top of page

Compliance in Azerbaijan: Due diligence matters and why you should know who you're doing business with.

Legal_Compliance_Docs.webp

Global compliance landscape has undergone significant transformation over the past decade.

 

Azerbaijan, driven by modernization goals, international obligations, and the need to attract foreign investment, has been actively aligning its laws and enforcement mechanisms with international standards. This includes reforms across anti-corruption, AML, data protection, competition law, and corporate governance.  Growing demand from international investors is also pushing companies toward ESG (Environmental, Social, Governance) compliance, especially in areas such as ethics, sustainability, and anti-corruption.

 

Azerbaijan’s national legislation is interpreted and enforced by a network of government bodies, each responsible for different areas of compliance.

 

Key institutions include:

- Commission on Combating Corruption, responsible for implementing anti-corruption policies under the Law “On Combating Corruption.”

- Financial Monitoring Service under the Central Bank, which oversees anti-money laundering and counter-terrorist financing (AML/CFT).

- State Service for Antimonopoly and Consumer Market Control, enforcing competition and consumer protection rules.

- Authorities responsible for personal data protection, operating under the Law “On Personal Data” and related cybersecurity regulations.


Compliance and KYC


Compliance is the set of rules, controls, and governance a business uses to meet legal/regulatory obligations. 

 

KYC (Know Your Customer) is one big piece of compliance: it’s the process of verifying who your customer is, understanding the purpose of the relationship, assessing risk, and monitoring over time.

How KYC fits into compliance: 

 

  • KYC / Customer Due Diligence (CDD): Identity verification and assessing all the possible risks

  • AML/CFT: preventing money laundering/terrorist financing

  • Sanctions screening: ensuring customers/transactions aren’t tied to sanctioned persons/entities/countries

  • PEP checks: identifying politically exposed persons

  • Transaction monitoring: detecting suspicious activity patterns

  • Reporting: suspicious transaction/activity reports (STR/SAR), regulatory reports

  • Recordkeeping & audit: evidence you did the checks and followed your policy

Core KYC steps

 

  • Customer identification & verification

  • Individuals: name, DOB, address, government ID

  • Companies: registration documents, directors, ownership structure, UBOs

Purpose & nature of relationship

  • Why they want the product, expected activity/volumes, source of funds/wealth (where relevant)

  • Risk assessment

  • Country risk, product/channel risk, customer type, occupation/industry, transaction patterns

  • Screening

  • Sanctions lists, PEPs, adverse media (depending on your risk appetite and obligations)

  • Ongoing monitoring

  • Refresh KYC (periodic reviews), trigger events (address change, ownership change), transaction monitoring

Common red flags

  • Reluctance to provide ownership info / inconsistent documents

  • Complex structures with no clear economic purpose

  • Unusual transaction size/frequency vs stated purpose

  • High-risk jurisdictions without plausible explanation

  • Third-party payments with no clear link to the customer


Corporate / Vendor due diligence is mainly about third-party risk:

  • Integrity risk: bribery/corruption, fraud, conflicts of interest

  • AML/TF risk: hidden beneficial owners, suspicious funding, shell companies

  • Sanctions/terrorism financing risk: dealing with designated persons/assets freeze exposure

  • Operational/financial risk: capacity, solvency, litigation, delivery risk

 

In Azerbaijan, the Financial Monitoring Service (FMS) is the FIU and a key body for AML/CFT policy/controls. 


If you’re planning to do business with a local company, ask for these before signing:

  • Corporate existence & authority

  • State registration details + tax ID (VÖEN), registered address

  • Charter / incorporation documents, director appointment / signing authority

  • Bank account confirmation (to avoid invoice diversion fraud)

  • Ownership & control 

  • Shareholder structure + beneficial owner (UBO) declaration

  • IDs (or passport data) for UBO(s) and directors (as appropriate)

 

Strong contract clauses recommended to include on:

  • Representations/warranties: compliance with AML/CFT, anti-bribery laws, sanctions

  • Ongoing disclosure: changes in UBOs, directors, bank accounts, subcontractors

  • Audit/inspection right: request documents supporting invoices/services

  • Termination: immediate termination for sanctions/false statements/bribery

  • Payment controls: pay only to the verified account; no third-party payments without approval

Compliance checklist for businesses operating in Azerbaijan

 

Anti-Corruption Compliance Checklist

Policies & Internal Controls

•          Anti-corruption policy in place, referencing Articles 2, 4, 7 of the Anti-Corruption Law.

