Date	LOV-2018-06-01-23
Ministry	Ministry of Finance
Entry into force	15.10.2018
Last consolidated	LOV-2025-06-20-47 from 01.07.2025
Abbreviated title	Anti-Money Laundering Act
Original title	Lov om tiltak mot hvitvasking og terrorfinansiering (hvitvaskingsloven)

Amendment Acts incorporated in this text: Act 15 March 2019 No. 6 (in force 1 January 2020), act 18 June 2021 No. 127 (in force 1 July 2021), act 22 June 2022 No. 79, Act 18 March 2022 No. 12 (in force 1 January 2023), Act 16 December 2022 No. 90 (in force 1 January 2023), Act 16 December 2022 No. 91 (in force 1 July 2023), Act 12 May 2022 No. 28 as amended by Act 21 June 2024 No. 46 (in force 1 January 2025), Act 25 June 2024 No. 60 (in force 1 July 2024 and 1 January 2025), Act 27 May 2025 No. 19 (in force 1 July 2025), Act 20 June 2025 No. 47 (in force 1 July 2025).
Corrected: 23 October 2024.

This is an unofficial translation of the Norwegian version of the Act and is provided for information purposes only. Legal authenticity remains with the Norwegian version as published in Norsk Lovtidend. In the event of any inconsistency, the Norwegian version shall prevail.

The translation is provided by Finanstilsynet (the Financial Supervisory Authority of Norway).

Chapter 1. Introductory provisions

Section 1.Purpose of the Act

(1) The purpose of the Act is to prevent and detect money laundering and terrorist financing.

(2) The measures in the Act shall protect the financial and economic system, as well as society as a whole, by preventing and detecting the use or attempted use of obliged entities for purposes of money laundering or terrorist financing.

Section 2.Definitions

The following definitions shall apply for purposes of this Act:

a.	money laundering: acts as described in Section 332 and Section 337 of the Penal Code

b.	terrorist financing: acts as described in Section 135 of the Penal Code or financing as described in Section 136 a of the Penal Code

c.	obliged entity: person as referred to in Section 4 subsections (1), (2) and (5)

d.	transaction: any transfer, mediation, conversion or investment of assets

e.	beneficial owner: natural person who ultimately owns or controls the customer, or on whose behalf a transaction or activity is being conducted

f.	politically exposed person: person who serves or has served in the position or function of:

1.	head of State, head of government, minister and assistant minister

2.	member of national assembly

3.	member of a governing body of a political party

4.	member of a high-level judicial body, the decisions of which are not subject to further appeal, except in exceptional circumstances

5.	member of the board of an auditor general's office, a court of auditors or a central bank

6.	ambassador, chargé d'affaires or high-ranking officer of the armed forces

7.	member of an administrative, management or supervisory body of a State-owned enterprise

8.	director, member of the board or other person in the senior management of an international organisation.

g.	close family member: parent, spouse, registered partner, co-habitant and child, as well as child's spouse, registered partner or co-habitant

h.	person known to be a close associate: natural person who is known to:

1.	have joint beneficial ownership of a legal entity, association or foreign legal arrangement with a politically exposed person

2.	have close business relations with a politically exposed person

3.	have sole beneficial ownership of a legal entity, association or foreign legal arrangement which has been set up for the de facto benefit of a politically exposed person

i.	correspondent relationship:

the provision of banking services by one bank as the correspondent to another bank as the respondent, including providing a current or other liability account and related services, such as cash management, international funds transfers, cheque clearing, payable-through accounts and foreign exchange services; and

the relationships between and among obliged entities as referred to in Section 4 subsection (1), letters a) to c), e), g) to l) and n) to p), including where similar services are provided by a correspondent institution to a respondent institution, and including relationships established for securities transactions, funds transfers and transfers of crypto assets.

j.	company service provider: natural person and legal entity that, by way of its business, provides one or more of the following services to third parties:

1.	the formation of companies or other legal entities

2.	acting as a director or general manager of a company or a partner of a partnership, or serving in a similar position in relation to other legal entities

3.	providing a business address, administrative address or correspondence address and related services for a company, or any other legal entity or legal arrangement

4.	acting as trustee of a foreign trust or similar legal arrangement

5.	acting as nominee shareholder for another person, other than a company whose financial instruments are listed in a regulated market in an EEA state or subject to disclosure requirements equivalent to those applicable to listing in a regulated market in an EEA state

6.	arranging for another person to act in positions as referred to in nos. 2, 4 and 5

k.	provider of gambling service: natural person or legal entity that organises gambling that requires a licence under the Gambling Act. When a contractor organises gambling on behalf of an organisation or federation, said contractor is considered the provider of the gambling service.

l.	crypto assets: assets as referred to in Article 3 (1), point 5 of Regulation (EU) 2023/1114, with the exception of assets referred to in Article 2 (2) to (4) and assets referred to in Article 3, point 8 of Regulation (EU) 2023/1113.

m.	crypto-asset service provider: a person as referred to in Article 3 (1), point 15 of Regulation (EU) 2023/1114 when that person provides services as referred to in Article 3 (1), point 16, except when the person provides advice as referred to in Article 3 (1), point 16, letter h.

n.	self-hosted address: a self-hosted address as referred to in Article 3, point 20 of Regulation (EU) 2023/1113.

Section 3.Geographical scope

(1) This Act applies to obliged entities that are established in Norway, including branches of foreign undertakings.

(2) This Act applies to Svalbard and Jan Mayen. The Ministry may in regulations provide that parts of this Act shall not apply to Svalbard and Jan Mayen, and provide separate rules for these areas in order to promote the purpose of the Act.

Section 4.Obliged entities

(1) This Act applies to the following legal entities:

banks

b.	mortgage companies

c.	finance companies

d.	Norges Bank [the central bank of Norway]

e.	electronic money institutions

f.	undertakings engaged in foreign exchange activities

g.	payment institutions and others entitled to provide payment services

h.	investment firms

i.	fund management companies

j.	insurance undertakings

k.	undertakings engaged in insurance mediation that is not reinsurance broking

l.	central securities depositories, in cases where the central securities depository does not use an external account operator which is an obliged entity. For accountholders and issuers with an external account operator which is an obliged entity, such account operator is the obliged entity

m.	undertakings engaged in deposit activities

n.	managers of alternative investment funds

o.	financial intermediaries

p.	crypto-asset service providers

(2) This Act also applies to the following legal entities and natural persons in the exercise of their professional activities:

state authorised and registered auditors, licensed audit firms and auditors with responsibility for auditing of the accounts of municipal or county administrations or municipally- or county-owned enterprises. If persons or firms as referred to in the first sentence provide company services, they are in any event subject to this Act on such grounds.

b.	state authorised accountants and accounting firms. If persons or firms as referred to in the first sentence provide trust and company services, they are in any event subject to this Act on such grounds.

lawyers, law firms and others who provide independent legal assistance on a professional or regular basis, when they on behalf of their client carry out any financial transaction or real estate transaction, or when they assist in the planning or carrying out of transactions for their client concerning the:

1.	buying and selling of real property or business entities

2.	management of client money, securities or other assets

3.	opening or management of bank or securities accounts

4.	organisation of contributions necessary for the creation, operation or management of companies

5.	creation, operation or management of companies, funds or similar legal entities or structures, including foreign trusts or equivalent legal arrangements

d.	estate agents and estate agencies

e.	trust and company service providers

f.	persons with a limited licence to provide payment services

g.	providers of gambling services

h.	persons who on a professional basis trade in or act as intermediaries in the trade of art, when transactions are carried out or are expected to be carried out, including transactions conducted in several operations that appear to be linked, with a value of NOK 80,000 or more

persons who on a professional basis provide services that are particularly suitable for, adapted to or designed for the storage of art, when transactions are carried out or are expected to be carried out, including transactions conducted in several operations that appear to be linked, with a value of NOK 80,000 or more, or when art is stored that is or is presumed to be worth NOK 80,000 or more.

