Remote identification - Possible procedures under the German Anti-Money Laundering Act

The German Anti-Money Laundering Act requires obligated parties (e.g. banks and financial service providers) to identify their customers. To do so, they have to collect and verify certain information about their customers and, if applicable, their representatives and beneficial owners (UBO). In the analogue world of the last century, this was a simple task: the customer came into the branch and presented his ID. In the modern digital world, personal contact has become rarer - especially in times of pandemics - and customers expect communication with the service provider to be free of media discontinuity and as digital as possible. Therefore, suitable ways of identification have to be chosen.

1. Post-Ident

In addition to going to the obliged entity's branch, it is also common in Germany to go to the post office. In this case, the post office acts as an outsourcing service provider for the obligor and carries out the identification on the basis of the ID card. The postal employee checks the information and documents it accordingly.

The Post-Ident procedure is an outsourcing of the obligor to the Post-Ident service provider. This requires a contractual arrangement between the obligor and the post office. In addition, the obligor must verify the reliability of the Post.

This type of identification is a good way for obligated parties without their own branch networks (such as direct banks) to comply with the obligations under anti-money laundering law. Post-Ident is widely used in Germany, so there is a certain degree of acceptance by customers. However, Post-Ident remains in the analogue age and involves a media break in otherwise digital customer flows.

2. Video identification procedure

With video identification procedures (also known as Video-Ident), identification can be carried out from anywhere the customer can connect via computer or smartphone with sound and image. BaFin issued a circular on the requirements for video identification years ago. Many other German anti-money laundering supervisory authorities also refer to this BaFin letter in their interpretation and application notes (for example, also the Joint Interpretation and Application Notes of the Länder of the Federal Republic of Germany for dealers in goods, real estate agents and other non-financial companies or the Joint Notes of the Supreme Supervisory Authorities of the Länder in the gambling sector).

The obliged entity can either carry out the identification itself in compliance with the requirements of BaFin or outsource this to a service provider. In the case of outsourcing, this also requires a contractual agreement and a check of the reliability of the outsourcing service provider.

However, the video identification procedure is only a bridging of the distance without representing a completely electronic procedure. The BaFin requirements stipulate that identification must be carried out by means of video transmission by a trained employee. This is sometimes a cost-intensive process. An artificial intelligence (AI) solution does not currently meet these requirements.

3. Identity card with online ID function

The German Anti-Money Laundering Act (Geldwäschegesetz - GwG) explicitly provides for the verification of the data collected by the obliged entity in the identification and customer onboarding process by means of an electronic proof of identity pursuant to Section 18 of the Personal Identity Card Act (Personalausweisgesetz), pursuant to Section 12 of the eID Card Act (eID-Karte-Gesetz) or pursuant to Section 78 (5) of the Residence Act (Aufenthaltsgesetz). German identity cards have already been issued as electronic identity cards since the end of 2010. The German ID card has a chip that enables additional functions. The chip can be read via the NFC interface of a smartphone, for example. A personal presence is not required for the verification via electronic proof of identity. This is replaced by the online ID card function, the service provider for reading and the PIN entry by the customer.

The following data is stored on the chip of the electronic identity card:

• Family name,
• Birth name,
• First names,
• Doctoral degree,
• Day of birth,
• Place of birth,
• Address,
• Unique municipality key used in the official municipality directory,
• Nationality,
• Document type,
• Last day of validity,
• Service- and card-specific indicator,
• Abbreviation "D" for Federal Republic of Germany,
• Indication of whether a certain age is exceeded or not,
• Indication of whether a place of residence corresponds to the place of residence queried, and
• Order name, stage name.

The data to be collected according to the German Anti-Money Laundering Act (GwG) is covered by this, so that identification and verification of the data is possible.

4. Qualified electronic signature (eIDAS)

A qualified electronic signature can also be used under the eIDAS Regulation. A simple or advanced signature is not sufficient.

If the qualified electronic signature is used, it must be validated in accordance with the requirements of the eIDAS Regulation. In addition, a reference transfer must be made from a payment account of the customer; the payment account must be held at a credit, payment or e-money institution.

5. Conclusion

Regardless of the various possibilities for remote identification, there still seems to be a preference in Germany for on-site identification, whether as a visit to the branch, by way of Post-Ident or Video-Ident (according to a paper by the Deutsche Bundesbank on the topic of "Use of electronic identification means (eIDs) in electronic payment transactions and when opening an account"). The possibilities of remote identification have been created by the legislator. Now businesses and customers must use these means so that identification also arrives in the digital age.