Country:
🇦🇷 Argentina
🇧🇪 Belgium
🇧🇷 Brazil
🇨🇿 Czech Republic
🇩🇰 Denmark
🇪🇪 Estonia
🇫🇮 Finland
🇫🇷 France
🇭🇰 Hong Kong
🇮🇳 India
🇮🇩 Indonesia
🇨🇮 Ivory Coast
🇮🇹 Italy
🇰🇪 Kenya
🇱🇹 Lithuania
🇲🇽 Mexico
🇳🇬 Nigeria
🇪🇸 Spain
🇹🇭 Thailand
Cited Sources:
Is it required to collect user address information?
Yes; as per Article 22 of the UIF Resolution, all individual customers of a regulated entity must be identified by, inter alia, their "actual address (street, number, town, province, country and postal code)".
Is it required to verify user address information?
The UIF Resolution is mostly silent on address validation. Notably, Article 22 does specify how the customer's full name and surname, type and number of identity document should be verified (namely, by a copy of an identity document),
but no similar guidance is provided for other identity attributes such as address. Therefore, presumably, it is the obliged entities' choice whether and via which means to perform address verification.
Is it permissible to use document-free methods for address verification?
Since no mandatory procedures for address verification are prescribed, nor is it evident from the UIF Resolution that it is necessary in the first place, regulated entities may choose any methods of validating their customers' addresses
they consider reasonable.
Cited Sources:
Is it required to collect user address information?
As per Article 26(2) of the AML Law, an individual customer' identification data shall include "last name, first name, date and place of birth and, to the extent possible, address".
Is it required to verify user address information?
In accordance with Article 27(2) of the AML Law, unless simplified due diligence measures are warranted, it is required to verify all information collected pursuant to Article 26(2) (where this is the case) against "one or more
supporting documents or reliable and independent sources of information enabling them to confirm this data".
In relation to address validation specifically, section 2.3.2(a) of the NBB Guidance further explains that "financial institutions' internal procedures should determine the measures to be taken to fulfil this legal obligation in a
sufficiently precise manner. When the supporting document used to verify the customer's identity provides relevant information on the customer's address, this document should logically also be considered as the source of relevant
information on their address. When this is not possible (in particular if the supporting document does not mention the customer's address), the internal procedures should determine how this information can be obtained. In these cases, a
simple declaration signed by the customer, agent or beneficial owner concerning their address generally suffices if the customer, business relationship or transaction does not present a high ML/FT risk".
Is it permissible to use document-free methods for address verification?
Based on the above-cited position of the NBB, address needs to be corroborated by evidence stronger than a self-declaration only if the customer's risk profile is high. However, even in that case regulated entities retain a broad margin
of discretion and apparently may choose whatever means of address verification they deem appropriate, so long as such means allow them to confirm the data in question with sufficient precision.
Cited Sources:
Is it required to collect user address information?
The Securities and Exchange Commission (CVM) and the Central Bank of Brazil do require at least address collection; respectively:
in accordance with Annex B, Article 1 of the CVM Resolution, complete address (street, complement, district, city, state and zip code) along with other data such as name and date of birth should be obtained;
as per Article 18 of the CB Circular, obliged entities "must adopt procedures that allow them to qualify their clients through the collection, verification and validation of information [...]" including, in the case
of natural persons, their place of residence.
Additionally to address of residence, obligated betting operators must collect bettors' IP addresses at the registration stage and during each change in registration, as stipulated in Articles 31-32 of Portaria 1231.
Is it required to verify user address information?
As shown above, Art. 18 of the CB Circular indeed prescribes to not only collect, but also verify address information. Similarly, Annex B, Article 1 of the CVM Resolution specifies that an individual customer's records must include
"proof of residence or domicile" as a document copy (although there is no exhaustive list of acceptable documents).
Is it permissible to use a non-document method to verify PoA?
In the case of banks and financial institutions, Article 16(1) of the CB Circular states: "The institutions shall adopt identification procedures that allow verifying and validating the identity of the client. The procedures shall
include obtaining, verifying and validating the authenticity of customer identification information, including, if necessary, by comparing this information with those available in public and private databases". This is applicable to
verification of both identity and its isolated components such as residential address.