(3) Section 5 applies to persons trading in goods.

(4) Where natural persons who are obliged entities pursuant to subsection (2) are employees of legal entities that are obliged entities pursuant to the same subsection, the provisions of this Act on risk assessment, procedures, internal controls, training and whistleblowing shall apply only to the legal entity. However, this does not apply to lawyers defined as obliged entities when they engage in estate agency activities under a Norwegian licence in accordance with the Estate Agency Act, Section 2-1, subsection (1) no. 2.

(5) The Ministry may in regulations lay down rules making this Act applicable to undertakings engaged in the mediation of financing by way of donation.

(6) The Ministry may in regulations lay down rules on application of this Act to agents of foreign payment institutions, including the carrying out of supervision and the imposition of sanctions.

(7) The Ministry may in regulations grant exceptions from the provisions of this Act for obliged entities engaged in occasional or very limited financial activity and for providers of gambling services.

Chapter 2. Maximum amount for cash payments

Section 5.Maximum amount for cash payments. Controls

(1) Persons trading in goods cannot receive cash payments of NOK 40,000 or more or a corresponding amount in foreign currency. This also applies if settlement is carried out in several operations.

(2) The Tax Office controls compliance with subsection (1). Sections 10-1, 10-2, 10-4, 10-10, 10-11, 10-12, 10-13 and 10-14 of the Tax Administration Act shall apply to such controls to the extent relevant.

Chapter 3. Risk-based approach and procedures

Section 6.Risk-based measures

Obliged entities shall base their application of this Act on assessments of the risk of money laundering and terrorist financing.

Section 7.Business-specific risk assessment

(1) Obliged entities shall identify and assess the risk of money laundering and terrorist financing in relation to their business.

(2) In performing the risk assessment pursuant to subsection (1), the obliged entity shall, inter alia, take into account:

a.	its own business, including, in particular, the nature and size of the business;

b.	the products, services and customer relationships of the business;

c.	the type of customers and customer groups;

d.	geographical factors.

(3) Obliged entities shall specifically assess the risk of money laundering and terrorist financing before offering new products and services and before making use of new technology.

(4) The risk assessments of obliged entities shall be appropriate to the nature and size of the business.

(5) The risk assessments shall be documented, kept updated and made available to the supervisory authority.

Section 8.Procedures

(1) Obliged entities shall have updated procedures to ensure that the undertaking addresses identified risk and complies with obligations under provisions laid down in, or pursuant to, this Act.

(2) The procedures shall be appropriate to the nature and size of the business.

(3) The procedures shall be documented and made available to the supervisory authority.

(4) The procedures shall be adopted at the top level of the obliged entity.

(5) A designated member of senior management shall be given special responsibility for follow-up of the procedures.

(6) In groups, the procedures shall be adopted and complied with at the group level, as well as in branches and majority-owned subsidiaries. The obliged entity shall prepare procedures for the processing of information in accordance with Section 22, subsection (6), and Section 31, cf. Section 28, subsection (3).

Chapter 4. Customer due diligence measures and ongoing monitoring

Section 9.Risk-based customer due diligence measures and ongoing monitoring

(1) Obliged entities shall apply customer due diligence measures pursuant to Sections 10 to 20 and conduct ongoing monitoring pursuant to Section 24 on the basis of an assessment of the risk of money laundering and terrorist financing. The risk shall be assessed in view of, inter alia, the purpose of the customer relationship, the amount of customer funds to be involved in the customer relationship, the size of transactions, and the regularity and duration of the customer relationship.

(2) Obliged entities may for this purpose prepare standardised risk profiles for the customers based on the undertaking's risk assessment pursuant to Section 7 and the criteria referred to in subsection (1). The customer's risk profile must be kept updated.

(3) Obliged entities shall be able to demonstrate that the extent of measures applied is adapted to the relevant risk.

Section 10.Duty to apply customer due diligence measures

(1) Obliged entities shall apply customer due diligence measures upon:

a.	establishment of a customer relationship;

b.	transactions for customers with whom the obliged entity does not have an established customer relationship, in an amount of no less than:

1.	NOK 100,000;

2.	NOK 8,000 when the transaction constitutes a transfer of funds as further defined by the Ministry in regulations;

3.	NOK 16,000 for obliged entities as referred to in Section 4, subsection (2), letter g);

4.	NOK 80,000 for obliged entities as referred to in Section 4, subsection (2), letters h) and i);

c.	suspicion of money laundering or terrorist financing.

d.	transfers of funds and transfers of crypto assets where required under Regulation (EU) 2023/1113, cf. Section 52.

(2) The threshold amounts in subsection (1), letter b), nos. 1, 3 and 4 shall be calculated on an aggregate basis for transactions carried out in several operations that appear to be linked. If the amount is not known when the transaction is carried out, customer due diligence measures shall be applied as soon as the obliged entity becomes aware that the threshold amount has been exceeded.

(3) The Ministry may in regulations lay down further rules on the duty to apply customer due diligence measures and exemption from the duty to apply customer due diligence measures upon the issuance of electronic money.

Section 11.The time of application of customer due diligence measures

(1) Customer due diligence measures shall be applied before the establishment of the customer relationship or the carrying out of the transaction.

(2) Subsection (1) shall be subject to the following exemptions:

Verification of the identity of the customer and the beneficial owner may be completed during the establishment of the customer relationship, if such establishment is necessary so as not to interrupt the normal conduct of business and there is a low risk of money laundering or terrorist financing. Verification of the identities shall be completed as soon as possible after the establishment of the customer relationship.

b.	Verification of the identity of beneficiaries under insurance agreements may be completed after the agreement is concluded, provided that verification of the identity is completed before the time of payout or the time when the beneficiary exercises its rights under such agreement.

Verification of the identity of the customer and the beneficial owner may be completed after opening of an account with obliged entities as referred to in Section 4, subsection (1), letters a), b), h), i), l) and n), provided that it is ensured that transactions in relation to the account cannot be carried out by the customer or on behalf of the customer until verification of the identities has been completed.

