CompanyBelgium

AML Compliance Checklist 2026 for Domiciliation Centers

Exhaustive 2026 checklist to self-assess the AML compliance of your domiciliation center: 60 control points covering governance, KYC, UBO, monitoring, CTIF reporting, retention and training. With scoring, required documents and common pitfalls observed during SPF Economie inspections.

March 26, 202611 min read

In brief

AML compliance for a Belgian domiciliation center in 2026 rests on 60 control points across 8 dimensions, made mandatory by the Royal Decree of 22 April 2024. A score below 80 % exposes you to SPF Economie sanctions. The most frequent gaps are the absence of a reasoned non-reporting log, a risk assessment copied from a generic template, and undocumented continuing training.

Why this 2026 checklist

SPF Economie has strengthened its enforcement arsenal with the Royal Decree of 22 April 2024. In 2025-2026, inspections have multiplied and several public sanctions have been issued against non-compliant domiciliation providers — often with explicit citation of earlier anonymous sanctions against the same entity.

This checklist is a self-assessment tool that can also serve as the basis for an external audit or for your AMLCO's annual review. It reflects the law as applicable in May 2026 and incorporates lessons from recently published sanctions.

For the full legal framework, see the Act of 18 September 2017 and the new 2024 obligations for domiciliation.

How to use this checklist

For each point:

  • ✅ Compliant: the control is in place, documented, up to date
  • ⚠️ Partial: the control exists but with gaps
  • ❌ Non-compliant: absent or undocumented

Scoring: 1 point per ✅. A score below 80 % exposes you to sanctions on inspection. Below 60 %, the inspection typically concludes to a structural deficiency.

Before the review: gather the listed documents. SPF Economie inspectors always ask for written evidence, never oral statements.

Section 1 — AML Governance (12 points)

1.1 AMLCO formally appointed

Written decision of the board or manager. Identity, function and direct access to management documented.

Evidence: appointment minutes + job description.

1.2 Written, dated, signed AML policy

Document specific to your firm (not a generic internet template). Covers KYC, monitoring, CTIF reporting, retention, training.

Evidence: signed policy + version history.

1.3 Up-to-date overall risk assessment

Document specific to your activity, structured on the 4 dimensions client × product × geography × channel. See our 5-step methodology.

Evidence: management-signed assessment, less than 12 months old.

1.4 Initial training for all staff

All staff in contact with files, not just the AMLCO. Program, duration, certificate.

Evidence: nominative training log.

1.5 Annual continuing training

At least 4 h/year for the AMLCO, 2 h/year for staff. Topics covered tracked.

Evidence: log + training material.

1.6 Decision log

Analyzed suspicions (CTIF-reported and not reported with reason), files refused, authority requests.

Evidence: timestamped digital log.

1.7 Internal escalation procedure

Who detects, who escalates, who decides, who transmits. Written and known by the team.

1.8 Annual framework audit

Internal for small structures, external above 10 staff.

Evidence: signed audit report.

1.9 AMLCO role continuity

A deputy appointed for absences (leave, sickness).

1.10 Subcontracting agreement (if KYC outsourced)

If you outsource KYC to an external provider, written agreement with AML clause + annual audit.

1.11 Valid SPF Economie register entry

Valid entry, current, not suspended. Publicly verifiable.

1.12 Triennial renewal prepared in advance

Anticipate 6 months before expiry. Documents to gather for AML audit.

Section 2 — Initial KYC (10 points)

2.1 Full identification of the domiciliated company (legal entity)

Name, BCE/KBO number, legal form, registered office, corporate purpose, directors, key dates.

Evidence: BCE/KBO extract less than 6 months old.

Signatory of the domiciliation contract.

Evidence: ID + power of representation.

2.3 Full UBO cascade (3 levels)

Direct beneficiaries (>25 %), indirect (holding chain), default (directors). See UBO details.

Evidence: group org chart + UBO ID documents.

2.4 UBO register consultation and comparison

Confirmation that UBOs declared on MyMinFin match what you identify. Divergence = flag.

2.5 PEP verification

The domiciliated company, its directors and UBOs are not Politically Exposed Persons (or if so: enhanced measures).

