E-KYC or online customer identification: what regulatory framework?

The financial sector (banks, payment institutions, crowdfunding platforms ...) is subject to strict KYC ("know your customer") obligations to fight against fraud, money laundering and terrorism financing ("AML ").


Identification procedures of new clients are traditionally carried out by official identity documents and face-to-face. Needless to say, younger generations are increasingly demanding flexibility and ease of opening accounts online without physical displacement. And emerges a new Fintech activity, the supply of solutions called "e-KYC" remote identification of new customers, with a more or less favorable reception of supervisors.


The legal framework


At a European level, the matter is now governed by the Fourth Anti-Money Laundering Directive 2015/849 of 20 May 2015[1], which has to be transposed into national legislation by 20 May 2017[2]. All regulated financial actors are subject to anti-money laundering obligations (banks, payment institutions, financial investment advisers, etc.). However, there is still a doubt about the application of KYC obligations to new entrants in the payment sector (payment initiator and aggregator of accounts, see below) because the DSP2 does not say a word about it.


Online identification


We all use multiple digital identities, provided by different private companies, such as telecom operators, traders, GAFA and of course financial institutions. These identities are not always reliable. For example, anyone can open an account on a social network with a false name and a fancy email address. Financial institutions have the obligation to check the identity of their new clients by relying on government-issued identity cards (identity cards, driving licenses, passports, etc.) as they are the only presumed to be reliable. This is usually done in branch for banks. But can this verification also take place remotely, via a mobile application, for example?


FinTech have already grabbed this promising market, by proposing simple and fast procedures of online self-enrollment: the prospect proves his identity by taking a "selfie" and photos of his passport, his identity card and identity proof. The data is then captured via the mobile and sent to a server that checks the uniqueness identity and the holder legitimacy.

The identity verification service performs in particular: - Validation of documents and proof of identity (identity cards, payment cards, contracts, certificates, etc.);


- Verification of the information provided by comparison with pre-existing databases; - anti-fraud controls: checking of surveillance lists, in particular related to anti-money laundering.


On a case-by-case basis, the supervisory authorities validate these self-enrollment procedures when they offer all the guarantees required to comply with the legal obligations regarding to KYC.


However, the Luxembourg Supervisor (Financial Sector Supervisory Committee) went further by specifying all the steps to be followed and the guarantees to be given in the event of the identification of new clients by "video chat"[3].


Identification by electronic signature


Electronic signatures have been used for years by banks to sign distance contracts. But can they also be used to identify a new client, unknown to the institution in question? The issue is important because electronic signatures have the potential to greatly simplify the enrollment of new clients in the context of innovative online services. The issue is even more topical since the entry into force (1st July 2016) of the European "e-IDAS" regulation on electronic identification[4].


On July 2016, the European Commission presented a directive proposal aimed at amending the Fourth Anti-Money Laundering Directive in order to take in account, in particular, the emergence of crypto-currency exchange platforms[5]. This proposal foresees devoting electronic identification within the meaning of the e-IDAS regulation as one of the ways of identifying a new customer[6].


The Belgian supervisory authority has issued a specific circular on the matter[7]. In the case of remote identification of customers who are natural persons, verification of their identity may be carried out, by means of a qualified certificate[8], provided that it has been issued by an accredited certification service provider, and that the issuance of the certificate took place on the basis of a procedure requiring face-to-face identification of the client by the certification service provider itself or, in accordance with the procedures it defines, by persons they mandate to that purpose[9]. It is therefore essential that the (accredited) certification service provider requires face-to-face identification when it issues the electronic certificate for the first time to the customer (which will then be considered as identified for the financial sector). In France, regulation requires such a face-to-face identification for qualified certificates[10].


Blockchain and Regtech


With such regulations that are increasingly demanding, the "KYC" has a human cost and a cost in terms of time. In addition, it complicates the customer relationship by making tedious the opening of an account. It is to answer to that problematic that was born an avatar of FinTech, which is called "regtech". Introduced in 2015, "regtech" offers to financial actors technological solutions to manage their compliance activities that is, compliance with legislations and regulations as well as internal and statutory standards. KYC regtech specialists offers to replace time-consuming manual researches with automated and intelligent database screening solutions, in particular to detect "politically exposed persons" who may be involved in corruption cases and those already punished[11].


The Blockchain technology is also being tested in this regards by banking actors. The aim is to write on a blockchain, by nature unalterable and auditable, the authenticated knowledge of the counterparties (digitized papers, signatures, verifications ...). Indeed, a shared database could allow banks and financial actors to share KYC documents by being sure they are legitimate and valid, which would save significant time by preventing each bank from performing the verification process of a client already performed by another bank. The KYC would no longer be centralized within each bank. In addition, the client would have control over his data in a distributed environment and there would be no redundancy of information[12].




[1] V. Th. Bonneau, Régulation bancaire et financière européenne et internationale, Brulyant 3° éd. 2016, n° 341 et s.

[2] In France, the founding text of the fight against money laundering is the law of 12 July 1990 (v. Th. Bonneau, Banking Law, 11th ed. 2015, LGDJ, No. 318 et seq.). The SAPIN 2 Act of 8 November 2016 clarified the notion of beneficial owner and the Directive of 20 May 2015 was transposed by an order of the.

In Belgium the founding text of the fight against money laundering is the law of 11 January 1993 on the prevention of the use of the financial system for the purpose of money laundering and the financing of terrorism.


[4] e-IDAS Regulation (EU) n° 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and confidence-building services for electronic transactions in the internal market and repealing Directive 1999/93 /UE

[5] Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and amending Directive 2009/101/EC, .2016 COM(2016) 450 final 2016/0208 (COD), http://ec.europa.eu/justice/criminal/document/files/aml-directive_en.pdf

[6] See recital 17 and Article 1.4, e-DIAS Regulation

[7] Circular CBFA_2010_09 du 6 avril 2010, www.fsma.be/~/media/Files/fsmafiles/circ/fr/2011/cbfa_2011_09-1.ashx.

[8] Within the meaning of the Law of 9 July 2001 laying down certain rules on the legal framework for electronic signatures and certification services and within the meaning of Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. The concept was incorporated as such by the e-IDAS regulation.

[9] In Belgium, remote identification can also be done by means of the customer's electronic identity card.

[10] Decree No. 2001-272 of 30 March 2001 of Law No. 2000-230 of 13 March 2000 adapting the law of evidence to information technology, which clarifies the contours of the "secure electronic signature" benefiting from the legal presumption of reliability. Accreditation is the Prime Minister's Office competence.

[11] See as example https://kyc3.com/.

[12] See the works of the consortium http://www.r3cev.com, or those of the French consortium LaBchain launched by the Caisse des dépôts et consignations: http://www.caissedesdepots.fr/labchain-lancee-par-la-caisse-des-depots-devoile-son-1er-cas-detude.

Share on Facebook
Share on Twitter
Please reload

À l'affiche

3èmes Assises des Technologies Financières - Jeudi 17 octobre 2019


Please reload

Posts récents
Please reload

Par tags
Please reload

Nous suivre
  • Google+ Long Shadow
  • Facebook Long Shadow
  • LinkedIn Long Shadow
  • Twitter Long Shadow

© 2018 DS Avocats.

Contact Us

Tél : +33 1 53 67 50 00



  • Google+ Long Shadow
  • Facebook Long Shadow
  • LinkedIn Long Shadow
  • Twitter Long Shadow