Section 12.Customer due diligence measures when the customer is a natural person

(1) When the customer is a natural person, the following information shall be obtained concerning the customer:

name;

personal identity number, D-number or, if the customer does not have any such number, another unique identity code. For persons who do not have a Norwegian personal identity number or D-number, the date of birth, the place of birth, the gender and the citizenship shall be obtained, including whether the person has multiple citizenships;

address

The same information shall be obtained on anyone who acts on behalf of the customer, in addition to information to the effect that such person can act on behalf of the customer. The same information shall be obtained on anyone who has been granted a right of disposal over an account or a deposit.

(2) Information on the customer's identity shall be verified by personal appearance with a valid proof of identity. If verification of the identity shall take place without personal appearance, additional documentation shall be presented or additional measures shall be applied. Information on the identity of persons who act on behalf of the customer or have been granted a right of disposal over an account or a deposit, shall be verified by a valid proof of identity. The right to act on behalf of the customer shall be verified by written documentation.

(3) It shall be determined whether there is a beneficial owner in addition to the customer. If there is a beneficial owner, sufficient information shall be obtained to know who the beneficial owner is. Information on the identity of the beneficial owner shall be verified by reasonable measures.

(4) Obliged entities shall have systems for determining whether the customer, any person who can act on behalf of the customer or who has been granted a right of disposal over an account or a deposit, or any beneficial owner, is a politically exposed person or a close family member of or a person known to be a close associate of a politically exposed person. Rules on customer due diligence measures in relation to politically exposed persons are laid down in Section 18.

(5) Obliged entities shall obtain and assess necessary information on the purpose and intended nature of the customer relationship.

(6) The Ministry may in regulations lay down further rules on verification of the identity of natural persons, including on what constitutes valid proof of identity, and requirements for additional documentation or measures upon verification of identity without personal appearance.

Section 13.Customer due diligence measures when the customer is not a natural person

(1) When the customer is a legal entity, the following information shall be obtained concerning the customer:

a.	name of the undertaking;

b.	form of organisation;

c.	organisation number;

address;

e.	the names of the general manager and directors, or persons holding an equivalent position.

Information on natural persons who act on behalf of a legal entity, including persons with a right of disposal over an account or a deposit, shall be obtained in accordance with Section 12, subsection (1). Adequate measures shall be applied to understand the ownership and control structure of the customer. The measures shall be documented. Corresponding information shall be obtained and adequate measures shall be applied to the extent relevant when the customer is a foundation, a legal arrangement or another association.

(2) Information as referred to in subsection (1), letters a) to e), shall be verified by accessing or obtaining a transcript from, a public register or by a certificate of registration which is no more than three months old. Information on natural persons who act on behalf of a legal entity shall be verified in accordance with Section 12, subsection (2). The right to act on behalf of the legal entity shall also be verified in accordance with Section 12, subsection (2).

(3) Information shall be obtained on beneficial owners that have been identified in accordance with Section 14. The information shall unequivocally identify the beneficial owner or owners. Reasonable measures shall be applied to verify the identity of beneficial owners. If obliged entities, after having applied all reasonable measures, either believe that there is no beneficial owner, or believe that there are doubts that the person or persons identified is/are beneficial owner or owners, information on the board of directors and general manager or equivalent may be obtained, provided that there is no suspicion of money laundering or terrorist financing. It shall be documented what has been done to identify beneficial owners.

(4) Obliged entities shall have systems for determining whether any person who can act on behalf of the customer or who has been granted a right of disposal over an account or a deposit or a beneficial owner is a politically exposed person or a close family member of or a person known to be a close associate of a politically exposed person. Rules on customer due diligence measures in relation to politically exposed persons are laid down in Section 18.

(5) Obliged entities shall obtain and assess necessary information on the purpose and intended nature of the customer relationship.

(6) The Ministry may in regulations lay down further rules on obtaining and verifying information pursuant to this provision.

Section 14.Identification of beneficial owners when the customer is not a natural person

(1) When the customer is not a natural person, a foundation or a foreign legal arrangement, obliged entities shall determine whether there are natural persons, alone or jointly with close family members, who:

a.	hold more than 25 percent of the ownership interests in the legal entity or association;

b.	control, because of a shareholding, unit holding or membership, more than 25 percent of the total number of votes in the legal entity or association;

c.	have the right to appoint or unseat more than half of the directors or equivalent of the legal entity or association;

d.	can, because of an agreement with owners, members or the legal entity or association, or articles of association or similar, exercise control in accordance with letter a), b) or c);

e.	otherwise exercise control over the legal entity or association.

If one or more natural persons, through control over one or more legal entities, foundations, foreign legal arrangements or other associations, exercise control over another legal entity or association in a manner specified in subsection (1), such natural person or persons shall be held to exercise control over the latter legal entity or association as well.

(2) Obliged entities shall not identify beneficial owners when the customer is a company whose ownership interests are listed in a regulated market in an EEA state or subject to disclosure requirements equivalent to those applicable to listing in a regulated market in an EEA state. The same applies when the customer is a majority-owned subsidiary of a company referred to in the first sentence.

(3) The following apply when obliged entities shall identify beneficial owners of foundations:

a.	If a natural person is a director or the general manager of the foundation, such person is a beneficial owner.

If a natural person is expressly designated to appoint a majority of the directors of the foundation, such person is a beneficial owner. If a legal entity is expressly designated to appoint a majority of the directors of the foundation, the beneficial owners of such legal entity are also beneficial owners of the foundation.

c.	If a natural person has provided primary capital for the foundation, such person is a beneficial owner. If anyone other than a natural person has provided primary capital for the foundation, the beneficial owners of the providing entity are also beneficial owners of the foundation.

If a natural person has been accorded special rights pursuant to Section 9, first subsection, letter d), of the Foundations Act, such person is a beneficial owner. If anyone other than a natural person has been accorded special rights pursuant to Section 9, first subsection, letter d), of the Foundations Act, the beneficial owners of the entity that has been accorded special rights are also beneficial owners of the foundation.

e.	If a natural person is expressly designated as beneficiary, such person is a beneficial owner. If anyone other than a natural person has been expressly designated as beneficiary, the beneficial owners of such beneficiary are also beneficial owners of the foundation.

(4) When obliged entities shall identify beneficial owners of foreign trusts and similar legal arrangements, the obliged entity shall identify the following persons:

a.	the settlor

b.	the trustee

c.	the protector

d.	the beneficiaries or, where individual beneficiaries have yet to be determined, the class of beneficiaries in whose main interest the trust or similar legal arrangement is set up or operates

e.	any other natural person exercising control over the trust or similar legal arrangement by means of direct or indirect ownership or by other means

(5) The Ministry may in regulations lay down further rules on the identification of beneficial owners pursuant to this provision.

