Notice given to clients pursuant to Legislative Decree no. 231 of 21 November 2007 (implementing Directive 2005/60/EC on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing), as amended by Legislative Decree no. 90 of 25 May 2017 (transposing the Fourth Directive — EU 2015/849) and by Legislative Decree no. 125 of 4 October 2019 (transposing the Fifth Directive — EU 2018/843), in application of the Technical Rules issued by the National Bar Council (CNF) and of the CNF Guidelines on anti-money-laundering (latest update approved by the CNF by resolution of 22 July 2022).
Last updated: 4 June 2026
1. Preliminary remarks — the lawyer among the obliged entities
Under Article 3, paragraph 4, letter c), of Legislative Decree 231/2007, lawyers are among the professionals subject to the anti-money-laundering rules when, in the name of or on behalf of their client, they carry out any financial or real-estate transaction and when they assist their clients in the planning or execution of transactions concerning:
a) the transfer, on any ground, of rights in rem over immovable property or business assets;
b) the management of money, financial instruments or other assets;
c) the opening or management of bank accounts, savings accounts and securities accounts;
d) the organisation of the contributions necessary for the creation, operation or management of companies;
e) the creation, operation or management of companies, entities, trusts or similar legal arrangements.
Pursuant to Article 12, paragraph 2, of Legislative Decree 231/2007, the obligation does not apply in relation to the assessment of the client's legal position or to the performance of the tasks of defending or representing the client in judicial proceedings or in relation to such proceedings, including advice on instituting or avoiding proceedings, where such information is received or obtained before, during or after the proceedings themselves.
In short: the anti-money-laundering obligation does not apply to defence and representation in court and to advice on whether to institute judicial proceedings, while it does apply to the "atypical" professional activities listed in letters a)-e) above (in particular: assistance in real-estate, corporate, tax, fiduciary and asset-management transactions).
2. Customer due diligence (Articles 17-23 of Legislative Decree 231/2007)
Where the engagement falls within the scope of the anti-money-laundering rules (see § 1), the principal carries out due diligence on the client, the beneficial owner and the executor, as follows:
2.1 When it applies
Due diligence is mandatory:
- on the establishment of an ongoing professional relationship;
- on the performance of an occasional professional service of an amount equal to or exceeding €15,000 (or of lower amounts where money laundering or terrorist financing is suspected, or where there is doubt as to the truthfulness or adequacy of the data previously obtained for identification purposes);
- where there is suspicion of money laundering or terrorist financing, regardless of any applicable derogations, exemptions or thresholds;
- in case of doubts as to the truthfulness or adequacy of the data previously obtained for identification purposes.
2.2 What it consists of
Due diligence comprises:
a) identification of the client and of the executor through the production of a valid identity document, tax code and (for legal persons) an up-to-date company-register extract;
b) identification of the beneficial owner pursuant to Article 20 of Legislative Decree 231/2007 and — for companies — verification in the Register of Beneficial Owners established at the Chambers of Commerce (Article 21, paragraph 1-bis, of Legislative Decree 231/2007 and Ministerial Decree no. 55 of 11 March 2022);
c) obtaining and assessing information on the purpose and nature of the professional relationship (in particular: origin of the funds, purpose of the transaction, economic context in which it takes place);
d) ongoing monitoring throughout the professional relationship, with periodic updating of the information obtained, according to a risk-based approach (Article 17 of Legislative Decree 231/2007).
2.3 Risk profile
Each client is assigned a risk profile (low, medium, high) on the basis of the criteria in the annex to Legislative Decree 231/2007 and of the CNF Technical Rules, according to:
- the characteristics of the client (natural person, legal person, non-profit entity, trust; presence of politically exposed persons within the meaning of Article 1, paragraph 2, letter dd), of Legislative Decree 231/2007; nationality; sector of activity);
- the type and subject matter of the professional service;
- the geographical area of operation;
- the manner in which the service is performed.
Where the risk profile is high (e.g. a politically exposed client, a person resident in high-risk third countries identified by the EU Commission under Article 9 of Directive 2015/849, complex transactions or transactions of exceptionally large amounts without apparent economic justification), enhanced due diligence measures apply pursuant to Article 24 of Legislative Decree 231/2007.
2.4 What the client is required to provide
The client is required to provide — pursuant to Article 22 of Legislative Decree 231/2007 — on his own responsibility, all the necessary and up-to-date information enabling the professional to fulfil the due diligence obligations. Failure to provide the requested information entails the professional's duty to refrain from establishing the relationship or performing the service (Article 42 of Legislative Decree 231/2007) and to assess whether to file a suspicious-transaction report.
