Learn about the main AML regulations in Hungary and how to comply with them.
Hungary has been continuously working to improve its Anti-Money Laundering (AML) regulations. According to the Council of Europe, Hungary has taken positive steps in its banking relationships and transparency of beneficial ownership information. As a result, the country is considered by the Council as a “largely compliant” member state.
Hungary fully complies with 32 out of the Financial Action Task Force’s (FATF) 40 recommendations. The country also partially complies with FATF recommendations non-profit organizations, new technologies, and cash couriers.
Companies operating in Hungary have to ensure they comply with regulations and adapt to shifting changes. This article can help.
According to Act LIII of 2017 on Preventing and Combating Money Laundering and Terrorist Financing (AML Law), any financial institutions established in Hungary (or any other EU member state) that provides services in Hungary falls under regulation. Affected services include, but are not limited to:
The complete list of affected institutions can be found in Section 1 of the AML Law.
The Central Management of the National Tax and Customs Administration (NAV) is the main AML supervising body in Hungary. The NAV is responsible for ensuring that affected institutions follow the AML Law, in addition to analyzing and responding to suspicious transaction reports. The NAV also cooperates with the Prosecutor General’s Office and the National Courts Office.
While the NAV is the main institution in charge, the AML framework in Hungary allows other governmental organizations to check financial institutions that fall under their jurisdiction. Such governmental bodies include, but are not limited to:
Act LIII of 2017 on Preventing and Combating Money Laundering and Terrorist Financing (AML law) is the main regulation dealing with AML requirements in Hungary. The law covers Customer Due Diligence (CDD) procedures, the risk assessment process, reporting obligations, and penalties for non-compliant companies. It follows the requirements of the European Union’s 4th, 5th, and 6th AMLDs.
To stay compliant, companies need to follow the obligations set out by the AML law, which include:
Each company should create a list of internal policies for approval by the relevant authority. In case there are any changes in regulations, companies have 30 days to adjust and approve such policies.
After establishing policies, companies also need to familiarize their employees with them. Therefore, companies should also provide AML training programs or hire employees with suitable prior knowledge.
There are various circumstances under which companies have to conduct Customer Due Diligence (CDD). They include:
During the onboarding stage, companies are required to collect and verify personal information from their customers. This includes:
The provided information then gets verified through comparison to government-issued documents (e.g., personal ID card). Customers can prove their place of residence with one of the following documents:
Companies can use external services or available databases to ensure the authenticity of the above information. Companies should also check customers for presence on sanctions lists (e.g., OFAC, UN, HMT, EU, DFT), Politically Exposed Persons (PEP) lists, and adverse media.
Beyond initial verification, companies should implement ongoing monitoring procedures.
A Suspicious Activity Report (SAR) should include relevant records about the customer and data related to suspicious transactions, with presentations of the circumstances and grounds for reporting.
A company should inform the authority within five business days after the detection of suspicious activities. Meanwhile, the execution of the transaction should be suspended. After that, the authority should inspect the case within four days after the report’s submission.
Companies must keep records of all customer transactions throughout the business relationship and for eight years afterwards. However, regulators may request that companies extend the period of recordkeeping to ten years.
If a company fails to comply with the AML law, it can be subject to penalties, the extent of which is determined by the following factors:
Depending on the type of violation, a company can have mild to severe repercussions for non compliance, ranging from being issued a warning by regulators to fines of up to HUF 2 billion (approximately $ 4.76 million) or even seizure of operations. Executive officers may also be on the hook for HUF 100,000 to HUF 500 million (approximately from $ 240 to $ 1.2 million).
Hungary is continuously working to improve its AML regulations to ensure better security for customers and stricter rules for financial institutions. To comply with all the regulations and avoid penalties, companies working in Hungary should implement efficient compliance solutions with a built-in compliance solution to help navigate local regulations.
If you want to learn more about the benefits of AML/KYC solutions, contact Sumsub today.