LinkedIn
EN
PT

New CMVM FAQs on Reporting Obligations in the Context of Anti-Money Laundering and Counter-Terrorist Financing

On 26 May 2026, the CMVM updated its Questions and Answers on the obligations applicable to obliged entities in the context of the prevention of money laundering and terrorist financing (“AML/CFT“), following the entry into force of CMVM Regulation No. 5/2025, of 8 August, which introduced amendments to CMVM Regulation No. 2/2020, of 17 March (the “Regulation“).

CMVM Regulation No. 5/2025 introduced, among other amendments, the broadening of the subjective scope of reporting, the transition to a new reporting format and the introduction of new fields and information blocks in Annex I to the Regulation. The first report under the new regime must be submitted by 30 June 2026, with reference to the year 2025.

The new FAQs are intended to clarify practical questions relating to compliance with the reporting obligations set out in the Regulation, covering matters such as file submission, the classification of clients and counterparties, and the completion of the various Information Blocks of Annex I to the Regulation.

We highlight some of the key clarifications regarding the reporting of information to the CMVM:

  1. The CMVM introduces two medium-risk subcategories (medium-low and medium-high) for reporting purposes. The definition of the criteria for this classification is the responsibility of the obliged entities, which must adapt them to the specific risks of their activity. In case of difficulty in the conversion, entities may classify medium risk as medium-high risk;
  2. Personnel relevant to AML/CFT are all those who, in the performance of their duties, contribute to the fulfilment of preventive obligations, regardless of their role or professional category;
  3. A single client may fall within several types of contractual relationship, and must be counted only once for each type in which it is classified;
  4. The report must include counterparties in respect of which identification and due diligence obligations under the Law have been effectively applied. The reporting obligation does not create additional identification or due diligence requirements, and is intended solely to collect aggregate information already available to the entities;
  5. Only deficiencies that remain unresolved as at 31 December of the year to which the report relates must be reported, regardless of the date on which they were identified. Deficiencies remedied during the reference period must not be included;
  6. Not all Information Blocks of Annex I to the Regulation are mandatory. In optional fields, where there is no information to report, the respective lines must be deleted from the reporting file;
  7. Reporting files must be submitted in .xml format through the BUE portal. Validation may be carried out by checking the file against the Schema made available by the CMVM;
  8. Files containing validation errors are automatically rejected, and the obliged entity must correct and resubmit them. For the correction of reports in .dat format relating to prior periods, the communication must be made by message on the BUE portal.

Click here to access the CMVM FAQs.

For further information, please contact us at rvr@ccsllegal.com

[Photograph by: Jakub Żerdzicki, available at unsplash.com]

Menu