AML/CFT
Money laundering and terrorist financing constitute a serious threat to the stability and integrity of the financial sector in a country, endanger the internal market and its competitiveness, and in particular lead to a long-term loss of confidence on the part of the domestic and foreign public in the institutions of modern society that constitute the foundations of a state based on the rule of law.
For the purposes of anti-money laundering and countering the financing of terrorism (AML/CFT), certain entities including credit institutions and financial institutions are required to carry out the measures set out by the Prevention of Money Laundering and Terrorist Financing Act (ZPPDFT-2), and to uphold the regulations issued on its basis.
The financial sector is supervised by the following authorities from the perspective of AML/CFT:
Banka Slovenije,
the Securities Market Agency,
the Insurance Supervision Agency, and
the Office of the Republic of Slovenia for Money Laundering Prevention (OMLP).
The principle is that the supervisors that according to the primary legislation are defined as the supervisory authority for the particular type of entity are also responsible for conducting AML/CFT supervision. As the central authority in the area of AML/CFT, the OMLP has supervisory power at all obliged entities defined by the ZPPDFT-2.
Despite the establishment of the banking union and the introduction of the Single Supervisory Mechanism in 2014, the area of AML/CFT remains a competency of the national authorities, and AML/CFT supervision is one of Banka Slovenije’s key tasks, in that reviewing risk management in the area of AML/CFT is part of its oversight of comprehensive risk management at supervised entities. Banka Slovenije issues annual reports to the National Assembly and the public on its activities in the area of AML/CFT.
The information that Banka Slovenije obtains and processes during its AML/CFT supervision at individual supervised entities is confidential, and we are unable to comment on it. Supervisory measures are publicly announced on our website in line with law.
Supervised entities
Under the ZPPDFT-2, in connection with other laws (ZBan-3, ZPlaSSIED), Banka Slovenije conducts supervision of the implementation of the ZPPDFT-2 at the following supervised entities:
1. banks, savings banks and branches of foreign banks in Slovenia,
2. payment institutions and payment institutions with a waiver,
3. electronic money institutions and electronic money institutions with a waiver,
4. currency exchange operators,
5. legal and natural persons providing services in virtual currencies or other transactions included in those services (i.e. virtual assets service providers).*
*As of 21 June 2021 virtual assets service providers who are established or have a branch in Slovenia are additionally required to be entered in the register of crypto service providers maintained by the Office for Money Laundering Prevention before starting to provide the service.
Register of supervised entities
Register as a virtual currency service provider
List of registered virtual currency service providers
EBA powers in the area of AML/CFT
The management, coordination and monitoring of work in connection with AML/CFT at all EU financial service providers and competent authorities, i.e. in the entire EU financial sector, is the sole competency of the European Banking Authority (EBA). Under its mandate, it (i) manages, coordinates and monitors support for the implementation of robust approaches to AML/CFT supervision across the entire EU, (ii) contributes to a comprehensive approach to combating money laundering, terrorist financing and other financial crime, and to implementing restrictive measures, and (iii) provides expert advice to interested parties in connection with the establishment of an effective new institutional framework for AML/CFT in the EU.
Financial Action Task Force (FATF) and Moneyval
Slovenia is a member of the Council of Europe’s Committee of Experts on the Evaluation of Anti-Money Laundering Measures and the Financing of Terrorism, known as Moneyval. This conducts periodic mutual evaluations of its member-states, and of the degree to which each country complies with the recommendations issued by the Financial Action Task Force on Money Laundering (FATF). The FATF was established at the initiative of the G7 grouping of advanced economies as a response to the risks identified in connection with money laundering. Over time the FATF has grown into a global task force, which operates around the world via various regional subgroups. Its main mission is issuing recommendations for combating money laundering and terrorist financing, and attending to the effective implementation of the prescribed measures.
Slovenia underwent the fifth round of evaluation in 2016, and its evaluation report was adopted at Moneyval’s 53rd plenary session in May 2017. The sixth round is ongoing in 2025.
Questions and answers about AML/CFT
The area of anti-money laundering and combating the financing of terrorism (AML/CFT) is governed by the Prevention of Money Laundering and Terrorist Financing Act (the ZPPDFT-2; Official Gazette of the Republic of Slovenia, No. 48/22, 145/22).
Banks are also required to meet their obligations under the ZPPDFT-2 when executing transactions. Banks are required to conduct due diligence on each customer, and to regularly monitor their business activities in accordance with the ZPPDFT-2. The elements of customer due diligence are set out in Article 21 of the ZPPDFT-2, point 1 of the first paragraph of which stipulates that customer due diligence encompasses measures to establish and verify the customer’s identity on the basis of authentic, independent and objective sources. Customer due diligence is mandatory in the cases set out by Article 22 of the ZPPDFT-2 (1.when entering into a business relationship with a customer; 2. when executing any transaction in the amount of EUR 15,000 or more, irrespective of whether executed individually or in several apparently linked transactions; 3. for operators and concession-holders that provide gambling services, when paying out winnings or taking bets or both, in the case of a transaction in the amount of EUR 2,000 or more, irrespective of whether executed individually or in several apparently linked transactions; 4. whenever there is a doubt as to the veracity and suitability of the data obtained about the customer or its beneficial owner, and 5. whenever there exist, in connection with a transaction, the customer, the funds or the assets, grounds for suspecting money laundering or terrorist financing, irrespective of the value of the transaction) and for occasional transactions constituting the transfer of funds in excess of EUR 1,000 (first paragraph of Article 23 of the ZPPDFT-2).
