Finland's AML supervisory regime has tightened significantly. The Finnish Financial Intelligence Unit – Rahanpesun selvittelykeskus (Financial Intelligence Unit of Finland) – and the Finnish Financial Supervisory Authority, Finanssivalvonta (FIN-FSA), have jointly signalled stricter enforcement of existing anti-money laundering legislation. Enhanced obligations are now actively applied across a broader range of obliged entities, effective from early 2025. International companies operating in Finland risk supervisory sanctions, access restrictions, and reputational harm if compliance gaps are not addressed immediately.
Finland's updated AML compliance obligations apply to financial institutions, payment service providers, corporate service providers, real estate agents, and certain professional service firms operating in the country. The changes tighten know-your-customer (KYC) procedures, beneficial owner verification, and correspondent banking due diligence. Obliged entities must review and update their internal compliance programmes without delay – supervisory inspections are actively under way.
This alert outlines what has changed, which business categories are affected, and the immediate steps international companies must take to remain compliant under Finnish anti-money laundering legislation.
What has changed: the regulatory development and effective date
Finnish AML legislation – which transposes successive EU AML directives into national law – has been subject to tightening enforcement guidance since the start of 2025. The FIN-FSA has issued updated supervisory expectations requiring obliged entities to apply a more granular risk-based approach to customer due diligence.
Three specific shifts are now in effect. First, KYC documentation requirements have been elevated. Obliged entities must collect and verify source-of-funds information at the point of bank account opening and credit facility application, not merely at onboarding. Second, beneficial owner identification obligations have been extended. Where ownership is layered through holding structures, entities must now trace and verify the ultimate beneficial owner to a higher standard of certainty. Third, correspondent banking relationships are subject to enhanced scrutiny. Finnish credit institutions engaging in correspondent banking with non-EEA counterparties must conduct and document enhanced due diligence, with formal approval at senior management level.
These changes carry direct consequences. A failure to maintain current KYC files. or to update them following a material change in a client's structure. now constitutes a standalone supervisory breach, regardless of whether any underlying suspicious transaction has been identified. See also our analysis of AML updates in Portugal for a comparative EU-level perspective on how member states are implementing similar obligations.
Who is affected: business categories and threshold criteria
Finland's AML legislation defines obliged entities broadly. The following business categories are directly affected by the updated supervisory expectations.
- Credit institutions and payment service providers licensed in Finland or operating through a Finnish branch
- Corporate service providers – including registered agents, company formation agents, and virtual office operators
- Real estate agents and property transaction intermediaries
- Accountants, auditors, and tax advisers providing services to corporate clients
- Legal professionals handling client funds, company formation, or real property transactions
The risk-based approach applies across all entity sizes. There is no de minimis threshold that exempts a small operator. However, the intensity of required due diligence is calibrated to the assessed risk level of the customer relationship. High-risk indicators include: customers incorporated in non-EEA jurisdictions, complex ownership chains involving multiple layers of holding companies, customers operating in cash-intensive sectors, and transactions linked to jurisdictions identified as high-risk in the FIN-FSA's published guidance.
International companies accessing Finnish banking services – including bank account opening and credit facility applications – should anticipate heightened documentary requests from their Finnish banking partners. Finnish banks are under active supervisory pressure to enforce these standards at onboarding and on an ongoing basis.
For advice tailored to your business category in Finland, reach out to info@ferrazwhitmore.com.
What to do now: immediate actions and compliance timeline
Companies operating in Finland – or seeking access to Finnish financial services – should treat the following actions as urgent priorities.
Review your KYC files immediately. Every obliged entity must confirm that its customer files are current. Files that pre-date the updated supervisory guidance may be incomplete under the new standards. Where gaps exist, initiate updated due diligence without delay. Do not wait for a supervisory request.
Verify and document beneficial ownership. For each corporate client or counterparty, trace the ownership chain to the ultimate beneficial owner. Where ownership exceeds defined thresholds under Finnish company legislation, that individual must be identified, verified, and recorded in your internal registers. Reliance on unverified self-certification is no longer sufficient.
Update your internal AML policies and risk assessments. Your written risk assessment must reflect current FIN-FSA guidance. Policies that reference older supervisory standards should be revised. Staff must receive updated training before the next supervisory inspection cycle.
Assess your correspondent banking relationships. If your entity maintains or relies on correspondent banking arrangements with non-EEA institutions, document the enhanced due diligence conducted on each relationship. Senior management sign-off must be recorded and retained.
Engage a lawyer in Finland with AML compliance experience. The consequences of a supervisory finding range from formal warnings to licence suspension. A law firm in Finland with cross-border financial regulatory experience can assess your current compliance posture before the FIN-FSA does. International companies can access full details of our Finnish banking and finance legal support at banking and finance services in Finland. For companies also operating in Finnish capital markets, our capital markets practice in Finland covers AML obligations specific to securities and investment activity.
About Ferraz & Whitmore
Ferraz & Whitmore is an international law firm based in Lisbon, advising business clients across 46 jurisdictions. Our banking and finance practice covers AML compliance, KYC programme design, correspondent banking due diligence, and regulatory investigations across European and international markets. We work with financial institutions, corporate service providers, and international businesses navigating the obligations imposed by Finnish and EU anti-money laundering legislation. The firm's Lisbon base provides direct access to EU regulatory developments, and our dual-tradition expertise – Portuguese civil law and English common law – supports clients managing compliance requirements across multiple legal systems. Our attorneys have advised on AML-related matters in both civil law and common law jurisdictions, and the firm participates in cross-border practice groups focused on financial regulation. To discuss your AML compliance position in Finland, contact us at info@ferrazwhitmore.com.
Disclaimer: This publication is provided for informational purposes only and does not constitute legal advice. The information herein should not be relied upon as a substitute for professional legal counsel tailored to your specific circumstances. Ferraz & Whitmore assumes no liability for actions taken or not taken based on the contents of this material. For advice regarding your particular situation, please contact info@ferrazwhitmore.com.