Section 15.Special provisions on life insurance and estate agency

(1) Insurance undertakings shall identify any designated beneficiary under an insurance agreement, cf. Section 15-2 of the Insurance Agreement Act. The identity of a beneficiary shall be verified pursuant to Section 12, subsection (2), upon payout under the agreement or when the beneficiary otherwise exercises its rights. Beneficial owners of a beneficiary shall be identified and the identity verified in accordance with Sections 12 and 14. If insurance undertakings become aware of an assignment of the rights under a life insurance agreement, beneficial owners shall be identified as soon as possible after such assignment.

(2) The insurance undertaking shall no later than upon payout or assignment of the insurance policy take reasonable measures to detect whether the beneficiary or, alternatively, any beneficial owner of the beneficiary, is a politically exposed person or a close family member of or a person known to be a close associate of a politically exposed person.

(3) Estate agents shall, prior to settlement, also apply customer due diligence measures pursuant to Sections 12, 13, 14, 16, 17 and 18 to the party with whom their client is contracting.

(4) The Ministry may in regulations lay down further rules on which insurance agreements fall within the scope of subsection (1).

Section 16.Simplified customer due diligence measures

(1) If there is a low risk of money laundering or terrorist financing, obliged entities may apply simplified customer due diligence measures. Simplified customer due diligence measures cannot be applied when obliged entities suspect money laundering or terrorist financing.

(2) Upon simplified customer due diligence measures, requirements under Sections 12 and 13 on the verification of the identity of beneficial owners and the right to act on behalf of the customer may be reduced. The same applies to the requirement to obtain and assess necessary information on the purpose and intended nature of the customer relationship under Section 12 and Section 13, subsection (5).

(3) The Ministry may in regulations lay down further rules on simplified customer due diligence measures.

Section 17.Enhanced customer due diligence measures upon high risk of money laundering or terrorist financing

(1) If there is a high risk of money laundering or terrorist financing, obliged entities shall apply enhanced customer due diligence measures.

(2) Upon enhanced customer due diligence measures under subsection (1), obliged entities shall, in addition to complying with the requirements under Sections 12, 13, 14 and 15 on obtaining and verifying information, apply additional necessary measures to ensure knowledge of the customer, any beneficial owners and the purpose and intended nature of the customer relationship.

(3) The Ministry may in regulations lay down further rules on enhanced customer due diligence measures.

Section 17 a.Enhanced customer due diligence measures for transactions at self-hosted addresses

When conducting transactions to or from self-hosted addresses, crypto-asset service providers shall carry out a specific risk assessment of the transaction. At least one of the following enhanced customer due diligence measures shall be implemented:

a.	identify and verify the identity of the originator and the beneficiary and their beneficial owners

b.	require additional information on the origin of the funds and the beneficiary of the transferred crypto assets

c.	conduct enhanced monitoring of the transactions

d.	take other measures to mitigate and manage the risk of money laundering and terrorist financing

e.	take measures to counter and manage risks related to the follow-up of financial sanctions and sanctions related to the financing of weapons of mass destruction, as provided for in rules on the implementation of international sanctions.

Section 18.Enhanced customer due diligence measures in relation to politically exposed persons and close family members of and persons known to be close associates of politically exposed persons

(1) Obliged entities shall apply enhanced customer due diligence measures when the customer, any person who acts on behalf of the customer or who has been granted a right of disposal over an account or a deposit, or any beneficial owner, is a politically exposed person.

(2) When establishing a customer relationship with a politically exposed person or when an existing customer, any person who acts on behalf of the customer or who has been granted a right of disposal over an account or a deposit, or any beneficial owner, becomes a politically exposed person, obliged entities shall, inter alia,

a.	ensure that senior management approval is obtained before the establishment or continuation of the customer relationship;

b.	apply adequate measures to establish the source of wealth and the source of funds.

(3) If the beneficiary or any beneficial owner of the beneficiary is a politically exposed person or a close family member of or a person known to be a close associate of a politically exposed person, the insurance undertaking shall ensure that senior management is informed before payout and conduct enhanced scrutiny of the entire customer relationship.

(4) Obliged entities shall apply the measures under subsection s (1) to (3) for at least one year after the politically exposed person leaves the position or function, cf. Section 9.

(5) Subsection (1) to (4) shall apply correspondingly to close family members of and persons known to be close associates of a politically exposed person.

Section 19.Enhanced customer due diligence measures upon correspondent relationship

(1) Upon the conclusion of an agreement on a correspondent relationship with an institution from a state outside the EEA as respondent institution, obliged entities as referred to in Section 4, subsection (1), letters a) to c), e), g) to l), n) and n) to p), shall:

a.	gather sufficient information on the respondent institution to understand the nature of its business, its reputation and the quality of supervision. Obliged entities pursuant to Section 4, subsection (1), letter p) shall also establish whether the respondent institution is registered or licensed.

b.	assess the respondent institution's measures to combat money laundering and terrorist financing;

c.	ensure that senior management approval is obtained before the establishment of a new correspondent relationship;

d.	document the responsibilities of the institutions;

e.	with respect to payable-through accounts, be satisfied that the respondent institution:

1.	has verified the identity, and conducts ongoing monitoring, of customers having direct access to accounts of the correspondent institution; and

2.	is able to provide relevant information on the customer due diligence measures and the ongoing monitoring to the correspondent institution upon request.

(2) By payable-through account as referred to in subsection (1), letter e), is meant an account or crypto-asset account with an obliged entity that can be accessed by a third party which is a customer of a respondent institution.

(3) A crypto-asset service provider that terminates a correspondent relationship in accordance with its internal procedures under this Act shall document the rationale for the decision.

Section 20.Prohibition against correspondent relationship with a shell bank

(1) Obliged entities as referred to in Section 4, subsection (1), letters a) to c), e), g) to l), n) and o), shall not enter into or continue any correspondent relationship with a shell bank. Obliged entities as mentioned shall take appropriate measures to ensure that they do not enter into or continue any correspondent relationship with an institution that is known to allow accounts to be used by a shell bank.

(2) By shell bank is meant an undertaking engaged in activities equivalent to those referred to in Section 4, subsection (1), letters a) to c), e), g) to l), n) and o), incorporated in a state in which the undertaking has no physical presence, involving meaningful management and administration, and which is unaffiliated with a regulated financial group.

Section 21.Implications of inability to apply customer due diligence measures

(1) If customer due diligence measures, including any required enhanced customer due diligence measures, cannot be applied, obliged entities shall not establish the customer relationship or carry out the transaction. Obliged entities shall assess whether there are grounds for further examinations and reporting in accordance with Sections 25 and 26.

(2) Subsection (1) shall not apply when obliged entities as mentioned in Section 4, subsection (2), letter c) ascertain a client's legal position or assist a client in connection with judicial proceedings.

