Customer due diligence

The firm must possess solid knowledge about its customers and their affairs so as to make it more difficult for the business to be used for, and to prevent, money laundering or terrorist financing.

Measures to attain customer due diligence shall proceed on the basis of the firm's general risk assessment in combination with an assessment of the risk presented by the individual customer.

Without sufficient knowledge about the customer, a firm may not establish or maintain a business relationship, or carry out occasional transactions.

Neither may a firm establish a business relationship if it is suspected that its products and services might be used for money laundering or terrorist financing. Similarly, a firm may not carry out a transaction if, on reasonable grounds, it could suspect money laundering or terrorist financing.

Firms shall always take measures to attain customer due diligence about a customer with whom they establish business relationships. This also applies to an occasional transaction if it equates to EUR 15,000 or more, or to several transactions which, combined, equate to the same amount. Customer due diligence shall also be performed for such transactions as referred to in Article 3(9) of Regulation 2015/847 if the amount exceeds EUR 1,000.

Customer due diligence measures

Identifying and verifying customer identity

With the requirement to identify the customer, the firm must ask about the customer's name and other relevant information. Such information is important for determining whether the customer is a politically exposed person. The firm must then verify that the identity matches the information. The degree of thoroughness of such controls varies depending on the risk associated with the customer.

Beneficial owner

The firm shall investigate whether the customer has a beneficial owner; that is, a person who directly or indirectly exercises controlling influence over the customer. The firm shall investigate the customer's ownership and control structures, in order to understand any potential risk posed by the customer. In that case, it might be necessary to ask the customer additional questions. It is also important to verify whether the beneficial owner is to be considered a politically exposed person.

If the customer has a beneficial owner, it is important to verify the identity of that person.
If the beneficial owner cannot be determined, the firm shall verify the identity of a person who is the chairman of the board, managing director or equivalent executive, a so-called alternate beneficial owner. The requirement to appoint an alternate beneficial owner does not apply, however, to municipalities, states or regions if the risk related to the customer relationship is judged to be low.

Politically exposed person (PEP)

If a customer is to be considered a politically exposed person, the firm must take enhanced measures – i.e. it must always find out the origin of the assets processed in a business relationship or individual transaction. It also means that approval shall be obtained from an authorised decision-maker prior to entering a business relationship. The firm must also carry out enhanced continual follow-up of the business relationship.

When a politically exposed person has ceased to perform their functions, the enhanced measures shall be applied for a minimum of 18 months and until it is considered that the person no longer poses a risk of money laundering or terrorist financing.

The provisions regarding enhanced measures shall also be applied to family members and known colleagues of a politically exposed person.

High-risk third country

A firm shall verify whether the customer is established in a non-EEA country which has been identified as a high-risk third country by the European Commission. If this is the case, the undertaking shall take enhanced due diligence measures for the customer.

Purpose and nature of the business relationship

A firm shall obtain information about the purpose and nature of the business relationship.The information shall form the basis of

  • an assessment of the activities and transactions that can be expected of the customer in the context of the business relationship
  • a risk classification of the customer

If factors emerge that indicate a high risk, the firm shall take enhanced customer due diligence measures.

Adapting measures to the situation

The extent of the measures to be taken depends on the complexity of the service or product concerned, and the risk associated with it. Sometimes, the risk in a business relationship or transaction can require the firm to obtain more information about the customer's financial situation and/or information about the origin of the customer's financial funds.

Managing EU sanctions

In terms of terrorist financing, an important customer due diligence measure is screening the customer against the EU's consolidated list of persons, entities and groups that are subject to EU sanctions.

EU sanctions


Last reviewed: 2023-06-05