Hoppa yfir valmynd

Anti-Money laundering and Terrorist-Financing

AML/CFT policies

The Governments policy on AML, CFT and CPF was published in July 2019. The policy states clear determination to on-going combat of money laundering, terrorist and proliferation financing. The policy seeks to promote further cooperation of competent authorities and ensure that all necessary measures are available. To that end, the policy sets forth priorities for Icelandic authorities, e.g. that: 

  • any suspicion of ML, whether in the case of an independent or predicate offence, is investigated as appropriate;
  • it is assessed in each instance whether charges should be laid for ML, whether independently or parallel to a predicate offence, ensuring that all such offences are subject to criminal prosecution as appropriate;
  • authorisations for the seizure and confiscation of unlawful gains from the offences in question are exercised in all instances where so justified.

Regarding CFT it is emphasized that it shouldn´t be assumed that due to its position in geographical and social terms, there is a negligible risk of such unlawful activities taking place in Iceland. Therefore, law enforcement authorities are called upon to:

  • be aware of government policy in this regard;
  • place greater emphasis on outlining and defining vulnerabilities in relation to TF risk based, among other things, on the NRA,
  • fulfil their obligation to prevent TF and to ensure that an investigation is conducted should a suspicion of such conduct arise in Iceland;
  • ensure that adequate procedures exist for the investigation and follow-up of such cases.

The Governments policy on AML, CFT and CPF

Overview of Anti-Money laundering and Terrorist-Financing responsibility in Iceland

Numerous authorities are involved in anti-money laundering and terrorist financing measures. These parties variously see to supervision, policy formulation or monitoring of implementation of the Act on Anti-Money Laundering and Anti-Terrorist Financing or direct the investigation and/or prosecution of such offences. Below is a review of the main parties related to the issue category, but for a more comprehensive overview, reference is made to the following organisation chart.


The tasks of different authorities are as follows:

Ministry of Justice (MOJ): Directs supervision of the issue category and appoints a task force on anti-money laundering and anti-terrorist financing.

Steering Committee on anti-money laundering and anti-terrorist financing measures: Sees to, for example, policy formulation and works on integrating measures regarding anti-money laundering and anti-terrorist financing.

Financial Supervisory Authority, Iceland (FSA): Monitors that the parties specified in par. 1 (a-k) of Art. 2 of Act no. 140/2018 conduct themselves in accordance with the act's provisions. This involves, for example, financial institutions, payment institutions electronic money companies and pension funds.

Directorate of Internal Revenue (DIR): Operates the Register of Companies and monitors that the parties specified in par. (l-s) of Art. 2 of Act no. 140/2018 adhere to provisions of the act. This involves, for example, the gaming sector, accounting firms, law firms, and realtors.

Financial Intelligence Unit (FIU): Independent administrative unit within the District Prosecutor's Office.Receives notices of transactions suspected of involving money laundering or terrorist financing. The unit analyses received notices, gathers necessary additional information and disseminates analyses to competent parties.

Directorate of Customs (DoC): Handles customs matters as the minister's agent. Among other things, sees to levying and collecting duties, monitoring imports and exports, and risk control analysis with customs checking.

District Prosecutor’s Office (DPO): Houses the FIU and exercises prosecutorial authority in cases involving offences under Art. 100 (a-c) of the General Penal Code and sees to investigating and prosecuting serious offences under the provisions of Art. 264 of the same act.

Law Enforcement Authorities (LEA): Investigates violations under the supervision the District Prosecutor or Chief of Police. In addition, chiefs of police open criminal cases other than those initiated by the Director of Public Prosecutions or the District Prosecutor.

Directorate of Tax Investigations (DTI): Responsible for investigations under the Income Tax Act no. 90/2003 and acts on other taxes and fees levied by the Directorate of Internal Revenue, or which the office is entrusted to implement.

National Commissioner of the Icelandic Police (NCIP): Handles police matters on behalf of the minister. Responsible for carrying out risk assessments under the Act on Anti-Money Laundering and Anti-Terrorist Financing and seeing to investigations related to terrorism.

Ministry for Foreign Affairs (MoFA): Among other things, responsible for the execution of Act no. 93/2008 on implementation of international sanctions. And Act no. 64/2019 on the freezing of funds and designation of entities on sanction lists in relation to terrorism financing and proliferation of weapons of mass destruction.

Ministry of Industry and Innovation (MoII): Responsible for supervision. Among other things, matters of the Directorate of Internal Revenue's Registration Division fall under the ministry. It will be responsible for the Act on Actual Owners according to an introduced parliamentary bill.

Ministry of Finance and Economic Affairs (MoFE): Responsible for supervision. Among other things, the matters of the Financial Supervisory, Iceland, fall under the ministry.