However, as per the above-cited provisions of the CVM Resolution, only documentary proof of address may be accepted by CVM-regulated entities; electronic sources may only be relied on for supplementary evidence.
As for the betting operators specifically, the requirements regarding residential address verification are not described; however, they must collect bettors' IP addresses at the registration stage and during each change in registration.
Cited Sources:
Is it required to collect user address information?
Yes; in accordance with Section 5(1) of the AML Act, an individual customer's "address of permanent or other
residence" must be obtained as part of their "identification data".
Is it required to verify user address information?
Based on Sections 8 and 8a of the AML Act, there are two self-sufficient ways of verifying an individual customer's identity:
where the customer is physically present, "an obliged entity records identification data [including address] and verifies them from an identity card should they be included thereon , and subsequently records the type
and serial number of the identity card, the issuing country or issuing authority and the card's validity; at the same time, the obliged entity verifies the holder's appearance and the holder's facial image as pictured on the
identity card". It can therefore be inferred that, where the submitted identity document does not contain the holder's address, the latter does not need to be verified separately. Likewise, there is no prescribed procedure in case
of a mismatch between the address featured in the ID and that of the customer's actual residence ("document-based KYC option "); and
where the onboarding is conducted remotely either (i) in accordance with the eIDAS Regulation and the Act on Electronic Identification or (ii) as otherwise explicitly permitted under the Bank Act, in which case no subsequent address
verification measures are mentioned ("e-KYC option ").
Is it permissible to use document-free methods for address verification?
Since there is no explicit requirement to verify the address via any separate procedure insofar as either the document-based KYC option or the e-KYC option is fully followed through, regulated entities may, if they nevertheless consider
this check necessary, choose any methods they deem appropriate.
Cited Sources:
Is it required to collect user address information?
Section 11(1) of the AML Act prescribes to collect the following identification data of natural persons: "name and civil registration number or similar if the person in question does not have a civil registration number. Should the
applicant not have a civil registration number or similar, the identity information shall include date of birth". Therefore, address is not explicitly required.
Is it required to verify user address information?
Danish AML/CFT regulations stipulate no separate obligation to verify the customer's address. However, it is mentioned in Section 14 of the FSA Guide as one of possible enhanced due diligence measures.
Is it permissible to use document-free methods for address verification?
Since no mandatory procedures for address verification exist, regulated entities may choose any methods they consider reasonable.
Cited Sources:
Is it required to collect user address information?
Yes; as per §21, subsection 1, clauses 1-2 of the AML Act, a customer who is a natural person has to be identified by, inter alia, their "place of residence or location".
Is it required to verify user address information?
As a general rule, §21, subsection 2 of the AML Act prescribes to verify customer identification data (including address) "using information originating from a credible and independent source". However, no further detailed guidance is
offered in relation to the validation of address specifically.
Is it permissible to use document-free methods for address verification?
In the absence of instructions to the contrary, it may be assumed that, while regulated entities are indeed expected to verify address-related information, they are not restricted in their options of doing so and, provided that the
customer's address is not already reliably confirmed in the course of general identity verification, both documentary and non-documentary supplemental checks can be used.
Cited Sources:
Is it required to collect user address information?
Yes; Chapter 3, Section 3(2) of the AML Act, outlining the minimum data required for customer due diligence, encompasses address among other identity attributes. Para. 104 of the FIN-FSA Guidelines further elaborates that this
requirement refers "as a rule to the address of the customer's permanent place of residence. Where necessary, a temporary address may be saved instead of, or in addition to, a permanent address".
Is it required to verify user address information?
In relation to address verification, para. 105 of the FIN-FSA Guidelines suggests that "it is enough as a rule that the supervised entity records the customer's contact address through which the customer can be reached by letter mail if
the customer does not have a permanent or temporary address, or the customer does not want to disclose the address due to a valid non-disclosure for personal safety. The supervised entity shall assess on a risk-sensitive basis the
importance of the lack of the customer's permanent or temporary home address on the overall risk involved in the customer relationship and whether the supervised entity is able to manage these risks". Beyond that, no detailed
instructions are provided, implying a broad margin of discretion reserved for regulated entities.
Is it permissible to use document-free methods for address verification?
Since no mandatory procedures for address verification exist, regulated entities may choose any methods they consider appropriate.