Section 22.Customer due diligence measures performed by a third party

(1) In the application of customer due diligence measures as referred to in Section 12, subsections (1) to (3) and subsection (5), Section 13, subsections (1) to (3) and subsection (5), and Section 14, obliged entities may by written agreement rely on customer due diligence measures performed by the following third parties:

banks

b.	mortgage companies

c.	finance companies

d.	investment firms

e.	fund management companies

f.	insurance undertakings

g.	undertakings engaged in insurance mediation that is not reinsurance broking

h.	central securities depositories that are obliged entities

i.	managers of alternative investment funds

j.	state authorised and registered auditors and licensed audit firms

k.	state authorised accountants and accounting firms

l.	Lawyers, law firms and others who provide independent legal assistance on a professional or regular basis

m.	estate agents and estate agencies

If a third party as referred to in letters a) to m) is from another state, such third party must be subject to rules on customer due diligence measures, record-keeping and supervision corresponding to the provisions of this Act.

(2) The scope for relying on customer due diligence measures performed by a third party entails no exemption from the duty of the obliged entity to record and retain information and documents pursuant to Section 30 or its responsibility for the application of customer due diligence measures in accordance with provisions laid down in or pursuant to this Act.

(3) Obliged entities shall in the agreement obtain assurances that the third party complies with requirements corresponding to those stipulated in this Act.

(4) Obliged entities shall

a.	immediately obtain information gathered by the third party in accordance with Sections 12 to 14; and

b.	in the agreement obtain assurances that the third party will forthwith disclose information and copies of documents used to identify and verify the identity of the customer, beneficial owners and others.

(5) The disclosure of information and documents from a third party in accordance with this Section does not constitute a violation of any statutory duty of confidentiality when the customer is informed that such information and documents are disclosed.

(6) Obliged entities which form part of a group may be pre-approved by the supervisory authority to rely on customer due diligence measures performed by other obliged entities in such group if:

a.	the group applies joint guidelines and procedures for customer due diligence measures, recording and retention of information and documents, as well as other measures to combat money laundering and terrorist financing in accordance with provisions laid down in or pursuant to this Act; and

b.	supervision is conducted at group level.

(7) The Ministry may in regulations lay down rules on exemption from subsection (1), second sentence. The Ministry may in regulations lay down rules to the effect that other obliged entities may act as third parties.

Section 23.Outsourcing of customer due diligence measures

(1) The provisions on third parties in Section 22 are not applicable to outsourcing where the outsourcing service provider is regarded as part of the obliged entity.

(2) Any outsourcing agreement shall be in writing. The obliged entity shall satisfy itself that the outsourcing service provider has the necessary ability and capacity to perform the outsourced duties. The obliged entity shall monitor, on an ongoing basis, that the outsourcing service provider performs the outsourced duties in accordance with the obliged entity's procedures under Section 8 and otherwise in accordance with provisions laid down in or pursuant to this Act. The obliged entity shall, based on such monitoring, assess the appropriateness of the outsourcing on an ongoing basis. The obliged entity shall ensure that the outsourcing does not result in the scope of the supervisory authority for conducting supervision being impaired or impeded.

(3) Outsourcing entails no exemption from the responsibility of the obliged entity for compliance with provisions laid down in or pursuant to this Act.

(4) The Ministry may in regulations lay down further rules on the scope for outsourcing, including limits on whom one may outsource to, and further rules on requirements applicable to outsourcing agreements.

Section 24.Ongoing monitoring of customer relationships

(1) Obliged entities shall monitor customer relationships on an ongoing basis. The monitoring shall, inter alia, include monitoring that transactions carried out in the customer relationship are in accordance with the information obtained by the obliged entity on the customer, the business and risk profile of the customer, the source of funds and the purpose and intended nature of the customer relationship.

(2) Obliged entities shall apply customer due diligence measures on a regular basis as part of their ongoing monitoring. Customer due diligence measures shall in any event be applied when there are doubts about the veracity or adequacy of previously obtained information.

(3) If the customer or any beneficial owner is a politically exposed person or a close family member of or a person known to be a close associate of a politically exposed person, enhanced ongoing monitoring of the customer relationship shall be conducted.

(4) If customer due diligence measures as part of ongoing monitoring cannot be applied, obliged entities shall discontinue the customer relationship. Obliged entities shall assess whether there are grounds for further examinations and reporting in accordance with Sections 25 and 26. The Ministry may in regulations lay down further rules on the procedure for the discontinuation of customer relationships.

(5) Subsection (4) shall not apply when obliged entities as mentioned in Section 4, subsection (2), letter c) ascertain a client's legal position or assist a client in connection with judicial proceedings.

Chapter 5. Further examinations. Reporting

Section 25.Duty to conduct examinations

(1) If obliged entities detect circumstances which may indicate that funds are associated with money laundering or terrorist financing, further examinations shall be conducted.

(2) Further examinations shall always be conducted if circumstances are detected which are not consistent with the obliged entity's knowledge of the customer or the purpose and intended nature of the customer relationship, or if a transaction:

a.	appears to lack a legitimate purpose;

b.	is unusually large or complex;

c.	is unusual in view of the customer's known pattern of business or personal transactions;

d.	is made to or from a person in a country or area which does not have satisfactory measures to combat money laundering and terrorist financing;

e.	is otherwise of an unusual nature.

Section 26.Duty to report. Duty to disclose. Waiver of liability

(1) If, after further examinations, there are circumstances giving grounds for suspicion of money laundering or terrorist financing, obliged entities shall submit information to Økokrim [the FIU] on such circumstances. Obliged entities shall submit any other necessary information at the request of Økokrim, irrespective of whether the obliged entity has submitted information pursuant to the first sentence of its own volition.

(2) The duty to report and the duty to disclose are also personal duties of the directors, executives and employees of obliged entities and others performing any duties on behalf of the undertaking.

(3) Obliged entities as mentioned in Section 4, subsection (2), letter c) shall not submit information they receive from or gather on the client when they ascertain a client's legal position or assists a client in connection with judicial proceedings. This shall apply correspondingly to other obliged entities when these assist obliged entities as mentioned in Section 4, subsection (2), letter c) with duties as referred to in the first sentence. The Ministry may in regulations lay down rules requiring obliged entities as mentioned in Section 4, subsection (2), letter c) to submit information to Økokrim via another body.

(4) The submission of information to Økokrim in good faith does not constitute a violation of any duty of confidentiality and does not give rise to any liability for damages or any criminal liability, unless there is gross negligence.

(5) The Ministry may in regulations require obliged entities to submit information to Økokrim electronically. The Ministry may in regulations lay down further rules on reporting of transactions associated with countries or areas that do not have satisfactory arrangements for detecting and preventing money laundering and terrorist financing.

Section 27.Carrying out suspicious transactions

(1) Obliged entities shall not carry out suspicious transactions until Økokrim has been informed. Økokrim may in special cases prohibit the carrying out of a transaction.

(2) If it is impossible to suspend the transaction, or if suspending the transaction may impede enquiries in relation to any person who may benefit from a suspicious transaction, Økokrim shall be notified immediately after the transaction has been carried out.

