AML Compliance Checklist 2026 for Domiciliation Centers
Exhaustive 2026 checklist to self-assess the AML compliance of your domiciliation center: 60 control points covering governance, KYC, UBO, monitoring, CTIF reporting, retention and training. With scoring, required documents and common pitfalls observed during SPF Economie inspections.
In brief
AML compliance for a Belgian domiciliation center in 2026 rests on 60 control points across 8 dimensions, made mandatory by the Royal Decree of 22 April 2024. A score below 80 % exposes you to SPF Economie sanctions. The most frequent gaps are the absence of a reasoned non-reporting log, a risk assessment copied from a generic template, and undocumented continuing training.
Why this 2026 checklist
SPF Economie has strengthened its enforcement arsenal with the Royal Decree of 22 April 2024. In 2025-2026, inspections have multiplied and several public sanctions have been issued against non-compliant domiciliation providers — often with explicit citation of earlier anonymous sanctions against the same entity.
This checklist is a self-assessment tool that can also serve as the basis for an external audit or for your AMLCO's annual review. It reflects the law as applicable in May 2026 and incorporates lessons from recently published sanctions.
For the full legal framework, see the Act of 18 September 2017 and the new 2024 obligations for domiciliation.
How to use this checklist
For each point:
- ✅ Compliant: the control is in place, documented, up to date
- ⚠️ Partial: the control exists but with gaps
- ❌ Non-compliant: absent or undocumented
Scoring: 1 point per ✅. A score below 80 % exposes you to sanctions on inspection. Below 60 %, the inspection typically concludes to a structural deficiency.
Before the review: gather the listed documents. SPF Economie inspectors always ask for written evidence, never oral statements.
Section 1 — AML Governance (12 points)
1.1 AMLCO formally appointed
Written decision of the board or manager. Identity, function and direct access to management documented.
Evidence: appointment minutes + job description.
1.2 Written, dated, signed AML policy
Document specific to your firm (not a generic internet template). Covers KYC, monitoring, CTIF reporting, retention, training.
Evidence: signed policy + version history.
1.3 Up-to-date overall risk assessment
Document specific to your activity, structured on the 4 dimensions client × product × geography × channel. See our 5-step methodology.
Evidence: management-signed assessment, less than 12 months old.
1.4 Initial training for all staff
All staff in contact with files, not just the AMLCO. Program, duration, certificate.
Evidence: nominative training log.
1.5 Annual continuing training
At least 4 h/year for the AMLCO, 2 h/year for staff. Topics covered tracked.
Evidence: log + training material.
1.6 Decision log
Analyzed suspicions (CTIF-reported and not reported with reason), files refused, authority requests.
Evidence: timestamped digital log.
1.7 Internal escalation procedure
Who detects, who escalates, who decides, who transmits. Written and known by the team.
1.8 Annual framework audit
Internal for small structures, external above 10 staff.
Evidence: signed audit report.
1.9 AMLCO role continuity
A deputy appointed for absences (leave, sickness).
1.10 Subcontracting agreement (if KYC outsourced)
If you outsource KYC to an external provider, written agreement with AML clause + annual audit.
1.11 Valid SPF Economie register entry
Valid entry, current, not suspended. Publicly verifiable.
1.12 Triennial renewal prepared in advance
Anticipate 6 months before expiry. Documents to gather for AML audit.
Section 2 — Initial KYC (10 points)
2.1 Full identification of the domiciliated company (legal entity)
Name, BCE/KBO number, legal form, registered office, corporate purpose, directors, key dates.
Evidence: BCE/KBO extract less than 6 months old.
2.2 Identification of the legal representative
Signatory of the domiciliation contract.
Evidence: ID + power of representation.
2.3 Full UBO cascade (3 levels)
Direct beneficiaries (>25 %), indirect (holding chain), default (directors). See UBO details.
Evidence: group org chart + UBO ID documents.
2.4 UBO register consultation and comparison
Confirmation that UBOs declared on MyMinFin match what you identify. Divergence = flag.
2.5 PEP verification
The domiciliated company, its directors and UBOs are not Politically Exposed Persons (or if so: enhanced measures).
