Name
Global FinTech Guide
Country _ Name
Bulgaria
SectionTitle
KYC requirements
Body
The know your customer or know your client (KYC) guidelines and regulations for financial services require that professionals try to verify the identity, suitability, and risks involved with maintaining a business relationship.

Legal affairs

National regulatory framework regarding AML and effective date of the regulations

The main pieces of legislation in this regard are the MAMLA, the Rules of Application to the MAMLA and the Measures Against the Financing of Terrorism and the Proliferation of Weapons of Mass Destruction Act



National regulator or relevant authority for AML controls

The State Agency for National Security is the institution with overall supervisory functions regarding the AML legislation's implementation. Other authorities exercise supervision over certain obliged entities. The Bulgarian National Bank supervises financial institutions; The Financial Supervision Commission – insurance companies and investment intermediaries and other investment service providers, and the National Revenue Agency – entities providing crypto services. The Financial Supervision Commission took over control over crypto service providers.



Customer Due Diligence

Conduct of a typical KYC identification process

The process outlined in MAMLA is analogous to the rules in Fifth AML Directive. Identification of natural persons and corporate entities, as well as verification of their identification is applied. KYC questionnaires shall be filled in, copies of identity documents shall be submitted. Banks usually require also full information on incomes, liabilities, connections with third persons, property owned, etc.

Banks tend to apply strict measures by requiring personal presence of the customer, as well as provision of a range of documents, especially if the customer is not domiciled in Bulgaria. Some service providers allow identification via electronic means.

Entities registered in Bulgaria whose ultimate beneficial owners are publicly viewable need not to present corporate documents (such as articles of association or minutes from general meetings) which are publicly available with the Bulgarian Company Register. Corporate documents shall be presented and ownership chains might be scrutinized in case of complex corporate structures and foreign shareholders.



Possibility to meet customer due diligence requirements by relying on third parties who are obliged by law themselves to comply with AML regulations

The possibility is provided for in MAMLA. Art. 56 of MAMLA states that credit institutions, payment services providers, credit institutions, insurers and insurance intermediaries, investment intermediaries, collective investment schemes, management companies, and alternative investment funds could rely on previous identification of a customer and customer’s ultimate beneficial owner performed by a credit institution if certain conditions are met:
  • the credit institution is registered in the EU or in a state where AML standards are equivalent to these in the EU
  • All the data required by the MAMLA about the customer and their ultimate beneficial owner is collected
  • the collected information and documents are available for provision by the credit institution at any moment.
Art. 57 of MAMLA provides that obliged entities could rely on previous identification of a customer or customer’s ultimate beneficial owner performed by another obliged entity within the same group. It is mandatory that the entities within the group apply the required AML measures and the group is under the supervision of a competent authority.



Possibility to outsource customer due diligence by contract to other third parties who are not obliged by law to meet AML regulations and rely on these (e.g., WebID, IDnow, PostIdent)

The text of 57a of MAMLA recognizes the possibility to outsource certain elements of the KYC process (such as identification or verification of the identification) to third parties.

In practice, some service providers (such as providers of crypto services) use tools and platforms for identity proofing.



Presence of a license or registration requirement for the third party in case of outsourcing customer due diligence

No specific details are provided with regard to the outsourced processes. However, the general rule for identification of customers – art. 53, para 7 of MAMLA, is that electronic identification is allowed under the conditions set out in Regulation (EU) 910/2014. This rule shall be deemed applicable to all identification irrespective of the entity who is performing it. The liability for applying the compliance rules under MAMLA remains with the service provider (the obliged entity).



Further questions

Entities that could be relied on specifically by law as a third party to comply with AML regulations (regardless of outsourcing)


Yes credit institutions
Yes financial institutions
Yes auditors, external accountants, and tax advisors
Yes notaries and other independent legal professionals
Yes other trust or company service providers
Yes estate agents
Yes other persons trading high-value goods
Yes providers of gambling services


Authors

Close

Choose country