Article 26 AMLR – Ongoing monitoring of the business relationship and monitoring of transactions performed by customers
1. Obliged entities shall conduct ongoing monitoring of business relationships, including transactions undertaken by the customer throughout the course of a business relationship, to ensure that those transactions are consistent with the obliged entity’s knowledge of the customer, the customer’s business activity and risk profile, and where necessary, with the information about the origin and destination of the funds and to detect those transactions that shall be made subject to a more thorough assessment pursuant to Article 69(2).
Where business relationships cover more than one product or service, obliged entities shall ensure that the customer due diligence measures cover all those products and services.
Where obliged entities belonging to a group have business relationships with customers that are also the customers of other entities within that group, whether obliged entities or undertakings not subject to AML/CFT requirements, they shall take into account information relating to those other business relationships for the purposes of monitoring the business relationship with their customers.
2. In the context of the ongoing monitoring referred to in paragraph 1, obliged entities shall ensure that the relevant documents, data or information of the customer are kept up to date.
The period between updates of customer information pursuant to the first subparagraph shall be dependent on the risk posed by the business relationship and shall not in any case exceed:
| (a) | for higher risk customers to which measures under Section 4 of this Chapter apply, 1 year; |
| (b) | for all other customers, 5 years. |
3. In addition to the requirements set out in paragraph 2, obliged entities shall review and, where relevant, update the customer information where:
| (a) | there is a change in the relevant circumstances of a customer; |
| (b) | the obliged entity has a legal obligation in the course of the relevant calendar year to contact the customer for the purpose of reviewing any relevant information relating to the beneficial owners or to comply with Council Directive 2011/16/EU (42); |
| (c) | they become aware of a relevant fact which pertains to the customer. |
4. In addition to the ongoing monitoring referred to in paragraph 1 of this Article, obliged entities shall regularly verify whether the conditions laid down in Article 20(1), point (d), are met. The frequency of that verification shall be commensurate with the exposure of the obliged entity and the business relationship to risks of non-implementation and evasion of targeted financial sanctions.
For credit institutions and financial institutions, the verification referred to in the first subparagraph shall also be carried out upon any new designation in relation to targeted financial sanctions.
The requirements of this paragraph shall not replace the obligation to apply targeted financial sanctions or stricter requirements under other Union legal acts or under national law on the verification of the client base against lists of targeted financial sanctions.
5. By 10 July 2026, AMLA shall issue guidelines on ongoing monitoring of a business relationship and on the monitoring of the transactions carried out in the context of such relationship.