The activities of the Regional State Administrative Agencies will end at the end the year 2025. Most of our tasks will be transferred to the new Finnish Supervisory Agency, which will launch its operations on 1 January 2026. Tasks related to animal health and welfare and to food will be transferred to the Finnish Food Authority. Competition and consumer administration tasks will be transferred to the Finnish Competition and Consumer Authority.
Read more: Reform of regional state administration
Regional State Administrative Agencies enforce the Anti-Money Laundering Act in Finland. The agency responsible for the enforcement across Finland is the Regional State Administrative Agency for Southern Finland.
The Anti-Money Laundering Act sets forth the obligations and measures the companies, organisations and other traders subject to monitoring must observe in their operations. These measures are in place to prevent money laundering and terrorist financing and to make it easier to detect such activities.
Money laundering refers to measures aimed at concealing or covering the origin of assets acquired through crime and to make the assets appear to have come from a legitimate source. Money and assets generated by a criminal activity can be acquired through any crime. In other words, a stolen vehicle and monetary gains obtained through tax evasion can both be considered money laundering crimes.
The goal of money launderers is to re-introduce funds from illegitimate sources into the legitimate financial system. Due to this, companies and private traders are often used as a tool for money laundering. Entrepreneurs in different industries play a key role in the detection and prevention of money laundering.
Companies and traders operating in certain industries are subject to the requirements of the Anti-Money Laundering Act. These operators have the obligation to report suspicious transactions.
By providing guidance and advice, we aim to ensure that those obliged to report suspicious transactions observe the act in all of their operations.
Companies and traders with reporting obligation must
In addition to enforcement activities, we also provide information and issue instructions for industries subject to anti-money laundering enforcement. We also provide guidance on matters related to money laundering and terrorist financing.
General and industry-specific instructions for the prevention of money laundering are available in the Instructions menu.
Enforcement methods include inspecting the facilities of businesses subject to enforcement and conducting document audits. In addition to the right to inspect commercial premises, Regional State Administrative agencies also have extensive rights to information about the operations of the supervised party. We are also authorised to impose sanctions for failure to comply with the law. We also conduct proactive enforcement in certain sectors and evaluate the reliability of company executives when the company is added to the money laundering supervision register.
We supervise businesses and other traders who may detect money laundering and terrorist financing offences as part of their normal operation or who might be used for these purposes. Businesses and traders covered by the enforcement regulations play a key role in the prevention of money laundering and terrorist financing as they are the best channel through which authorities can obtain information about suspicious business activities.
The sectors subject to monitoring are:
Businesses and professions that provide legal services (excluding attorneys-at-law) in transactions related to certain economic activities or assets
Companies providing financial services that are not subject to the supervision of the Finnish Financial Supervisory Authority
Currency exchange services
Providers of ancillary investment services
Pawnshops referred to in the Pawnshops Act
Real estate agencies and housing rental agencies referred to in the Act on Real Estate Agencies and Housing Rental Agencies
Holders of licences for the collection of debts referred to in the Act on Debt Collection Licences
Company service providers
Tax advisors
Businesses or professions performing external accounting functions
Goods dealers
Parties selling art
Providers of legal services (excluding attorneys-at-law) are subject to our supervision to the extent in which they act on behalf of or for the client in any financial or real estate transaction. Providers of legal services are also subject to our supervision when they participate in the planning or carrying out of the following transactions for their client:
Parties selling art
Company service providers
The provision of company services refers to the commercial provision of the following services to third parties
Tax advisors
Regional State Administrative Agencies keep a register of businesses and operators that are subject to the Finnish Anti-Money Laundering Act. The information is in the public domain, and anyone can access the register without creating an account. A link to the register is provided at the bottom of this page.
All the operators that are our responsibility must have their details included in one of our registers or in the licence list. We keep separate registers of, for example, licensed pawnshops. As long as an operator’s details are included in one of our registers, there is no need to register specifically for anti-money laundering purposes. Operators that do not need to register separately include pawnshops, holders of licences for the collection of debts referred to in the Act on Debt Collection Licences, real estate agencies and housing rental agencies. Everyone else we supervise must register in the money laundering supervision register.
See our list of operators that fall within the enforcement authority of Regional State Administrative Agencies.
We have prepared an online form that you can use to have your details entered into our money laundering supervision register. A link to the form is provided at the bottom of this page.