Section 28.Prohibition against disclosing enquiries, reporting and investigation

(1) Obliged entities, including directors, executives, employees and others performing any duties on behalf of obliged entities, shall not disclose information on examinations, submission of information to Økokrim or investigation to the customer or any third parties.

(2) Subsection (1) shall not prevent disclosure of information to the prosecuting authority or to the supervisory authority of the obliged entity under the anti-money laundering provisions.

(3) Subsection (1) shall not prevent exchange of information between obliged entities as referred to in Section 4, subsection (1), letters a) to c), e), g), h) to k), n) and o), which are part of the same group and established in the EEA. This shall apply correspondingly to branches and majority-owned subsidiaries in third countries, provided that the relevant branch or subsidiary complies with the procedures of the obliged entity.

(4) Subsection (1) shall not prevent exchange of information pursuant to Section 31, subsection (2).

(5) Subsection (1) shall not prevent exchange of information between obliged entities as referred to in Section 4, subsection (2), letters a) to c) which perform their professional activities within the same legal entity or network. The same applies to the exchange of information with:

a.	obliged entities falling within the scope of Directive (EU) 2015/849, Article 2, No. 1, point 3, letter a) or b); and

b.	obliged entities in a state outside the EEA which imposes requirements equivalent to those laid down in Directive (EU) 2015/849.

By network is meant a structure which shares common ownership, management or internal control of compliance with relevant regulatory provisions.

(6) Subsection (1) shall not prevent exchange of information between obliged entities under subsections (3) and (5) on a joint customer in a transaction in which the relevant obliged entities are involved, provided that the obliged entities belong to the same professional category and are subject to obligations as regards professional secrecy and personal data protection.

(7) Subsection (1) shall not prevent obliged entities as referred to in Section 4, subsection (2), letters a) to c), from seeking to dissuade the customer from engaging in illegal activity.

(8) The Ministry may in regulations lay down further rules on exemption from the prohibition in subsection (1).

Chapter 6. Processing of personal data and other information

Section 29.Relationship to the Personal Data Act

(1) Obliged entities may process personal data to comply with obligations under this Act or regulations issued pursuant to this Act.

(2) Obliged entities' processing of personal data under this Act is subject to the Personal Data Act, unless otherwise provided in provisions laid down in, or pursuant to, this Act.

(3) The Ministry may in regulations lay down further rules on obliged entities' processing of personal data. Such regulations may authorise the processing of sensitive personal data.

Section 30.Recording and retention of information and documents. Erasure of personal data

(1) Obliged entities shall record and retain information and documents obtained and prepared in connection with measures under Sections 9 to 26 for five years after the customer relationship has been ended or the transaction has been carried out. Such retention shall take place in a diligent manner preventing unauthorised third-party access. This obligation shall not extend to recording or retention of any address registered as confidential or strictly confidential in the National Population Register.

(2) The personal data shall be erased upon expiry of the five-year time limit. Other information may be retained for longer. These provisions do not curtail any obligation to retain or store information and documents under other regulatory provisions.

(3) Obliged entities shall maintain systems enabling swift and complete replies to any requests from Økokrim, the supervisory authority or other government bodies as to whether the entity in question has, or over the course of the last five years has had, any customer relationship with specific persons and as to the nature of any such customer relationship.

(4) The Ministry may in regulations lay down further rules on how information and documents shall be recorded and retained, as well as on retention of personal data for more than five years. The overall retention period for personal data shall not exceed ten years.

Section 31.Exchange of information from obliged entities

(1) The Ministry may issue regulations authorising obliged entities as referred to in Section 4, subsection (1), letters a), b), c), e), g), h) to k), n) and o), which are part of the same group and established in the EEA, to exchange between themselves any information and documents obtained or prepared under this Act or regulations issued pursuant to this Act. Such regulations may also extend to corresponding exchange of information and documents with branches and majority-owned subsidiaries in third countries, provided that the procedures adopted pursuant to Section 8, subsection (6), are also applied to the relevant branch or subsidiary.

(2) Unless otherwise decided by Økokrim, obliged entities as referred to in Section 4, subsection (1), letters a), b), c), e), g), h) to k), n) and o), shall, irrespective of any duty of confidentiality, disclose information to the effect that information has been submitted to Økokrim pursuant to Section 26, subsection (1), first sentence, to other obliged entities as referred to in the same group that are established in the EEA, as well as to branches and majority-owned subsidiaries in third countries, provided that the procedures pursuant to Section 8, subsection (6), are also applied to the relevant branch or subsidiary.

(3) Obliged entities as referred to in Section 4, subsection (1), letters a) to c) and j), may, irrespective of any duty of confidentiality, exchange necessary customer information between themselves when held to be necessary as part of examinations pursuant to Section 25.

(4) The Ministry may in regulations lay down further rules on the exchange of information pursuant to subsection (1), (2) and (3).

Section 32.Exemptions from the right of access under the Personal Data Act

(1) Obliged entities shall not grant access to:

a.	information falling within the scope of Section 28, subsection (1)

b.	information obtained through further examinations in accordance with Section 25

c.	any other information that may impede compliance with this Act, any investigation or any similar enquiries

(2) The Ministry may in regulations lay down further rules on the exemptions from the right of access under the Personal Data Act set out in subsection (1). Such regulations may make exemptions from the provisions in subsection (1).

Section 33.Information to customers

Obliged entities shall prior to the establishment of a customer relationship or the carrying out of a transaction provide the customer with information on the personal data processing provisions under this Act and regulations issued pursuant to this Act.

Section 34.Økokrim's processing of information

(1) Økokrim shall erase any information submitted pursuant to Section 26 no later than five years after such information was recorded, unless new information has been recorded or investigative or judicial steps have been taken against the data subject during that period. The retention period shall under no circumstance exceed fifteen years.

(2) Økokrim may disclose information submitted pursuant to Section 26 to other government bodies involved in the prevention of conduct that violates any of Sections 131 to 136 a of the Penal Code. Økokrim may also disclose information submitted pursuant to Section 26 to the Tax Administration and the Customs and Excise Administration for use in their calculation and collection of taxes and duties.

(3) The Ministry may in regulations lay down further rules on the processing of obtained information by Økokrim and the police, including on the erasure of information.

Chapter 7. Miscellaneous obligations

Section 35.Internal controls

(1) Obliged entities shall ensure compliance with this Act through internal controls of their operations.

(2) Where appropriate based on a risk assessment of the size and nature of the business, obliged entities shall:

a.	appoint a compliance officer;

b.	conduct employee screening;

c.	establish independent control of compliance with the internal procedures of the undertaking.

Section 36.Training

(1) Obliged entities shall ensure that employees and others performing any duties for the undertaking are given training to familiarise them with the obligations of the undertaking under this Act and to enable them to recognise circumstances that may indicate money laundering and terrorist financing.

(2) The training shall be provided on a regular basis in order to maintain and update such knowledge.

