Austria, Financial‑crime & Corporate Criminal Risks in 2026: What Companies and Directors Must Do Now

Last reviewed 29 April 2026

The Austria financial crime changes 2026 represent the most significant package of criminal‑law, tax‑enforcement and sanctions‑related amendments the country has enacted in over a decade. Effective from 1 January 2026, the Austrian Financial Market Authority (FMA) assumed supervisory responsibility for monitoring and imposing financial sanctions, while the Fraud Prevention Act 2025 expanded the scope of tax‑evasion surcharges and introduced new financial offences under the Austrian Act on Tax Offences (FinStrG). A new daily cash‑payment limit of EUR 10,000 now applies across all sectors, and the Anti‑Fraud Office (ABB) recovered more than EUR 154 million in 2025 alone, signalling a clear enforcement trajectory that industry observers expect to intensify throughout 2026.

For company directors, in‑house counsel and CFOs, the practical question is no longer whether to update compliance programmes but how quickly they can close the gaps before enforcement catches up.

At a glance, 5 key takeaways:

• FMA sanctions role. From 1 January 2026, the FMA is the new supervisory authority for monitoring and imposing financial sanctions in Austria.
• Cash‑payment cap. Daily cash payments are now limited to EUR 10,000, affecting real‑estate, M&A and all commercial transactions.
• Tax‑evasion surcharge expanded. The Fraud Prevention Act 2025 broadens the surcharge scope under the FinStrG, including new loss‑related financial offences.
• ABB enforcement surge. The Anti‑Fraud Office brought in over EUR 154 million in 2025, and its digital‑data capabilities have been expanded.
• Director exposure rising. Corporate criminal liability under the Verbandsverantwortlichkeitsgesetz (VbVG) and personal liability for directors demand immediate action on compliance governance.

1. Summary of Austria Financial Crime Changes 2026: Scope, Key Dates and Enforcement Architecture

Austria’s 2026 legislative package touches criminal law, financial‑crime procedure and tax enforcement simultaneously. The amendments were enacted through multiple instruments, with the majority taking effect for financial years beginning after 31 December 2025. Below is a consolidated timeline of the key measures.

Key Dates and Legislative References

The amendments are generally effective for financial years beginning after 31 December 2025, with no specific transitional rule provided for many provisions. This means companies must treat the new framework as immediately operative for any ongoing compliance assessments, reporting cycles and internal controls.

2. Cash Payment Limit Austria 2026, Practical Impact and Transactions Affected

The new cash payment limit in Austria caps daily cash payments at EUR 10,000. This applies to payments between businesses and consumers as well as business‑to‑business transactions, fundamentally changing how treasury departments, accounts payable teams and front‑line sales staff handle physical currency.

Examples and Safe Practices

The limit affects every sector, but the practical risks concentrate in certain transaction types:

• Real‑estate transactions. Property deposits or instalment payments above EUR 10,000 in cash are now prohibited. Conveyancing lawyers and estate agents must refuse and document the refusal.
• M&A and corporate acquisitions. Any deal involving partial cash consideration, such as earn‑out instalments or working‑capital adjustments settled in cash, must be restructured to comply with the daily cap.
• Retail and high‑value goods. Luxury retailers, car dealers and jewellers face the most visible operational impact. Point‑of‑sale systems should be configured to flag cash transactions approaching the threshold.
• Professional services. Law firms, accountants and consultants receiving cash fee payments must implement intake controls and document all refusals.

How to Update Treasury and Accounts Payable

Compliance officers should prioritise the following immediate updates:

• Revise cash‑handling policies to reflect the EUR 10,000 daily cap and circulate the updated policy to all staff handling payments.
• Configure ERP and accounting systems to generate automated alerts when a cash receipt or payment approaches or exceeds the threshold.
• Train customer‑facing staff to explain the legal basis for refusing excess cash and to offer compliant alternative payment methods.
• Establish a documented escalation path for attempted non‑compliant payments, including a log that can serve as evidence of corporate diligence if later reviewed by authorities.

3. Tax Evasion Surcharge Austria, Expanded Scope and Company Exposure

The Fraud Prevention Act 2025 extended the scope of the surcharge for tax evasion under fiscal criminal law. Together with the new financial offence regarding losses introduced under Art 33 and Art 34 FinStrG, the amendments substantially widen the net of conduct that can trigger surcharges and criminal prosecution.

How the Surcharge Is Calculated and Triggered

Under the expanded framework, the surcharge applies to a broader range of tax‑evasion conduct than previously covered. Early indications suggest the practical effect will be to capture deliberate underreporting of losses, aggressive loss‑offset arrangements and structured schemes that were previously treated as administrative irregularities rather than criminal offences. The surcharge is calculated as a percentage of the evaded tax amount and is imposed in addition to, not instead of, any criminal fine or penalty.