Evidence: dated screening result.
2.6 International sanctions check
EU, UN, OFAC lists. None of the identified parties appear.
Evidence: dated screening result.
2.7 Understanding of real economic activity
Declared activity is plausible given the directors/UBO profile. Documented.
2.8 Source of funds verification (if high risk)
For high-risk files: evidence of source of invested funds.
2.9 Senior management approval to onboard
For all standard or high-risk files, explicit signature of a responsible person.
2.10 Written, signed, archived domiciliation contract
Identification of the domiciliated company, services rendered, term, authority access rights, termination for non-compliance.
Evidence: signed contract + acknowledgement of receipt.
Section 3 — Per-file risk assessment (5 points)
3.1 Risk grade assigned to each file
Low / Standard / High per your matrix.
3.2 Written justification of the grade
No "high because I feel it". Concrete criteria.
3.3 Corresponding measures applied
If high: quarterly monitoring, source of funds, management approval.
3.4 Automatic review on change
New director, change of corporate purpose, UBO change → reassessment.
3.5 Documentation of borderline cases
Files refused or accepted with reservation: written justification.
Section 4 — Ongoing monitoring (8 points)
4.1 BCE monitoring of each domiciliated company
Automatic tracking: director change, corporate purpose change, annual accounts filing.
4.2 UBO monitoring
Notification on every UBO register update.
4.3 Tracking of annual UBO confirmations
Dashboard of companies under your responsibility, deadlines and reminders.
4.4 Mail monitoring
Recording of received official mail, alerts on non-collection within 15 days.
4.5 Periodic re-verification
Low: annual. Standard: semi-annual. High: quarterly.
4.6 Automatic alert on major event
Declared bankruptcy, director convicted, international sanctions: immediate escalation.
4.7 Authority visits/letters tracked
Every interaction with prosecutor, bailiff, police, tax authority logged.
4.8 Annual full review of all files
All active files reviewed within the year, including "low risk" ones.
Section 5 — CTIF reporting (7 points)
5.1 Written detection procedure
Indicators (red flags) listed and known by the team. See our CTIF guide.
5.2 Internal analysis procedure
Who analyzes, within what timeframe, how to document.
5.3 Operational goAML platform
Active CTIF account, AMLCO trained on the tool, ability to transmit within 48-72 hours.
5.4 Ready-made report template
Factual, chronological framework. No drafting from scratch in emergency.
5.5 Confidentiality preserved
No mention to the client (tipping-off prohibition). Access logs compartmentalized.
5.6 Reports log
Internal reference, date, reason, follow-up.
5.7 Reasoned non-report log
Analyzed suspicions that did not lead to a report: written justification (often forgotten, yet inspected).
Section 6 — Retention and archiving (6 points)
6.1 10-year retention policy
All AML documents retained 10 years after end of relationship.
6.2 Timestamped electronic archiving
Digital signature + TSA timestamp for critical documents.
6.3 Backup and continuity
Externalized backup, tested recovery plan.
6.4 GDPR compliance
Privacy notice, legal basis, data subject rights, register of processing activities.
6.5 Return / deletion after retention
After 10 years, controlled and documented deletion.
6.6 Extraction capability on authority request
Response possible within 48 h with complete file.
Section 7 — Training and culture (5 points)
7.1 AML onboarding for every new staff member
Before any file contact.
7.2 Mandatory annual update
Nominative tracking, certificate.
7.3 Practical exercises (mini-cases, red flags)
Not just theory.
7.4 Internal communication on published sanctions
Learn from concrete cases published by SPF Economie.
7.5 Knowledge assessment
Quiz, annual role-play.
Section 8 — Preparing an SPF Economie inspection (7 points)
8.1 Presentation file ready
Organization, AMLCO, policy, risk assessment — in 30 minutes.
8.2 Sample of complete KYC files
3-5 representative files, immediately presentable.
8.3 Up-to-date decision log
All reasoned non-reports documented.
8.4 Up-to-date service log
Movements (in/out) tracked, compliant with RD 22/04/2024.