When executing transactions referred to in points 2 and 3 of the first paragraph of Articles 22 and 23 of the ZPPDFT-2, obliged entities must carry out the prescribed measures referred to in points 1, 2 and 3 of the first paragraph of Article 21 of the aforementioned law, having regard for the second paragraph of Article 22 thereof, before executing the transaction. In accordance with the sixth paragraph of Article 54 of the ZPPDFT-2, the obliged entity must also ensure that the information and documentation obtained about the customer is updated if a change in material circumstances is established on the side of the customer, if the obliged entity is legally required to establish contact with the customer for the purposes of determining its beneficial owner and at least five years after the last review of the customer if the customer has executed at least one transaction with the obliged entity in the last 12 months. Should the bank as the obliged entity be unable to meet its customer due diligence obligations, it may not enter into a business relationship or execute a transaction with the customer, or must terminate the business relationship where one has already been entered into in accordance with Article 26 of the ZPPDFT-2.
The law does not make any such requirement. However, in accordance with the first paragraph of Article 75 of the ZPPDFT-2 the obliged entity (the bank) is required to report certain information to the Office for Money Laundering Prevention (including the purpose of the transaction and the method of execution of the transaction) about any cash transaction in excess of EUR 15,000 as soon as it has been executed, or within three days of the execution of the transaction. Notwithstanding the above, the bank may apply restrictions and conduct additional measures at lower amounts, in accordance with its own internal policies. Here it should be clarified that the decision to provide the required information to the bank is a matter for the customer, while the bank’s business decision is how to respond to a refusal to provide documentation: in the worst case scenario, in accordance with the contractual provisions and the general terms and conditions of business, the bank may also withdraw from the contract (e.g. by closing the current account) on the grounds of refusal of the request.
Under the ZPPDFT-2 obliged entities (including banks and savings banks) are required to take measures to identify and prevent money laundering and terrorist financing, and as part of this process to ensure the identification of the customer, including the source of the funds that the customer is transacting with. It is not documentation submitted by the customer that has sole bearing on this, but also other information that the bank has obtained from the customer within the framework of the know your customer (KYC) process and during transaction monitoring. Clarifications and evidence of the source of funds may be requested directly from the customer if this helps obliged entities meet the requirements imposed by the ZPPDFT-2. The scope of the required clarifications and evidence depends on the level of familiarity with the customer (e.g. a new or existing customer) and the assessed risk of money laundering and terrorist financing, and is therefore a matter of the specific business relationship between the obliged entity and the customer.
In accordance with Article 54 in connection with Article 55 of the ZPPDFT-2, banks are required to diligently monitor the business activities of their customers, and are consequently required to adequately review the background and purpose of any transaction that does not match the customer’s usual or expected transactions and to strengthen the monitoring of the customer’s business activities to establish if such transactions or activities seem suspicious, for which they can require evidence from the customer.
The ongoing monitoring of the business activities that a customer pursues with the bank on the basis of Article 54 of the ZPPDFT-2 includes vetting that the customer’s transactions comply with the purpose and intended nature of the business relationship, monitoring and vetting that the customer’s transactions conform to their usual scale, and vetting and updating information and documentation obtained about the customer. The scope and frequency of the implementation of transaction monitoring measures must be tailored to the risk of money laundering or terrorist financing that the bank is exposed to when executing a particular transaction or when doing business with a particular customer. This means that the bank is required to take more stringent measures in the case of higher risk than in the case of lower risk.
For the purposes of Article 55 of the ZPPDFT-2, obliged entities (including banks and savings banks) are required to put in place a system for identifying unusual transactions, and to address the identified transactions from the perspective of suspicion and the need to report them to the Office for Money Laundering Prevention. When addressing unusual transactions, banks are required to examine the background and purpose of the transactions, including the source of assets and source of funds, to the extent possible in view of the circumstances. This also entails obtaining additional information and documentation, with the definitive set of data and documents not prescribed by law, but instead determined in detail by the bank. Given the impossibility of prescribing all details in advance for all possible situations, there is to a certain extent a need for subjective judgment on the part of the bank, which should be based on its expertise and experience. In exercising its judgment the bank must take account of the entire background, and must also assess the individual transaction in connection with other circumstances. One of the circumstances that can increase risk is a lack of cooperation from the customer, and in practice it is not unusual for the bank to warn a customer that the execution of a transaction might be refused if the required documentation is not provided.
In accordance with Article 26 of the ZPPDFT-2, an obliged entity that is unable to take the measures referred to in points 1, 2 and 3 of the first paragraph of Article 21 of the ZPPDFT-2 may not enter into the business relationship or execute the transaction, or must terminate the business relationship where one has already been entered into, and must examine the possibility of reporting information about the customer or the suspicious transaction to the Office for Money Laundering Prevention in accordance with Article 76 of the aforementioned law.
The ZPPDFT-2 requires banks to conduct due diligence on each customer, and to regularly monitor their business activities. The elements of customer due diligence are set out in Article 21 of the ZPPDFT-2, point 1 of the first paragraph of which sets out measures to establish and verify the customer’s identity on the basis of authentic, independent and objective sources. The customer due diligence obligations are set out in Article 22 and, for occasional transactions, Article 23 of the ZPPDFT-2.
Under certain conditions, Article 32 of the ZPPDFT-2 allows the bank to establish and verify the identity of customers, statutory representatives or authorised representatives from a copy of an official personal identification document that the aforementioned persons submit to the obliged entity in paper or digital form. This method of identification is only allowed when an insignificant risk has been determined on the basis of the customer risk assessment.
The bank may also establish and verify the identity of a natural person (i.e. the customer, statutory representative or authorised representative) on the basis of an electronic means of identification with a high level of reliability, or on the basis of other methods of electronic identification for accessing electronic services with a high level of reliability in accordance with the regulations governing electronic identification and trust services (Article 33 of the ZPPDFT-2).