Time of identification and identity verification: Comments and recommendations by the NBB
1. Time of identification and identity verification according to the category of persons to be identified
Article 30 of the Anti-Money Laundering Law specifies the time at which the identification and identity verification obligations should be fulfilled, depending on the capacity of the person concerned:
- For customers and their beneficial owners:
- identification: before entering into the business relationship or carrying out the occasional transaction concerned;
- identity verification: at the same time;
- For agents:
- identification: before exercising their power to make binding agreements on behalf of the customers that they represent;
- identity verification: at the same time;
- For beneficiaries of life insurance policies or of equivalent policies:
- identification: as soon as they have been designated or are identifiable; in case of assignment of the policy to a third party: identification of the new beneficiary at the time of the assignment;
- identity verification: may be deferred until the time of pay-out by the insurer.
2. Specific derogations
In accordance with the risk-based approach, financial institutions may, in certain specific cases where the ML/FT risk is low, as provided for in the Anti-Money Laundering Law, derogate from the aforementioned rules and defer the fulfilment of the obligation to verify the identities of the persons involved (see point 2.1. below) and even of the obligation to identify these persons (see point 2.2. below).
2.1. Need to not interrupt the conduct of business
2.1.1. General possibility of derogation
Pursuant to Article 31 of the Anti-Money Laundering Law, financial institutions are authorised, when establishing a business relationship, to defer verification of the identity of the customer and, where appropriate, of his agent(s) and beneficial owner(s) until a later time than that determined in Article 30 of the Law, insofar as the specific situation requires not interrupting the conduct of business.
This possibility could for example be used when, in the context of business relationships with professional customers, specific financial activities are performed that do not allow the identity of the counterparty to be fully verified before the first transactions have been carried out.
However, the performance of the identity verification during the business relationship is subject to all the following conditions being met:
- The individual risk assessment must show that the business relationship concerned poses a low ML/FT risk;
- In order to avoid that not verifying the identity of the persons concerned facilitates ML/FT transactions, the identity of all these persons should be verified as soon as possible after first contact with the customer; in the meantime, the business relationship concerned should be subject to enhanced due diligence (see Article 37, § 1, of the Anti-Money Laundering Law) and any anomaly in its functioning or in the verification process should be treated as an “atypical fact” and as such be the subject of a specific analysis and documented in an internal report under the responsibility of the AMLCO, to determine whether a suspicion should be reported to CTIF-CFI (see the page “Special cases of enhanced due diligence”);
- The financial institution’s internal procedures (see the page “Policies, procedures, processes and internal control measures”) should contain a precise and exhaustive enumeration of the circumstances in which this possibility may be used and of the appropriate measures guaranteeing fulfilment of the conditions above (see Article 14 of the Anti-Money Laundering Regulation of the NBB) and of the conditions required to perform the verification as soon as possible after first contact with the customer.
Generally, pending verification of the identity of the persons involved, the specific framework of the business relationship should include a set of coherent measures which drastically limit the possibilities offered to the customer in the context of this business relationship during this period. For example, it could be envisaged deferring the settlement of the transactions, limiting the sources of funding for the account opened to a single other bank account opened in name of the customer with a credit institution established in the EEA or in an equivalent third country, etc.
2.1.2. Specific case: opening an account
When a financial institution that has been called on to open an account (regardless of the nature of the account concerned, which may be a securities account) decides to make use of the possibility to defer verifying the identity of the customer and, where appropriate, of his agent(s) and beneficial owner(s) until this account has been opened, in compliance with the conditions referred to in the previous point, no transfers, withdrawals or deposits of funds or securities may be performed to the customer or his agent from this account (either by or on behalf of the customer) as long as the identities of all the persons involved have not been verified.
However, this restriction does not prevent financial institutions from, for example, making the remote opening of an account, in particular through the internet, conditional on an initial transfer by the customer from another bank account opened in his name, without waiting for his identity and that of his agents or beneficial owners to be verified.