8.5 Training history exportable in 5 minutes
8.6 Centralized domiciliation contracts
8.7 AMLCO available on inspection day
Score and interpretation
- ≥ 90 %: compliant, solid framework. Continue annual reviews.
- 80-89 %: compliant with improvement areas. List points for 1-3 months.
- 70-79 %: risk zone. Immediate action plan on gaps.
- < 70 %: real risk of sanction. External audit recommended.
Frequent inspection findings
How Company Belgium accelerates your compliance
Company Belgium's company service provider module directly covers most of this checklist:
- Service register compliant with SPF Economie (sections 1, 8)
- Automated UBO cascade with Belgian register comparison (section 2)
- Continuous BCE monitoring of each domiciliated company — director changes, corporate purpose, accounts filing (section 4)
- UBO alerts as soon as the cascade changes (section 4)
- Integrated goAML module to prepare CTIF reports (section 5)
- Timestamped 10-year archiving, encrypted and GDPR (section 6)
- AMLCO dashboard: overall tracking, indicators, decision and training logs (sections 1, 7)
- Legal contract templates for domiciliation with electronic signature (section 2)
A specialized platform that turns this self-assessment checklist into a real-time operational dashboard.
Bottom line
The AML compliance of a domiciliation center rests on 60 concrete controls across 8 dimensions. None is optional since the RD of 22 April 2024.
The ultimate test: an SPF Economie inspector asks you tomorrow morning for three things — your AML policy, the signed risk assessment, and a sample of complete KYC files with UBO register comparison. If you can deliver in 30 minutes, you are ready.
If not, this checklist tells you exactly what to catch up on first.
Frequently asked questions
How many control points does the 2026 AML checklist contain for a Belgian domiciliation center ?
The 2026 checklist contains 60 control points across 8 dimensions: AML governance (12 points), initial KYC (10 points), per-file risk assessment (5 points), ongoing monitoring (8 points), CTIF reporting (7 points), retention and archiving (6 points), training and culture (5 points), and SPF Economie inspection preparation (7 points). A score below 80 % exposes you to sanctions on inspection.
Which points are most frequently missing during an SPF Economie inspection ?
The 4 most frequently flagged gaps are: absence of a reasoned non-reporting log (finding #1), an AML policy copied from an internet template without adaptation to the center's activity, an implausibly uniformly low risk assessment, and continuing training conducted but undocumented. These 4 gaps alone can lead to a structural deficiency finding during a 2026 inspection.
What must a reasoned non-reporting log contain for a domiciliation center ?
The log must record each case where the AMLCO analyzed a suspicion without concluding to a CTIF report. For each entry: internal file reference, analysis date, description of the detected signal, factual elements gathered, reasoning that led to non-reporting, and AMLCO signature. This log must be timestamped, retained for 10 years, and presentable within 15 minutes during an inspection.
Does the Royal Decree of 22 April 2024 change AML obligations for Belgian domiciliation centers ?
Yes, the RD of 22 April 2024 reinforces several existing obligations and adds new ones: domiciliation contract with mandatory specific clauses, service register compliant with the SPF Economie model, enhanced traceability of uncollected official mail, and immediate termination right in case of domiciliated company non-compliance. Centers that have not updated their contracts and procedures since that date are no longer compliant.
Comments
Related articles

Accountant: automating the financial analysis of your customer portfolio
An accountant manages 50 to 300 client files. Manually analysing annual accounts, computing ratios, spotting red flags and preparing a report for each yearly meeting takes hundreds of hours a year. Here is how to automate 80% of that work while raising service quality.

Calculating the credit limit of a B2B customer: 4 proven methods
How much credit exposure can you safely grant a B2B customer? Discover the four methods used by credit insurers and finance departments of Belgian SMEs: equity cap, turnover cap, asset cap and financial scoring — with worked examples.

Searching Belgian companies in natural language: the complete /recherche guide
Type "accountants in Liège", "restaurants 1000 Brussels" or a BCE number: the /recherche bar turns your sentence into NACE, postcode and name filters, then returns a page enriched with sector statistics. Tour of use cases, URL shortcuts and linguistic subtleties.
