HomeInsightsAML Compliance for NGOs & Foundations in Bulgaria

AML Compliance for NGOs & Foundations in Bulgaria (2026)

Published: March 30, 2026 | Last updated: March 30, 2026

Foundations and associations in Bulgaria are obligated entities under the Anti-Money Laundering Act (AMLA). Despite pursuing non-commercial objectives, non-profit legal entities (NPOs) fall within the scope of AML/CFT regulation. All NPOs are obligated under Art. 4(28) of the AMLA, with those exceeding BGN 20,000 annual turnover facing additional obligations. Following Bulgaria’s FATF grey listing, supervision has been significantly intensified.

In brief

  • All NPOs are obligated entities under Art. 4(28) of the AMLA
  • NPOs with annual turnover above BGN 20,000 have additional obligations — internal rules and risk assessment
  • Annual AML training is mandatory for all NPOs (Art. 101(11) AMLA)
  • Sanctions for non-compliance with training: BGN 2,000 to 20,000
  • Risk assessment must be updated every three years
  • Bulgaria was placed on FATF’s grey list in October 2023, increasing scrutiny on NPOs

NPOs as Obligated Entities

Under Art. 4(28) of the AMLA, all non-profit legal entities — foundations and associations — are obligated entities. This means that regardless of the scale of their activities, every NPO bears responsibility for applying anti-money laundering and counter-terrorism financing measures.

There are two tiers of obligations:

  1. General obligations — applicable to all NPOs regardless of turnover.
  2. Additional obligations — for NPOs with annual turnover above BGN 20,000 for the previous reporting year, or for those that independently assess that their activities may be used for money laundering.

This differentiation was introduced with the 2019 amendments to the AMLA and subsequent 2023 changes, to balance regulatory burden against actual risk.

General Obligations for All NPOs

Even NPOs with minimal activity must fulfill the following core obligations:

  • Annual training on AML regulatory requirements (Art. 101(11) AMLA).
  • Identification of persons with whom they work — donors, beneficiaries, counterparties — and their beneficial owners.
  • Record keeping — data, documents, and information collected must be retained for 5 years.
  • Reporting — notification to the Financial Intelligence Directorate of SANS when suspecting money laundering or terrorism financing.

Additional Obligations Above BGN 20,000 Turnover

NPOs with annual turnover exceeding BGN 20,000 have expanded obligations. “Annual turnover” in the AMLA context includes the sum of revenues from activities per the Non-Commercial Activity Income and Expenditure Report, plus total revenues from commercial activities if applicable.

Additional obligations include:

  • Preparation and adoption of internal AML rules under Art. 101 of the AMLA.
  • Conducting a risk assessment using the SANS methodology.
  • Designating a responsible person for internal control over AMLA compliance.
  • Applying customer due diligence measures to donors and counterparties.

Even NPOs with turnover below BGN 20,000 may fall into this category if they independently assess that their activities may be at risk.

Internal AML Rules Under Art. 101

Internal rules under Art. 101 of the AMLA must contain clear procedures for:

  • Criteria for recognizing suspicious operations, transactions, and clients.
  • Internal control system for AMLA compliance monitoring.
  • Internal risk assessment system and donor risk profiling.
  • Procedures for record keeping and data protection.
  • Reporting procedures when suspicious operations are identified.
  • Training program for employees.

SANS publishes template internal rules specifically designed for NPOs on its website. Internal rules should have been updated by 01.07.2024 to reflect the latest AMLA amendments.

Risk Assessment

The risk assessment is a mandatory document for NPOs with annual turnover above BGN 20,000. It is prepared using the methodology and criteria published on the SANS website and includes:

  • Analysis of risk factors related to the organization’s activities.
  • Assessment of risks arising from the type of donors and beneficiaries.
  • Review of the geographic scope of activities.
  • Evaluation of channels for receiving and distributing funds.

The risk assessment is approved by senior management and updated every three years or when significant changes occur in the organization’s activities. Results must be reflected in the internal rules.

Identification of Donors and Beneficial Owners

A key obligation is the identification of beneficial owners of persons the NPO works with — donors, beneficiaries, and project partners.

Identification Methods

The AMLA provides several methods for identifying beneficial owners:

  1. Registry checks — Commercial Register, NPO Register, BULSTAT register.
  2. Document requests — articles of association, current status, shareholder register.
  3. Declaration under Art. 59(1)(3) of the AMLA — permissible only when information from the first two methods is insufficient or contradictory.

When a donor is identified as a Politically Exposed Person (PEP) under Art. 36 of the AMLA, the NPO must apply enhanced due diligence measures, including senior management approval and establishment of the source of funds.

Since 16.07.2024, obligated entities must notify the Registry Agency within 14 days of discovering discrepancies between collected beneficial ownership data and registered data.

Annual AML Training

Under Art. 101(11) of the AMLA and Art. 67(1) of its Implementing Regulation, all NPOs must participate in AML training at least once per year.

Two types of training exist:

  • Introductory training — for new employees or newly established organizations.
  • Continuing training — annual, for all existing staff and management.