Section 37.Protection against adverse reactions upon reporting. Whistleblowing systems

(1) Obliged entities shall ensure that whoever reports any suspicion of money laundering or terrorist financing to Økokrim is not exposed to threats and similar reactions as the result of reporting.

(2) Where appropriate based on a risk assessment of the size and nature of the business, obliged entities shall establish an independent anonymous whistleblowing system with regard to violation of this Act or regulations issued pursuant to this Act.

Section 38.Electronic surveillance systems

(1) Obliged entities as referred to in Section 4, subsection (1), letters a), b) and c), shall have electronic surveillance systems for detecting circumstances that may indicate money laundering and terrorist financing.

(2) The Financial Supervisory Authority may grant individual exceptions from subsection (1) by administrative decision.

(3) The Ministry may in regulations require other obliged entities to have electronic surveillance systems and lay down further rules on electronic surveillance systems.

Section 39.Obliged entities' operations abroad

(1) Obliged entities engaged in operations in another EEA state shall ensure that such operations comply with the legislation of such state transposing of Directive (EU) 2015/849.

(2) Obliged entities shall ensure that branches or majority-owned subsidiaries in states outside the EEA (third countries) in which requirements as to the prevention and detection of money laundering and terrorist financing are less strict than under this Act, adhere to provisions laid down in, or pursuant to, this Act, provided that this is permitted under the legislation of the relevant third country.

(3) If the legislation of the relevant third country does not permit adherence to provisions laid down in, or pursuant to, this Act, obliged entities shall apply additional measures to detect and prevent money laundering and terrorist financing and notify the supervisory authority of such measures.

(4) If measures pursuant to subsection (3) are not sufficient, the supervisory authority may decide that obliged entities:

a.	shall not establish customer relationships;

b.	shall discontinue customer relationships;

c.	shall not carry out transactions

(5) The Ministry may in regulations lay down further rules on measures pursuant to subsection (3).

Section 40.National contact point for agents of foreign payment institutions and electronic money institutions

The Ministry may in regulations lay down further rules on requirements for a national contact point for agents of foreign payment institutions and electronic money institutions, including duties of the contact point.

Section 41.Duty to disclose trusteeship of foreign trusts, etc.

Trustees of foreign trusts or similar legal arrangements have a duty to disclose such trusteeship when obliged entities apply customer due diligence measures as the result of the trustee establishing a customer relationship or carrying out a transaction as trustee.

Chapter 8. Authorisation for trust and company service providers

Section 42.Requirement for authorisation of trust and company service providers. Withdrawal

(1) Trust and company services may only be provided by natural persons and legal entities authorised by Finanstilsynet. Authorisation is given upon application. However, authorisation from Finanstilsynet is not necessary for lawyers, state authorised accountants, accounting firms, state authorised and registered auditors and licensed audit firms.

(2) Authorisation shall not be given to any natural person who is considered not to be fit and proper because he or she is convicted of a criminal offence, and such criminal offence gives cause for assuming that he or she will be unable to perform the relevant position or function in a diligent manner, or who in the performance of another position or function has engaged in conduct that gives cause for assuming that he or she will be unable to perform the relevant position or function in a diligent manner.

(3) For legal entities applying for authorisation to provide trust and company services, suitability requirements corresponding to those referred to in subsection (2) shall apply to beneficial owners, directors, general managers and other persons involved in the actual management of the business. Changes to positions as referred to in the first sentence shall be notified in writing to Finanstilsynet.

(4) An ordinary certificate of good conduct pursuant to Section 40 of the Police Databases Act shall be submitted with applications for authorisation and notices of change of position or function pursuant to subsection (3), second sentence.

(5) The Ministry may in regulations lay down further rules on the authorisation arrangement.

(6) If the prerequisites for authorisation are no longer met, Finanstilsynet may withdraw the authorisation.

Chapter 9. Supervision. Administrative measures. Sanctions

Section 43.Supervisory authorities

(1) The supervisory authorities shall supervise the compliance of obliged entities with provisions laid down in, or pursuant to, this Act.

(2) The supervisory authorities are:

a.	Finanstilsynet for obliged entities referred to in Section 4, subsection (1), letters a) to c) and e) to o) and subsection (2), letters a), b), c), no. 1, and d) to f).

b.	The Supervisory Council for Legal Practice for obliged entities referred to in Section 4, subsection (2), letter c), nos. 2 to 5.

c.	The Norwegian Gambling Authority for obliged entities referred to in Section 4, subsection (2), letter g).

d.	The supervisory authority for obliged entities referred to in Section 4, subsection (2), letters h) and i), as stipulated by the Ministry in regulations. The regulations may contain more detailed provisions regarding the conduct of supervision, including:

1.	the disclosure obligation and surrender of documents independent of confidentiality, including periodic disclosure of information and requirements for electronic reporting in specific formats

2.	on-site inspections at obliged entities and related examinations of documents, premises, accounts, minutes and any other information processing system for reporting obliged entities' compliance with the Anti-Money Laundering Act with regulations

3.	the supervisory authority's information processing, including confidentiality, and cooperation with other authorities, including information sharing

4.	processing of complaints about decisions made by the supervisory authority

5.	maintenance of a register of obliged entities under supervision and access to the register, including registration requirements

6.	payment of levies to cover the supervisory authority's expenses.

(3) Rules on the conduct of supervision by Finanstilsynet and the Supervisory Council for Legal Practice are laid down in the Financial Supervision Act and the Courts of Justice Act.

Section 44.The powers of the Norwegian Gambling Authority

(1) The Norwegian Gambling Authority may make such enquiries as are held to be necessary to conduct supervision pursuant to Section 43, including on-site supervision of providers of gambling services.

(2) Any provider of gambling services shall disclose any information and documents that the Norwegian Gambling Authority may request.

Section 45.The duty of confidentiality of the supervisory authority with regard to whistleblowing and sanctions, etc.

(1) Anyone performing duties or services for the supervisory authority or the administrative appeal body for the supervisory authority is subject to a duty of confidentiality in relation to unauthorised third parties with regard to any information pertaining to measures and sanctions relating to the violation of provisions laid down in this Act or in regulations issued pursuant to this Act, for as long as the publication of such information may give rise to serious financial market turbulence or inflict disproportionate damage on the affected parties. Sections 13, 13 b to 13 e and 13 g of the Public Administration Act shall not apply to information as referred to in the first sentence.

(2) Anyone performing duties or services for the supervisory authority or the administrative appeal body is subject to a duty of confidentiality in relation to unauthorised third parties with regard to the identity of any person who has submitted notifications, tip-offs or similar information on violation of this Act and related regulations, as well as with regard to any other information that may reveal such identity, unless the use of such information is necessary as part of additional enquiries into such violation or subsequent judicial proceedings in relation to the matter. The duty of confidentiality under the first sentence shall also apply to the parties to the case and their representatives.

Section 46.Reporting obligation of the supervisory authority

If the supervisory authority suspects that it has encountered circumstances associated with money laundering or terrorist financing, information in relation thereto shall be submitted to Økokrim.

