Austria Centralises Financial Sanctions Oversight: FMA Assumes New Powers In 2026

June 2026 – As of 1 January 2026, the Austrian Financial Market Authority (FMA) has assumed full responsibility for the monitoring and enforcement of international financial sanctions across the Austrian financial sector. This includes sanctions regimes targeting, among others, Russia and Iran. Previously, key supervisory functions in this area were handled by the Austrian National Bank (OeNB).

By transferring sanctions oversight to the FMA, the Austrian legislator aims to centralise supervisory responsibilities, consolidating sanctions enforcement and anti‑money laundering oversight within a single authority. This reform is intended to enhance efficiency, consistency, and legal certainty, while providing financial market participants with a single supervisory point of contact.

At the same time, the scope of supervised entities has been significantly expanded: As of 2026, the FMA’s sanctions supervision applies to all Austrian financial market participants, covering not only credit and financial institutions, but also payment institutions, investment firms, alternative investment funds managers, insurance undertakings and crypto-asset service providers.

Background of the reform

The reform is part of a broader adjustment of the Austrian legal framework in response to international evaluations, in particular the Financial Action Task Force (FATF), concerning the effectiveness of measures to combat money laundering and terrorist financing (AML/CFT). As part of this process, the Sanctions Act 2024 (Sanktionengesetz 2024) was adopted, replacing the previous Sanctions Act 2010 (Sanktionengesetz 2010).

Because international financial sanctions are often closely linked to AML/CFT measures and the circumvention of economic restrictions, the Austrian legislator considered it fitting to consolidate the relevant supervisory tasks within the authority already holding extensive AML/CFT responsibilities. This creates a “one-stop-shop” for both AML/CFT and sanctions compliance.

Financial sanctions framework in Austria

International financial sanctions are primarily adopted by the United Nations Security Council (UN) and implemented or supplemented at the European level through EU regulations. In addition, the European Union may adopt autonomous sanctions regimes.

Austria is obliged to implement UN sanctions. These binding international measures are enforced domestically through Austrian legislation and administrative acts, in particular the Sanctions Act 2024, the Austrian Foreign Exchange Act (Devisengesetz) – which complements the sanctions framework notably with regard to reporting obligations and capital movements – and, in the area of goods-related sanctions, Austrian export control rules. EU sanctions - known as ‘restrictive measures’ - apply directly in Austria and do not require national transposition.

Financial sanctions typically target specific countries, organizations, or individuals listed on international sanctions lists. The European Union provides a publicly accessible overview of existing sanctions regimes via the EU Sanctions Map. It contains also a consolidated list of natural and legal persons, organisations, and bodies subject to EU and UN financial sanctions.

Obligations of Austrian financial market participants

Financial sanctions are a core tool to prevent terrorist financing, proliferation financing (the provision of funds or financial services used to support the manufacture, acquisition, development, or transfer of nuclear, chemical, or biological weapons) and the abuse of the financial system by sanctioned actors.

For Austrian financial market participants, compliance with international financial sanctions is therefore essential to safeguarding the integrity and resilience of the financial system and constitutes a central component of their regulatory compliance. They must ensure that they neither maintain business relationships with sanctioned actors or organizations nor carry out prohibited transactions. Key obligations include in particular:

Customers and transaction screening

Financial market participants must implement continuous, risk‑based screening measures to identify persons, entities, and transactions subject to sanctions before processing a transaction and avoid breaches arising from inadequate due diligence. In practice, this is typically achieved through automated sanctions list screenings of clients, business partners, and beneficial owners, combined with ongoing transaction monitoring.

Freezing of assets

All funds and economic resources owned, held, or controlled by natural or legal persons, entities, or organizations designated under the applicable sanctions regimes, as well as by any persons or entities associated with them, must be frozen (Asset Freeze). No funds or economic resources may be made available, directly or indirectly, to or for the benefit of these sanctioned persons. Economic resources include assets of every kind – tangible or intangible, movable or immovable – that are not funds but may be used to obtain funds, goods or services. Crypto assets are generally included in the non-exhaustive list of funds, but depending on their structure they may also be classified as economic resources. Monetary claims against insurance undertakings held by sanctioned persons qualify as funds and must likewise be frozen. From this it follows that financial market participants must identify and freeze assets belonging to persons. Applications for the release of frozen assets must be submitted exclusively to the FMA as the competent authority.

Prohibition on making funds or economic resources available

Austrian financial market participants must not provide any financial value or services to sanctioned persons or entities. This includes credit, loans, insurance benefits, guarantees, crypto‑asset transfers, and trade financing. Transactions benefiting sanctioned parties, even if routed through non‑listed persons, must be blocked. By blocking the transaction, the prohibited provision of funds is prevented and the payments must be returned by the involved participant to the respective client.

Reporting obligations

• Austrian banks and financial institutions must report the freezing of funds or economic resources without undue delay. Funds are reported to the FMA, whereas economic resources rereported to the Austrian Federal Ministry of the Interior (BMI). In addition, frozen accounts must be reported on a quarterly basis to the FMA.
• Transactions initiated by non-sanctioned persons in favour of sanctioned persons that are blocked and returned must be reported monthly to the FMA.
• Existing deposits exceeding EUR 100,000 relating to Russian or Belarusian natural and legal persons must be reported annually to the FMA (Art 5g of Regulation (EU) No 833/2014).
• Credit and financial institutions must report outgoing transfers from the EU exceeding EUR 100,000 per semester linked to listed Russian entities (Art 5r of Regulation (EU) No 833/2014).
• Funds transfers involving Iranian persons or legal entities are subject to reporting and, where applicable, prior authorisation (Art 30 and Art 30a of Regulation (EU) No 267/2012).

