UIF Italy and the Archivio Unico Antiriciclaggio
Italy’s daily-archive obligation is the most granular AML record-keeping regime in the EU. The Archivio Unico Antiriciclaggio (AUA) captures every customer onboarding, every relationship update, every flagged operation — and feeds the country’s financial-intelligence unit (UIF) with structured data on a schedule no other member state matches. Foreign-licensed EMIs and PIs operating in Italy underestimate this routinely. This piece walks through what the AUA is, who feeds it, what UIF does with the data, and the procedural reality of meeting the standard.
1. Who runs the regime
Two distinct bodies, working in parallel:
- UIF — Unità di Informazione Finanziaria per l’Italia — Italy’s financial-intelligence unit. Established at Banca d’Italia but operationally independent. Receives suspicious-operation reports (SOS), analyses, and disseminates intelligence to law enforcement.
- Banca d’Italia — supervises AML compliance at credit institutions, EMIs, payment institutions, investment firms and other regulated obligated subjects.
The split mirrors the architecture in the Netherlands (FIU-NL / DNB), France (TRACFIN / ACPR) and Germany (FIU Germany / BaFin). Spain’s SEPBLAC is the exception in combining the two functions.
2. The legal framework
The backbone is Decreto Legislativo 231/2007, as amended through the transposition of the EU AML directives. Subordinate Banca d’Italia provisions implement the operational rules. The current AUA technical specifications sit in the Provvedimento issued by Banca d’Italia governing customer-due-diligence and record-keeping — refreshed periodically.
The key obligations under D.Lgs 231/2007 for fintech audiences:
- Customer due diligence (adeguata verifica) at onboarding and through the relationship
- Daily archiving of customer and operation data in the AUA
- Suspicious-operation reports (SOS) to UIF when triggers are met
- Designated antiriciclaggio officer (responsabile antiriciclaggio) and SOS signatory (delegato per le segnalazioni)
- Cash-transaction limit currently set in the law
3. What the Archivio Unico Antiriciclaggio is
The AUA captures, per obligated subject:
- Customer master — every individual and entity customer, with their identification data, beneficial owners, and the date of onboarding
- Relationship updates — changes of address, beneficial owner, risk classification, with the date and reason of the change
- Operations above the AUA threshold — every payment, transfer, deposit and similar above the regulated value, with the originator, beneficiary and amount
- Aggregations of operations — where smaller operations cluster into a daily aggregate above the threshold (the structuring detection)
- Risk classification — the customer’s standard, low or high risk rating with the rationale
The data is structured per the technical specifications and must be available for inspection and electronic export at any time. The retention period is at least 10 years.
4. Daily, not monthly
This is what makes the AUA distinctive. Spain’s DMO is monthly. The FTF is monthly. The Italian AUA must be updated by the end of the next working day after the triggering event. For a fintech with high-volume onboarding or transaction flows, this is an operational design constraint, not a back-office task.
The bar means:
- Data ingestion from the customer master and the payments warehouse must be reliable on a daily cadence.
- The AUA must remain consistent with the operational systems — divergence is a finding.
- The structured-export format is checked at inspections; ad-hoc CSVs do not meet the standard.
5. Suspicious-operation reports — the SOS to UIF
Separate from the AUA. When a transaction or relationship meets the threshold for a segnalazione di operazione sospetta (SOS), the obligated subject files with UIF. The intake channel is UIF’s INFOSTAT-UIF online platform. The signatory is the delegato per le segnalazioni, a named individual notified to UIF on appointment.
The threshold for an SOS is “conoscono, sospettano o hanno motivi ragionevoli per sospettare” — know, suspect, or have reasonable grounds to suspect — that funds are connected to money-laundering or terrorism-financing. The standard tracks the EU AML directive language and aligns with the equivalent triggers in the other five core jurisdictions.
6. The objective-indicator regime
Alongside the subjective SOS standard, UIF maintains objective indicators (indicatori di anomalia) — published lists of transaction patterns that trigger reporting regardless of subjective suspicion. These are sectoral (banking, securities, insurance, gambling) and refreshed periodically. For payment firms the relevant indicators cover anomalous cash deposits, unusual cross-border patterns, structured operations, and high-risk-jurisdiction routing. The objective indicators are reportable through the same INFOSTAT-UIF channel.
7. Passporting in — when the AUA applies
An EMI / PI authorised in another EU member state and operating in Italy on Freedom of Services or via a branch is an obligated subject under D.Lgs 231/2007 for activity carried on in Italy. Branch operations are squarely within the AUA scope. Freedom-of-Services activity is in scope on a fact-by-fact basis but is generally caught above modest volume thresholds.
The first practical step on entering Italy is to designate the responsabile antiriciclaggio and the delegato per le segnalazioni, notify both, and stand up the AUA infrastructure before live operations. See our AML representative across the EU piece for the comparative naming conventions.
8. The OAM connection (for crypto and EMI agents)
For CASPs and for EMIs operating through agents in Italy, the Organismo Agenti e Mediatori (OAM) maintains the register of authorised agents. Registration with OAM is a separate process from Banca d’Italia supervision and from UIF intake. The OAM-registered agent is itself an obligated subject under D.Lgs 231/2007 and feeds the AUA in coordination with the principal.
9. FAQ
What does AUA stand for?
Archivio Unico Antiriciclaggio — Single AML Archive. It is the daily-updated structured record of every customer, every relationship change and every reportable operation maintained by every obligated subject in Italy.
Is the AUA the same as the Archivio Unico Finanziario (AUF)?
The two are sometimes used interchangeably in casual writing but the formally correct term in current AML regulation is Archivio Unico Antiriciclaggio. AUF was an earlier label.
What is the retention period?
At least 10 years from the closure of the relationship or the operation, under Article 31 D.Lgs 231/2007.
Are EMIs and PIs in scope?
Yes. Article 3 D.Lgs 231/2007 lists EMIs, PIs and credit institutions as obligated subjects, including those passporting into Italy.
What channel is used for SOS reports?
UIF’s INFOSTAT-UIF online platform. The delegated signatory is registered with UIF on appointment.
Is Italian language mandatory for the AUA?
The structured fields use codes that are language-neutral. Free-text descriptions and SOS narratives should be in Italian; supporting documents in foreign languages are accepted but UIF or Banca d’Italia may request a translation.
10. What to do, today
- Designate the responsabile antiriciclaggio and the delegato per le segnalazioni before activity in Italy starts; notify Banca d’Italia and UIF respectively.
- Build AUA ingestion as a daily batch from your customer master and payments warehouse — not a manual back-office task.
- Calibrate transaction-monitoring rules to the Italian objective-indicator regime alongside the subjective SOS test.
- If you operate through agents in Italy, plan the OAM registration in parallel with the AUA setup.
- Plan retention against the 10-year minimum and align with home-state retention so a single archive serves all jurisdictions.
Related: AML representative across the EU · How to file a SAR in Spain · Where to base your EMI
