Country _ Name
KYC requirements
The know your customer or know your client (KYC) guidelines and regulations for financial services require that professionals try to verify the identity, suitability, and risks involved with maintaining a business relationship.

Legal affairs

National regulatory framework regarding AML and effective date of the regulations

The Italian regulatory framework concerning AML derives from the implementation of the applicable EU Directives. The first anti-money laundering Directive was implemented in 1991. Currently, the main legislative source in Legislative Decree no. 231/2007, frequently amended in the following years, most recently in 2021. In particular, the most significant changes to this Legislative Decree were introduced in 2017 and 2019 in order to transpose, respectively, the fourth anti-money laundering Directive (no. 2015/849), later furtherly completed by the Fifth Directive (no. 2018/843).

Alongside Legislative Decree no. 231/07, several secondary regulations adopted by regulatory authorities are in force.

National regulator or relevant authority for AML controls

The main responsibility for implementing statutory AML provision is entrusted to the Ministry of Economy and Finance (MEF), which also has the power to impose sanctions (administrative fines, in addition to criminal sanctions issued by courts). The MEF further plays a key role in providing guidelines and interpretation of applicable provisions. The Financial Intelligence Unit (an autonomous body established within the Bank of Italy) has operational tasks relating to combating money laundering. Other entities having specific AML functions are sectoral supervisory authorities (e.g. over insurance companies or banks) and self-regulatory bodies (e.g. the national bar association).

Customer Due Diligence

Conduct of a typical KYC identification process

The modalities for the performance of customer due diligence are set forth by Legislative Decree no. 231/07, although the scope and extent of the customer due diligence depends on the risk level – simplified measures are allowed for low risk and strengthened measures must be adopted in the event of high risk. As from 2017, obliged entities enjoy a certain degree of discretion in defining the simplified and strengthened due diligence measures.
This being said, the customer due diligence process must in any case include the following steps: (i) the identification and verification of the customer and of the beneficial owner; (ii) the acquisition of information on the purpose and nature of the business relationship; (iii) the ongoing monitoring of the business relationship; and (iv) the limit at EUR 3,000.00 Euro for cash payments, with some lower thresholds for certain specific reasons of payment (Article 49, Legislative Decree no. 231/2007).

As a general rule, the identification of the customer and of the beneficial owner must be performed face-to-face, namely with the physical presence of the customer or of the executor (i.e. the person acting in the name and on behalf of the customer). There are, however, some exceptions, including clients whose identification data result from public deeds and clients with a digital identity or a digital signature certificate having specific features. Moreover, sectoral supervisory authorities may introduce further exceptions, based upon the development of distance identification techniques.

Possibility to meet customer due diligence requirements by relying on third parties who are obliged by law themselves to comply with AML regulations

It is possible to outsource customer due diligence to a third party who is obliged by law to comply with AML regulations.

Possibility to outsource customer due diligence by contract to other third parties who are not obliged by

law to meet AML regulations and rely on these (e.g., WebID, IDnow, PostIdent) It is possible to outsource customer due diligence by contract to a third party who is not obliged by law to meet AML regulations.

Presence of a license or registration requirement for the third party in case of outsourcing customer due diligence

As a preliminary remark, outsourcing of customer due diligence is envisaged in articles 26-30 of Legislative Decree no. 231/07, which does not require any licence/registration of the outsourcer.

However, in banking and insurance sectors, detailed regulations issued by the competent authorities are in force, also addressing the outsourcing of the AML function and the relevant requirements (e.g. professional requirements and integrity of the outsourcer).

Further questions

Entities that could be relied on specifically by law as a third party to comply with AML regulations (regardless of outsourcing)

Yes credit institutions
Yes financial institutions
Yes auditors, external accountants, and tax advisors [only professionals enrolled in the relevant rolls and only vis-à-vis other tax, legal and audit professionals]
Yes notaries and other independent legal professionals [only vis-à-vis other tax, legal and audit professionals]
Yes other trust or company service providers [only fiduciary companies enrolled in the register provided by section 106 of the Italian Banking Act]
No estate agents
No other persons trading high-value goods
No providers of gambling services



Choose country