Required Information for User Identification

Under the Austrian Financial Markets Anti-Money Laundering Act (FM-GwG), financial institutions must collect the following details for customer due diligence (CDD) in non-face-to-face transactions:

• Name
• Date of birth
• Address (for natural persons)

Permitted Remote User Verification Methods

Article 6(4) - Non-Face-to-Face Verification

The Act permits the replacement of in-person presentation of an official photo ID with the following safeguards:

1. Video-Based Online Identification: Verification of the official photo ID through a video procedure.
2. Electronic ID Card: Statutorily prescribed procedures that provide equivalent information as presenting an official photo ID.
3. Qualified Electronic Signature or Registered Mail:
• Customers may submit a legally binding declaration via a qualified electronic signature, or
• Obliged entities may send a registered mail declaration to the customer’s stated residence or place of incorporation.
4. First Payment (Penny Drop):
• The first payment must be settled through an account opened in the customer's name with a credit institution.
• Copies of customer documents must be available to verify the provided information, or a written declaration from the credit institution handling the payment must confirm the customer’s identity.
• The credit institution must meet AML/CTF requirements under Article 13 of the Act.

The Penny Drop Verification solution aligns with the requirements of Article 6(4)(4). It must be supported by customer documents (e.g., ID copies) to verify the information credibly. If customer documents are not provided, a written declaration from the credit institution facilitating the first payment must confirm the customer’s identity.

Conclusion

The Penny Drop Verification solution complies with Austria’s AML framework under Article 6(4)(4) of the FM-GwG as a permissible safeguard for non-face-to-face transactions. It can be used to verify a customer’s identity through the first payment from a bank account in the customer’s name, provided that:

• Supporting documents are available to credibly verify the information, or
• A written declaration from the credit institution facilitating the payment confirms the customer’s identity.

Required Information for User Identification

Under the Belgian AML Law (Law of 18 September 2017), obliged entities must identify and verify the identity of customers and, where applicable, beneficial owners. The following methods are permitted:

• Official Identification Documents: Passports, national identity cards, or other government-issued IDs.
• Electronic Identification Means: Secure electronic identification methods recognized under the Law of 18 July 2017 on electronic identification.
• Trust Services under eIDAS Regulation: Qualified electronic signatures or advanced electronic seals compliant with EU Regulation No 910/2014.

Permitted Remote User Verification Methods

Primary Methods

• Official Identity Documents: Submission and verification of a government-issued ID.
• Electronic Identification: Use of secure eID systems or trust services under the eIDAS Regulation.
• Additional Measures for Enhanced Due Diligence (EDD): Article 38 specifies enhanced measures for customers linked to high-risk third countries, including verifying the first payment from the customer’s bank account as an additional step.

The Penny Drop Verification solution aligns with Article 38(7°), which requires:

1. Origin of Funds Verification:
• The first payment must originate from a bank account in the customer’s name.
• The account must be with a credit institution subject to CDD standards equivalent to the Belgian AML Law, typically within the EU/EEA or equivalent jurisdictions.
2. Supplementary Measure:
• Penny Drop can confirm account ownership but must supplement primary verification methods, such as ID documents or electronic identification, to achieve the required level of certainty.

Applicability for CDD vs. EDD

• CDD: Penny Drop is generally not sufficient for standard due diligence and must be combined with primary verification methods.
• EDD: Under Article 38, Penny Drop can serve as an additional measure for enhanced due diligence when dealing with high-risk third-country customers.

Conclusion

The Penny Drop Verification solution is compliant with Belgian AML/CTF requirements under Article 38 as part of a broader enhanced due diligence framework. It can verify account ownership through the first payment originating from a customer’s bank account. However:

1. It must supplement primary verification methods, such as ID document verification or electronic identification.
2. The bank account used must meet the AML/CFT standards equivalent to those of the Belgian AML Law.

Penny Drop should be used as an additional measure to enhance reliability in customer identity verification. Institutions must adopt a multi-layered approach, combining Penny Drop with other verification methods to ensure compliance with Belgian AML/CTF regulations.

Required Information for User Identification

Under the Czech AML Act No. 253/2008 Sb., obliged entities must collect and verify the following data for identification of natural persons:

• Full name, social security number (if assigned), date of birth, gender, residential address, citizenship.
• Details of the identification document (type, number, issuing authority, validity).

Additional data (e.g., email address, phone number) may be required based on the risk assessment under Section 21a.

