Record keeping, disclosure and compliance
Record-keeping and disclosure requirements
What record-keeping and disclosure requirements apply to companies and relevant individuals under the anti-money laundering, terrorism financing and fraud legislation?
As a rule of thumb, keeping records for seven years from the transaction and as long as investigations are pending is required. There are a number of legal provisions concerning record- keeping, including Section 21 of the Financial Markets Anti-money Laundering Act requiring that records be kept for five years from the transaction. For more information concerning record- keeping in Austria see https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-speicher-und-aufbewahrungsfristen.html.
What internal compliance measures are required and/or advised for companies in relation to the anti-money laundering, terrorism financing and fraud legislation?
Corporations are liable for the unlawful and culpable actions of their decision makers (ie, higher-ranked individuals with authority to represent the company) and, under more restrictive conditions, also for the actions of their ‘normal’ employees, provided that the offence was either committed for the benefit of the corporation or the offence violated duties incumbent upon the corporation itself. If the offence was committed by a normal employee, it must have been either rendered possible or facilitated by the decision makers' failure to take essential precautionary measures. Consequently, companies have to implement a proper compliance system in order to reduce their risk of criminal liability. Thus, implementing a proper compliance system that safeguards compliance with the law, including anti-money laundering, has become best practice in Austrian corporations. However, there are no general mandatory internal compliance measures for companies in relation to anti-money laundering, financing terrorism and fraud in Austria. Only for specific professions, such as bankers and lawyers, do specific rules apply. Companies that implement a compliance management system may get a certification according to the International Standards ISO 19600 “Compliance management systems – Guidelines” and ISO 37001 “Anti-bribery management systems – Requirements with guidance for use”. The certification enhances the reputation of the company and demonstrates transparency to its shareholders. It may also help the company in participating in tenders and reduce the risk of prosecution.
What customer and business partner due diligence is required and/or advised for companies in relation to the anti-money laundering, terrorism financing and fraud legislation?
Austria is fully compliant with the EU regulations, in particular through the enactment of the Financial Markets Anti-money Laundering Act, which implements the EU Fourth Money Laundering Directive (2015/849) and concentrates all relevant provisions into a single statute. Specific provisions applying to certain professions can be found, for example, in the Austrian Trade Act, the Gambling Act and the Codes of Professional Conduct for Lawyers and Notaries. All of these provisions place great importance on the principle of ‘know your customer’, which is intended to deny money launderers the benefit of anonymity. Among other rules, new business partners need to be carefully vetted, and the identify the beneficial owner of a new business partner needs to be disclosed and documented. Entering into a new client relationship requires a careful assessment of the anti-money laundering and terrorism financing risks. Also during an ongoing business relationship, these checks must be carried out repeatedly. Furthermore, the origin of funds for a specific money transaction needs to be identified. Special attention is to be paid to transactions of €15,000 or more.
Transactions that cast doubt on the origin of the funds trigger immediate notification duties. The professional duty of confidentiality is overridden by the duty to report any suspicion of money laundering for financial institutions, legal counsel, notaries public etc. The duty of notification is lifted for legal counsel hired to defend the alleged perpetrators of such crimes in order to allow a proper defence under the ‘fair trial’ principle.