Country _ Name
KYC requirements
The know your customer or know your client (KYC) guidelines and regulations for financial services require that professionals try to verify the identity, suitability, and risks involved with maintaining a business relationship.

Legal affairs

National regulatory framework regarding AML and effective date of the regulations

In Austria, the financial market anti-money laundering regulation (Finanzmarkt-Geldwäschegesetz – "FM-GwG") constitutes the regulatory framework regarding AML. It has come into force on 1 January 2017 and has been heavily influenced by European legislation since. With the implementation of Directive 2015/849/EU (4th Money Laundering Directive) in Austria, the regulations on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing for credit and financial institutions were combined for the first time in one law, the Financial Market Anti-Money Laundering Act, which provided the Financial Market Authority with a uniform and clear legal basis for its supervisory activities. These provisions were supplemented by the implementation of Directive 2018/843/EU (5th Money Laundering Directive). In addition, there are provisions in, among others, the Trade, Commerce and Industry Regulation Act, the Gaming Act and the Lawyers' and Notaries' Act. These provisions place great emphasis on the "know your customer" principle, which is intended to deprive money launderers of the advantage of anonymity.

National regulator or relevant authority for AML controls

For FinTechs, the relevant authority for AML controls in Austria is the Financial Market Authority (Finanzmarktaufsicht – "FMA").

Customer Due Diligence

Conduct of a typical KYC identification process

Customers or clients need to be identified by the obliged company. Usually, this must take place before the business relationship is established. 

According to Section 6 FM-GwG, several personal details must be obtained:

  1. in the case of a natural person – 

    1. a) (all) First name(s) and last name;
      b) date of birth;
      c) nationality; and
      d) a residential address or, if there is no fixed abode with legal residence in the European Union and the verification of identity is carried out within the framework of the conclusion of a basic account agreement within the meaning of Section 38 of the Payment Accounts Act, the postal address at which the contracting party as well as the person acting vis-à-vis the obliged party can be reached.

  2. in the case of a legal entity or a partnership –

    1. a) Company name, name, or designation;
      b) legal form;
      c) registration number, if any;
      d) address of the registered office or principal place of business; and
      e) the names of the members of the representative body or the names of the legal representatives and, if a member of the representative body or the legal representative is a legal entity, from this legal entity the data under letters a to d.

Usually, the identification procedure must be conducted in person. However, a face-to-face video-identification is sufficient.

Possibility to meet customer due diligence requirements by relying on third parties who are obliged by law themselves to comply with AML regulations

Yes, customer due diligence can be outsourced to a third party. In principle, the third party must be obliged by law to meet AML regulations as well. However, the responsibility for fulfilling the general due diligence obligations remains with the obliged party.

Possibility to outsource customer due diligence by contract to other third parties who are not obliged by law to meet AML regulations and rely on these (e.g., WebID, IDnow, PostIdent)

Yes, this is possible. However, the contractual third party must meet the AML regulations. The obliged party must ensure that the third party is reliable. The actions of such a third party are attributed to the obliged party as its own actions.

Presence of a license or registration requirement for the third party in case of outsourcing customer due diligence

In general, there is no need for the outsourcing company to acquire a license.

Further questions

Entities that could be relied on specifically by law as a third party to comply with AML regulations (regardless of outsourcing)

Yes credit institutions
Yes financial institutions
Yes auditors, external accountants, and tax advisors
Yes notaries and other independent legal professionals
Yes other trust or company service providers
Yes estate agents
Yes other persons trading high-value goods
Yes providers of gambling services



Choose country