documentation of your risk management procedures.
We recommend that you familiarise yourself with our risk assessment manual, which explains the objectives of the risk-based approach and the assessment procedure in more detail. A link to the manual is provided at the bottom of this page. The law does not stipulate the format of risk assessments, which means that operators can design the format and layout of their documents themselves. However, we have prepared a template that you can use when producing your own risk assessment. You can find the link to the template at the bottom of this page under the risk assessment manual.
Regional State Administrative Agencies’ risk assessments
Regional State Administrative Agencies also need to assess the risks associated with the operators that fall within our enforcement authority. We use our risk assessments to plan our enforcement action. We publish a summary of the risks we have identified, which operators can use as the basis for their own risk assessments.
We receive information about the risks that various industries face with the help of our enforcement work and risk assessments completed by the operators we supervise. We use this information to prepare our supervisor-specific risk assessment. A link to our summary of risks is provided at the bottom of this page.
Nationwide risk assessments are prepared by the competent ministries. Nationwide risk assessment is designed to identify and analyse national risks of money laundering and terrorist financing. Operators can also consult nationwide risk assessments as part of their own risk assessment work.
Operators that are subject to the Anti-Money Laundering Act also have a duty to introduce procedures that allow them to manage the risks of money laundering identified in their risk assessments and to ensure compliance with the Act. Your procedures need to specify the steps taken to prevent money laundering and terrorist financing at each stage of a transaction.
You need to document at least your procedures for
- know-your-customer checks,
- the collection of customer data,
- the ongoing monitoring of customer relationships,
- investigating suspicious transactions, and
- reporting suspicious transactions to the National Bureau of Investigation’s Financial Intelligence Unit.
Operators that are subject to the Anti-Money Laundering Act have a duty to ensure that their staff are trained to identify and prevent money laundering and terrorist financing.
Responsibility for internal compliance with the Act can be delegated to a member of the organisation’s management.
Customer due diligence
One of operators’ most important responsibilities is to know their customers. This is called ‘customer due diligence’ (CDD) and means knowing who you are dealing with and understanding the nature of their business.
Knowing your customer means
- identifying your customers,
- verifying their identity from official documents,
- identifying representatives of your customers and checking that they are who they say they are,
- identifying your corporate customers’ beneficial owners and, if necessary, checking that they are who they say they are, and
- running background checks.
CDD documents must be kept for at least five years after the end of each customer relationship or transaction.
Enhanced customer due diligence is required if
- your risk assessment identifies a specific customer relationship or transaction that involves an unusually high risk of money laundering or terrorist financing or
- a specific customer or a transaction has links to a high-risk country outside of the European Economic Area.
Enhanced customer due diligence is also required in connection with non-face-to-face identification and in the case of customers or beneficial owners who are politically exposed persons or closely related to a politically exposed person.
If you need to identify a customer remotely and the customer is not present when you verify their identity, you need to run additional checks by consulting reliable sources of information to verify that the customer is who they say they are. Make sure that any payment involved in the transaction originates in a bank account or is paid into an account that has previously been opened for the customer in question. You can also use strong electronic authentication to verify a customer’s identify.
You need to monitor your customers’ activity in order to be able to identify suspicious transactions. Checking the origin of funds involved in any suspicious transactions may also be necessary.
If you are not satisfied with the origin of the funds, report the transaction to the National Bureau of Investigation’s Financial Intelligence Unit. A link to the Financial Intelligence Unit’s reporting tool is provided at the bottom of this page.
‘Beneficial owners’ are individuals who have control over a business or an organisation by
- holding more than 25 per cent of the shares either directly or through another business,
- holding more than 25 per cent of the voting rights either directly or through another business, or
- otherwise, such as through a shareholders’ agreement.
If it is not possible to identify the beneficial owners of a business or an organisation based on holdings or voting rights, the beneficial owners must be assumed to include the members of the organisation’s board, any general partners, the managing director and others in a similar position. The above does not apply, however, if the customer refuses to disclose information about the organisation’s beneficial owners.