Follow these steps:
Click on ‘Money laundering supervision register’.
It usually takes two weeks to process an application, but delays are possible if a lot of applications are submitted at the same time or if further enquiries are needed. Your company can continue to operate normally during the processing of the application.
The application to the money laundering supervision register is subject to a fee. The registration fee is lower if the application is submitted in the e-service.
To find up-to-date information on fees, go to: Fees and charges.
An obligation management report, used to assess actors’ reliability, is a prerequisite for registering business service providers and currency exchange services. The registration fee is higher for business service providers and foreign exchange services because of the obligation management report.
Registration is not subject to administrative costs in addition to the one-off registration fee. In addition, no fee is charged for changes to the register data, except for changes concerning responsible persons for a business service provider or currency exchange service.
You will be billed separately for the registration fee. The fees are based on government decrees.
Fees are enforceable without a court order.
If your operations are subject to the reporting obligation, you must know your customers and monitor the customer relationship throughout its duration. The monitoring must be comprehensive enough that you are able to detect deviations from the customer relationship’s typical transactions.
If you notice an abnormal transaction, you must examine the basis and purpose of the transaction in further detail and, if necessary, the origin of the assets related to the transaction. A transaction can be unusual, for example, if it does not fit the customer’s profile or is different from the customer’s previous transactions.
To test whether a transaction should be considered unusual, you can compare it against
If your conclusion is that there is something suspicious about the transaction, report it immediately to the National Bureau of Investigation’s Financial Intelligence Unit. Even the slightest suspicions must be reported. It is not your responsibility to determine whether or not a crime has been committed.
Always file a report if:
Do not tell the customer about your report. Keep the evidence that you collected for your report for a period of five years and store it separately from other customer documents.
The body responsible for handling anti-money laundering reports in Finland is the National Bureau of Investigation’s Financial Intelligence Unit. It takes care of all suspected cases of money laundering and terrorist financing and produces information to combat the phenomena.
The report is made via an online reporting application to which you must register. A link to the reporting tool is provided at the bottom of this page.
You can tip us off if you suspect that an operator that falls within our enforcement authority is violating the Anti-Money Laundering Act.
You can find a list of operators that fall within the enforcement authority of Regional State Administrative Agencies under ‘Who does Regional State Administrative Agency supervise under the Anti-Money Laundering Act’.
File a report in our online reporting tool. You can find a link to the reporting tool at the bottom of this website. We will protect your identity and will not disclose your personal details to the operator that you are reporting.
We use reports of suspected violations to identify high-risk operators for enforcement purposes. We have no obligation to disclose the action we take based on a report to the person who submitted the report.
Note that a suspicious transaction must be reported to the Financial Intelligence Unit of the National Bureau of Investigation, not to the Regional State Administrative Agency.
We encourage anyone who suspects that the provisions of the Anti-Money Laundering Act are being violated to get in contact with their nearest Regional State Administrative Agency.
You can report, for example, your employer or an operator that provides goods or services to you. It is always better to report a potential violation than not to report it. You do not need to be able to prove your suspicions.
All kinds of violations of the Anti-Money Laundering Act can be reported. This includes, for example, an operator’s failure to
Even business secrets can be reported to the authorities if doing so is in the public interest and necessary to expose fraudulent or illegal activity.
The more information you are able to provide about a potential violation of the Anti-Money Laundering Act, the easier it will be for us to determine what action to take.
Try to include at least
Risk-based assessment is one of the key concepts in the fight against money laundering and terrorist financing. Risk-based assessment is at the core of all actions to prevent money laundering and terrorist financing on a supranational level and in respect of individual operators alike.
For individual operators, risk-based assessment means identifying, analysing and understanding the risk of money laundering and terrorist financing inherent in their business. The steps that need to be taken to ensure compliance with the Anti-Money Laundering Act depend on the level of risk. The level of risk is assessed taking into account the nature, size and scope of each operator’s business.
Risk-based action can only be taken once the risk inherent in each operator’s business has been identified.
All operators to which the Anti-Money Laundering Act applies have a duty to identify and analyse the risk of money laundering and terrorist financing inherent in their business and to document their findings. Risk assessments must be reviewed at regular intervals. Regional State Administrative Agencies can ask operators for copies of their risk assessments and any revised versions. If you are asked to submit a copy, please do so promptly.