National Risk Assessment

Iceland’s second National risk assessment (NRA) was published on the 5th of April 2019.  The NRA is a result of a robust coordination by the National Police Commissioner, who is responsible for the preparation of the NRA and the Steering Committee on AML/TF related issues. According to Art. 4 of the 2018 Act on Anti Money Laundering and Countering Financing of Terrorism (AML Act) the NRA is to be revised every two years or more frequently if appropriate.

The Steering Committee held several consultative meetings in the preparation of the NRA and working groups, with participants from the supervisors, law enforcement agencies and competent authorities were established to work on individual aspects of the NRA, including the collection of data and intelligence.

The NRA includes an extensive assessment of both ML and TF components based on extensive intelligence gathering both of qualitative and quantitative nature:

  • from obliged entities
  • information and statistics from law enforcement authorities, supervisory authorities, custom authorities, tax authorities and the financial intelligence unit
  • information and statistics from other public authorities such as the Central Bank of Iceland, the statistics bureau of Iceland and The Icelandic Tourist Board
  • information and statistics from the Icelandic Register of Companies
  • reports and studies from other public authorities
  • institutional memory.
  • meetings with the private sector.

The NRA, which was carried out in accordance with the FATF methodology, took into consideration threats within the EU addressed in the EU Supranational Risk Assessment and country specific threats, known and potential. Part of the process was a preparation of a methodology paper to ensure a consistent approach by outlining, e.g. the goal and scope of the NRA, participants, timeline, information sources, responsibility and methods used. In addition, a two-day risk assessment seminar led by a specialist from the EU technical assistance attended by 35 Icelandic specialists. 

The NRA includes thorough assessment of all relevant sectors, e.g. the financial sector, DNFPB sector, gaming sector, legal persons and NPO‘s to name a few.

The NRA was published on the website of the National Commissioner of the Icelandic Police and on the webpages of the supervisors and introduce to obliged entities in meetings held by the supervisors.

National Risk Assessment.pdf

The government's Action Plan to follow up on the risk assessment by the National Commissioner of Police for money laundering and terrorist financing has been published on the Government Offices’ web, together with the government's policy in this area. The Action Plan provides an analysis of the major shortcomings identified in the risk assessment with recommended specific actions designed to prevent or mitigate the danger posed by the shortcoming and specifies the responsible authorities. The Action Plan seeks to ensure robust and effective implementation of measures for combatting money laundering and terrorist financing. 

Action Plan.pdf

Coordination and cooperation

Iceland has in place robust coordination mechanism through the Steering Committee on anti-money laundering and terrorist financing (Steering Committee), which is appointed by the Minister of Justice in accordance with article 39 of the AML Act. Members of the committee include members from relevant ministries, LEAs, supervisors, tax authorities and other parties asked with obligations related to ML and TF matters.

The Steering Committee has a legal basis and a broad mandate. The role of the Steering Committee is to: 

  • Attend to policy making and ensure oversight, cooperation and coordination regarding AML and CFT measures, including measures against PF of WMD.
  • Follow up on the recommendations made by FATF and ensure that improvements are made.
  • Promote coordinated supervision on the relevant legal basis.
  • Advise the government on issues regarding the FATF evaluation process.
  • Take part in both the implementation and changes of regulations relating to AML and CFT measures, as well as in the making of the NRA.
  • Promote training and enhanced knowledge on AML and CFT measures.

Mandate and members.pdf

Since its establishment, the Steering Committee has undertaken important actions in fulfilling its obligations as the national coordinator. Regarding information sharing, coordination and cooperation those actions include for instance:

  • Participation in the making of the newly published NRA, regarding for instance information sources, methodology, education and coordination.
  • Preparation of an action plan in response to the threats and risks identified in the NRA.
  • Holding regular meetings, at least once a month, where matters related to AML and CFT are addressed and coordinated, information and data are disseminated, and strategies and priorities discussed and decided upon. Since March 2018 the Steering Committee has held 18 meetings.
  • Preparing and adopting rules on the dissemination of information between public authorities where issues such as the type of information and data that should be disseminated, between which parties and by which means, are addressed. The rules stipulate that the public authorities that fall under the scope of the rules can share confidential information with each other, Cf. Art. 40(6) of the AML Act. Tengill í reglur
  • Endorsing that individual authorities and supervisors, charged with obligations relating to AML and CFT matters, enter into cooperation agreements, where their obligations regarding cooperation and sharing of information are documented and clarified.
  • Preparation and publishing of educational material regarding AML/CFT. This includes e.g. guidance regarding risk assessments for obliged entities, duties of responsible persons within obliged entities and performing of CDD. The Committee has also endorsed supervisors in the publication of educational material for the obliged entities under their supervision.
  • Preparing various regulations on AML/ CFT matters such as regulation on transfer of funds, high-risk countries, CDD, risk assessment, and regulation on the management of seized, frozen and confiscated property.
  • Preparing and adopting rules on operational procedure within the Steering Committee. Tengill í reglur

Additionally, in the advancement towards more efficient coordination and oversight, the Steering Committee has established the following on-going working groups, which are expected to meet whenever necessary and report back to the Steering Committee:

  • Working group on supervision.
  • Working group on law enforcement.
  • Working group on education and training.

