Financial Crime World

Austria’s Legal Requirement for External Audit Reports on Anti-Money Laundering Systems and Controls

Introduction

In Austria, there is a legal requirement for external auditors or other external organizations to report on the anti-money laundering (AML) systems and controls of banks. This requirement is stipulated by Austrian law and aims to ensure compliance with various regulatory requirements.

External Audit Reports

According to industry experts, an external report on AML systems must be submitted once a year. The report must be provided to the audit client, who will then forward it to both the financial market authority and the Austrian National Bank. This report is not part of the financial statement audit but rather a separate audit of compliance with regulatory requirements.

Content of External Reports

The content of this external report requires testing the internal control system of the bank regarding regulatory requirements, which also includes AML. However, sample testing of KYC files, SAR reports, or risk assessments is not required.

Data Protection Laws and Personal Data

In addition to AML regulations, Austria’s data protection laws are also worth noting. Under the country’s Data Protection Act, “data” refers to personal data that is processed about certain categories of individuals, such as employees or customers.

  • Sensitive data, including information on racial or ethnic origin, political opinion, trade-union membership, religious or philosophical beliefs, and health or sex life, requires special protection.
  • The use of sensitive data does not infringe interests in secrecy unless it falls under one of the exceptions set out in Section 9 of the Data Protection Act.

Transfer of Credit Reports

Furthermore, there are restrictions on the transfer of credit reports in Austria. All data applications must be notified, unless an exception applies. This notification must include the categories of recipients and the legal basis for transmission.

Other Key Regulations

Austria’s laws also focus on the enforceability of digital signatures, with Section 3(1) stating that signatures may not be excluded merely because they are in electronic form.

  • Austria follows the UNCITRAL model law and is similar to the laws of many European Union member states.
  • The country has a two-tier jurisdiction system, recognizing both digital and simple electronic signatures as legal and enforceable.

Risk-Based Approach

Austria’s financial regulatory authorities have also adopted a risk-based approach to monitoring transactions outside the jurisdiction. This approach allows for monitoring suspicious transactions, even if they do not meet the minimum threshold of EUR 15,000.

Conclusion

Overall, Austria’s regulations emphasize the importance of AML compliance, data protection, and digital signatures in the banking sector. With its unique combination of traditional and modern regulations, Austria provides a comprehensive framework for banks operating within its borders.