The objective of risk-based assessment is to make each operator understand its role in combating money laundering. Risk-based assessment helps operators to identify priorities and plan procedures and follow-up consistently with the risk of money laundering and terrorist financing inherent in their business.
The Anti-Money Laundering Act applies to a wide range of operators, and the risks can be very different in different industries. The aim is to save low-risk operators from excessive bureaucracy while also ensuring that high-risk operators have sufficient safeguards in place.
Your risk-based assessment should cover at least the following:
We recommend that you familiarise yourself with our risk assessment manual, which explains the objectives of the risk-based approach and the assessment procedure in more detail. A link to the manual is provided at the bottom of this page. The law does not stipulate the format of risk assessments, which means that operators can design the format and layout of their documents themselves. However, we have prepared a template that you can use when producing your own risk assessment. You can find the link to the template at the bottom of this page under the risk assessment manual.
Regional State Administrative Agencies also need to assess the risks associated with the operators that fall within our enforcement authority. We use our risk assessments to plan our enforcement action. We publish a summary of the risks we have identified, which operators can use as the basis for their own risk assessments.
We receive information about the risks that various industries face with the help of our enforcement work and risk assessments completed by the operators we supervise. We use this information to prepare our supervisor-specific risk assessment. A link to our summary of risks is provided at the bottom of this page.
Nationwide risk assessments are prepared by the competent ministries. Nationwide risk assessment is designed to identify and analyse national risks of money laundering and terrorist financing. Operators can also consult nationwide risk assessments as part of their own risk assessment work.
Operators that are subject to the Anti-Money Laundering Act also have a duty to introduce procedures that allow them to manage the risks of money laundering identified in their risk assessments and to ensure compliance with the Act. Your procedures need to specify the steps taken to prevent money laundering and terrorist financing at each stage of a transaction.
You need to document at least your procedures for
Operators that are subject to the Anti-Money Laundering Act have a duty to ensure that their staff are trained to identify and prevent money laundering and terrorist financing.
Responsibility for internal compliance with the Act can be delegated to a member of the organisation’s management.
One of operators’ most important responsibilities is to know their customers. This is called ‘customer due diligence’ (CDD) and means knowing who you are dealing with and understanding the nature of their business.
Knowing your customer means
CDD documents must be kept for at least five years after the end of each customer relationship or transaction.
Enhanced customer due diligence is required if
Compliance with the enhanced due diligence procedure is required in cases that involve politically exposed persons. In addition, remote services where the customer is not present may involve a higher risk of money laundering and terrorist financing if strong electronic identification is not used to verify the customer’s identity and thus reduce the risk of money laundering and terrorist financing. This means that remote services will require compliance with the enhanced due diligence procedure.
You need to monitor your customers’ activity in order to be able to identify suspicious transactions. Checking the origin of funds involved in any suspicious transactions may also be necessary.
If you are not satisfied with the origin of the funds, report the transaction to the National Bureau of Investigation’s Financial Intelligence Unit. A link to the Financial Intelligence Unit’s reporting tool is provided at the bottom of this page.
‘Beneficial owners’ are individuals who have control over a business or an organisation by
If it is not possible to identify the beneficial owners of a business or an organisation based on holdings or voting rights, the beneficial owners must be assumed to include the members of the organisation’s board, any general partners, the managing director and others in a similar position. The above does not apply, however, if the customer refuses to disclose information about the organisation’s beneficial owners.
‘Politically exposed persons’ (PEPs) are individuals who hold an important public position. Risk assessment procedures must be able to identify any customers or beneficial owners who are politically exposed persons, members of a PEP’s family or business partners of a PEP.
Establishing a customer relationship with a PEP requires certain steps to be taken by senior management, including
An exhaustive list of individuals who are classified as PEPs is provided in a government decree. A link to the decree is provided at the bottom of this page.
Operators subject to the Anti-Money Laundering Act also have a duty to help to prevent terrorist financing. Terrorist financing refers to channelling funds for terrorist purposes or otherwise financially supporting individual terrorists, terrorist groups or terrorist objectives. What makes a transaction potentially suspicious is therefore the purpose for which the funds involved are to be used. The funds themselves can originate from criminal activity but they can also be completely legitimate.