Key risk scenarios for companies include:

VAT Red Flags and Controls

The intersection of VAT and financial crime in 2026 demands particular attention. The expanded digital‑data powers granted to enforcement authorities mean that VAT discrepancies are more likely to be identified through automated data matching. Companies should implement the following VAT‑specific controls:

• Monthly reconciliation of VAT input and output across all Austrian entities.
• Automated flagging of missing or inconsistent invoices, especially on cross‑border supplies.
• Documented review procedures for reverse‑charge transactions and intra‑group services.
• Periodic third‑party VAT health checks, particularly for businesses with complex supply chains.

4. Enforcement and Criminal Procedure Changes Austria, FMA, Anti‑Fraud Office and Prosecution Trends

The 2026 enforcement landscape in Austria features a realigned supervisory architecture and significantly enhanced digital capabilities for investigators. Two institutional shifts define the new environment.

The FMA’s New Sanctions Monitoring Role

From 1 January 2026, the Austrian Financial Market Authority took over responsibility for the monitoring and enforcement of financial sanctions. As the FMA announced on 30 December 2025, this integration consolidates what was previously a distributed supervisory approach into a single, specialised authority. The likely practical effect will be faster identification of sanctions breaches and more consistent enforcement across financial institutions, payment service providers and other obligated entities.

Companies subject to FMA oversight should expect:

• More frequent and granular reporting requests related to sanctions screening.
• Heightened scrutiny of transaction‑monitoring systems during on‑site inspections.
• Shorter response windows for compliance inquiries, with a strong emphasis on real‑time data access.

Anti‑Fraud Office (ABB) Results and Direction

The Austrian Federal Ministry of Finance confirmed on 23 February 2026 that the Anti‑Fraud Office (ABB) brought more than EUR 154 million into state coffers in 2025. This figure reflects an enforcement apparatus that is well‑resourced and increasingly effective. Industry observers expect the ABB’s expanded digital‑data procedures, enacted through Law No. 98, to accelerate case processing and detection rates throughout 2026.

What Triggers an Investigation

Investigations can be initiated by a range of triggers, including suspicious transaction reports from banks or accountants, automated data‑matching by tax authorities, tip‑offs from employees or competitors, and anomalies detected during routine audits. The expanded digital‑data powers mean that previously siloed data sets, VAT returns, payroll records, bank transaction logs, can now be cross‑referenced more efficiently.

Responding to Requests and Preserving Privilege

When a company receives an inquiry from the FMA, ABB or public prosecutor, the first 48 hours are critical. Companies should:

• Immediately engage external criminal‑law counsel with experience in Austrian financial crime.
• Issue a litigation hold to preserve all potentially relevant documents and electronic data.
• Restrict internal discussion of the matter to a defined privilege circle to protect legal professional privilege.
• Avoid voluntary production of documents beyond what is legally required until counsel has reviewed the scope of the request.

5. Corporate Criminal Liability Austria and Director Exposure in 2026

Austria’s Verbandsverantwortlichkeitsgesetz (VbVG) imposes criminal liability on legal entities, companies, partnerships and associations, for offences committed by decision‑makers or employees. The 2026 financial‑crime changes in Austria raise the stakes considerably, because the expanded catalogue of financial offences under the FinStrG and the new cash‑limit rules create additional points of corporate criminal liability exposure.

Directors face both corporate and personal risk. Under Austrian law, an individual director or board member may be prosecuted personally where they failed to implement adequate compliance measures or where they directly participated in or instructed the offending conduct. Defences are available, but only where the company can demonstrate a genuine, functioning compliance management system.

Directors’ Immediate 10‑Point Checklist

1. Confirm that the board has formally acknowledged the 2026 legislative changes in documented board minutes.
2. Commission an independent gap analysis of the company’s compliance programme against the new cash‑limit, tax‑surcharge and sanctions requirements.
3. Appoint or confirm a compliance officer with clear authority and a direct reporting line to the board.
4. Update internal financial controls, especially cash‑handling, VAT reporting and sanctions‑screening processes.
5. Review and update the company’s code of conduct to reference the 2026 amendments explicitly.
6. Implement a whistleblower channel that meets EU Whistleblower Directive standards and Austrian implementation requirements.
7. Schedule mandatory compliance training for all staff handling payments, tax reporting or sanctions screening.
8. Establish a documented internal‑investigation protocol, including privilege‑preservation procedures.
9. Review D&O insurance policies to verify coverage for financial‑crime investigations and regulatory proceedings.
10. Set a calendar reminder for a 90‑day compliance review to assess implementation progress.

Responsibility Map by Role

How to Evidence Due Diligence and Corporate Compliance

The most effective defence against corporate criminal liability under the VbVG is documented proof that the company maintained an adequate compliance management system. This means written policies, training records, audit trails, incident logs and board minutes that demonstrate active oversight, not merely a paper programme. Courts and prosecutors will assess whether the system was genuine and functional, not whether it was theoretically comprehensive.

Insurance and Indemnity Considerations

D&O insurance policies should be reviewed to ensure they cover defence costs in financial‑crime investigations, regulatory proceedings before the FMA or ABB, and personal liability exposure for directors under the FinStrG. Industry observers note that some standard policies exclude fiscal criminal‑law proceedings or contain sub‑limits that may prove inadequate given the expanded scope of the 2026 amendments.