To further strengthen the cooperation between different competent authorities tasked with AML/CFT related matters the relevant authorities have signed multilateral or bilateral agreements that elaborates further specific issues related to their cooperation as referred to in relevant recommended actions. The following bi-lateral and multi-lateral cooperation’s agreements have been established:

  • Financial Intelligence Unit, Financial Supervisory Authority and AML supervision division of Directorate of Internal Revenue.
  • District Prosecutors Office and Directorate of Tax Investigations.
  • Financial Intelligence Unit and National Commissioner of the Icelandic Police.
  • Financial Supervisory Authority, AML supervision division of Directorate of Internal Revenue and Ministry of Foreign Affairs.
  • Financial Intelligence Unit, National Commissioner of the Icelandic Police, Directorate of Customs and Police assigned to borders.
  • Directorate of Customs, Directorate of Internal Revenue and Directorate of Tax Investigations.
  • Directorate of Internal Revenue, National Commissioner of the Icelandic Police, District Prosecutors office and Ministry of Industry and Innovation.


Iceland has introduced major changes to legislation related to AML/CFT.

AML Act 140-2018.pdf(implementing the 4th and part of the 5th EU AML directives). 

  • Scope of the legislation extended to include new obliged entities.
  • All obliged entities to perform a risk assessment on their operations, which will then determine the type of customer due diligence needed. A simplified due diligence only permitted when risk assessment indicates less risk than in general.
  • Provisions on politically exposed persons made more detailed.
  • Increased access to information on customers and beneficial owners.
  • Increased powers of the financial intelligence unit.
  • Strengthened cooperation, coordination and communication between competent authorities.
  • Revised and strengthened provisions on sanctions.
  • Supervision strengthened. The Directorate for Internal Revenue new supervisor for DNFBPs.

Implemented Commission Delegated Regulation (EU) 2016/1675 on high-risk third countries, cf. regulation no. 71/2019.

  • Lists third-country jurisdictions which have strategic deficiencies in their anti-money laundering and the financing of terrorism regimes that pose significant threats to the financial system of the EEA.

Implemented regulation no. 2015/847 on transfer of funds, cf. regulation no. 70/2019.

  • Sets out rules on the information on payers and payees accompanying the transfer of funds.

Amendments to the Customs Act no. 88/2005, cf. Act. no. 9/2019.

  • Revised provisions on information on cross-border transfer of funds.
  • Sets out rules on the granting and withdrawal of AEO-license.

New Act on the registration of beneficial ownership no. 82/2019. Act on the Registration of Beneficial Ownership.pdf

  • Implemented Articles 30 and 31 of the 4th AML Directive, with amendments.
  • Obligation to identify all beneficial owners in the Business registry.
  • Access to information on beneficial owners granted to competent authorities.

New Act on freezing, listing, de-listing and proliferation no. 64/2019. Act on freezing listing and PF.pdf

  • Sets out procedural rules on the obligation to freeze funds and other economic resources of designated persons or entities.
  • Sets out procedural rules on listing, de-listing and unfreezing of funds and other economic resources and measures that obliged entities must take in order to determine whether customers are on the list of sanctioned countries.

Amendments to the Act on the Business Registry no. 17/2003, cf. Act. no. 64/2019.

  • Obligation to identify all beneficial owners in the Business registry.

Regulation on Risk Assessment no. 545/2019.

  • Obligation for obliged entities to conduct a written risk assessment on their operations and business.
  • Sets out rules regarding the methodology and procedure of risk assessments.

Rules on domestic co-operation / sharing of information cf. Art. 40(6) of the AML Act. endorsed by the Steering Committee on July 10, 2019. Rules on information sharing.pdf

Regulation on Customer Due Diligence no. 745/20189

  • Further guidance on the obligation of CDD, EDD and SDD.

