As we have already learned in the last article, the identification of the customer is only one of several obligations under the Anti-Money Laundering Act (GwG). Often, however, the principle of “Know Your Customer” (KYC) or “Know Your Business” (KYB) is almost equated with money laundering obligations. This may be because the correct identification and verification of the data, the actual knowing of the customer and its business, is often laborious in practice. This is because it requires work on part of the customer.
The KYC is part of the general duties set out in Section § 10 GwG. The customer must be identified, and the data must then be verified.
KYC: What data is to be collected?
In the case of a natural person, the following data points must be collected: First name and last name, place of birth, date of birth, nationality and a residential address (cf. Section 11 (4) No. 1 GwG).
In the case of a legal entity or partnership, the following data points must be collected: company name and trade name, legal form, registration number, if available, address of the registered office or principal place of business and the names of the members of the representative body or the names of the legal representatives (cf. Section 11 (4) No. 2 GwG).
Furthermore, the data of the person acting on behalf of the contractual partner (e.g. a representative, a managing director) must be collected.
Finally, the data of the beneficial owners within the meaning of Section 3 GwG must be collected.
KYC: How should the data be collected and verified?
The data can be collected by asking the customer to provide such information. More complex is the verification of such information provided. In the case of legal entities and partnerships, the data can usually be verified by inspecting extracts from the commercial register (more difficult in the case of foreign legal entities).
For the verification of data relating to natural persons (this includes the person representing the customer), the law provides for the following options pursuant to Section 12 GwG.
(1) Inspection of an official identity document on site. This can be done in a branch or by so called postident at a post office. This does not work online.
(2) As an alternative to on-site inspection, video identification is also available, provided that it complies with the requirements set out in the circular on video identification 3/2017 issued by BaFin.
(3) Verification by means of a qualified electronic signature within the meaning of the eIDAS Regulation, its validation and, in addition, a reference transfer from an account of an institution within the EEA or a country of equivalent anti-money laundering risk level.
(4) By electronic identity card.
(5) Per notified eID system (so far only the electronic identity card is available in Germany).
The principle of German money laundering law therefore always provides for verification by means of a face-to-face verification, on site or by video. After all, even for the issuance of qualified electronic signatures face-to-face identification is required (at least in Germany) and the identity card is only issued if the person concerned presents itself in person at the issuing authority. This is handled differently in other EU countries.
Additional requirements pursuant to Section § 154 Fiscal Code (AO)
Obligated parties domiciled in Germany who offer accounts or safe deposit boxes to their customers should not forget that § 154 AO provides for further obligations to collect and verify data. Although these are not based on money laundering law, but on tax law, they should not be neglected because they are not easy to fulfil.
This is because, in addition to the above-mentioned personal data, the personal tax identification number for natural persons and the tax number for legal entities must also be collected. Furthermore, all persons entitled to dispose over the account must be identified (i.e. not only the person representing the customer at the time of contracting, but all those who have the right to dispose over assets on the account).
Beyond the obligations of money laundering law, Section 154 AO requires that the beneficial owners must also be personally identified by inspection of identification documents, which goes beyond the obligations provided by anti-money laundering law. Section 11 (5) GwG only stipulates that the obligated party must satisfy itself of the identity in a risk-appropriate manner but does not require inspection of documents for all.
Time of identification
According to Section 10 (3) No. 1 GwG, identification must be carried out before the business relationship is established. Only in exceptional cases, where this would significantly disrupt the course of business and there is only a low money laundering risk, it is possible to carry out the identification during the establishment of the business relationship.
If a permanent relationship is not established (i.e. a one-off payment order), money transfers of funds above a threshold of EUR 1000 require identification of the customer.
For other obligated parties (e.g. gambling operators, traders, brokers), different reference points and thresholds apply.