The Finnish Government submitted a bill for a new act on the prevention of money laundering and terrorist financing to Parliament at the beginning of November. The new Anti-Money Laundering Act is based on the fourth Anti-Money Laundering Directive, which was drafted with consideration to the recommendations of the OECD’s Financial Action Task Force, founded to counteract money laundering and terrorist financing.
19.12.2016
Finnish Anti-Money Laundering Act Reformed: New Obligations, Tightened Supervision
Related services
This article presents the key obligations imposed on Finnish entities by the new Act. The parliamentary review of the Government Bill is still ongoing, but the Act is intended to enter into force at the beginning of 2017. At that moment, Finnish entities must comply with the requirements cited in this article, unless the text suggests otherwise.
All Entities Must Declare Their Beneficial Owners
Most of the amendments to the existing anti-money laundering provisions only concern entities that have a statutory reporting obligation (see list below), but there is one significant exception: the new Act obliges all legal persons to report their beneficial owners to registers maintained by the Finnish Patent and Registration Office. The details of the beneficial owners must be submitted to the register by 30 June 2019. Based on the Government Bill, the obligation to report beneficial owners would not concern companies listed on a regulated market.
In the Anti-Money Laundering Act, a beneficial owner refers to a natural person who owns or otherwise controls a legal person. As regards entities, persons holding more than 25% of the entity’s ownership or voting rights are considered beneficial owners. If such a share is held by another legal person, the entity must establish who the natural persons are who are able to make independent decisions in the holding entity. When determining the beneficial owners, entities must bear in mind that positions of control can also be based on, e.g. a shareholders’ agreement.
The following graph illustrates the obligation to report beneficial owners.
Overall, the amendments will make it easier for obliged entities to determine the beneficial owners of their customers by making the information available in a public register. However, it is worth noting that the authorities will not verify the information when it is entered into the register. This is why obliged entities should contact their customers directly to make sure the information is up to date. In addition, they should take into account that the information in the register of beneficial owners only covers the immediately following tier seen from the company in question. Complex ownership structures will still require additional investigation from obliged entities.
Statutory Identification Obligation to Be Based on the Entity’s Own Risk Assessment
The key obligations in the Anti-Money Laundering Act are customer identification and due diligence and the obligation to report suspicious transactions to the Financial Intelligence Unit of the Finnish National Bureau of Investigation. The provisions of the existing Act are fairly clear as to when and in what scope the obliged entities must identify their customers. In the future, the identification and due diligence obligation will be based on risk assessments performed by the entities themselves.
The risk assessment must be made in writing and cover risk factors relating to the obliged entity’s customers, countries or geographic areas, products, services, transactions or delivery channels. The Act requires obliged entities to have in place policies, controls and procedures to mitigate and manage effectively the risk factors identified in their operations. Obliged entities must also monitor and develop these policies, controls and procedures.
Those preparing a risk assessment should remember that the Act also requires a national risk assessment, which is to be prepared by the Finnish Ministry of the Interior. In addition, supervising authorities are obliged to make a risk assessment of the entities under their supervision. The national risk assessment and the supervisor’s risk assessment will probably provide a good starting point for the individual risk assessments of obliged entities. For example, according to Finland’s national risk assessment for money laundering and terrorist financing of 2015, the key risk items are generally related to real estate investments, transport of cash, front companies, online services, online shadow financial markets and customer fund accounts.
Obliged Entities Must Have Whistleblowing Channels
Many companies have opened various kinds of whistleblowing channels to make sure that their operations comply with the law as well as their internal policies. Finnish law already contains statutes that require whistleblowing channels in certain instances. Under the new Anti-Money Laundering Act, obliged entities will also have to establish an independent and anonymous whistleblowing channel for the reporting of suspected breaches of the Act.
When implementing these channels, companies must consider not just technical issues but also the requirements of data protection and employment laws. They should also prepare clear instructions on the use and purpose of the channel.
Administrative Sanctions Toughened and Made Public
Recent regulatory developments have tended towards toughened sanctions, which contributes to the prevention of violations. In the same vein, the sanctions provisions of the new Anti-Money Laundering Act are stricter than those of its predecessor. Furthermore, sanctions will in most cases be made public by the supervising authority.
The Government Bill proposes that the competent authority be given powers to impose a penalty payment on an obliged entity that intentionally or negligently breaches or fails to observe any of its following obligations under the law:
The penalty payment ranges between EUR 5,000 to EUR 100,000 for legal persons and between EUR 500 and EUR 10,000 for natural persons.