‘Politically exposed persons’ (PEPs) are individuals who hold an important public position. Risk assessment procedures must be able to identify any customers or beneficial owners who are politically exposed persons, members of a PEP’s family or business partners of a PEP.
Establishing a customer relationship with a PEP requires certain steps to be taken by senior management, including
- authorising the customer relationship,
- establishing the origin of the assets or funds involved in the customer relationship or a specific transaction, and
- enhanced monitoring of the customer relationship.
An exhaustive list of individuals who are classified as PEPs is provided in a government decree. A link to the decree is provided at the bottom of this page.
Prevention of terrorist financing
Operators subject to the Anti-Money Laundering Act also have a duty to help to prevent terrorist financing. Terrorist financing refers to channelling funds for terrorist purposes or otherwise financially supporting individual terrorists, terrorist groups or terrorist objectives. What makes a transaction potentially suspicious is therefore the purpose for which the funds involved are to be used. The funds themselves can originate from criminal activity but they can also be completely legitimate.
Compliance with the laws on sanctions and the freezing of funds is key to preventing terrorist financing. You need to monitor your customers’ activity in order to be able to spot signs of terrorist financing. Any suspicious transactions must be reported to the National Bureau of Investigation’s Financial Intelligence Unit.
If you notice a person or an organisation that is subject to a freezing order or a financial sanction among your customers, stop any transactions that are in progress and do not hand over any funds to the customer. Report the customer immediately to the Helsinki Enforcement Office by emailing [email protected].
You can also contact the Helsinki Enforcement Office if you are not sure whether your customer is the same person or organisation that appears on the list of freezing orders or sanctions.
Funds belonging to persons or organisations that are subject to freezing orders or sanctions also cannot be forwarded to third parties without the competent authority’s permission.
Failing to satisfy obligations relating to freezing orders and sanctions is a criminal offence.
Funds can be frozen with a view to combating terrorism by means of an EU-wide sanction or a national order. Both natural persons’ and legal persons’ (such as businesses) funds can be frozen. The freezing of funds means that no funds can be released to a person who is subject to a freezing order. National decisions on the freezing of funds are taken by the National Bureau of Investigation, which keeps a list of individuals who are subject to a freezing order.
International sanctions are political or economic decisions that restrict cooperation with specific parties. The aim is to influence the policies of the party in question or to discourage actions that threaten international peace and security.
Links to current financial sanctions and information about interpreting the rules governing sanctions are provided on the website of the Ministry for Foreign Affairs of Finland. Operators subject to the Anti-Money Laundering Act can join the Ministry’s mailing list to stay up to date on sanctions.
Our authority in enforcing the Finnish Anti-Money Laundering Act also gives us the right to impose penalties for negligence or violations of the Act. We always take all the circumstances of the case into account before imposing penalties.
The penalties at our disposal are known as administrative penalties, as failure to observe the Anti-Money Laundering Act is not a criminal offence. Any cases involving actual money laundering offences or predicate offences are the police’s responsibility.
The administrative penalties that we can impose on operators who violate or fail to satisfy their obligations under the Anti-Money Laundering Act include
- public warnings,
- administrative fines, and
- penalty payments.
Regional State Administrative Agencies can also impose penalties on lawyers if asked to do so by the Finnish Bar Association. We publish all public warnings, administrative fines and penalty payments that we impose on our website. Administrative fines and penalty payments are paid to the state.
A public warning can be given if a violation is not serious enough to warrant more severe penalties, such as where an operator deliberately or negligently breaches a regulation or a provision of the Anti-Money Laundering Act other than the provisions concerning administrative fines and penalty payments. Public warnings are typically given for actions or omissions that do not satisfy the criteria for giving an administrative fine.
Natural persons can be given a public warning for violations of provisions or regulations that they have a personal obligation to observe.