Permitted Remote User Verification Methods

Section 11 - Remote Identification

The Czech AML law allows for remote identification using the following methods:

1. Document-Based Verification:
• Submission of copies of identification documents and supporting materials.
• Verification of the data against official registers or public databases.
2. First Payment Verification (Penny Drop):
• This method is supplementary to document-based verification and must be used together to ensure compliance with the identity verification process. Penny Drop adds an additional layer of assurance to the document verification steps.
• The client must prove the existence of a payment account held in their name (Section 11(7)(e)).
• The first payment must originate from this account (Section 11(7)(f)).
• The payment should ideally include information about the payer and the purpose of the payment (Section 11(7)(g)).
3. Qualified Electronic Signature (QES):
• Use of eIDAS-compliant QES as an alternative for identity verification (Section 11(8)).

The Penny Drop Verification solution aligns with Section 11(7) and is compliant under the following conditions:

1. Account Ownership Verification:
• The first payment confirms the existence of a payment account in the customer’s name at a regulated credit institution.
2. Supplementary Documentation:
• Copies of relevant identification documents must be obtained and verified in conjunction with the Penny Drop.
3. Additional Measures for Doubts or Risks:
• When doubts arise or risks are identified, further verification steps, such as additional document checks or database validation, must be implemented (Section 11(9)).

Conclusion

The Penny Drop Verification solution is compliant with Czech AML regulations under Section 11(7). It can confirm account ownership and support customer identity verification when:

1. Used as part of a broader identification process, including document verification.
2. The first payment originates from an account in the customer’s name at a regulated credit institution.
3. Supplementary steps, such as additional documentation or checks, are applied in higher-risk scenarios.

Required Information for User Identification

Under the French Monetary and Financial Code (“Code”), regulated entities must collect the following information for the identification of natural persons: (1) First and last name and (2) Date and place of birth

Permitted Remote User Verification Methods

Article R561-5-1 of the Code permits the following methods for verifying a client’s identity:

1. Electronic Identification (QES): Certified methods that comply with the EU’s eIDAS regulation.
2. Reliable Electronic Identification: As defined by the French Postal and Electronic Communications Code.
3. Physical Presence Natural Persons: Valid official documents with photographs during physical interaction.
4. Trust or Equivalent Arrangements: For clients operating through trusts or similar arrangements, relevant documentation must be obtained.

Article R561-5-2 provides additional methods when primary verification measures are not feasible. To meet regulatory requirements, at least two of the following must be applied:

1. A copy of a valid official document (e.g., passport or ID).
2. Verification and certification of the official document by an independent third party.
3. The first payment of the transactions made from or to an account opened in the name of the customer within either:
• A regulated EU/EEA financial institution, or
• A financial institution in a non-EU/EEA country enforcing AML/CTF regulations equivalent to those in the EU.
4. Confirmation of identity from a third party regulated under AML/CTF laws.
5. A certified service approved by ANSSI.
6. Advanced or qualified electronic signatures or seals based on a qualified certificate.

Applicability for CDD vs. EDD

• Penny Drop can be applied in Standard CDD as part of a combination method for verifying customer identity.
• There is no explicit indication in the Code that it is mandated or sufficient for EDD, as enhanced measures typically require additional verification layers.

Conclusion

The Penny Drop Verification solution is permissible under Article R561-5-2 as part of a combination method for client identity verification. It serves as a reliable means to verify account ownership when paired with other permissible measures.

Required Information for User Identification

Under Germany’s Money Laundering Act (GwG), the following are required for identity verification for natural persons:

• Verification based on a valid official ID (e.g., passport or identity card) or electronic identification methods (eID).
• Additional methods such as a Qualified Electronic Signature (QES) or electronic identification schemes recognized under EU regulations.

Permitted Remote User Verification Methods

Section 12 of the GwG

The GwG allows for the following methods for remote identity verification:

1. Official Identification Documents:
• Verification using valid IDs (e.g., passport, identity card) issued under German or equivalent foreign regulations.
2. Electronic Identification:
• Verification via eID methods under the Act on Identity Cards and Electronic Identification.
3. Qualified Electronic Signature (QES):
• Verification through QES compliant with EU Regulation No 910/2014, validated per Article 32(1) of the Regulation.
• Payment Transaction Supplement: If identity verification is conducted via QES, the first payment (Penny Drop) can be used as a supplementary measure.

Combination of Methods with Penny Drop

The Penny Drop Verification solution aligns with Section 12(1) under the following conditions:

• Supplementary to QES: Penny Drop can confirm identity when used as an additional measure after identity has been verified via QES.
• Regulated Payment Institution: The first payment must be processed through a payment account held at a financial institution regulated under the AML Directive (EU) 2015/849 in the EU/EEA or an equivalent jurisdiction.

Conclusion

The Penny Drop Verification solution is compliant with German AML/CTF regulations as it is required as a supplementary measure in combination with QES Verification.

