This page summarizes Bulgaria’s legal and supervisory framework and operational expectations for financial institutions evaluating AML software in Bulgaria, submitting STRs via the FIU’s goAML system, and implementing sanctions screening in Bulgaria. Bulgaria’s AML/CFT regime is anchored in the Measures Against Money Laundering Act (MAMLA, which transposes EU AML Directives) and the Measures Against Terrorist Financing Act (MATFA). The Financial Intelligence Directorate at SANS (FID-SANS) serves as Bulgaria’s Financial Intelligence Unit, receiving and analyzing suspicious transaction reports, while the Bulgarian National Bank (BNB) and Financial Supervision Commission (FSC) oversee compliance in banking, payments, insurance, securities, and other sectors. Obliged entities must implement robust controls across the customer lifecycle – thorough customer due diligence (CDD) at onboarding and ongoing monitoring, identification and verification of ultimate beneficial owners (UBOs), enhanced due diligence (EDD) for high-risk clients like Politically Exposed Persons (PEPs), continuous screening against EU/UN sanctions and local terrorist lists, prompt suspicious transaction reporting to FID-SANS, comprehensive recordkeeping, and internal audits/training to maintain an effective risk-based program. Manual processes are inadequate given digital transaction volumes; regulators expect automated, auditable systems. This report was developed in collaboration with Alsas Ltd..
Last Updated: 2025-09-06
Reports must be filed to FID-SANS without delay as soon as reasonable suspicion is formed (MAMLA Art. 72). In practice, STRs are submitted electronically via the FIU’s goAML portal, and tipping off the customer is strictly prohibited.
At minimum, customer and transaction records must be kept for 5 years after the end of the relationship or the one-off transaction (MAMLA Art. 67). This period can be extended (up to a total of 12 years) if required by the FIU or other provisions of law, ensuring older records remain available for investigations.
MAMLA requires full customer due diligence for new account relationships and for one-off transactions above certain thresholds. Generally, CDD is triggered at €15,000 for non-cash transactions (or €5,000 if in cash) and for all wire transfers ≥ €1,000 (including cryptocurrency transfers), and anytime there is suspicion of money laundering or terrorist financing regardless of amount.
Financial institutions must apply Enhanced Due Diligence for Politically Exposed Persons. This includes obtaining senior management approval before onboarding or continuing a business relationship with a PEP, establishing the PEP’s source of wealth and source of funds, and conducting heightened ongoing monitoring of the relationship. Bulgaria does not exempt domestic officials from PEP status – both local and foreign PEPs (and their close associates/family members) are treated as high-risk, with a 12-month “cooling-off” period after a person ceases to be a PEP.
Bulgarian obliged entities are required to screen customers and transactions against the European Union’s consolidated sanctions list (which incorporates UN Security Council sanctions) as well as any domestic list of designated persons under Bulgarian law. If a match to a sanctioned or terrorist-designated person is identified, the institution must immediately freeze the assets and report the hit to authorities (FID-SANS and the relevant regulator), in accordance with MATFA and EU regulations.
Copyright © 2025 H3M Analytics Inc.
ISO/IEC 27001:2022 & ISO/IEC 22301:2019 certified — Certificates CFE/25/55892 and CFE/25/41059; valid 12 Aug 2025–11 Aug 2028
We use cookies to ensure that we give you the best experience on our website to personalise content and adverts and to analyse our traffic using Google Analytics.