Financial Crime World

Austria’s Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT) Framework

Banking Legislation

Austria has strict banking secrecy provisions, but legal provisions and jurisprudence provide gateways for authorities to access protected information. Financial institutions usually comply with requests for information made by the Financial Intelligence Unit (FIU) acting on Suspicious Transaction Reports (STRs). However, court orders requested by the office of public prosecution may be rejected if they do not provide substantive, material, and adequate evidence.

Preventive Measures

Several measures have been taken to improve the AML/CFT framework since Austria’s last evaluation. Key preventive measures include:

  • All persons and entities conducting financial activities in Austria are subject to AML/CFT measures, which are set out in sector-specific laws.
  • Customer due diligence (CDD) requirements have been expanded to cover all customers and beneficial owners, but some exemptions need to be removed.

Risk-Based Approach

The revised legislation introduces a risk-based approach to CDD, modeled on the EU Directive. Financial institutions are required to conduct a risk-analysis of their business, apply risk-based CDD, and take appropriate measures to address higher-risk situations.

Mutual Evaluation Report Recommendations

Based on the mutual evaluation report recommendations:

  • Conduct a Money Laundering/Financing of Terrorism (ML/FT) risk assessment to establish whether additional legal provisions are required to mitigate risks specific to Austria.
  • Financial institutions should be specifically required to examine the background and purpose of transactions they view as unusual and record their findings in writing.

Compliance Management

Most categories of financial institutions have broad obligations regarding compliance management and internal audit functions, but these requirements need better focus to ensure adequate and comprehensive coverage of exposure to ML/FT risks. Key areas for improvement include:

  • The seniority, independence, and right to access CDD information, transaction records, and other relevant information for the compliance officer should be set out in the law.