Required Information for User Identification

Under Legislative Decree 21 November 2007, n. 231 (AML Law), the following customer identification information is required:

• Name and surname
• Place and date of birth
• Residential address
• Domicle, if different from the residential address
• Type and number of identification document
• Nationality

Permitted Remote User Verification Methods

Section VIII of the CDD Provisions

For remote operations, the CDD Provisions require:

1. Acquisition and verification of the client’s identification data against a valid identity document provided via fax, mail, or electronic means.
2. Additional checks based on risk, such as:
• Bank transfer through a financial intermediary based in Italy or the EU.
• Telephone contact (welcome call).
• Address verification via return receipt.
• On-site meetings or third-party inquiries for residence, domicile, or activities.

Thus, Photo or Video Identification alone is insufficient for remote onboarding. It must be supplemented with an additional check, such as Penny Drop verification, to comply with Section VIII requirements.

Standalone Use of Penny Drop Verification

Article 19 of the Decree

Article 19 (1) (4-bis) additionally outlines methods for fulfilling due diligence obligations applicable for relationships relating to payment cards, telecommunications, digital, or IT-based payment instruments, excluding direct transfers or debits, when following the electronic identification requirements set out in Article 4 of Commission Delegated Regulation (EU) 2018/389 of November 27, 2017:

The Penny Drop Verification solution aligns with Italy’s AML/CTF requirements as an additional verification step for remote operations when combined with identity document verification, or, when considered in the context of limited use cases electronic authentication mechanisms that comply with SCA under PSD2, or address verification, to ensure full compliance. It cannot be applied as a standalone method.

• Customer identity is verified through electronic credentials that meet Strong Customer Authentication (SCA) requirements under PSD2;
• Verification involves a transfer to a payment account in the customer’s name;

Conclusion

The Penny Drop Verification solution aligns with Italy’s AML/CTF requirements as an additional verification step for remote operations when combined with identity document verification, or, when considered in the context of limited use cases, as a standalone method, if the customers identity can be established using SCA tools.

Required Information for User Identification

Under the Anti-Money Laundering and Anti-Terrorist Financing Act (Wwft) and its Implementing Regulation, the following information must be collected for customer identification for natural persons: 

• Full name, 
• date of birth, 
• address, 
• nationality, and 
• a valid identification document (e.g., passport or national ID card).

Permitted Remote User Verification Methods

EBA Guidelines (Section 44)

The De Nederlandsche Bank (DNB), the Central Bank of the Netherlands generally requires institutions to follow the EBA Guidelines on the use of Remote Customer Onboarding Solutions under Article 13 (1) of Directive (EU) 2015/849. The EBA provides measures to enhance the reliability of remote verification, including:

First payment (Penny Drop Verification): The first payment must originate from an account in the sole or joint name of the customer at a regulated financial institution in the EU/EEA or a jurisdiction with AML/CFT requirements equivalent to Directive (EU) 2015/849. The payment provides an audit trail, confirming the customer has been previously identified by a licensed financial institution.

Dutch Banking Association (NVB) Guidance

The NVB outlines the concept of derived verification, where:

• The customer’s identity is verified using identification previously collected by a licensed financial institution in the EU/EEA.
• The first payment must establish a reliable audit trail linking the customer to their account.

DNB Guidelines

Identity verification requires credible and independent sources, such as government-issued IDs or eID systems. Additional documentation must be obtained if doubts about the customer’s identity arise.

The Penny Drop Verification solution aligns with EBA Section 44 and Wwft Section 4, provided it is combined with other identity verification methods:

1. A first payment from the customer’s account confirms account ownership.
2. Additional verification measures, such as submitting ID documents (e.g., passport, ID card) or using electronic identification tools (eID), are required to confirm the customer’s identity comprehensively.

Conclusion

The Penny Drop Verification solution complies with Dutch AML/CTF requirements when used as part of a broader identity verification process. It can confirm ownership of a bank account, provided:

1. The first payment originates from the customer’s account at an EU/EEA-regulated financial institution or an equivalent jurisdiction.
2. It is supplemented by other reliable identity verification methods, such as ID document verification or eID tools.

Required Information for User Identification

Under Serbia’s Law on the Prevention of Money Laundering and the Financing of Terrorism, obliged entities must collect the following for user identification:

• Full name
• Date and place of birth
• Permanent or temporary residence
• Unique personal number (JMBG)
• Type and number of personal identification document, including its date and place of issue, and the issuer’s name

Permitted Remote User Verification Methods

Article 7 - General Customer Due Diligence (CDD) Obligations

Obliged entities must:

1. Identify and verify customer identity using reliable documents or data.
2. Obtain and assess relevant information regarding the purpose and nature of the business relationship.
3. Collect credible information on the origin of funds used in the transaction.

