8th May 2020 | Jaroslaw Lejko | Chief Compliance Officer

Multi-stage customer due diligence - Automatization

At the moment, financial institutions, especially from the FinTech sector, compete not only on products and fees, but also on state-of-the-art solutions providing a technological advantage, speed and a simplified customer experience. A simple, legible application in a digital format and onboarding process are one of the crucial factors of a competitive advantage which can have a significant impact on business success.

According to the article 13 of DIRECTIVE (EU) 2015/849, also known as IV AML Directive, a financial institution should apply customer due diligence measures (CDD) which shall be comprised of:

(a) identifying the customer and verifying the customer's identity;
(b) identifying the customer’s beneficial owner;
(c) obtaining information on the customer’s purpose and intended nature of the business relationship;
(d) conducting ongoing monitoring of the business relationship to ensure that the transactions being conducted are consistent with the entity's knowledge of the customer, the business and risk profile, including, where necessary, the source of funds and ensuring that the documents, data or information held are kept up-to-date.

Special, additional CDD measures in respect of transactions or business relationships with politically exposed persons (PEP) are described in article 20 thereof which states that, in addition to the CDD measures laid down in Article 13, financial institutions shall:

(a) obtain senior management approval for establishing or continuing business relationships with PEP;
(b) take adequate measures to establish the source of wealth and source of funds that are involved in business relationships or transactions with PEP;
(c) conduct enhanced, ongoing monitoring of those business relationships.

All EU countries have implemented IV AML Directive’ through local regulations, supervisory recommendations and commonly accepted standards like “Systems of control to prevent the financial system from being used for money laundering or terrorist financing activities” issued by the Gibraltar Financial Services Commission or “Prevention of money laundering/ combating terrorist financing” issued in the UK by the Joint Money Laundering Steering Group.

Market trends

Competition between financial institutions on the European market has become even stronger since the Payment Services Directive (EU) 2015/2366 (PSD2) and Payment Accounts Directive (EU) 2014/92 (PAD) came into force. Unfortunately, the number of legal requirements is constantly growing which results in the multiplicity in the amount of information and statements required from the customer, thus significantly extending and complicating the onboarding process which sometimes may be contradictory to policy-makers’ expectations that the customer would see the whole process as more transparent, simplified and straightforward.

Identifying the customer and verifying the customer's identity

Identifying and verifying the customer's identity, both in the case of natural persons and legal entities, is standard and relatively resistant to fraud in all financial institutions across EU countries. ID documents are standardised and well protected against any attempts of forgery. A number of software tools supporting ID documents’ verification process is available and widely used across financial institutions nowadays. These tools can not only recognise all ID documents issued in required jurisdictions and download all data available on ID documents, but also check authenticity of ID document based on its digital picture send to the financial institution or presented by the customer during e.g. the video verification session as well as compare photo on ID document with customer’s real world “selfie”.

The detection rate of fraud is much higher in this case than when the verification of documents takes place only manually by an employee of a financial institution.


The video verification process is not the only option of identifying and verifying the customer's identity in a remote mode. The golden rule is that verification of the information obtained by the financial institution must be based on reliable sources, independent of the customer. For customer data verification, many financial institutions use transfers made from the customer’s account established in other regulated financial institutions located in a low-risk country. The other sources of positive information that allow financial institutions for independent customer verification vary from country to country and could include both commercial and governmental solutions. These solutions are based on trustworthy information sources like electoral roll or credit bureaus’ database. To limit the fraud risk, financial institutions usually use a combination of the above-described technics and information sources during remote customer’s data verification.

Similarly, in the case of companies, financial institutions can rely on trustworthy independent sources like official companies registers usually available on-line in the EU member states. In case of Gibraltar, the copies of corporate documents necessary to perform the CDD process could be downloaded directly by the financial institution from the Companies House website (http://www.companieshouse.gi/) after paying the appropriate fee. Similar services in some other EU countries are free of charge.

Similar topics


8th May 2020 | Jaroslaw Lejko

Multi-stage customer due diligence - Purpose and intended nature of the business relationship


8th May 2020 | Jaroslaw Lejko

Multi-stage customer due diligence - Risk evaluation process