Regulation on the management and disposal of property frozen, seized or confiscated. REGULATION on assets management 880-2019.pdf

Re-ratings by FATF

Iceland’s first follow-up report was discussed at the June FATF plenary and published on the FATF website in the beginning of September. Follow-Up Report Iceland 2019

Based on the progress made Iceland was upgraded on 14 recommendations:

  • Recommendation 9 on financial institutions secrecy laws was upgraded from largely compliant to compliant
  • Recommendation 10 on customer due diligence was upgraded from partially compliant to compliant
  • Recommendation 12 on politically exposed persons was upgraded from partially compliant to compliant
  • Recommendation 15 on new technologies was upgraded from partially compliant to largely compliant
  • Recommendation 16 on wire transfers was upgraded from partially compliant to compliant
  • Recommendation 17 on reliance on third parties was upgraded from partially compliant to compliant
  • Recommendation 18 on internal controls and foreign branches and subsidiaries was upgraded from partially compliant to largely compliant
  • Recommendation 19 on higher risk countries was upgraded from partially compliant to compliant
  • Recommendation 20 on reporting of suspicious transactions was upgraded from largely compliant to compliant
  • Recommendation 22 on designated non-financial businesses and professions; customer due diligence was upgraded from partially compliant to largely compliant
  • Recommendation 23 on DNFBPS other measures was upgraded from partially compliant to largely compliant
  • Recommendation 27 on powers of supervisors was upgraded from largely compliant to compliant
  • Recommendation 28 on regulation and supervision of DNFBPS was upgraded from non-compliant to partially compliant
  • Recommendation 35 sanctions was upgraded from partially compliant to largely compliant

Iceland now has 28 recommendations rated largely compliant or compliant. Since the delivery of data for the first follow up report Iceland has made significant progress in the remaining 12 recommendations and will be seeking upgrade in its second follow up report in December 2019.

The progress made includes:

  • The issuance of the National Risk Assessment in April 2019 complying with Recommendation 1 and progress made on national policies according to recommendations 2.
  • Strengthened legislation related to terrorist financing and proliferation by implementing the 2019 Freezing Act and therefore complying with recommendations 6 and 7.
  • The new Act on the Registration of Beneficial Ownership meeting the requirements made in recommendations 24 and 25.
  • Implementation of risk based supervision by both supervisors complying with recommendations 26 and 28.
  • Amending the Customs Act complying with recommendation 32.
  • Guidance issued and training provided for obliged entities in compliance with recommendations 34.


AML/CFT supervision is divided between two supervisory authorities in Iceland. The Financial Supervisory Authority (FSA) supervises the financial sector in Iceland which is comprised of 72 obliged entities. The Anti-Money Laundering unit of the Directorate of Internal Revenue (DIR) supervises Designated Non-Financial Business Professions (DNFBPs) in Iceland, which includes obliged entities such as law professionals, accountants, real-estate agents, the gaming sector and dealers in precious metals and stones.

Entities under the supervision of the FSA.

Sectors according to article 2 of Act no. 140/2018
Sector specific count
A. Financial undertakings, thereof
  • Commercial banks
  • Savings banks 
  • Credit undertakings 
  • Investment firms 
  • Management companies of UCITS 
B. Life insurance undertakings
C. Insurance brokers and agents
D. Payment institutions
E. E-money institutions
F. Branches of foreign entities according to points A-E
G. Agents and distributors of foreign and domestic entities according to points A-E
H. Pension funds
I. Currency exchange providers
J. Virtual currency exchange service providers
K. Service providers of electronic wallets

Entities under the supervision of the DIR

Sectors according to article 2 of Act no. 140/2018
Sector specific count
A. Accountants, tax advisors, bookkeepers Management companies of UCITS
B. Lawyers
C. Real estate agents
D. Rental agents (monthly rent over 10.000 euros)
E. Dealers of art
F. Trust and company service providers
G. Cash intensive business (over 10.000 euros)
H. Dealers in precious metals and stones (including designers and watchmakers)
I. Gaming sector (Lotteries, slot machines etc.)

* In total 30 accounting firms

** In total 183 law firms

*** In total 120 real estate agencies


The FSA has developed a comprehensive risk assessment of all obliged entities under its supervision based on a predetermined methodology and applies a risk-based approach to supervision. The FSA´s risk assessment model is based on a variety of sources, e.g. the risk-based supervision guidelines of the three European Surveillance Authorities (ESA’s) and FATF guidance. In connection with the FSA´s implementation of a risk-based approach to supervision, the authority has taken several steps in order to deepen its understanding of the risk that obliged entities are exposed to, e.g. seeking valuable assistance for other supervisory authorities and extensive training of FSA employees.

According to FSA´s methodology the risk assessment is updated every year at a minimum and if changes are identified with regard to risk exposure of obliged entities.

The FSA´s risk assessment model entails an identification and assessment of the risk of ML/TF connected with the business model of the obliged entities and the quality of their internal controls. The factors considered in the risk assessment are the following:

  • Nature, scale and complexity of the entity.
  • Type of customers.
  • Distribution channels.
  • Products/services.
  • Geography.

