Country _ Name
KYC requirements
The know your customer or know your client (KYC) guidelines and regulations for financial services require that professionals try to verify the identity, suitability, and risks involved with maintaining a business relationship.

Legal affairs

National regulatory framework regarding AML and effective date of the regulations

The Law of narcotic drugs, psychotropic substances, drugs of unauthorised use, related activities, capital legitimation and financing terrorism constitutes the regulatory framework regarding AML. It has first come into force in 1998.

National regulator or relevant authority for AML controls

For FinTechs, the relevant authority for AML controls in Costa Rica is the General Superintendence of Financial Entities.

Customer Due Diligence

Conduct of a typical KYC identification process

Customers or clients need to be identified by the obliged company. Usually, this must take place before the business relationship is established.

In accordance with the Regulation on KYC issued by SUGEF, several personal details must be obtained. In case of a natural person:
  • Identification information: identification card number, complete name, birthplace, birth date, marital status
  • Personal information: nationalities, occupation
  • Communication means: Phone number, e-mail
  • Complete address
  • Source of funds
  • Investment capacity

In case of a legal entity, the Regulation requires the main corporate positions and shareholders or final beneficiaries.

Usually, the identification procedure must be conducted in person.

Possibility to meet customer due diligence requirements by relying on third parties who are obliged by law themselves to comply with AML regulations

Yes, customer due diligence can be outsourced to a third party. However, the responsibility for fulfilling the general due diligence obligations remains with the obliged party.

Possibility to outsource customer due diligence by contract to other third parties who are not obliged by law to meet AML regulations and rely on these (e.g., WebID, IDnow, PostIdent)

Yes, this is possible. However, the contractual third party must meet the AML regulations.

Presence of a license or registration requirement for the third party in case of outsourcing customer due diligence

In general, there is no need for the outsourcing company to acquire a license. However, if the outsourcing company is an obliged company according to SUGEF itself, it has a licence.

Further questions

Entities that could be relied on specifically by law as a third party to comply with AML regulations (regardless of outsourcing)

Yes credit institutions
Yes financial institutions
Yes auditors, external accountants, and tax advisors
Yes notaries and other independent legal professionals
Yes other trust or company service providers
Yes estate agents
Yes other persons trading high-value goods
Yes providers of gambling services



Choose country