Administrative fines are used as punishment for violations and failures to satisfy obligations arising from the Anti-Money Laundering Act, such as
- performing a risk assessment and drawing up a risk assessment document,
- identifying customers, performing CDD checks and keeping CDD documentation,
- reporting suspicious transactions,
- anti-money laundering registration,
- devising procedures for reporting suspected violations of the Anti-Money Laundering Act, and
- training staff, introducing safeguards and documenting procedures.
The amount of an administrative fine reflects the nature, scale and duration of the failure or violation. An administrative fine given to a legal person (business or other organisation) is always at least EUR 1,000 and no more than EUR 100,000. An administrative fine given to a natural person is always at least EUR 500 and no more than EUR 10,000.
The failures and violations of the Anti-Money Laundering Act that can lead to penalty payments are, for the most part, the same as those for which an administrative fine can be given, but the criteria are stricter. Penalty payments can only be imposed in the case of serious, recurring or systemic failures and violations. For example, an operator who simply fails to have their details entered into the anti-money laundering register can only be given an administrative fine.
In the case of natural persons, we cannot impose a penalty payment for failures and violations that are punishable under other laws.
If the operator is a legal person (business or other organisation), we can, in some circumstances, also impose penalty payments on individual members of the organisation’s senior management. A penalty payment can only be imposed on an individual if that individual’s personal actions materially contributed to the violation or failure in question. In cases where a legal person’s violation can be attributed to a specific member of the organisation’s senior management, we can choose to impose a penalty payment on the individual in question in addition to, or instead of, the legal person.
Penalty payments can be substantially higher than administrative fines. The amount is determined taking into account all the circumstances of the case, including
- the nature, scale and duration of the violation,
- the financial position of the offender,
- the benefit gained or damage caused by the offender’s actions,
- the level of cooperation by the offender with the authorities, and
- the offender’s potential previous violations.
Penalty payments imposed on financial service providers are capped at 10 per cent of the operator’s turnover during the previous financial year or EUR 5 million, whichever is higher. However, the amount can always be up to double the amount of benefit gained, if the amount of benefit gained can be determined.
Penalty payments imposed on other kinds of operators are capped at double the amount of benefit gained or EUR 1 million, whichever is higher.
Key to terms
The first step in establishing a customer relationship is to verify the customer’s identity. A customer’s identity can usually be verified from an ID card, passport or driving licence issued by a Finnish authority.
More information about the reliability of different kinds of identity documents is available on the websites of the European Council and the Council of the European Union.
Customer due diligence, or knowing your customer, refers to collecting whatever information is needed about each customer to prevent money laundering and terrorist financing. The information that is needed varies depending on the customer. Knowing your customers means having all the necessary information available and up to date in your customer database for the entire duration of your relationship with each customer.
A suspicious transaction is one that is for an unusually large amount or otherwise different from the usual business and transactions of the customer in question. An attempt must be made to establish the origin of the funds of a suspicious transaction.
The Finnish Anti-Money Laundering Act identifies a range of businesses and organisations operating in certain industries that have a legal duty to report suspicious transactions. The term ‘reporting entity’ is sometimes used to refer to these operators. Reporting entities are operators that, due to the nature of their business, are in a position to expose money laundering and terrorist financing or likely to become a target for money laundering and terrorist financing.
See our list of operators subject to the Anti-Money Laundering Act that fall within the enforcement authority of Regional State Administrative Agencies on "Who does Regional State Administrative Agency supervise under the Anti-Money Laundering Act?".
The obligations of the Act on Preventing Money Laundering and Terrorist Financing that are related to PEP persons, such as enhanced customer due diligence, must also be complied with regarding family members and associates of a PEP.
The Government Decree is provided at the bottom of this page.
We keep a nationwide register of operators whose compliance with the Anti-Money Laundering Act is our responsibility. The objective of the register is to help us to enforce the rules on the prevention of money laundering and terrorist financing. The register includes the details of any operators who are not included in the Financial Supervisory Authority’s list of reporting entities or in Regional State Administrative Agencies’ other registers.