The factors that are considered in connection with the quality of internal controls, are for example:

  • Corporate governance.
  • Risk assessment.
  • Employee training.
  • CDD.
  • STR´s.
  • Ongoing monitoring.
  • PEP monitoring.
  • TFS compliance.
  • Record keeping.

The FSA´s assessment is on the one hand an assessment of individual obliged entities and on the other a sectoral assessment of all obliged entities. Obliged entities are divided into four risk categories, “low”, “medium low”, “medium high” and “high”. Individual risk assessments are based on information from obliged entities, among other things on their risk profile and the FSA´s information on the quality of internal controls. The sectoral risk assessment is on the one hand based on the FSA´s risk assessment of obliged entities and on the other on the NRA from April 2019.

Among the factors that form the basis of the FSA´s risk assessment is exposure towards foreign jurisdictions (including high-risk countries), number of PEP´s, number and type of correspondent relationships, type of licenses and services provided. The risk score is then used as a basis for the FSA´s risk assessment of obliged entities. In a written risk assessment, the risk factors regarding the obliged entity are outlined as well as other relevant factors (either from the questionnaire or from supervisory engagement).

FSA has the equivalence of six full time employees dedicated to AML/CFT which constitutes as a 100% increased since 2017.

During the past year the FSA has considerably increased its guidance and feedback to obliged entities. In addition to partaking in the production of guidance’s issued by the Steering Committee, the FSA has produced its own guidance material discussed under guidance and training.

 One of the new tasks the FSA has been charged with is supervision of obliged entities´ risk-based approach to AML/CFT measures. The requirement to perform the risk assessment came into force on 1 June 2019 and since that time the FSA has conducted supervisory actions in order to ensure that obliged entities under its supervision are applying a risk-based approach to their measures, including with regard to on-going monitoring. Before the requirements entered into force the FSA provided extensive guidance to obliged entities on the purposed requirements.


Iceland recently had a systemic change when it comes to supervision of DNFBPs when it in 2018 established a new supervisor within the Directorate of Internal Revenue. The new supervisor is tasked with supervising the whole DNFBP sector including law professionals and the gaming sector which until then had been unsupervised. The supervisor is strategically located in the same authority that supervises the business registry, the registry of beneficial ownership, the registry of annual accounts and tax returns. Access to information safeguarded by those authorities is an important factor in effective AML/CFT supervision. As required by the AML Act the outgoing supervisors assisted the newly established supervisor within DIR in the transition process. The DIR as well received assistance from the investigation and surveillance division and the business registry to set up a surveillance plan and strategy, procedures, standards and a supervisory approach.

Since its establishment the DIR has taken several steps to deepen its understanding of risks in the sectors it supervises. Among other things, the DIR has visited sister authorities in Scandinavia, cooperated closely with other domestic authorities, prepared and published extensive guidance material for DNFBPs, engaged in various dialogue with OE’s where assistance, directions, answers and other types of feedback were provided, conducted seminars and presentations for all sectors of DNFBPs, carried out numerous on-site and off-site inspections, sent various circulars and informational letters to all DNFBPs.Based on the risk based approach the DIR has also developed both a comprehensive sectoral risk assessment of sectors subject to its supervision along with an individual risk assessment of most obliged entities subject to its supervision. The sectors are divided into four risk categories, “high”, “significant”, “medium” and “low”. For the sectors considered as high risk in the NRA and the DIRs risk assessment, the DIR has concluded assessing risk for OE’s within the sector until updates take place. The DIR has also almost fully concluded such work for OE’s within sectors considered as significant risk. The DIRs individual risk assessments are based on various factors, e.g. the EU risk assessment, the NRA, the DIRs sectoral risk assessment, the DIRs calculation of an OE’s risk score, information from other competent authorities, STRs, information and replies from the respective OE, media coverage, etc. Currently, the calculation of risk score is being carried out manually. Shortly, such work will be carried out in an automated way with the use of an IT-tool. The DIRs sectoral risk assessment is based on the EU risk assessment, the NRA and the total risk score of the OE’s within the sector concerned.

According to the DIRs procedures, the risk assessments for OE’s considered as high risk and significant risk will be updated annually or when any changes occur which may affect the calculation of the respective OE’s risk score. Risk assessments for OE’s considered as medium risk will be updated biannually or when any changes occur and for OE’s in sectors considered to pose low risk the risk assessments will be updated every three years or when any changes take place.