Section 47.Order to cease and desist from unlawful conduct. Coercive fine

(1) The supervisory authority may order obliged entities to cease and desist from conduct in violation of this Act or regulations issued pursuant to this Act. The supervisory authority may stipulate a time limit for compliance with such order.

(2) If obliged entities fail to comply with any order pursuant to subsection (1) by the stipulated time limit, the supervisory authority may levy a coercive fine. The Ministry may in regulations lay down further rules on the levying of coercive fines, including the amount of such fines.

Section 48.Prohibition against holding a management function

(1) If a natural person who is an obliged entity has violated a provision laid down in or pursuant to this Act and such violation results in him or her not being considered fit and proper to hold a management function in any enterprise which is an obliged entity, the supervisory authority may prohibit him or her from holding any such management function.

(2) If an undertaking which is an obliged entity has violated a provision laid down in or pursuant to this Act and such violation results in any person holding a management function or any other employee of the undertaking who can be held liable for such violation being considered not fit and proper to holding any management function in any undertaking which is an obliged entity, the supervisory authority may prohibit him or her from holding any management function. The same applies to others performing any duties on behalf of the undertaking.

(3) Information on imposed prohibitions may be exchanged between the supervisory authorities.

Section 49.Administrative fine

(1) If any obliged entity or anyone who has acted on behalf of an undertaking which is an obliged entity has violated Sections 6 to 8, Chapter 4, Sections 25, 26, 27, 28, 30, 35, 36, 39, 42 or 52, or any regulations issued pursuant to the said provisions the supervisory authority may levy an administrative fine on such obliged entity. The levying of administrative fines on obliged entities is governed by Section 46, first subsection, first sentence of the Public Administration Act. Obliged entities which are not undertakings must have acted knowingly or with gross negligence.

(2) If an administrative fine is levied on an undertaking pursuant to subsection (1), administrative fines may in addition be levied on directors or the general manager or any person holding a corresponding position in undertakings without any board of directors or general manager if he or she has acted knowingly or with gross negligence.

(3) Administrative fines may be levied on directors, executives, employees and others performing any duties on behalf of obliged entities if they have knowingly or with gross negligence violated Section 26 or Section 28. Administrative fines pursuant to this subsection may be levied without any fine being levied on the undertaking.

(4) Administrative fines of up to NOK 9 million may be levied on obliged entities as referred to in Section 4, subsection (1), letters d), f), l), m) and o), subsection (2) and subsection (5). The same applies to directors, executives, employees and others performing any duties on behalf of obliged entities as referred to in Section 4, subsection (1), letters d), f), l), m) and o), subsection (2) and subsection 5, provided that administrative fines may be levied on these pursuant to subsections (2) and (3). If it can be calculated what benefit has been derived from the violation, an administrative fine in an amount equivalent to double such benefit may be levied instead.

(5) Administrative fines of up to NOK 44 million may be levied on obliged entities as referred to in Section 4, subsection (1), letters a) to c), e), g) to k), n) and p). The same applies to directors, executives, employees and others performing any duties on behalf of obliged entities as referred to in Section 4, subsection (1), letters a) to c), e), g) to k), n) and p), provided that administrative fines may be levied on these pursuant to subsections (2) and (3). If it can be calculated what benefit has been derived from the violation, an administrative fine in an amount equivalent to double such benefit may be levied instead. As far as obliged entities are concerned, an administrative fine in an amount equivalent to up to 10 per cent of their turnover according to the most recent approved annual financial statement may be levied instead, provided that this latter amount is higher. If obliged entities are part of a group, the most recent approved consolidated annual financial statement shall form the basis for such calculation.

(6) The Ministry may in regulations lay down further rules on the calculation of administrative fines.

(7) The power to levy administrative fines is time barred five years after the violation has been discontinued. The limitation period is interrupted by the supervisory authority sending advance notice of, or adopting a decision imposing, an administrative fine.

Section 50.Circumstances of relevance to decisions on imposing prohibitions against holding a management function and levying administrative fines

In assessing whether to impose a prohibition against holding a management function pursuant to Section 48 or levy an administrative fine pursuant to Section 49, the following circumstances shall, inter alia, be taken into account:

a.	the gravity and duration of the violation

b.	the degree of culpability of the violator

c.	the financial strength of the violator

d.	the obliged entity's risk assessments pursuant to Section 7 and procedures pursuant to Section 8

e.	benefits that have been derived or could have been derived from the violation

f.	whether third parties have incurred losses

g.	the level of cooperation with the authorities

h.	any previous violations of the Anti-Money Laundering Act or regulations issued pursuant to this Act.

The same circumstances shall be taken into account in determining the amount of any administrative fine.

Section 51.Penalties

(1) A penalty of a fine shall be applied to undertakings which are obliged entities and which violate Section 9, 12, 13, 17, 18, 24, 25, 26, 28, 30 or 42 or regulations issued pursuant to these provisions. When undertakings are liable to a penalty pursuant to the first sentence, a penalty of a fine may be applied to any director or the general manager, or any person holding a corresponding position in enterprises without any board of directors or general manager, if he or she has acted knowingly or with gross negligence in connection with the violation. In particularly aggravating circumstances, imprisonment for a term not exceeding 1 year may be imposed.

(2) A penalty of a fine shall be applied to natural persons who are obliged entities and who violate, knowingly or with gross negligence, Section 9, 12, 13, 17, 18, 24, 25, 26, 28, 30 or 42 or regulations issued pursuant to these provisions. In particularly aggravating circumstances, imprisonment for a term not exceeding 1 year may be imposed.

(3) A penalty of a fine shall be applied to directors, executives, employees and others performing any duties on behalf of the undertaking if they violate, knowingly or with gross negligence, Section 26 or Section 28. In particularly aggravating circumstances, imprisonment for a term not exceeding 1 year may be imposed.

Chapter 11. Concluding provisions

Section 52.Information to accompany transfers of funds and certain crypto assets

(1) EEA Agreement Appendix IX No. 23b (Regulation (EU) 2023/1113) on information accompanying transfers of funds and certain crypto assets (TFR II) applies as Norwegian law with such modifications as follow from Annex IX, Protocol 1 to the Agreement and the Agreement in general.

(2) The Ministry may by regulations make further provision in accordance with Article 26 of Regulation (EU) 2023/1113 concerning the retention of personal data beyond five years, but not exceeding a total of ten years.

Section 53.Entry into force

The Act shall enter into force on the date decided by the King.¹ The King may decide that the various provisions of this Act shall enter into force on different dates. The Ministry may issue transitional provisions.

1	From 15 October 2018 according to res. 14 September 2018 No. 1326.

Section 54.Amendments to other Acts

The following amendments to other Acts will become effective as from the date of entry into force of this Act:

1.	Act of 6 March 2009 No. 11 relating to Measures to Combat Money Laundering and Terrorist Financing, etc., shall be repealed. – – –