Compliance with the laws on sanctions and the freezing of funds is key to preventing terrorist financing. You need to monitor your customers’ activity in order to be able to spot signs of terrorist financing. Any suspicious transactions must be reported to the National Bureau of Investigation’s Financial Intelligence Unit.
If you notice a person or an organisation that is subject to a freezing order or a financial sanction among your customers, stop any transactions that are in progress and do not hand over any funds to the customer. The enforcement authority must be notified without delay by email at [email protected]. You can also contact the enforcement authority in situations where it is unclear if a party who is your customer is the same as a person whose funds have been frozen or is subject to sanctions.
Funds belonging to persons or organisations that are subject to freezing orders or sanctions also cannot be forwarded to third parties without the competent authority’s permission.
Failing to satisfy obligations relating to freezing orders and sanctions is a criminal offence.
Funds can be frozen with a view to combating terrorism by means of an EU-wide sanction or a national order. Both natural persons’ and legal persons’ (such as businesses) funds can be frozen. The freezing of funds means that no funds can be released to a person who is subject to a freezing order. National decisions on the freezing of funds are taken by the National Bureau of Investigation, which keeps a list of individuals who are subject to a freezing order.
International sanctions are political or economic decisions that restrict cooperation with specific parties. The aim is to influence the policies of the party in question or to discourage actions that threaten international peace and security.
Links to current financial sanctions and information about interpreting the rules governing sanctions are provided on the website of the Ministry for Foreign Affairs of Finland. Operators subject to the Anti-Money Laundering Act can join the Ministry’s mailing list to stay up to date on sanctions.
Website of the Ministry for Foreign Affairs of Finland - Financial sanctions (in finnish)
Our authority in enforcing the Finnish Anti-Money Laundering Act also gives us the right to impose penalties for negligence or violations of the Act. We always take all the circumstances of the case into account before imposing penalties.
The penalties at our disposal are known as administrative penalties, as failure to observe the Anti-Money Laundering Act is not a criminal offence. Any cases involving actual money laundering offences or predicate offences are the police’s responsibility.
The administrative penalties that we can impose on operators who violate or fail to satisfy their obligations under the Anti-Money Laundering Act include
Regional State Administrative Agencies can also impose penalties on lawyers if asked to do so by the Finnish Bar Association. We publish all public warnings, administrative fines and penalty payments that we impose on our website. Administrative fines and penalty payments are paid to the state.
A public warning can be given if a violation is not serious enough to warrant more severe penalties, such as where an operator deliberately or negligently breaches a regulation or a provision of the Anti-Money Laundering Act other than the provisions concerning administrative fines and penalty payments. Public warnings are typically given for actions or omissions that do not satisfy the criteria for giving an administrative fine.
Natural persons can be given a public warning for violations of provisions or regulations that they have a personal obligation to observe.
Administrative fines are used as punishment for violations and failures to satisfy obligations arising from the Anti-Money Laundering Act, such as
The amount of an administrative fine reflects the nature, scale and duration of the failure or violation. An administrative fine given to a legal person (business or other organisation) is always at least EUR 1,000 and no more than EUR 100,000. An administrative fine given to a natural person is always at least EUR 500 and no more than EUR 10,000.
The failures and violations of the Anti-Money Laundering Act that can lead to penalty payments are, for the most part, the same as those for which an administrative fine can be given, but the criteria are stricter. Penalty payments can only be imposed in the case of serious, recurring or systemic failures and violations. For example, an operator who simply fails to have their details entered into the anti-money laundering register can only be given an administrative fine.
In the case of natural persons, we cannot impose a penalty payment for failures and violations that are punishable under other laws.
If the operator is a legal person (business or other organisation), we can, in some circumstances, also impose penalty payments on individual members of the organisation’s senior management. A penalty payment can only be imposed on an individual if that individual’s personal actions materially contributed to the violation or failure in question. In cases where a legal person’s violation can be attributed to a specific member of the organisation’s senior management, we can choose to impose a penalty payment on the individual in question in addition to, or instead of, the legal person.
Penalty payments can be substantially higher than administrative fines. The amount is determined taking into account all the circumstances of the case, including
Penalty payments imposed on financial service providers are capped at 10 per cent of the operator’s turnover during the previous financial year or EUR 5 million, whichever is higher. However, the amount can always be up to double the amount of benefit gained, if the amount of benefit gained can be determined.