The DIRs risk assessment model contains an assessment of the risk of ML/TF related to the business model of the respective OE and the quality of its internal rules, controls and procedures along with information supplied by the respective OE. The following factors are considered when risk is assessed for an individual OE:

  • Nature, scale and complexity of the OE
  • Customer types (e.g. number and extent of foreign clientele, PEPs, etc.)
  • Distribution channels
  • Types of products/services offered
  • Geography

An example of the factors that are considered relating to the quality of the respective OE’s internal rules, controls and procedures are:

  • Corporate governance
  • Risk assessment
  • Employee training
  • CDD and ODD measures
  • STR’s
  • PEP monitoring
  • TFS compliance
  • Record keeping

The DIR has three full time employees within the AML/CFT unit. Other divisions within the DIR, e.g. tax control, are also tasked with assistance to the unit when necessary and trained to carry out such work, e.g. on-site inspections.

 Since the requirement to conduct a risk assessment entered into force on 1 June 2019, the DIR has (as of 1 October 2019) carried out 13 on-site inspections, 38 traditional off-site inspections and 60 topic specific off-site inspections.

Money Laundering investigations and prosecutions

Money laundering investigations have been a priority in Iceland since 2017. The table below shows that ML investigations increased significantly from 2016 to 2018 or 511%. This increase can be attributed to several factors, e.g. more focus on money laundering, more investigative resources and more anti-money laundering training for investigators. Since 2017 number of investigators/specialists investigating ML and the underlying predicate offence have been increased by 8.

The table further shows that prosecution almost always leads to conviction which demonstrates high-quality investigations.

After 2016

* 30 April 2019

The increased focus on Money-Laundering investigations and prosecutions have also lead to substantial increased in assets frozen and seized as seen below.

Table 1. Assets Frozen or Seized Annually 2015 – June 2019
Amounts EUR
1.599.362,08 €
377.665,44 €
18.695.575,62 €
14.700.436,90 €
11.995.009,93 €

Icelandic authorities have in addition established extensive framework on the handling and maintenance of frozen and seized assets, including the selling of assets that can lose their value.

Terrorist Financing Investigations

The National Security Unit (NSU) of the National Commissioner of the Icelandic Police is responsible for investigating TF offences. Investigation procedure is formal, based on guidelines on how to proceed in TF cases and in accordance with the Police Act No. 90/1996 and Act on Criminal Procedure No. 88/2008.

All notifications and indications of possible TF offences are taken into consideration without delay. The first step is pre-screening of a case. The objective of the pre-screening is to assess whether there is a cause to take measures or actions in order to prevent or stop certain conduct, irrespective of whether a criminal offence is suspected. If pre-screening leads to a credible indication or reasonable suspicion of a TF offence, further processing, screening and investigation is prioritized. no confirmed TF cases have been identified in Iceland.

Notifications and indications of possible TF offences reach the NSU in a variety of ways. Most often, notifications are analytical reports from the FIU, based on STR´s, but other kinds of notifications and indications are also known. The NSU receives annually 7-12 notifications related to possible TF which are investigated without delay. No confirmed TF cases have been identified in Iceland.

In addition to investigate TF offences, it’s one of the NSU’s priorities to prevent, stop and disrupt possible TF offence and reduce the risk of TF. In order to enforce measures, the NSU uses authorised methods and actions and has wide cooperation with other police authorities, foreign sister- and police authorities and other competent authorities. Since 2017 number of investigators/specialists investigating TF have been increased by 2.

Financial Intelligence Unit

Iceland’s Financial intelligence unit was moved from the National Commissioner’s Office in July 2015 and is now an independent unit within the District Prosecutors Office. The FIU is a member of the Egmont group and has participated in its meetings since 2016. Human resources at the FIU have been largely increased since July 2015 and there are currently five full time positions at the FIU. However, Icelandic authorities have provided funding for three additional positions, raising the total number of full-time employees to eight.

Regarding IT resources, the implementation of the goAML IT system, which is an automated system for the filing and registration of suspicious transaction reports (STR), has been in the process since early 2019. It is expected to be up and running in April/May 2020. The increase in human resources will compensate for the time it takes to implement the goAML system and allow for a faster and more efficient processing of reports. Furthermore, it will increase the FIU´s capacity for analyzing work once the goAML system has been fully implemented.

The FIU receives STRs from reporting entities and obtains necessary additional information to conduct further analysis. The FIU performs operational analysis which are disseminated to the relevant competent authorities e.g. the District Prosecutors office, the Metropolitan Police and the Tax Authorities. The FIU also conducts strategic analysis.

Since 2015 STRs from reporting entities to the FIU have increased significantly. This increase is mainly because of the outreach to the reporting entities by the competent authorities in Iceland.

Type of reporting entity
July – Decembe 2015
January – December 2016
January – December 2017
January – December 2018
January – August 2019
Total No. of STRs filed

Due to the increased human resources the FIU has been able to conduct more analyzing work since July 2015 which is evident by the number of analysis completed.