However, according to the Government Bill, obliged entities could be ordered to pay penalties much more severe than these if they intentionally or negligently commit serious, repeated or systematic breaches of the above requirements (with the exception of registration in the supervisory register). In this case, the penalty payment could be one million euros or max. twice the amount of the benefit derived from the breach, whichever sum is larger. The most severe penalties would be reserved for credit and financial institutions, which would pay max. five million euros or 10% of their turnover in the previous year, whichever is larger.
In addition, the competent authority can issue a public warning to an obliged entity for an intentional or negligent breach of its other obligations.
Concluding Remarks
It is estimated in the Government Bill that there will be almost 70,000 obliged entities in Finland alone. These entities should, obviously, evaluate the obligations created by the new Act as well as their practical fulfilment. The Act will also be visible in the daily lives of each entity and citizen through the increasing number of requests for information from obliged entities.
Latest news
Latest references
Finnish Construction Management Consultancy — District Court Dismisses charge in occupational safety offence case concerning a safety coordinator
We successfully represented a Finnish construction management consultancy and a safety coordinator employed by the company in criminal proceedings concerning an alleged occupational safety and health offence. The prosecutor sought a penalty for an alleged breach of occupational safety regulations. The charge arose from a fall accident at a construction site where our client acted as the safety coordinator appointed by the developer. We assessed the scope of the safety coordinator’s duties in relation to the responsibilities of the main contractor, as well as how our client had fulfilled their obligations in practice. We demonstrated that our client had acted with due care and in full compliance with their duties throughout the planning, preparation and execution of the construction project. The District Court of Eastern Uusimaa dismissed the charge against our client. The Court held that our client, in their capacity as safety coordinator, had duly fulfilled the occupational safety obligations incumbent on the developer during the planning and preparation phases of the construction project and had not been aware of the fall protection deficiency identified at the site. The judgment is final insofar as our client is concerned.
Case published 22.6.2026
Efima – Sale of financial management services business
We advised Efima Oyj on the sale of its financial management services business to Rantalainen as part of its strategic focus on fully concentrating on the delivery of business applications as well as data and AI solutions. As a result of the transaction, customer contracts related to financial management services and 65 experts working in these services will transfer to Rantalainen. The transaction will be carried out as a transfer of business, and the experts will move to the new owner as existing employees. Efima is a Finnish digital company that supports the sustainable growth of large and mid-sized companies by streamlining their business processes and by creating competitive advantage through the innovative use of artificial intelligence and data. The company has nearly 200 experts based in Helsinki and Tampere.
Case published 12.6.2026
Ugly Duckling Ventures – EUR 6.5 million funding round of Skyfora
We advised lead investor Ugly Duckling Ventures on the EUR 6.5 million funding round of Skyfora. The round also included Eviny Ventures, LUMO Labs and EIC Fund, alongside non-dilutive funding from Business Finland. The investment will support the commercial scale-up of Skyfora’s weather intelligence solutions, the expansion of partnerships with telecom operators, forecasting providers and meteorological institutions, and the continued growth of the team. Skyfora is a Finnish company developing high-resolution weather data solutions using patented technology that extracts atmospheric data from GNSS receivers embedded in existing infrastructure, such as telecom networks. By unlocking previously untapped data sources, Skyfora enables the next generation of AI-driven weather forecasting and supports improved decision-making across weather-sensitive industries. Ugly Duckling Ventures is a Copenhagen-based venture capital firm focused on early-stage Nordic B2B technology companies, with an emphasis on medtech, resilience tech and business services.
Case published 10.6.2026
General Atlantic – ICEYE’s EUR 1 Billion Series F Funding Round
We advised General Atlantic as the lead investor on ICEYE’s EUR 1 billion series F funding round, valuing the company at over EUR 10 billion. ICEYE raised EUR 450 million (USD 520 million) in a primary Series F funding round led by General Atlantic. Additional investors included Solidium, Tesi, Varma, Ilmarinen, Lifeline Ventures, Nokia, Qatar Investment Authority (QIA) and TCV. Together with a secondary placement, the total fundraising exceeds EUR 1 billion. ICEYE is the world leader in sovereign intelligence from space, providing continuous monitoring capabilities to detect and respond to changes in any location on Earth. The company operates the world’s largest and most advanced Synthetic Aperture Radar satellite constellation. General Atlantic is a leading global investor with more than four and a half decades of experience providing capital and strategic support for over 885 companies throughout its history. As of March 31, 2026, General Atlantic manages approximately USD 126 billion in assets across its investment strategies. We advised General Atlantic on this transaction in collaboration with the international law firm Paul, Weiss, Rifkind, Wharton & Garrison.
Case published 9.6.2026