Question: “I am the director of a firm specializing in providing independent accounting and auditing services. I have heard that new regulations on sanctioning administrative violations in the accounting sector are upcoming, specifically adding many sanctions related to anti-money laundering. Please advise on the key contents our company must note, the fine brackets, the sanctioning authority, and the risks of non-compliance.”

Amendments to regulations on sanctioning administrative violations in the accounting, auditing and anti-money laundering sectors under Decree 132/2026/ND-CP

Answer: Below is our detailed advice regarding the new regulations on sanctioning administrative violations in the accounting and auditing sectors under Decree 132/2026/ND-CP (effective from May 21, 2026):

1. Main contents: Decree 132/2026/ND-CP provides an amended and supplemented legal framework for sanctioning administrative violations in the accounting and auditing sectors, specifically including the following core contents:

– Subjects of application: Expanding the application of penalties for violations regarding anti-money laundering, counter-terrorism financing, and countering the financing of the proliferation of weapons of mass destruction in the accounting service business.

– Amending the calculation of the statute of limitations for sanctioning: Clearly distinguishing the starting point for calculating the statute of limitations:

+ (i) For completed violations: Calculated from the time the violation ends.

+ (ii) For violations in progress: Calculated from the time the violation is discovered. (Legal basis: Clause 3, Article 3 of Decree 41/2018/ND-CP, as amended and supplemented by Article 1 of Decree 132/2026/ND-CP).

– Adding violations and fine levels regarding Anti-Money Laundering (AML): Detailing the violations in the accounting service business with stringent fines for individuals:

+ Failing to perform customer identification (KYC), failing to update the blacklist, failing to assess money laundering risks: A fine ranging from 10,000,000 VND to 15,000,000 VND.

+ Failing to issue internal regulations or issuing non-compliant internal regulations: A fine ranging from 20,000,000 VND to 30,000,000 VND.

+ Failing to report suspicious transactions or large-value transactions: A fine ranging from 15,000,000 VND to 25,000,000 VND.

+ Prohibited acts (such as illegally providing cash receipt services, facilitating money laundering, or terrorist financing): A maximum fine of up to 50,000,000 VND. (Legal basis: Article 35a of Decree 41/2018/ND-CP, supplemented by Article 3 of Decree 132/2026/ND-CP).

– Principles for applying fines: The aforementioned fine levels are applicable to individuals. For an organization committing the same violation, the fine shall be twice the fine level for an individual (up to a maximum of 100,000,000 VND). (Legal basis: Clause 2, Article 6 of Decree 41/2018/ND-CP, as amended and supplemented by Article 2 of Decree 132/2026/ND-CP).

– Sanctioning authority: Supplementing the authority of the State Bank Inspectorate and clearly stipulating the fine limits for specific titles regarding violating individuals (the fine limits for organizations are twice as much):

+ The Director of the Accounting and Auditing Supervisory Department (Ministry of Finance) and the Chairman of the Provincial People’s Committee may impose fines of up to 50,000,000 VND.

+ The Director of the Department of Finance and the Chief Inspector of the Regional State Bank Inspectorate may impose fines of up to 40,000,000 VND.

+ The Chairman of the Commune-level People’s Committee may impose fines of up to 25,000,000 VND. (Legal basis: Articles 70, 70a, and 71 of Decree 41/2018/ND-CP, as amended and supplemented by Article 4 of Decree 132/2026/ND-CP).

2. Greatest impacts: Independent accounting and auditing firms, as well as internal accounting departments, must strictly tighten customer identification records, retain transaction traces, and continuously issue risk warnings. The risk of sanctions for enterprises is now no longer limited to mere bookkeeping errors but has expanded to the mandatory strict compliance with AML regulations.

3. Risks of non-compliance:

– If the enterprise fails to update customer identification records or fails to assess money laundering risks, it will be fined and risks being subjected to stricter inspections by competent authorities.

– The enterprise may be stripped of the Certificate of Eligibility to Provide Accounting Services or be suspended from operation for a definite term if the violation falls within the fine brackets determined by the Director of the Department of Finance, the Chairman of the Provincial People’s Committee, or higher levels.

– Misunderstanding the new milestones for calculating the statute of limitations may cause the enterprise to miss opportunities to voluntarily remedy consequences or lose the golden timeframe to provide explanations to competent authorities.

4. Proposed action plans:

– Review the entire KYC/AML processes within the accounting department, particularly when providing accounting services to external clients, and complete this prior to May 21, 2026.

– Immediately update the enterprise’s internal violation handling manual and disseminate the new milestones for calculating the statute of limitations to all relevant personnel.

5. Notes and recommendations for clients:

– Formulate mandatory internal regulations: The enterprise is obligated to formulate, issue, and correctly apply internal regulations on anti-money laundering and counter-terrorism financing (including internal auditing mechanisms, personnel recruitment and training, and the assignment of responsible departments).

– Supervise and provide information periodically: The enterprise must carefully archive records and documents and report large-value and suspicious transactions on time. The enterprise should not be complacent in providing records upon the request of competent authorities.