6. Practical Compliance Playbook, What Austrian Companies Must Do Now

The following roadmap translates the 2026 Austria financial crime changes into phased, actionable steps with clear ownership.

0–30 Day Checklist

• Issue a board‑level acknowledgment of the 2026 changes (documented in minutes).
• Circulate an internal alert to all department heads summarising the cash‑payment limit, expanded surcharges and FMA sanctions role.
• Impose an immediate freeze on any cash transaction exceeding EUR 10,000 pending policy update.
• Engage external counsel to scope a compliance gap analysis.
• Verify that sanctions‑screening software is updated to reflect the FMA’s new supervisory role.

30–90 Day Tasks

• Complete the gap analysis and present findings to the board with a remediation budget.
• Update all cash‑handling, VAT‑reporting and sanctions‑screening policies in writing.
• Deliver initial compliance training to finance, treasury and customer‑facing teams.
• Implement ERP system alerts for cash transactions approaching the EUR 10,000 threshold.
• Establish or refresh the whistleblower channel and publicise it to all employees.

90–365 Day Programme

• Conduct a full internal audit of tax filings for the previous three fiscal years to identify any exposure to the expanded surcharge.
• Implement ongoing monitoring dashboards for cash transactions, VAT reconciliation and sanctions hits.
• Schedule a second round of training covering lessons learned from the initial compliance rollout.
• Review and, if necessary, renegotiate D&O insurance coverage.
• Prepare a board report summarising compliance‑programme status and any residual risk areas requiring further investment.

7. Internal Investigations and Voluntary Disclosure, Tactical Guidance

When a company discovers potential non‑compliance internally, whether through a whistleblower report, audit finding or management suspicion, the decision of how to respond has significant criminal‑law consequences.

Steps for an Internal Investigation

• Engage privileged counsel immediately. Only communications with external legal counsel benefit from full legal professional privilege in Austria. Internal legal departments do not enjoy the same protection.
• Issue a litigation hold. Preserve all documents, electronic data and communications related to the suspected conduct.
• Define the investigation scope. Work with counsel to identify the relevant legal provisions, time periods and individuals involved.
• Conduct interviews under privilege. Key witnesses should be interviewed by or in the presence of external counsel to maximise privilege protection.
• Prepare a written investigation report. This should be addressed to counsel and marked as privileged. It forms the basis for any disclosure decision.

Deciding to Disclose, Pros and Cons

The Austrian Financial Criminal Code permits voluntary self‑disclosure to prevent liability for financial crimes such as tax fraud. A timely and complete voluntary disclosure can eliminate criminal penalties entirely in certain circumstances. However, the decision is never straightforward:

• Benefits: Potential elimination of criminal penalties; reduced surcharges; demonstrated good faith that may mitigate administrative sanctions; control over the narrative.
• Risks: Disclosure triggers a formal investigation and creates a paper trail; partial disclosure can be worse than no disclosure; timing is critical, once authorities have initiated their own investigation, the window for effective voluntary disclosure may close.

The decision to disclose should be made only after a thorough internal investigation, legal analysis of the available defences, and careful cost‑benefit assessment with experienced criminal‑law counsel.

8. Enforcement Reporting Obligations by Entity Type

The 2026 changes create different reporting obligations depending on the type of entity. The following comparison table maps these obligations to help compliance officers identify their company’s specific duties.

Regardless of entity type, every company should have a documented escalation flowchart that identifies which regulator to notify, the applicable time limits, and who within the organisation is authorised to make the notification.

9. Conclusion, Recommended Next Steps for Austria Financial Crime Changes 2026

The 2026 financial‑crime changes in Austria demand a prompt, structured compliance response from every company operating in the jurisdiction. Directors who delay risk personal criminal exposure, while companies that fail to adapt face escalating surcharges, regulatory sanctions and reputational damage.

The three highest‑priority actions are:

1. Document board acknowledgment of the 2026 changes within 30 days and commission a formal compliance gap analysis.
2. Update cash‑handling, tax and sanctions processes to comply with the EUR 10,000 cap, expanded surcharges and FMA oversight immediately.
3. Engage specialist criminal‑law counsel to review existing compliance programmes, advise on voluntary disclosure where appropriate and ensure D&O coverage is adequate.

For tailored guidance on how these changes affect your organisation, consult an experienced Austrian criminal‑law practitioner through our Austria lawyer directory.

Sources

1. Austrian Financial Market Authority (FMA), FMA supervisory role for financial sanctions (30 December 2025)
2. Austrian Federal Ministry of Finance (BMF), Anti‑Fraud Office press release (23 February 2026)
3. VATupdate, Austria Amends Tax, VAT, Financial Crime, and Cash Payment Laws (27 December 2025)
4. PwC Tax Summaries, Austria Corporate Significant Developments (29 December 2025)
5. KPMG Austria, Tax News English Summary 1/2026 (12 February 2026)
6. ICLG, Business Crime Laws and Regulations Report 2026: Austria
7. Global Investigations Review, Austria: Unravelling Corporate Misconduct (2026)
8. Austrian Legal Information System (RIS), Primary legislation database