•          Code of conduct addressing gifts, hospitality, sponsorships, and donations.

•          Conflict-of-interest policy aligned with Article 9 requirements.

•          Clear procedures for handling governmental interactions and public officials.

•          Rules for procurement, bidding, and tender participation documented.

Training & Awareness

•          Annual anti-corruption training for all employees.

•          Enhanced training for high-risk departments (procurement, finance, sales).

•          Induction training for new employees.

Reporting & Whistleblowing

•          Anonymous reporting channel in place (hotline/email/third-party service).

•          Protection measures for whistleblowers in line with Article 20.

•          Documented investigation procedures.

Monitoring

•          Regular internal audit of corruption risks.

•          Periodic review of internal controls and policy effectiveness.

AML/CFT Compliance Checklist

(Under the Law “On the Prevention of Legalization of Criminally Obtained Funds…” and Criminal Code Articles 193-1 & 214)

Risk Assessment & Governance

•          AML/CFT risk assessment conducted and updated annually (Art. 9).

•          Compliance officer appointed and registered where required (Art. 14).

•          Internal AML/CFT rules adopted and compliant with FMS guidance.

Customer Due Diligence (CDD)

•          CDD procedures covering Articles 7–8 implemented.

•          Beneficial owner identification documented.

•          Enhanced Due Diligence (EDD) applied for PEPs (Art. 10).

•          Sanctions and watchlist screening integrated into onboarding.

Monitoring & Reporting

•          Ongoing transaction monitoring in line with Article 11.

•          Suspicious Transaction Reports (STRs) filed to FMS when necessary (Art. 12).

•          Cash and large transactions monitored and documented.

 

Record Keeping

•          Records retained for minimum 5 years (Art. 17).

•          Secure storage of identification documents and monitoring logs.

 

Training

•          Mandatory AML training for relevant staff.

•          Records of training attendance kept.

 

 Data Protection & Privacy Compliance Checklist

(Based on the Law “On Personal Data” & Law on Information Security)

Governance

•          Data Protection Officer (DPO) appointed if required.

•          Data processing registry maintained (Article 11).

•          All information systems containing personal data registered when required.

Data Processing Controls

•          Legal basis documented for each processing activity (Article 5).

•          Data minimization applied (Article 6).

•          Sensitive data processed only under strict legal grounds (Article 3).

•          Written contracts in place with data processors.

Data Subject Rights

•          Procedures for responding to access, correction, deletion requests (Article 9).

•          Response timelines documented.

•          Communication channels for data subject requests established.

Security

•          Technical and organizational measures implemented (Article 7 & Information Law Art. 30).

•          Incident response and breach-management procedures in place.

•          Regular vulnerability assessments and IT security audits.

Cross-Border Transfers

•          Assessment of destination country’s adequate protection level (Article 10).

•          Documented contracts or guarantees for overseas data transfers.

 

Competition Law Compliance Checklist

(Under the 2024 Competition Code & Law “On Unfair Competition”)

Market Behavior

•          No agreements with competitors that may restrict competition (Code Art. 13).

•          No anti-competitive vertical agreements (Art. 14).

•          No conduct that may indicate abuse of dominance (Art. 15).

Merger Control

•          Internal process to identify whether a transaction triggers merger notification

requirements (Articles 23–30).

•          Pre-transaction consultations performed when thresholds are unclear.

Marketing & Advertising

•          Advertising reviewed to ensure it is not misleading (Unfair Competition Art. 9).

