Global FinTech Guide
Country Name
KYC requirements
The know your customer or know your client (KYC) guidelines and regulations for financial services require that professionals try to verify the identity, suitability, and risks involved with maintaining a business relationship.

Legal affairs

National regulatory framework regarding AML and effective date of the regulations

The last AML regulation to come into effect was the fifth European directive (Directive (EU) 2018/843) related to the prevention of the use of the financial system for the purposes of money laundering or terrorist financing that was published on the 30th of May 2018 and came into force on the 10th of July of the same year.

This directive was transposed into French law by ordinance n° 2020-115 published on February 12th, 2020, aimed at strengthening the prevention against money laundering and terrorist financing.

The main objectives of this ordinance were to expand the AML corpus to new individuals such as lawyers, strengthen customer due diligence required for regulated entities, open the possibility to implement remote business relationship and strengthen the role of the supervisors.

National regulator or relevant authority for AML controls

The ACPR is the main authority in regard to AML supervision for entities under the ACPR control and those licensed by the AMF.

Customer Due Diligence

Conduct of a typical KYC identification process

Any KYC identification process requires for the regulated entity to first identify its client or the beneficial owner (defined as the natural person having more than 25% of the legal person’s share capital) in accordance with article L.561-5 of the CMF. This article also requires a verification of the said customers with proof-worthy documents (or their beneficial owners).

However, depending on the situation of the customer and if there’s a small risk for money laundering or terrorist financing, a simplified identification without verification may be applied (article R.561-14-2 of the CMF).

However, for those who showcase a standard risk, both identification and verification are required. 

Article R.561-5 of the CMF lists the needed information for the identification of the customer such as the name, surname, date and place of birth for individuals or the legal status, the corporate name, the registration number and the headquarters of corporations.

As for the verification of the customer through proof-worthy documents, article R.561-5-1 of the CMF states that the document could either be digital or paper-based.

For individuals, such verifications requires the presentation of a valid identity card ID or other official documents that showcase a picture of the customer.

As for corporations, an original document, or a copy of the registration on an official register is required providing that the document is not older than three month and contains the corporate name, the legal status, the address of the headquarters etc.

Trusts, however, need to provide the original or a copy of their trust contract.

If the business relationship happens to be remote some other conditions need to be satisfied in accordance with article R.561-20 of the CMF such as the requirement of another document, alongside the ID or other official documents that might prove the identity of the customer or the implementation of verification mechanisms in regard to the documents transmitted.

However, if the identification is done through electronic devices that are deemed reliable in accordance with Regulation (EU) No 910/2014 called eDIAS (Regulation (EU) No. 910/2014) or article L.102 of the Code des postes et des communications électroniques (electronic communications and postal code), the identification will be equivalent to the face-to-face procedure.

Possibility to meet customer due diligence requirements by relying on third parties who are obliged by law themselves to comply with AML regulations

In its guidelines on identification, verification of the identity and knowledge of the clients, the ACPR confirmed the possibility of meeting customer due diligence by relying on a third party known as “tierce introduction” in accordance with article L.561-7 of the CMF. However, the ACPR, considers that in order to be due diligent the third party should satisfy certain conditions: 

  • To comply with AML obligations such as due diligence obligations;
  • To be supervised by an authority;
  • To have internal AML procedures.
However, the regulated entity that relies on a third party is still held liable for any failing in KYC compliance.

Possibility to outsource customer due diligence by contract to other third parties who are not obliged by law to meet AML regulations and rely on these (e.g., WebID, IDnow, PostIdent)

When it comes to the outsourcing of the customer due diligence, the ACPR specifies in its aforementioned guidelines that it is possible to outsource due diligence by contract to other third parties who are not obliged by law to meet AML regulations.

However, the ACPR also considers that some characteristics should be respected:

  • The external service provider acts in the name and on behalf of the regulated entity;
  • The external service provider shall apply the AML requirements and procedures to which the regulated entity is subject, and the regulated entity is required to control such an implementation;
  • The regulated entity is the only one held liable for any failing in their AML obligations.

Presence of a license or registration requirement for the third party in case of outsourcing customer due diligence

No license is required for the external service provider

Further questions

Entities that could be relied on specifically by law as a third party to comply with AML regulations (regardless of outsourcing)

Yes credit institutions
Yes financial institutions
Yes auditors, external accountants, and tax advisors
Yes notaries and other independent legal professionals
No other trust or company service providers
No estate agents
No other persons trading high-value goods
No providers of gambling services
Yes Insurance companies, Investment firms, Central banks, Electronic money institutions, Banking and Payment broker etc.



© 2022, Racine Avocats. All rights reserved by Racine Avocats as author and the owner of the copyright in this chapter. Racine Avocats has granted to Multilaw non-exclusive worldwide license to use and include this chapter in this guide and to sublicense Lexis Nexis, a division of RELX Inc. and its affiliates certain rights to use and distribute this guide.

The information in this guide provides a general overview at the time of publication and is not intended to be a comprehensive review of all legal developments nor should it be taken as opinion or legal advice on the matters covered. It is for general information purposes only and readers should take legal advice from a Multilaw member firm.


Choose country