If the NPO has no employees, the managing persons must undergo training. For more details on training obligations, see our article on AML training requirements.

A performance report must be prepared for each training event, which is a mandatory document during SANS inspections.

Register Under Art. 9b of the AMLA

The register under Art. 9b of the AMLA is a special register maintained by the Ministry of Justice for persons under Art. 4(16) — those who professionally provide registered office addresses, company formation services, or trust management.

Important: This register does not apply to foundations and associations in their capacity as NPOs. NPOs are obligated entities under Art. 4(28), not Art. 4(16). Registration under Art. 9b is required only if the NPO professionally performs activities under Art. 4(16).

FATF Grey List and Increased Scrutiny

On 27 October 2023, Bulgaria was placed on the FATF grey list — a list of jurisdictions with strategic deficiencies in their AML/CFT regimes.

Bulgaria committed to:

  • Identifying NPOs most vulnerable to abuse for terrorism financing.
  • Applying risk-based monitoring of these organizations.
  • Intensifying supervision by SANS.

This means that SANS inspections have become more frequent and thorough, and documentation and compliance requirements are stricter. Foundations and associations should be prepared for inspection at any time.

Sanctions for Violations

Violation First offense Repeated offense
Failure to conduct training BGN 2,000 – 20,000 Higher
Absence of internal rules BGN 2,000 – 20,000 BGN 5,000 – 50,000
Failure to conduct due diligence BGN 1,000 – 10,000 (individuals) / BGN 2,000 – 20,000 (legal entities) Doubled
Serious or systematic violations Up to BGN 2,000,000

Supervision and sanctions are carried out by SANS.

Practical Compliance Steps

  1. Determine your annual turnover — if it exceeds BGN 20,000, you have additional obligations.
  2. Prepare or update internal rules under Art. 101 of the AMLA.
  3. Conduct a risk assessment using the SANS methodology.
  4. Designate a responsible person for internal control.
  5. Conduct annual training for all employees and managing persons.
  6. Document everything — training reports, donor identification, due diligence records.
  7. Monitor legislative changes and SANS guidelines.

Frequently Asked Questions

Which NPOs are obligated entities under Bulgaria’s AML legislation?
All non-profit legal entities — foundations and associations — are obligated entities under Art. 4(28) of the AMLA. Those with annual turnover above BGN 20,000 have additional obligations including internal rules and risk assessment.
Must a foundation without employees conduct AML training?
Yes. Under Art. 101(11) of the AMLA and Art. 67(1) of its Implementing Regulation, if an NPO has no employees, its managing persons — directors, board members — must undergo AML training at least once per year.
What is the sanction for failure to conduct AML training?
The sanction for failure to conduct introductory or continuing AML training is a pecuniary penalty of BGN 2,000 to 20,000. For repeated violations, the penalty can reach BGN 5,000 to 50,000, and for serious or systematic violations — up to BGN 2,000,000.
Which NPOs must adopt internal AML rules?
Internal AML rules under Art. 101 of the AMLA are mandatory for NPOs with annual turnover exceeding BGN 20,000 for the previous reporting year, and for NPOs that assess their activities may be at risk of being used for money laundering or terrorism financing.
What does the risk assessment for foundations include?
The risk assessment is prepared using the methodology published by SANS (State Agency for National Security). It is approved by senior management, updated every three years, and covers risk factors related to the organization’s activities, donors, and beneficiaries.
Must NPOs identify the beneficial owners of their donors?
Yes. NPOs must identify donors and other persons they work with, including their beneficial owners. This involves checks in the Commercial Register, the NPO Register, and if needed — a beneficial owner declaration under Art. 59(1)(3) of the AMLA.
How does Bulgaria’s FATF grey listing affect NPOs?
On 27 October 2023, Bulgaria was placed on the FATF grey list due to strategic deficiencies in its AML regime. The government committed to identifying vulnerable NPOs and applying risk-based monitoring, resulting in increased scrutiny by SANS.
Which authority supervises NPOs for AML compliance?
The State Agency for National Security (SANS / DANS) supervises AML compliance by NPOs. SANS conducts inspections, imposes sanctions, and publishes guidelines and template documents for obligated entities.

Conclusion

AML compliance is not optional for Bulgarian foundations and associations. All NPOs are obligated entities under the AMLA, and those with turnover above BGN 20,000 face a comprehensive set of obligations — from internal rules and risk assessments to annual training and beneficial owner identification. Following Bulgaria’s placement on the FATF grey list, SANS inspections have intensified significantly.

If you need legal assistance with AMLA compliance for your foundation or association, the team at Innovires Legal can help you prepare internal rules, conduct training, and ensure full regulatory compliance.

This article is for informational purposes only and does not constitute legal advice. For specific questions about your foundation or association, please contact a qualified lawyer. The information is current as of the publication date (30 March 2026) and may be affected by subsequent legislative changes.

Need assistance?

The Innovires team can help your foundation or association achieve full AML compliance — internal rules, training, risk assessment, and ongoing support.