Penalty payments imposed on other kinds of operators are capped at double the amount of benefit gained or EUR 1 million, whichever is higher.
Reporting entity |
Imposed administrative sanction |
Date |
Finality |
Link to the decision |
|---|---|---|---|---|
| Pades Oy | Administrative fine 12 000 € Lowered to 6 000 € by the administrative court. |
24 March 2023 | The decision is final. | Decision 24.3.2023, Pades Oy (in Finnish) |
| A.R. Investments Oy | Penalty payment 6 000 € |
24 August 2023 | The decision is final. | Decision 24.8.2023, A.R. Investments Oy (in Finnish) |
| NSY Kiinteistönvälitys Oy LKV | Penalty payment 12 000 € |
29 November 2023 | The decision is not legally valid. | Decision 29.11.2023, NSY Kiinteistönvälitys Oy LKV (in Finnish) |
| Auto-Suni Oy | Penalty payment 110 000 € |
31 January 2024 | The decision is final. | Decision 31.1.2024, Auto-Suni Oy (in Finnish) |
| Oy Norm-Esko Consulting Ab | Administrative fine 3 000 € | 7 February 2024 | The decision is final. | Decision 7.2.2024, Oy Norm-Esko Consulting Ab (in Finnish) |
| Streamex Oy | Administrative fine 6 000 € | 13 June 2024 | The decision is final. | Decision 13.6.2024, Streamex Oy (in Finnish) |
| Massitukku Oy | Administrative fine 3 000 € | 16 October 2024 | The decision is final. | Decision 16.10.2024, Massitukku Oy (in Finnish) |
| KTI Laskutus Oy | Penalty payment 12 000 € | 15 October 2024 | The decision is not legally valid. | Decision 15.10.2024, KTI Laskutus Oy (in Finnish) |
| Blue Finance Corporate Lending Oy | Administrative fine 1 500 € | 27 November 2024 | The decision is final. | Decision 27.11.2024, Blue Finance Corporate Lending Oy (in Finnish) |
| WestStar Oy | Administrative fine 5 000 € | 26 February 2025 | The decision is final. | Decision 26.2.2025, WestStar Oy (in Finnish) |
| Svea Perintä Oy | Administrative fine 5 500 € | 24 June 2025 | The decision is not legally valid. | Decision 24.6.2025, Svea Perintä Oy (in Finnish) |
The first step in establishing a customer relationship is to verify the customer’s identity. A customer’s identity can usually be verified from an ID card, passport or driving licence issued by a Finnish authority.
More information about the reliability of different kinds of identity documents is available on the websites of the European Council and the Council of the European Union.
Websites of the European Council and the Council of the European Union
Customer due diligence, or knowing your customer, refers to collecting whatever information is needed about each customer to prevent money laundering and terrorist financing. The information that is needed varies depending on the customer. Knowing your customers means having all the necessary information available and up to date in your customer database for the entire duration of your relationship with each customer.
A suspicious transaction is one that is for an unusually large amount or otherwise different from the usual business and transactions of the customer in question. An attempt must be made to establish the origin of the funds of a suspicious transaction.
The Finnish Anti-Money Laundering Act identifies a range of businesses and organisations operating in certain industries that have a legal duty to report suspicious transactions. The term ‘obliged entity’ is sometimes used to refer to these operators. Obliged entities are operators that, due to the nature of their business, are in a position to expose money laundering and terrorist financing or likely to become a target for money laundering and terrorist financing.
See our list of operators subject to the Anti-Money Laundering Act that fall within the enforcement authority of Regional State Administrative Agencies on "Who does Regional State Administrative Agency supervise under the Anti-Money Laundering Act?".
The obligations of the Act on Preventing Money Laundering and Terrorist Financing that are related to PEP persons, such as enhanced customer due diligence, must also be complied with regarding family members and associates of a PEP.
The Government Decree is provided at the bottom of this page.
We keep a nationwide register of operators whose compliance with the Anti-Money Laundering Act is our responsibility. The objective of the register is to help us to enforce the rules on the prevention of money laundering and terrorist financing. The register includes the details of any operators who are not included in the Financial Supervisory Authority’s list of reporting entities or in Regional State Administrative Agencies’ other registers.
