Section Home

Home	Hidden
Home	2

Name

Global FinTech Guide

Country _ Name

France

SectionTitle

KYC requirements

Body

The know-your-customer or know-your-client (KYC) guidelines and regulations for financial services require that professionals try to verify the identity, suitability, and risks involved with maintaining a business relationship.

Legal affairs

National regulatory framework regarding AML and effective date of the regulations

The last AML regulation to come into effect was the fifth European directive (Directive (EU) 2018/843) related to the prevention of the use of the financial system for the purposes of money laundering or terrorist financing that was published on 30 May 2018 and came into force on 10 July of the same year.

This directive was transposed into French law by ordinance n° 2020-115 published on 12 February 2020, aimed at strengthening the prevention against money laundering and terrorist financing.

The main objectives of this ordinance were to expand the AML corpus to new individuals such as lawyers, strengthen customer due diligence required for regulated entities, open the possibility to implement remote business relationship and strengthen the role of the supervisors.

It should be noted that the European Commission has published on 20 July 2021 a package of legislative proposals (‘Proposal’) aimed at improving AML-CFT in the EU and definitively adopted on 24 April 2024. Among these proposals is a regulation on the prevention of the use of the financial system for the purpose of BC-FT which will provide certain clarifications in relation to KYC. It will harmonize, at European level, the list of items that must be required by entities for KYC purposes.

National regulator or relevant authority for AML controls

The ACPR is the main authority in regard to AML supervision for entities under the ACPR control and those licensed by the AMF.

The Proposal creates a new anti-money laundering authority (‘AMLA ’) which will be responsible for the direct supervision of certain entities, supervising and coordinating the action of national regulatory authorities (ACPR) and coordinating cooperation with financial intelligence units (Tracfin), etc.

Customer Due Diligence

Conduct of a typical KYC identification process

Any KYC identification process requires for the regulated entity to first identify its client or the beneficial owner (defined as the natural person having more than 25% of the legal person's share capital) in accordance with article L.561-5 of the CMF. This article also requires a verification of the said customers with proof-worthy documents (or their beneficial owners).

However, depending on the situation of the customer and if there's a small risk for money laundering or terrorist financing, a simplified identification without verification may be applied (article R.561-14-2 of the CMF).

However, for those who showcase a standard risk, both identification and verification are required. Article R.561-5 of the CMF lists the needed information for the identification of the customer such as the name, surname, date and place of birth for individuals or the legal status, the corporate name, the registration number and the headquarters of corporations.

As for the verification of the customer through proof-worthy documents, article R.561-5-1 of the CMF states that the document could either be digital or paper-based.

For individuals, such verifications requires the presentation of a valid identity card ID or other official documents that showcase a picture of the customer.

As for corporations, an original document, or a copy of the registration on an official register is required providing that the document is not older than three month and contains the corporate name, the legal status, the address of the headquarters etc.

Trusts, however, need to provide the original or a copy of their trust contract.

If the business relationship happens to be remote some other conditions need to be satisfied in accordance with article R.561-20 of the CMF such as the requirement of another document, alongside the ID or other official documents that might prove the identity of the customer or the implementation of verification mechanisms in regard to the documents transmitted.

However, if the identification is done through electronic devices that are deemed reliable in accordance with Regulation (EU) No 910/2014 called eDIAS (Regulation (EU) No. 910/2014) or article L.102 of the Code des postes et des communications électroniques (electronic communications and postal code), the identification will be equivalent to the face-to-face procedure.

Possibility to meet customer due diligence requirements by relying on third parties who are obliged by law themselves to comply with AML regulations

In its guidelines on identification, verification of the identity and knowledge of the clients, the ACPR confirmed the possibility of meeting customer due diligence by relying on a third party known as 'tierce introduction' in accordance with article L.561-7 of the CMF. However, the ACPR, considers that in order to be due diligent the third party should satisfy certain conditions:

To comply with AML obligations such as due diligence obligations;
To be supervised by an authority;
To have internal AML procedures.

However, the regulated entity that relies on a third party is still held liable for any failing in KYC compliance.

Possibility to outsource customer due diligence by contract to other third parties who are not obliged by law to meet AML regulations and rely on these (e.g., WebID, IDnow, PostIdent)

When it comes to the outsourcing of the customer due diligence, the ACPR specifies in its aforementioned guidelines that it is possible to outsource due diligence by contract to other third parties who are not obliged by law to meet AML regulations.

However, the ACPR also considers that some characteristics should be respected:

The external service provider acts in the name and on behalf of the regulated entity;
The external service provider shall apply the AML requirements and procedures to which the regulated entity is subject, and the regulated entity is required to control such an implementation;
The regulated entity is the only one held liable for any failing in their AML obligations.

Presence of a license or registration requirement for the third party in case of outsourcing customer due diligence

No license is required for the external service provider

Further questions

Entities that could be relied on specifically by law as a third party to comply with AML regulations (regardless of outsourcing)

✔	credit institutions
✔	financial institutions
✔	auditors, external accountants, and tax advisors
✔	notaries and other independent legal professionals
	other trust or company service providers
	estate agents
	other persons trading high-value goods
	providers of gambling services
✔	Insurance companies, Investment firms, Central banks, Electronic money institutions, Banking and Payment broker etc.

BackToCountry	Hidden	Hidden
Back to country	France	2

Switch country

Global overview

Authors

Name	Organisation	Email	Hidden	Hidden
David Masson	Racine Avocats	[email protected]	0	6177

Choose country

	Hidden	Hidden
Albania	167	2
Argentina	512	2
Australia	182	2
Austria	677	2
Bolivia	1012	2
Bosnia and Herzegovina	197	2
Bulgaria	980	2
Canada	152	2
Chile	242	2
China	257	2
Colombia	272	2
Costa Rica	287	2
Croatia	302	2
Czech Republic	812	2
Dominican Republic	824	2
Finland	921	2
France	722	2
Germany	137	2
Hong Kong	737	2
Hungary	347	2
Ireland	692	2
Italy	332	2
Japan	850	2
Kenya	998	2
Korea, Republic of	362	2
Malaysia	662	2
Mexico	632	2
Montenegro	377	2
New Zealand	392	2
Nigeria	904	2
North Macedonia	437	2
Peru	422	2
Philippines	407	2
Poland	482	2
Portugal	497	2
Romania	797	2
Russia	912	2
Saudi Arabia	881	2
Serbia	467	2
Singapore	945	2
Slovenia	527	2
Spain	542	2
Switzerland	707	2
Thailand	557	2
Turkey	752	2
United Kingdom	782	2
United Rep of Tanzania	767	2
United States	587	2
Vietnam	962	2