This page summarizes the legal and supervisory framework and the operational expectations for financial institutions evaluating AML software Latvia, reporting via goAML Latvia, and implementing sanctions screening Latvia.
Last Updated: 2025-09-10.
Latvia’s AML/CFT regime is grounded in the Noziedzīgi iegūtu līdzekļu legalizācijas un terorisma un proliferācijas finansēšanas novēršanas likums (2008 AML Law), which transposes EU anti-money laundering directives into national law. The Financial Intelligence Unit of Latvia (FIU Latvia) serves as the country’s central AML authority, empowered to receive suspicious transaction reports and coordinate with law enforcement. The Financial and Capital Market Commission (FCMC) – now integrated into the Bank of Latvia (as of 2023) – is the chief supervisor for AML compliance across banks, credit institutions, insurers, payment/e-money institutions, and other financial sector entities. Key obligations under Latvian law include conducting comprehensive customer due diligence (CDD) on clients, identifying and verifying the beneficial owners of legal entities (≥25% ownership/control), screening for Politically Exposed Persons (PEPs) and applying enhanced due diligence where required, adopting a risk-based approach with ongoing monitoring of customer transactions, promptly reporting suspicious transactions to FIU Latvia via the goAML system, and adhering to international financial sanctions (UN/EU lists) by freezing and reporting any assets linked to designated individuals or organizations. Detailed recordkeeping of customer and transaction data is mandatory (generally for at least five years after the end of the relationship, extendable to ten years in special cases), and each institution must implement robust internal AML/CFT controls – including written policies and procedures, appointment of a dedicated compliance officer, regular staff training, and independent audits of the AML program’s effectiveness. Given Latvia’s heightened regulatory scrutiny in recent years and the complexity of modern financial crime, regulators expect automated, dynamic compliance controls with full audit trails and management oversight, rather than reliance on manual processes.
Latvian financial institutions leverage the H3M KROTON compliance platform to meet these AML/CFT obligations efficiently. The KROTON suite (including KYC Miner, Sanctions Miner, Scenario Manager, Link Miner, RUMI adverse media screening, and an integrated Case Manager) digitizes and automates all key compliance workflows. For example, KROTON auto-verifies customer identity documents and risk profiles at onboarding, screens clients and transactions against sanctions and PEP lists in real time, and monitors account activity against risk-based scenarios using rules and machine learning. Alerts and cases are consolidated on a 360° compliance dashboard, allowing compliance officers to investigate and document STR filings with full audit logs. By centralizing customer data, due diligence records, and reporting tools, the platform enables Latvian banks and fintech firms to fulfill AML/CFT requirements more effectively and demonstrate a strong control environment to regulators. In summary, Latvia’s regulatory framework imposes stringent AML/CFT standards, and the KROTON platform’s end-to-end capabilities help financial institutions maintain compliance with greater efficiency, transparency, and confidence.
Suspicious transactions must be reported immediately once suspicion is confirmed. Latvia’s AML law requires filing an STR via FIU Latvia’s goAML portal without delay (i.e. nekavējoties) as soon as a transaction is identified as suspicious.
At least five years after the end of the customer relationship, under Latvia’s AML Law. Financial institutions must keep all customer identification data, transaction records, and STR reports for a minimum of 5 years (with a possible extension up to 10 years if required by authorities) to ensure information is available for investigations and audits.
Yes – domestic Politically Exposed Persons (such as local public officials) are treated the same as foreign PEPs under Latvian regulations. Banks must apply enhanced due diligence, including obtaining senior management approval before onboarding or continuing a business relationship with a domestic PEP, collecting the person’s source-of-wealth and source-of-funds information, and conducting heightened ongoing monitoring (EDD measures apply for at least 12 months after the individual leaves office).
Customer due diligence must be performed before establishing any business relationship and for any one-off transaction of €15,000 or more (even if the person is not a regular client). In addition, CDD is required whenever there are signs of possible money laundering or terrorist financing, regardless of the transaction amount (i.e. if suspicion arises, identity and background must be verified no matter the value).
Latvian banks are required to screen all customers and transactions against current UN, EU, and applicable national sanctions lists. If a true match to a sanctioned person or entity is found, the bank must immediately freeze the assets or block the transaction and promptly report the incident to the competent authority (in line with Latvia’s sanctions law procedures).
Copyright © 2025 H3M Analytics Inc.
ISO/IEC 27001:2022 & ISO/IEC 22301:2019 certified — Certificates CFE/25/55892 and CFE/25/41059; valid 12 Aug 2025–11 Aug 2028
We use cookies to ensure that we give you the best experience on our website to personalise content and adverts and to analyse our traffic using Google Analytics.