July 2015 – December 2016
2019 (August 2019)
39 Analysis
72 Analysis
76 Analysis
51 Analysis
12 were investigated/still investigated.
25 Being investigated or additional information into an ongoing investigation
44 Being investigated or additional information into an ongoing investigation
46 Being investigated, additional information into an ongoing investigation
2 were investigated but no indictment/referred to the DPO.

In addition to the forgoing the FIU has also seen an increasement in relation to other tasks, e.g. requests to and from the FIU through ESW, spontaneous dissemination to and from the FIU through ESW, requests from LEAs and other competent authorities, meetings and conversations with reporting entities and meetings with other competent authorities.

Access to beneficial ownership information

Icelandic authorities can access basic and beneficial ownership in various ways. Competent authorities have access to the business registry, which collects basic information related to companies established in Iceland. Information can furthermore be acquired from the shareholder registry which all companies are required to maintain (e.g. Art. 19 of the Private Limited Company Act). As shareholder is not necessary the beneficial owner, all companies are required since 13 June 2019 when the Act on the registration of Beneficial Owner came into force to maintain a registry of beneficial ownership as well, where information may be sought.

Competent authorities can in addition acquire beneficial information from FI’s and DNFBPs.  As parts of their customer due diligence under the Anti-Money laundering Act all obliged entities are required to collect sufficient and reliable information related to the beneficial owner and verify that information independently. Over 97% of legal entities established in Iceland have a bank account with Icelandic financial institution and information on all bank accounts are held in a central database operated by an IT service centre for the Icelandic financial market.

The FIU and the supervisors can, Cf. Art. 20(2) and 38(3) of the AML ACT, retrieve information from legal and natural persons, including FI’s and DNFBPs, without a court order Cf. Art. 20(2) of the AML Act.

It is standard procedure by the DPO in financial investigations to obtain information on the beneficial ownership through the Business Registry‘s database. At the same time information about the beneficial owner is obtained by a court order from the respective financial institution related to bank accounts, KYC, the original documents for establishing a banking relationship and/or banking accounts, AML checks, authorised signatories for bank accounts, online banking information and a bank statement showing transfers and the balance on bank accounts. This is done in all cases where there is suspicion of economic crime involving a limited liability company.

Requesting court orders related to beneficial ownership is a standard procedure and due to the smallness of Iceland the procedures normally take less than one day.

Information related to beneficial ownership can furthermore, be sought through annual accounts, tax returns and regular police work, e.g. house searches.

International Sanctions and proliferation financing

The main legislation in force related to financial sanctions and proliferation financing are the Financial Sanction Act from 2008 and the Freezing and Designation Act from 2019.

According to the former Act all legal and natural persons are obliged to comply with sanctions related to:

  • prohibitions on trade and investments,
  • import and export bans, including on weapons,
  • a freezing of funds and other assets,
  • a ban on contacts, including telecommunications and cultural relations,
  • a travel ban applicable for individuals, vehicles, airplanes and ships
  • a ban on providing services and training,
  • a ban on providing economic and technical assistance,
  • a ban on economic activity and enterprise participation, and
  • -other similar measures taken to maintain peace and security and/or to secure respect.

The latter Act imposes additional requirements on obliged entities, i.e. that financial institutions implement sanction screening system that automatically screen their business transactions against sanction lists and that other obliged entities have specific polices and procedures to ensure that their customers are not subject to international sanctions. The latter Act furthermore lays down comprehensive framework related to designating entities to the UN sanctions lists under Resolutions 1267, 1718 and 1737. It furthermore, addresses the handling of requests from other countries made under UN Resolution 1373.

The FSA has in its on-site and off-site inspections since 2017 investigated compliance of 13% of the financial sector to the 2008 Act, based on risk-based supervision and have since the entering into force of the 2019 Freezing Act inspected 28% of the financial sectors compliance with the requirement to have sanction screening systems.

The DIR has since the entering into force of the 2019 Freezing Act investigated the compliance of whole of the accounting sector (100%) and 50% of the legal sector. In all inspections accountants and law firms had in place appropriate policies and procedures to enable them to identify if their customers are subject to financial sanctions. Which shows high awareness of those two sectors.

Guidance and training

Since 2017, Icelandic authorities have placed great emphasis on education and to raise the risk awareness among obliged entities. To achieve this objective, the authorities have published extensive educational material. In total competent authorities have issued 24 guidance’s on several issues.

