Global FinTech Guide
Country Name
KYC requirements
The know your customer or know your client (KYC) guidelines and regulations for financial services require that professionals try to verify the identity, suitability, and risks involved with maintaining a business relationship.

Legal affairs

National regulatory framework regarding AML and effective date of the regulations

The main piece of legislation regulating AML in Croatia is the AML Act which came into force on 25 April 2019.

National regulator or relevant authority for AML controls

There are several supervisory authorities, including the CNB, the Financial Inspectorate, HANFA, the Tax Administration.

The Anti-Money Laundering Office (Office) is responsible for collecting, analysing, and disseminating AML/CTF data and coordinates and cooperates with the supervisory and other competent authorities in in the AML/CTF matters, such as the State Attorney’s Office, the Ministry of the Interior – the General Police Directorate, the Security-Intelligence Agency, the Ministry of Foreign and European Affairs, the Ministry of Justice and other state bodies.

Customer Due Diligence

Conduct of a typical KYC identification process

According to the Croatian AML Act, KYC measures (i.e. customer due diligence) include, inter alia, the obligation to establish the identity of the party and to verify its identity on the basis of documents, data or information obtained from a credible, reliable and independent source, including, if applicable, a qualified certificate for electronic signature or electronic seal or any other secure, remote or electronic identification process regulated, recognised, approved or accepted by the relevant national authorities.

Therefore, majority of banks and other financial institutions request a face-to-face identification of their clients. The AML Act prescribes a possibility of identification with a video call, but so far, such procedure did not come to life. Moreover, in a process of opening a bank account, some banks may allow representation of the authorised person through a power of attorney (notarised and apostilled). Generally, the KYC/AML procedures of Croatian banks tend to be complex, time-consuming, and cumbersome.

Possibility to meet customer due diligence requirements by relying on third parties who are obliged by law themselves to comply with AML regulations

Yes. The AML Act prescribes a possibility of customer due diligence conducted by third parties. It is important to note that the responsibility for the implementation of the customer due diligence entrusted to a third party remains with the AML obligor.

The AML obligor is permitted to outsource its customer due diligence to third parties only for the following services: (i) establishing and verifying the identity of the customer; (ii) establishing the identity of the actual owner of the customer; and (iii) collecting data on the purpose and intended nature of the customer’s business relationship. However, the obligor is always obliged to implement the measure of constant monitoring of the business relationship independently, and not through a third party.

Possibility to outsource customer due diligence by contract to other third parties who are not obliged by law to meet AML regulations and rely on these (e.g., WebID, IDnow, PostIdent)

No. The AML Act explicitly lists who can be a third party in the process of customer due diligence, limiting third parties to (i) public notary; (ii) FINA; (iii) HP-Hrvatska pošta d.d. (Croatian Post), and certain credit or financial institutions as prescribed by the AML Act, including but not limited to investment fund management companies, pension funds and insurance funds. According to the AML Act, third parties also include mentioned entities with a registered seat in another Member State or third country, which (i) carries out customer due diligence and keeps the prescribed records in accordance with the AML Act, which are equal or equivalent to those listed in the respective AML Directive (EU) 849/3015 (AML Directive), and (ii) whose compliance with the AML requirements is monitored by the competent supervisory authority in a manner equal or equivalent to that specified in the AML Directive.

The extent to which the credit institution will allow customer due diligence to third parties, the analysis entrusted to a third party depends on its business policy, considering the risks arising from such a relationship and the possibility effective mitigation and effective management of these risks.

The AML Act prescribes that in cases when the customer due diligence is entrusted to external associates and representatives of credit institutions on the basis of a contractual relationship (i.e. externalisation, or representative relationship), the provider of externalised services (i.e. the representative) is considered part of the AML obligor and is obliged to apply policies and procedures for customer due diligence of the respective credit institution.

Please note the difference between the implementation of customer due diligence measures through a third party and the implementation of customer due diligence measures through externalisation and outsourcing. The third person is also the obligor, i.e., it has to implement measures of customer due diligence according to the AML Act and in relation to customer due diligence of the customer it applies its own procedures for conducting due diligence of the customer. On the other hand, external associates and obligors’ representatives are considered part of the obligor and apply customer due diligence procedures of the customer determined by the obligor himself.

Presence of a license or registration requirement for the third party in case of outsourcing customer due diligence

Third parties represent entities providing services regulated under various specific acts, which prescribe the need to obtain a licence or approval for provision of respective services.

Further questions

Entities that could be relied on specifically by law as a third party to comply with AML regulations (regardless of outsourcing)

Yes credit institutions
Yes financial institutions
No auditors, external accountants, and tax advisors
Yes notaries and other independent legal professionals
Yes other trust or company service providers
No estate agents
No other persons trading high-value goods
No providers of gambling services



© 2022, Ilej & Partners, in cooperation with Karanovic & Partners. All rights reserved by Ilej & Partners, in cooperation with Karanovic & Partners as author and the owner of the copyright in this chapter. Ilej & Partners, in cooperation with Karanovic & Partners has granted to Multilaw non-exclusive worldwide license to use and include this chapter in this guide and to sublicense Lexis Nexis, a division of RELX Inc. and its affiliates certain rights to use and distribute this guide.

The information in this guide provides a general overview at the time of publication and is not intended to be a comprehensive review of all legal developments nor should it be taken as opinion or legal advice on the matters covered. It is for general information purposes only and readers should take legal advice from a Multilaw member firm.


Choose country