Evidence: dated screening result.

2.6 International sanctions check

EU, UN, OFAC lists. None of the identified parties appear.

Evidence: dated screening result.

2.7 Understanding of real economic activity

Declared activity is plausible given the directors/UBO profile. Documented.

2.8 Source of funds verification (if high risk)

For high-risk files: evidence of source of invested funds.

2.9 Senior management approval to onboard

For all standard or high-risk files, explicit signature of a responsible person.

2.10 Written, signed, archived domiciliation contract

Identification of the domiciliated company, services rendered, term, authority access rights, termination for non-compliance.

Evidence: signed contract + acknowledgement of receipt.

Section 3 — Per-file risk assessment (5 points)

3.1 Risk grade assigned to each file

Low / Standard / High per your matrix.

3.2 Written justification of the grade

No "high because I feel it". Concrete criteria.

3.3 Corresponding measures applied

If high: quarterly monitoring, source of funds, management approval.

3.4 Automatic review on change

New director, change of corporate purpose, UBO change → reassessment.

3.5 Documentation of borderline cases

Files refused or accepted with reservation: written justification.

Section 4 — Ongoing monitoring (8 points)

4.1 BCE monitoring of each domiciliated company

Automatic tracking: director change, corporate purpose change, annual accounts filing.

4.2 UBO monitoring

Notification on every UBO register update.

4.3 Tracking of annual UBO confirmations

Dashboard of companies under your responsibility, deadlines and reminders.

4.4 Mail monitoring

Recording of received official mail, alerts on non-collection within 15 days.

4.5 Periodic re-verification

Low: annual. Standard: semi-annual. High: quarterly.

4.6 Automatic alert on major event

Declared bankruptcy, director convicted, international sanctions: immediate escalation.

4.7 Authority visits/letters tracked

Every interaction with prosecutor, bailiff, police, tax authority logged.

4.8 Annual full review of all files

All active files reviewed within the year, including "low risk" ones.

Section 5 — CTIF reporting (7 points)

5.1 Written detection procedure

Indicators (red flags) listed and known by the team. See our CTIF guide.

5.2 Internal analysis procedure

Who analyzes, within what timeframe, how to document.

5.3 Operational goAML platform

Active CTIF account, AMLCO trained on the tool, ability to transmit within 48-72 hours.

5.4 Ready-made report template

Factual, chronological framework. No drafting from scratch in emergency.

5.5 Confidentiality preserved

No mention to the client (tipping-off prohibition). Access logs compartmentalized.

5.6 Reports log

Internal reference, date, reason, follow-up.

5.7 Reasoned non-report log

Analyzed suspicions that did not lead to a report: written justification (often forgotten, yet inspected).

Section 6 — Retention and archiving (6 points)

6.1 10-year retention policy

All AML documents retained 10 years after end of relationship.

6.2 Timestamped electronic archiving

Digital signature + TSA timestamp for critical documents.

6.3 Backup and continuity

Externalized backup, tested recovery plan.

6.4 GDPR compliance

Privacy notice, legal basis, data subject rights, register of processing activities.

6.5 Return / deletion after retention

After 10 years, controlled and documented deletion.

6.6 Extraction capability on authority request

Response possible within 48 h with complete file.

Section 7 — Training and culture (5 points)

7.1 AML onboarding for every new staff member

Before any file contact.

7.2 Mandatory annual update

Nominative tracking, certificate.

7.3 Practical exercises (mini-cases, red flags)

Not just theory.

7.4 Internal communication on published sanctions

Learn from concrete cases published by SPF Economie.

7.5 Knowledge assessment

Quiz, annual role-play.

Section 8 — Preparing an SPF Economie inspection (7 points)

8.1 Presentation file ready

Organization, AMLCO, policy, risk assessment — in 30 minutes.

8.2 Sample of complete KYC files

3-5 representative files, immediately presentable.

8.3 Up-to-date decision log

All reasoned non-reports documented.

8.4 Up-to-date service log

Movements (in/out) tracked, compliant with RD 22/04/2024.

