KYC and KYB – identification pursuant to Anti-Money Laundering Act | FinTech online course #21

KYC and KYB | PayTechLaw | FinTech-Onlinekurs | sutthinon602
0
Shares
0
0
0
0
0
0

As we have already learned in the last article, the identification of the customer is only one of several obligations under the Anti-Money Laundering Act (GwG). Often, however, the principle of “Know Your Customer” (KYC) or “Know Your Business” (KYB) is almost equated with money laundering obligations. This may be because the correct identification and verification of the data, the actual knowing of the customer and its business, is often laborious in practice. This is because it requires work on part of the customer.

The KYC is part of the general duties set out in Section § 10 GwG. The customer must be identified, and the data must then be verified.

KYC: What data is to be collected?

In the case of a natural person, the following data points must be collected: First name and last name, place of birth, date of birth, nationality and a residential address (cf. Section 11 (4) No. 1 GwG).

In the case of a legal entity or partnership, the following data points must be collected: company name and trade name, legal form, registration number, if available, address of the registered office or principal place of business and the names of the members of the representative body or the names of the legal representatives (cf. Section 11 (4) No. 2 GwG).

Furthermore, the data of the person acting on behalf of the contractual partner (e.g. a representative, a managing director) must be collected.

Finally, the data of the beneficial owners within the meaning of Section 3 GwG must be collected.

KYC: How should the data be collected and verified?

The data can be collected by asking the customer to provide such information. More complex is the verification of such information provided. In the case of legal entities and partnerships, the data can usually be verified by inspecting extracts from the commercial register (more difficult in the case of foreign legal entities).

For the verification of data relating to natural persons (this includes the person representing the customer), the law provides for the following options pursuant to Section 12 GwG.

(1) Inspection of an official identity document on site. This can be done in a branch or by so called postident at a post office. This does not work online.

(2) As an alternative to on-site inspection, video identification is also available, provided that it complies with the requirements set out in the circular on video identification 3/2017 issued by BaFin.

(3) Verification by means of a qualified electronic signature within the meaning of the eIDAS Regulation, its validation and, in addition, a reference transfer from an account of an institution within the EEA or a country of equivalent anti-money laundering risk level.

(4) By electronic identity card.

(5) Per notified eID system (so far only the electronic identity card is available in Germany).

The principle of German money laundering law therefore always provides for verification by means of a face-to-face verification, on site or by video. After all, even for the issuance of qualified electronic signatures face-to-face identification is required (at least in Germany) and the identity card is only issued if the person concerned presents itself in person at the issuing authority. This is handled differently in other EU countries.

Additional requirements pursuant to Section § 154 Fiscal Code (AO)

Obligated parties domiciled in Germany who offer accounts or safe deposit boxes to their customers should not forget that § 154 AO provides for further obligations to collect and verify data. Although these are not based on money laundering law, but on tax law, they should not be neglected because they are not easy to fulfil.

This is because, in addition to the above-mentioned personal data, the personal tax identification number for natural persons and the tax number for legal entities must also be collected. Furthermore, all persons entitled to dispose over the account must be identified (i.e. not only the person representing the customer at the time of contracting, but all those who have the right to dispose over assets on the account).

Beyond the obligations of money laundering law, Section 154 AO requires that the beneficial owners must also be personally identified by inspection of identification documents, which goes beyond the obligations provided by anti-money laundering law. Section 11 (5) GwG only stipulates that the obligated party must satisfy itself of the identity in a risk-appropriate manner but does not require inspection of documents for all.

Time of identification

According to Section 10 (3) No. 1 GwG, identification must be carried out before the business relationship is established. Only in exceptional cases, where this would significantly disrupt the course of business and there is only a low money laundering risk, it is possible to carry out the identification during the establishment of the business relationship.

If a permanent relationship is not established (i.e. a one-off payment order), money transfers of funds above a threshold of EUR 1000 require identification of the customer.

For other obligated parties (e.g. gambling operators, traders, brokers), different reference points and thresholds apply.

 

LINK TO THE HOMEPAGE OF THE FINTECH ONLINE COURSE

 

Cover picture: Copyright © Adobe/ sutthinon602

 

0
0

Susanne started her legal career at Linklaters. Most recently, she headed the legal department of PayPal for the DACH region. Before that, she worked at eBay mainly on payment related topics. Her focus are regulatory issues and product advice in the payment and ecommerce industry. Susanne dealt with completely different legal topics as head of legal director for the Bundesdruckerei (federal printing office).



By continuing, you accept our privacy policy.
You May Also Like
SSanctions
20. EU-Sanktionspaket gegen Russland: Was das für den Finanzsektor bedeutet 20th EU Sanctions Package against Russia: What It Means for the Financial Sector
Read More
  • 3 minute read

20th EU Sanctions Package against Russia: What It Means for the Financial Sector

The EU’s 20th sanctions package against Russia increases the focus on sanctions circumvention via third countries, alternative payment channels and crypto structures. Banks, payment service providers and CASPs must strengthen their sanctions compliance with a stronger focus on payment flows, intermediaries and infrastructure risks.
Read More
PPayment
Ist bei E-Geld ein Vertrag zwischen dem E-Geld-Herausgeber und der Akzeptanzstelle erforderlich? Is a contract between the e-money issuer and the merchant required for e-money?
Read More
  • 9 minute read

Is a contract between the e-money issuer and the merchant required for e-money?

This article examines the European Commission’s controversial interpretation of Article 11(7) EMD2 regarding the definition of electronic money. It focuses on whether a contractual relationship between the e-money issuer and the accepting merchant is required for electronic money acceptance. The article concludes that Article 11(7) EMD2 does not establish a general contractual requirement for the acceptance of e-money.
Read More
EEvents
Paris Blockchain Week 2026 – “The Bridge Between TradFi and Digital Assets”
Read More
  • 2 minute read

Paris Blockchain Week 2026 – “The Bridge Between TradFi and Digital Assets”

Paris Blockchain Week 2026 highlighted the growing institutional adoption of digital assets. Under the theme “The Bridge Between TradFi and Digital Assets”, the event brought together leading players from traditional finance and the digital asset industry, focusing on tokenisation, stablecoins, MiCA and blockchain-based financial market infrastructures.
Read More