We have prepared an online form that operators can use to have their details entered into the anti-money laundering register. You can find a link to the application at the bottom of this page. At the bottom of the page, there is also a link to the Anti-Money Laundering Register, the details of which can be viewed without logging in.
All operators that fall within our enforcement authority must draw up a written risk assessment of their business. The objective of risk assessment is to identify and analyse typical risks of money laundering and terrorist financing inherent in each business on a practical level. Risk assessment documents describe, for example, the risk involved in a particular service that the service provider must take into account. Risk assessments must be reviewed at regular intervals.
A beneficial owner is a person who owns or otherwise controls a business. A beneficial owner is someone who holds more than 25 per cent of the shares or voting rights either directly or through another business. Operators subject to the Anti-Money Laundering Act have a duty to identify and keep up-to-date information about their customers’ beneficial owners and, if necessary, check that they are who they say they are.
Frequently asked questions
We have prepared an online form that you can use to have your details entered into our anti-money laundering register. A link to the form is provided at the bottom of this page.
If you notice that you have made a mistake in your registration form or want to amend your registered details, you can let us know by emailing ra[email protected]. We will then update your register entries.
We base our register entries in part on the basic information about your business that you have reported to the Trade Register. If any of this information changes, the updates are not automatically migrated into our register.
Changes to the company’s register data must be made using the notification form for changes that is available in the same customer service portal as the application for registration. The processing of the change notice is free of charge, except in the case of changes in the register data concerning the persons in charge of currency exchange or business service operations. A fee of EUR 440 will be charged for changing the information concerning persons in charge of currency exchange or business service operations.
If you have any questions, please contact [email protected].
Every operator needs to assess the typical and potential risks of money laundering involved in its business and industry based on its own experiences.
We have prepared a manual and a template to help you produce your own risk assessment. With the questions listed on the template, you can identify and assess money laundering and terrorist financing risks in your own operations. The form only provides a basis for the assessments produced by the obliged entities. You can edit the template to make it suitable for your company’s needs or you can also produce a free-form risk assessment.
Operators need to base their risk assessments on the nature, size and scope of their business.
The objective is to describe the risk of money laundering involved in a specific service or transaction on a practical level. If, for example, an operator’s service portfolio changes or its business is substantially expanded, it is the operator’s duty to review the risk assessment. Regional State Administrative Agencies can ask operators for copies of their risk assessments and any revised versions.
You can find the risk assessment manual and the template at the bottom of this page.
Beneficial owners always need to be identified, but identity verification checks are only required in certain circumstances.
Verification refers to checking that a person is who they say they are from, for example, their passport or driving licence. Operators subject to the Anti-Money Laundering Act have a duty to identify and keep detailed and up-to-date information about their customers’ beneficial owners and, if necessary, check that they are who they say they are.
If the risk of money laundering in the case of a particular customer is low, just identifying the beneficial owner can be enough. The risks associated with a particular individual must always be assessed and the identification procedure chosen according to the identified level of risk.
All operators subject to the Anti-Money Laundering Act have a duty to look out for any unusual transactions in their business and to investigate the origin of funds involved in such transactions. This process is sometimes referred to as ‘know-your-customer (KYC) checks’.
If you spot a suspicious transaction, it is your duty to perform the necessary KYC checks and report your suspicions to the National Bureau of Investigation’s Financial Intelligence Unit. You need to report a transaction that you suspect involves money laundering or terrorist financing even if you refuse to serve the customer in question or execute the transaction.
All suspicious transactions and suspected cases of terrorist financing must be reported to the National Bureau of Investigation’s Financial Intelligence Unit. The National Bureau of Investigation’s Financial Intelligence Unit has designed an online reporting tool that you can use to report suspicions either on your organisation’s behalf or in a private capacity. A link to the reporting tool is provided at the bottom of this page. Other parties than those subject to the reporting obligation can send their notification to [email protected].
Various bodies, such as the Financial Supervisory Authority and the Finnish Patent and Registration Office, publish information and resources relating to the prevention of money laundering and terrorist financing. Links to useful information and resources are provided at the bottom of this page.