2.2 Low-risk issuance of electronic money
2.2.1. Possibility of derogation
In accordance with Article 25 of the Anti-Money Laundering Law and provided certain conditions are met, financial institutions issuing electronic money are authorised, when the overall assessment of the ML/FT risks specifically linked to their issuance activity shows that these risks are low, to neither identify nor verify the identity of customers (and, where appropriate, their agent(s) and beneficial owner(s)) who provide them with funds for the issuance of electronic money (see the page “Persons to be identified”). Pursuant to Article 32 of the Anti-Money Laundering Law, these institutions may, a fortiori, where they have not made use of the aforementioned possibility of derogation, decide to defer fulfilment of the obligations to identify and verify the identity of the aforementioned persons until a later time than that provided for in Article 30 of the Law, provided the same conditions are met.
2.2.2. Conditions for application of the derogation
However, this possibility of derogation is subject to multiple conditions. In addition to the fact that the overall risk assessment carried out by the electronic money issuer must demonstrate that the level of ML/FT risks to which he is exposed as a result of this activity is low, the following cumulative conditions must be met:
- the payment instrument cannot be reloaded or, if it is reloadable, it can only be used in Belgium and only to make payments up to a maximum monthly limit of EUR 150;
- the maximum amount stored electronically does not exceed EUR 150;
- the payment instrument is used exclusively to purchase goods or services; it follows in particular that it cannot be accepted to perform a money remittance operation;
- the payment instrument cannot be funded with anonymous electronic money;
- the electronic money issuer concerned carries out sufficient monitoring of the transactions or business relationship to enable the detection of unusual or suspicious transactions.
Furthermore, the NBB recommends that the electronic money issuer specify in his internal procedures within which time limit the persons involved will be identified and their identity verified, and which measures are required for this purpose.
2.2.3. Non-application of the derogation
Even if all the conditions listed above are met, the derogation is not applicable when a customer:
- is redeemed in cash, at the monetary value of the electronic money,
- withdraws this value in cash, or
- carries out remote payment transactions within the meaning of Article 2, 23° of the Law of 11 March 2018
if the amount redeemed, withdrawn or paid, as the case may be, exceeds EUR 50.
In these three cases, where the legislator considered that the risk could not be regarded as low, the electronic money issuer is required to take appropriate measures to identify and verify the identity of the customer concerned (and, where appropriate, his agent(s) and beneficial owner(s)) at the time of the refund or withdrawal of the electronic money or at the time when the customer carries out remote payment transactions using electronic money (that was previously issued without any such measures).
With regard to anonymous prepaid cards issued in third countries, the institutions referred to in Article 5, § 1, 4°, 6° and 7° of the Anti-Money Laundering Law, which offer payment services consisting in acquiring payments transactions, as referred to in point 5 of Annex I.A. of the Law of 11 March 2018, may accept payments made with such anonymous prepaid cards only if such cards comply with conditions equivalent to those laid down in the first and second paragraphs of the same Article of the Law. Where appropriate, these institutions must therefore have effective systems in place which enable them to check - at the time the payment transaction is accepted - that these legal conditions are met and must immediately refuse the payment transaction if this should not be the case.
In the same vein, the NBB highlights the fact that, where circumstances have given rise to suspicions of ML/FT, either at the time of establishment of the business relationship with the customer or subsequently, that led the electronic money issuer to report a suspicion to CTIF-CFI and, in accordance with Article 22 of the Anti-Money Laundering Regulation of the NBB, to carry out an individual re-assessment of ML/FT risks revealing that the level of risk associated with the given situation can no longer be regarded as low (which should logically be the case - see the page “Reporting of suspicions”), the said issuer can no longer invoke the derogation provided for in Article 32 of the Law. The issuer should immediately identify and verify the identity of the customer (and, where appropriate, his agent(s) and beneficial owner(s)), in accordance with Articles 21 to 23 of the Law.
2.2.4. Documentation
Finally, since the above-mentioned possibility of derogation is not absolute but subject to certain limitations, the NBB recommends that the financial institutions applying the derogation be able not only to submit the overall risk assessment that establishes the low level of risk, which must be documented, updated and made available to the NBB pursuant to Article 17 of the Law (see the page “Reporting by financial institutions”), but also to demonstrate to the NBB that, in all cases where they have applied Article 32 of the Law, each of the legal conditions to benefit from this derogation is met.
3. Inability to identify or verify the identity of the persons involved at the required time or within the time limit set
In this respect, see the page “Non-compliance with the identification and identity verification obligation”.
Disclaimer: This English text is an unofficial translation and may not be used as a basis for resolving any dispute.