All reporting and communication with the FMA as well as legal inquiries related to financial sanctions must be conducted via the FMA Incoming Platform.

Non-compliance with the above described obligations can lead to significant legal consequences. In addition to administrative penalties imposed by the FMA, the Sanctions Act 2024 also contains criminal provisions, which may result in imprisonment of up to five years. Administrative penalties may amount to EUR 150,000, in severe and systematic cases up to EUR 5 million or 10% of total annual turnover. Penalties imposed on companies may be published on the FMA’s website, where the affected companies are explicitly named. Non-compliance with sanctions requirements can therefore also result in reputational losses as well as civil liabilities and litigation from clients, counterparties or shareholders.

Implementation in practice

Internal compliance structures of Austrian financial market participants will therefore now be increasingly considered from the perspective of sanctions monitoring. It is therefore decisive to establish adequate internal processes to identify and manage sanctions risks.

At the end of 2025, the guidelines of the European Banking Authority (EBA) came into force, establishing for the first time common EU standards for sanctions compliance across the financial sector.

General Guidelines for Financial Institutions (EBA/GL/2024/14)

The guidelines apply to all financial institutions within the EBA’s supervisory remit, including credit institutions and investment firms. They focuse on governance, risk management, and internal controls for sanctions compliance. Institutions are required to establish clear governance structures, allocate responsibility for compliance at senior management level, and maintain up-to-date policies, procedures, and controls proportionate to their size, complexity, and sanctions exposure.

A central element is the mandatory restrictive measures exposure assessment, which institutions must conduct and regularly update to identify where and how they may be exposed to sanctions risks across customers, products, services, and jurisdictions. The results of this assessment must directly inform the design of screening systems, transaction controls, escalation processes, and staff training.

Guidelines for Payment Service Providers and Crypto-Asset Service Providers (EBA/GL/2024/15)

The guidelines are addressed specifically to payment service providers and crypto-asset service providers. These guidelines set out operational requirements to ensure that transfers of funds or crypto-assets do not result in making funds or economic resources available to designated persons.

They emphasise the need for reliable screening tools, effective transaction monitoring, and robust procedures to prevent circumvention of sanctions, including in fast-moving or automated payment environments. Controls must cover both direct and indirect involvement of sanctioned persons and be continuously reviewed to reflect changes in sanctions regimes.

As of 10 July 2027, policies, procedures and controls in relation to the management of risks relating to non-compliance and evasion of EU sanctions will be regulated by Regulation (EU) 2024/1624 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (AML Regulation). The EBA guidelines will then be amended accordingly. The newly established European Authority for Anti-Money Laundering (AMLA) will at that point also contribute to a common supervisory approach to verification of compliance with sanctions-related requirements.

At national level, the EBA supervisory expectations are complemented and substantiated by the Sanctions Act 2024, which establishes concrete statutory obligations for Austrian financial market participants. Besides the above-mentioned reporting and asset freezing obligations, financial market participants are required to establish policies, procedures and controls for effective sanctions compliance, similar to the EBA guidelines. The management body is explicitly responsible for respective implementation.

The FMA is further granted extensive information, reporting and inspection powers, giving rise to corresponding duties for supervised entities. Austrian inancial market participants must provide complete and timely information upon request, transmit and report data, submit all required documents and evidence, and grant access to relevant records and systems. Particular emphasis is placed on the completeness and timeliness of disclosures; the intentional provision of incomplete or incorrect information is expressly prohibited.

Outlook

Taking the above into account, it becomes clear that sanctions compliance is no longer assessed in isolation, but as an integral part of governance, risk management and internal control frameworks.

With the FMA’s assumption of comprehensive responsibility for financial sanctions supervision, a further intensification of supervisory scrutiny can be expected. The authority is equipped with extensive powers, including the conduct of on-site inspections, in-depth reviews of internal control systems, and the systematic analysis of regulatory reports and notifications submitted by supervised entities. Sanctions compliance frameworks will therefore be examined with a level of detail and frequency comparable to established AML/CFT supervision.

The FMA has already demonstrated in the first half of 2026 that it intends to consistently pursue this approach of intensified and more intrusive supervision concerning sanctions compliance. Several Austrian financial market participants where already confronted with extensive information requests.

In practice, this means that Austrian financial market participants must anticipate a more proactive supervisory approach. Particular attention must be paid to the effectiveness of sanctions screening systems, escalation and reporting processes, documentation standards, and the involvement of senior management in sanctions-related decision-making.

Given the dynamic nature of sanctions regimes and the FMA’s enhanced enforcement mandate under the Sanctions Act 2024, institutions are expected not only to maintain formal compliance structures, but also to demonstrate that these structures are operationally effective, regularly reviewed, and responsive to changes in sanctions law. They should be designed to meet both EU-level supervisory expectations and the concrete statutory requirements under Austrian law. Deficiencies identified in the course of supervision will very likely trigger remediation measures, follow-up inspections, or enforcement actions.

Against this background, Austrian financial market participants are well advised to critically review and, where necessary, strengthen their sanctions compliance frameworks at an early stage. A forward-looking and well-documented approach to sanctions risk management is key to meeting heightened supervisory expectations and mitigating legal, reputational, and operational risks under the new supervisory regime.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.