The provision of false data in the course of due diligence constitutes, in addition to a civil wrong, a criminal offence under Article 55, paragraph 3, of Legislative Decree 231/2007 (imprisonment from six months to three years and a fine of €10,000 to €30,000).
3. Record-keeping (Article 31 of Legislative Decree 231/2007)
The principal retains, in paper or electronic form, for ten years from the end of the professional relationship or from the performance of the occasional service:
a) the documents obtained in the course of due diligence (copies of identity documents, tax codes, register extracts, beneficial-owner declarations);
b) the information obtained on the purpose and nature of the relationship;
c) the original documents (or copies with evidentiary value) of the correspondence with the client, payment receipts, invoices and contracts.
The documents are kept in a manner that ensures their prompt availability upon request by the competent authorities (Guardia di Finanza — Special Currency Police Unit, UIF — the Financial Intelligence Unit at the Bank of Italy, judicial authorities, the Ministry of Economy and Finance, the CNF), as well as the historical reconstruction of financial flows.
The personal data contained in the anti-money-laundering documents are processed in accordance with the GDPR and national legislation: for the purposes, legal bases and the rights of the data subject, see the Privacy Policy (in Italian).
4. Suspicious-transaction reports (Article 35 of Legislative Decree 231/2007)
Where the principal, even on the basis of a mere suspicion — and regardless of any amount threshold or of the client's citizenship or residence — believes that money laundering or terrorist financing transactions are in progress, have been carried out or attempted, he is required to submit without delay a Suspicious Transaction Report (STR) to the Financial Intelligence Unit (UIF) at the Bank of Italy, pursuant to Article 35, paragraph 1, of Legislative Decree 231/2007.
The reporting obligation prevails over the deontological duty of professional secrecy (Article 13 of the Code of Conduct for Italian Lawyers) only as regards the activities listed in § 1, letters a)-e) and excluding judicial defence work and advice on whether to institute or avoid proceedings.
The report:
- is transmitted through the Bank of Italy's INFOSTAT-UIF portal, in a manner that ensures its confidentiality;
- is covered by absolute confidentiality: it is prohibited to inform the client or third parties that a report has been made (Article 39 of Legislative Decree 231/2007), on pain of an administrative fine and — in the most serious cases — criminal sanctions under Article 55, paragraph 4, of the decree;
- is made in good faith and for prevention purposes: the reporting professional is not liable in civil, criminal or disciplinary terms for a report made in the manner and form prescribed by law (Article 38 of Legislative Decree 231/2007).
5. Abstention (Article 42 of Legislative Decree 231/2007)
The principal does not establish the professional relationship, does not carry out transactions and terminates any ongoing relationship where:
- he is unable to carry out due diligence because of objective impossibility (e.g. lack of cooperation by the client);
- he suspects that the requested service may be instrumental to money laundering or terrorist financing.
Abstention is accompanied, where the conditions are met, by the STR described in § 4.
6. Confidentiality and professional secrecy
Compliance with the anti-money-laundering obligations is reconciled with the fundamental duty of professional secrecy (Articles 6 and 13 of the Code of Conduct for Italian Lawyers; Article 622 of the Criminal Code; Article 200 of the Code of Criminal Procedure) by virtue of the express exclusion, under Article 12, paragraph 2, of Legislative Decree 231/2007, of judicial defence and of advice on the institution of proceedings from the scope of the legislation.
For the activities falling within its scope, the UIF reporting obligation constitutes a statutory derogation from professional secrecy, expressly authorised by the legal system and therefore not in breach of the deontological duty.
In any event, all information obtained in the course of the engagement — including that used for anti-money-laundering compliance — is treated with the utmost confidentiality and is not disclosed to third parties except in the cases and in the manner strictly provided for by law.
7. CNF guidelines and further sources
For further information on the anti-money-laundering rules applicable to lawyers, see:
- the CNF Technical Rules on customer due diligence, record-keeping and suspicious-transaction reporting, last updated by CNF resolution of 22 July 2022;
- the CNF Guidelines for the assessment of money-laundering risk;
- the Quaderni of the Fondazione Forense Italiana and the interpretative circulars of the CNF anti-money-laundering committee;
- the official UIF website (uif.bancaditalia.it) — forms, communications, FAQs;
- the official website of the Ministry of Economy and Finance — Financial Security Committee (dt.mef.gov.it).
8. Contact details
For any information concerning anti-money-laundering compliance:
Avv. Gabriele Piermartini
Corso della Repubblica 19 — 47121 Forlì (FC), Italy
Mobile: +39 338 285 0989 — Fax: +39 0543 037728
Certified email (PEC):gabriele.piermartini@ordineavvocatiforlicesena.eu
E-mail:gabriele.piermartini@gmail.com
Forlì, 4 June 2026
Avv. Gabriele Piermartini