Article 39 - Additional Measures for Non-Face-to-Face Transactions

For non-face-to-face transactions, at least one additional safeguard must be implemented:

1. Obtaining Additional Documents: Further identity-confirming documents beyond initial ones.
2. Conducting Additional Inspections: Verification of identity documents or submitted customer data.
3. First Payment Verification: Ensuring the first payment is made from a customer’s account held with a bank or financial institution.
4. Reason for Absence: Collecting information on why the customer is not physically present.
5. Other Measures: Any additional safeguards prescribed by the regulatory authority.

The Penny Drop Verification solution aligns with Article 39(3), which allows verification of a customer’s identity by confirming the first payment originates from an account in the customer’s name. Additional measures, such as document verification or further inspections, are required to complement Penny Drop for full compliance in non-face-to-face scenarios.

Conclusion

The Penny Drop Verification solution is compliant with Serbian AML/CTF requirements under Article 39 as a valid additional measure for non-face-to-face identity verification. It can be used to verify that the first payment originates from an account held in the customer’s name. It must be combined with other methods, such as document verification or additional data collection.

Required Information for User Identification

Under the Prevention of Money Laundering and Terrorist Financing Law 10/2010 (AML Law), the following identity data must be collected for natural persons:

• Full name
• Date of birth
• Type and number of identification document (Spanish-issued documents are mandatory for nationals or residents)
• Country of issue of the identification document (if not a Spanish-issued ID)
• Country of residence
• Nationality

Permitted Remote User Verification Methods

Article 12 of the AML Law outlines the permitted methods for verifying the identity of clients in non-face-to-face business relationships:

1. Qualified Electronic Signature: Regulated by Regulation (EU) No. 910/2014 on electronic identification and trust services (eIDAS).
2. Bank Transfer Verification: The first deposit must originate from a bank account in the client’s name, held at a financial institution in: Spain, the EU, or an equivalent third country with AML/CTF regulations comparable to the EU.
3. Regulatory Requirements: Any additional requirements as determined by applicable regulations.

Bank Transfer Verification (Penny Drop) under Article 12(1)(b) can be used to verify the customer’s bank account ownership. This method must be supplemented by obtaining and verifying a copy of the identification documents required for customer due diligence (CDD) within one month. Hence, Penny Drop is permissible as part of a combination approach where additional measures, such as document verification, are employed.

Applicability for CDD vs. EDD

The Penny Drop Verification solution applies primarily to Standard CDD as part of the initial verification process.Its use for EDD is not explicitly addressed in the AML Law.

Conclusion

The Penny Drop Verification solution aligns with Spanish AML/CTF requirements under Article 12(1)(b) for verifying bank account ownership in non-face-to-face transactions. However, it must be combined with additional verification measures, such as obtaining and verifying identification documents, to meet regulatory requirements for customer due diligence. As such, Penny Drop remains a valid and reliable component of a broader verification process for compliance with the AML framework

Required Information for User Identification

Under the FINMA Circular 2016/7 on “Video and Online Identification”, financial intermediaries must collect the following for user identification:

• Photographs of all relevant pages of the identification document.
• Verification that the photograph of the contracting party matches the photograph on the identification document.

Permitted Remote User Verification Methods

Section IV.B - Online Identification via Electronic Means

1. Margin 32 - Document and Photo Verification:
• Financial intermediaries must obtain photographs of all relevant pages of the identification document and verify that the applicant’s photograph matches the one in the document.
• The authenticity of the identification document must be verified using technology (e.g., NFC chip reader) and at least two randomly selected security features.
• The photograph must be taken during the identification process.
2. Margin 33 - Bank Transfer Verification:
• In addition, Financial intermediaries should arrange to receive a payment (e.g., Penny Drop) from the contracting party’s account at:
• A bank in Switzerland or Liechtenstein, or
• A bank in a FATF member state with satisfactory compliance ratings on customer due diligence and wire transfers.
• The account must be a bank account (not a financial institution account) held in the contracting party’s name.

The steps outlined in Margin 33 are supplementary to those in Margin 32. Together, they form a two-step identity verification process that ensures compliance with document-based IDV standards. Margin 33 introduces an additional layer of verification that complements the measures described in Margin 32, making them part of a cohesive identity verification process. To make this connection explicit, Margin 32 and Margin 33 should be understood as interconnected measures for document-based IDV compliance.

Conclusion

The Penny Drop Verification solution is compliant with Swiss AML/CTF requirements under Margin 33 of the FINMA Circular. It serves as a valid method for verifying a contracting party’s identity through a bank transfer from the customer’s account, provided it is used in conjunction with the verification measures required under Margin 32.