Body
The know your customer or know your client (KYC) guidelines and regulations for financial services require that professionals try to verify the identity, suitability, and risks involved with maintaining a business relationship.
Legal affairs
National regulatory framework regarding AML and effective date of the regulations
In Germany, the anti-money laundering regulation (Geldwäschegesetz – GwG) constitutes the regulatory framework regarding AML. It has first come into force in 1993 and has been heavily influenced by European legislation since.
National regulator or relevant authority for AML controls
For FinTechs, the relevant authority for AML controls in Germany is the Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht – BaFin).
Customer Due Diligence
Conduct of a typical KYC identification process
Customers or clients need to be identified by the obliged company. Usually, this must take place before the business relationship is established. According to Section 11 para 4 GwG, several personal details must be obtained:
In the case of a natural person –
(all) first name(s) and last name;
place of birth;
date of birth;
nationality; and
a residential address or, if there is no fixed abode with legal residence in the European Union and the verification of identity is carried out within the framework of the conclusion of a basic account agreement within the meaning of Section 38 of the Payment Accounts Act, the postal address at which the contracting party, as well as the person acting vis-à-vis the obliged party can be reached.
In the case of a legal entity or a partnership –
company name, name, or designation;
legal form;
registration number, if any;
address of the registered office or principal place of business; and
the names of the members of the representative body or the names of the legal representatives and, if a member of the representative body or the legal representative is a legal entity, from this legal entity the data under letters (a) to (d).
Usually, the identification procedure must be conducted in person. However, a face-to-face video-identification is sufficient.
Possibility to meet customer due diligence requirements by relying on third parties who are obliged by law themselves to comply with AML regulations
Customer due diligence can be outsourced to a third party. In principle, the third party must be obliged by law to meet AML regulations as well. However, the responsibility for fulfilling the general due diligence obligations remains with the obliged party.
Possibility to outsource customer due diligence by contract to other third parties who are not obliged by law to meet AML regulations and rely on these (e.g., WebID, IDnow, PostIdent)