Material issued by the Steering Committee includes guidance on:

  • Responsible Person
  • High-risk Countries
  • Employee training
  • STR’s
  • NPO’s Best Practices
  • Customer Due Diligence
  • Risk Assessment
  • Targeted Financial Sanctions

Material issued by supervisors includes guidance on:

  • Red flags and typologies in the Banking Sector
  • Risk factors and typologies in the Securities Market
  • Risk factors in the Life Insurance Sector
  • Risk factors related to issuance of E-money
  • Risk factors related to Money and Value Transfer
  • Red flags and typologies in the Accounting Sector
  • Red flags and typologies in the Legal Sector
  • Red flags and typologies in the Real Estate Sector
  • Red flags and related to cash intensive business
  • Red flags and typologies in the Gaming Sector
  • Cross-sectoral material for small entities.
  • Five typology reports issued by the FIU

Based on the guidance’s issued competent authorities have held several training events for obliged entities, i.e. both the financial and the DNFBP sector. The training events covered issues as:

  • The NRA from April 2019
  • Main aspects of ML and TF
  • Obliged entities risk assessments
  • Customer due diligence, including SDD and EDD
  • Beneficial owner
  • High-risk countries
  • On-going monitoring
  • Investigation of suspicious transactions
  • Filing of STR and SAR reports to the FIU
  • Employee training
  • Issues relating to tipping off
  • Person responsible for AML/CFT measures
  • Targeted financial sanctions compliance

The raising of risk awareness through guidance and training seminars has resulted in significant increase in STR‘s. In additions, the supervisors note enhanced understanding of risk by the sectors they supervise and high compliance to their obligations. Continued outreach is a part of the strategy of Icelandic authorities as further stipulated in the Action Plan approved by the government.

Non-profit Organisations

Iceland assessed risk related to Non-Profit Organisations (NPOs) in its 2019 National Risk Assessment. The assessment mirrored the results of FATF’s Mutual Evaluation Report of Iceland published in April 2018, i.e. lack of oversight of NPOs and interagency cooperation. The NRA concluded that 40-50 NPOs could be at-risk based on their cross-border activities in high-risk or vulnerable countries or regimes.

TF risk in Iceland is considered to be low based on the fact that the country is a homogeneous society with relatively few residents, where about 12.6% of them are of foreign origin – mostly from other European countries. The frequency of crime rate is low, and Iceland has no special ties to states regarded as high risk with respect to terrorist threat. Furthermore, there are no confirmed cases in Iceland related to terrorist financing, terrorist offences or support for such conduct. No suspicion of TF related to NPO’s has been reported to the FIU or the NSU. To sum up the conditions in Iceland:

  • No terrorism has been perpetrated in Iceland after the enactment of the current provisions on terrorism.
  • There are no indications of terrorists or terrorist groups operating in Iceland.
  • There are no indications that Icelandic terrorist groups are operating in other countries.
  • There are no visible signs that a community of extremist religious and life stance associations has formed in Iceland
  • There are no visible signs that leaders or influencers engage in or organise indoctrination of extremist ideology or urge terrorism.
  • There are no indications of trips of foreign fighters from Iceland.
  • The number of received and sent requests, based on international collaboration on sharing of information regarding terrorist financing, is very small.

Since the publication of the NRA in April 2019 Icelandic authorities have issued a best guidance for NPOs and reached out to the NPOs identified at-risk and held a seminar for over 50% of the NPOs identified to be at-risk where issues as best Practices in the NPO sector, high-risk countries, risk assessment, customer due diligence and notifications to the FIU were discussed. Icelandic authorities have already scheduled further seminars in October.

Icelandic authorities have in addition put forth a legislation requiring NPOs to be registered in the Business Registry and to register detailed information regarding their purpose, operations, representatives and whether they conduct activities cross border. The legislation was passed as law in 10. October. NPO Act 119-2019.pdf

All relevant authorities responsible for monitoring NPO’s or if the case may be, investigating and prosecuting, are represented in the Steering Committee on AML/CFT measures, i.e. the Business Registry / Directorate of Internal Revenue, National Commissioner of the Icelandic Police, District Prosecutors Office, the Ministry of Industry and Innovation and the Central Bank of Iceland. The role of those authorities is as follows.

  • The Business Registry is responsible for receiving information related to NPO’s under the NPO Act, Act on the Business Registry and Act on the Registration of Beneficial Ownership, verifying the validity of the information and on-going monitoring of accuracy of information in the registries. The Business Registry is responsible for applying sanctions under the Act on the Business Registry and Act on the Registration of Beneficial Ownership.
  • The Directorate of Internal Revenue is responsible for receiving and verifying NPO’s financial statements.
  • The National Commissioner of the Icelandic Police is responsible for investigating TF cases, including those involving NPO’s (Art. 1(1)(b) of regulation No 660/2017 on Administration of Police Investigations and cooperation between the District Prosecutor and Chief Police Commissioner)
  • The District Prosecutors Office is responsible for prosecuting TF cases (Art. 23(a) of the Criminal Code).

Those authorities have made a cooperation agreement which includes provisions on cooperation, coordination and information sharing.

For further information please contact the Ministry of Justice. Email: dmr(@)dmr.is


Contact us

Tip / Query
Please answer in numerics