8.5 Training history exportable in 5 minutes

8.6 Centralized domiciliation contracts

8.7 AMLCO available on inspection day

Score and interpretation

  • ≥ 90 %: compliant, solid framework. Continue annual reviews.
  • 80-89 %: compliant with improvement areas. List points for 1-3 months.
  • 70-79 %: risk zone. Immediate action plan on gaps.
  • < 70 %: real risk of sanction. External audit recommended.

Frequent inspection findings

  • AML policy copied from internet template without activity adaptation
  • Risk assessment uniformly "low" — not credible
  • Vague mitigation measures ("we verify", "we remain alert")
  • No reasoned non-report log — finding #1
  • Annual UBO confirmation forgotten on some domiciliated companies
  • Domiciliation contracts absent or expired
  • Continuing training undocumented (done but no trace)
  • AMLCO backup not identified for absences
  • Uncollected mail not escalated (possible shell-company sign)
  • AMLCO without direct access to management
  • How Company Belgium accelerates your compliance

    Company Belgium's company service provider module directly covers most of this checklist:

    • Service register compliant with SPF Economie (sections 1, 8)
    • Automated UBO cascade with Belgian register comparison (section 2)
    • Continuous BCE monitoring of each domiciliated company — director changes, corporate purpose, accounts filing (section 4)
    • UBO alerts as soon as the cascade changes (section 4)
    • Integrated goAML module to prepare CTIF reports (section 5)
    • Timestamped 10-year archiving, encrypted and GDPR (section 6)
    • AMLCO dashboard: overall tracking, indicators, decision and training logs (sections 1, 7)
    • Legal contract templates for domiciliation with electronic signature (section 2)

    A specialized platform that turns this self-assessment checklist into a real-time operational dashboard.

    Bottom line

    The AML compliance of a domiciliation center rests on 60 concrete controls across 8 dimensions. None is optional since the RD of 22 April 2024.

    The ultimate test: an SPF Economie inspector asks you tomorrow morning for three things — your AML policy, the signed risk assessment, and a sample of complete KYC files with UBO register comparison. If you can deliver in 30 minutes, you are ready.

    If not, this checklist tells you exactly what to catch up on first.

    Frequently asked questions

    How many control points does the 2026 AML checklist contain for a Belgian domiciliation center ?

    The 2026 checklist contains 60 control points across 8 dimensions: AML governance (12 points), initial KYC (10 points), per-file risk assessment (5 points), ongoing monitoring (8 points), CTIF reporting (7 points), retention and archiving (6 points), training and culture (5 points), and SPF Economie inspection preparation (7 points). A score below 80 % exposes you to sanctions on inspection.

    Which points are most frequently missing during an SPF Economie inspection ?

    The 4 most frequently flagged gaps are: absence of a reasoned non-reporting log (finding #1), an AML policy copied from an internet template without adaptation to the center's activity, an implausibly uniformly low risk assessment, and continuing training conducted but undocumented. These 4 gaps alone can lead to a structural deficiency finding during a 2026 inspection.

    What must a reasoned non-reporting log contain for a domiciliation center ?

    The log must record each case where the AMLCO analyzed a suspicion without concluding to a CTIF report. For each entry: internal file reference, analysis date, description of the detected signal, factual elements gathered, reasoning that led to non-reporting, and AMLCO signature. This log must be timestamped, retained for 10 years, and presentable within 15 minutes during an inspection.

    Does the Royal Decree of 22 April 2024 change AML obligations for Belgian domiciliation centers ?

    Yes, the RD of 22 April 2024 reinforces several existing obligations and adds new ones: domiciliation contract with mandatory specific clauses, service register compliant with the SPF Economie model, enhanced traceability of uncollected official mail, and immediate termination right in case of domiciliated company non-compliance. Centers that have not updated their contracts and procedures since that date are no longer compliant.

    Ready to get started?

    Create your free account and get your API keys in minutes.

    Comments

    Loading comments…

    Leave a comment

    Not published — used only to notify you.

    Comments are moderated before publication.

    Related articles

      AML Checklist 2026 domiciliation centers: 60 control points | CompanyBelgium