We have prepared an online form that operators can use to have their details entered into the money laundering supervision register. You can find a link to the application at the bottom of this page. At the bottom of the page, there is also a link to the Money laundering supervision register, the details of which can be viewed without logging in.
All operators that fall within our enforcement authority must draw up a written risk assessment of their business. The objective of risk assessment is to identify and analyse typical risks of money laundering and terrorist financing inherent in each business on a practical level. Risk assessment documents describe, for example, the risk involved in a particular service that the service provider must take into account. Risk assessments must be reviewed at regular intervals.
A beneficial owner is a person who owns or otherwise controls a business. A beneficial owner is someone who holds more than 25 per cent of the shares or voting rights either directly or through another business. Operators subject to the Anti-Money Laundering Act have a duty to identify and keep up-to-date information about their customers’ beneficial owners and, if necessary, check that they are who they say they are.
We have prepared an online form that you can use to have your details entered into our money laundering supervision register. A link to the form is provided at the bottom of this page.
If you notice that you have made a mistake in your registration form or want to amend your registered details, you can let us know by emailing [email protected]. We will then update your register entries.
We base our register entries in part on the basic information about your business that you have reported to the Trade Register. If any of this information changes, the updates are not automatically migrated into our register.
Changes to the company’s register data must be made using the notification form for changes that is available in the same customer service portal as the application for registration. The processing of the change notice is free of charge, except in the case of changes in the register data concerning the persons in charge of currency exchange or business service operations. To find up-to-date information on fees, go to: Fees and charges.
If you have any questions, please contact [email protected].
Every operator needs to assess the typical and potential risks of money laundering involved in its business and industry based on its own experiences.
We have prepared a manual and a template to help you produce your own risk assessment. With the questions listed on the template, you can identify and assess money laundering and terrorist financing risks in your own operations. The form only provides a basis for the assessments produced by the obliged entities. You can edit the template to make it suitable for your company’s needs or you can also produce a free-form risk assessment.
Operators need to base their risk assessments on the nature, size and scope of their business.
The objective is to describe the risk of money laundering involved in a specific service or transaction on a practical level. If, for example, an operator’s service portfolio changes or its business is substantially expanded, it is the operator’s duty to review the risk assessment. Regional State Administrative Agencies can ask operators for copies of their risk assessments and any revised versions.
You can find the risk assessment manual and the template at the bottom of this page.
Beneficial owners always need to be identified, but identity verification checks are only required in certain circumstances.
Verification refers to checking that a person is who they say they are from, for example, their passport or driving licence. Operators subject to the Anti-Money Laundering Act have a duty to identify and keep detailed and up-to-date information about their customers’ beneficial owners and, if necessary, check that they are who they say they are.
If the risk of money laundering in the case of a particular customer is low, just identifying the beneficial owner can be enough. The risks associated with a particular individual must always be assessed and the identification procedure chosen according to the identified level of risk.
All operators subject to the Anti-Money Laundering Act have a duty to look out for any unusual transactions in their business and to investigate the origin of funds involved in such transactions. This process is sometimes referred to as ‘know-your-customer (KYC) checks’.
If you spot a suspicious transaction, it is your duty to perform the necessary KYC checks and report your suspicions to the National Bureau of Investigation’s Financial Intelligence Unit. You need to report a transaction that you suspect involves money laundering or terrorist financing even if you refuse to serve the customer in question or execute the transaction.
All suspicious transactions and suspected cases of terrorist financing must be reported to the National Bureau of Investigation’s Financial Intelligence Unit. The National Bureau of Investigation’s Financial Intelligence Unit has designed an online reporting tool that you can use to report suspicions either on your organisation’s behalf or in a private capacity. A link to the reporting tool is provided at the bottom of this page. Other parties than those subject to the reporting obligation can send their notification to [email protected].
Various bodies, such as the Financial Supervisory Authority and the Finnish Patent and Registration Office, publish information and resources relating to the prevention of money laundering and terrorist financing. Links to useful information and resources are provided at the bottom of this page.
Our newsletter on enforcement of the Anti-Money Laundering Act is available both in Finnish and Swedish. It includes the latest on preventing money laundering. You can find the newsletters here.
More information: [email protected]
Follow us on Twitter: @AVIrahanpesu
Legislation and action to prevent money laundering and terrorist financing