•          Proper use of trademarks and comparative advertising rules followed.

Distribution & Pricing

•          No resale price maintenance, discriminatory pricing, or exclusive supply

arrangements without legal review.

 

Corporate Governance Compliance Checklist

(Based on the Civil Code, Law on Securities Market, and AIH governance rules)

Board Structure & Management

•          Board established in accordance with Civil Code Articles 107–111.

•          Clear division of responsibilities between Supervisory Board and Executive Body.

•          Board members meet fit-and-proper standards.

Internal Governance

•          Corporate governance charter adopted.

•          Conflicts of interest policy implemented.

•          Annual self-assessment of the board.

Transparency & Reporting

•          Disclosure obligations under the Securities Law met (Articles 74, 103, 105).

•          Financial statements prepared following IFRS where applicable.

•          Annual and quarterly reports submitted to regulators & shareholders on time.

State-Owned Entity Requirements (if applicable)

•          Compliance with Azerbaijan Investment Holding (AIH) reporting rules.

•          Performance indicators tracked and submitted regularly.

 

Tax Compliance & Accounting Checklist

Registration & Reporting

•          Tax registration completed via the State Tax Service.

•          VAT registration reviewed based on thresholds.

•          Tax Code requirements for monthly/quarterly declarations followed.

Accounting Standards

•          IFRS or NAS (National Accounting Standards) applied correctly.

•          Proper revenue and expense documentation maintained.

•          Inventory and asset registers updated.

Withholding & Payroll

•          Personal income tax withheld from salaries.

•          Social insurance contributions paid to the State Social Protection Fund.

•          Expat employee compliance with migration and tax rules confirmed.

 

Labor & HR Compliance Checklist

Employment Contracts & Documentation

•          Employment contracts registered electronically on the Unified Labor System (E-gov).

•          Job descriptions documented.

•          Proper onboarding procedures followed.

Working Conditions

•          Compliance with the Labor Code on working hours, overtime, and rest days.

•          Internal workplace regulations approved and communicated.

Health & Safety

•          Occupational safety compliance program implemented.

•          Employees trained on safety procedures.

•          Incident reporting and investigation protocol in place.

Terminations

•          Dismissals conducted in line with Labor Code requirements and notice periods.

•          Compensation and final payments properly documented.

Environmental & ESG Compliance Checklist 

Environmental Requirements

•          Environmental impact assessments completed if required.

•          Permits for emissions, waste disposal, and resource use obtained.

•          Compliance with Ministry of Ecology regulations.

ESG & Sustainability

•          ESG policies aligned with investor and lender expectations (IFC, EBRD).

•          Anti-corruption, labor rights, and environmental safeguards documented.

•          Stakeholder reporting where relevant.

Operational & Contractual Compliance

Contracts & Risk

•          All contracts reviewed by legal counsel.

•          Dispute resolution clauses aligned with Azerbaijani law or international arbitration rules.

•          Supplier due diligence conducted.

Licensing

•          All required sector licenses obtained (telecom, finance, construction, energy, etc.).

•          License renewal dates monitored.

 

Ongoing Monitoring & Review

•          Annual compliance audit conducted.

•          Policies updated after legislative changes.

•          Independent internal or external compliance review performed.

•          Compliance program reported to the Board or shareholders annually.

 

We help companies onboard vendors in Azerbaijan with a risk-based due diligence process covering ownership transparency (UBO) and integrity risks.

What you get: actionable recommendations (approve / approve with conditions / reject).

Do you provide contract wording?


Yes—standard clauses for sanctions/AML, ownership change notification, audit rights, and termination for cause.

T & G COUNSEL
ABDULKARIM ALIZADA 40, Azerbaijan AZ1151

+994.51.5400450

 contact@tgcounsel.com

2026 © Copyright TGcounsel.com TG Counsel LLP
All Rights Reserved.

Legal Disclaimer: The information on this site should not be interpreted as a formal legal advice

nor the formation of an attorney-client relationship.

  • LinkedIn
bottom of page