Cited Sources:
Is it required to collect user address information?
Whereas Art. R561-5 of the Monetary and Financial Code of France requires regulated entities to identify their individual customers by collecting their "first and last name, as well as their date and place of birth", this obligation
does not encompass residential address.
Is it required to verify user address information?
Whereas regulated entities may choose to verify a customer's residential address as part of risk mitigation or enhanced due diligence, para. 131 of the ACPR Guide appears to suggest that it is not a necessity:"The collection of [proof
of address] is therefore not essential for knowledge of the business relationship. Financial institutions determine, in their internal procedure, using a risk-based approach, whether proof of the home address is an element to be
collected and, in this case, the type of proof to be collected".
Is it permissible to use document-free methods for address verification?
Since no mandatory procedures for address verification exist, regulated entities may choose any methods they consider appropriate.
Cited Sources:
Is it required to collect user address information?
Yes; as per sections 4.3.2-4.3.5 and 4.3.13-4.3.17 of the HKMA Guideline, the following identification and verification requirements are applicable to financial institutions:
"for customers who are natural persons, the full name, date of birth, nationality, unique identification number and document type, as well as residential address ".
Section 4.2.4 of the SFC Guideline contains an identical requirement to collect an individual customer's residential address.
Is it required to verify user address information?
No; based on the HKMA Guideline, authorized entities are required to collect the address, but not necessarily verify it. However, pursuant to the footnote of section 4.3.5 of the HKMA Guideline, an authorized entity may, under certain
circumstances, require such verification for other purposes (e.g. group requirements, other local or overseas legal and regulatory requirements). In this case, it should communicate clearly to the customers the reasons why it requires
proof of residential address.
The SFC Guideline (see the footnote to section 4.2.4) adopts the same approach.
Is it permissible to use document-free methods for address verification?
Since no mandatory procedures for address verification exist, regulated entities may choose any methods they consider reasonable.
Cited Sources:
Is it required to collect user address information?
Out of all acceptable methods of identity verification listed in Chapter VI, Part I, section 16 of the KYC Direction, only one explicitly mentions address specifically:
"For undertaking CDD, REs shall obtain the following from an individual [...]:
(a) the Aadhaar number [...]; or
(aa) the proof of possession of Aadhaar number where offline verification can be carried out; or
(ab) the proof of possession of Aadhaar number where offline verification cannot be carried out or any OVD [officially valid document]
or the equivalent e-document thereof containing the details of their identity and address ; or
(ac) the KYC Identifier with an explicit consent to download records from CKYCR; and
(b) the Permanent Account Number or the equivalent e-document thereof or Form No. 60 as defined in Income-tax Rules, 1962; and
(c) such other documents including in respect of the nature of business and financial status of the customer, or the equivalent e-documents thereof as may be required by the RE".
It can be inferred that, where the customer does not present an OVD featuring their address (or its substitute), address collection is still necessary but already implied under the other permitted procedures. See, for instance,
regarding the Aadhaar number valiation: "if a customer wants to provide a current address, different from the address as per the identity information available in the Central Identities Data Repository , they may give a
self-declaration to that effect to the RE".
Is it required to verify user address information?
Chapter 1, section 3(xiv) of the KYC Direction states that, "where the OVD furnished by the customer does not have updated address, the following documents or the equivalent e-documents thereof shall be deemed to be OVDs for the limited
purpose of proof of address:-
utility bill which is not more than two months old of any service provider (electricity, telephone, post-paid mobile phone, piped gas, water bill);
property or Municipal tax receipt;
pension or family pension payment orders (PPOs) issued to retired employees by Government Departments or Public Sector Undertakings, if they contain the address;
letter of allotment of accommodation from employer issued by State Government or Central Government Departments, statutory or regulatory bodies, public sector undertakings, scheduled commercial banks, financial institutions and
listed companies and leave and licence agreements with such employers allotting official accommodation".
No separate verification procedure is prescribed in case the customer's identity is verified via means other than their OVD. This is subject to a restriction set out in section 40(c):"Following EDD measures shall be undertaken by REs
for non-face-to-face customer onboarding (other than customer onboarding [using Aadhaar OTP based e-KYC]): [...]
c) Apart from obtaining the current address proof, RE shall verify the current address through positive confirmation before allowing operations in the account. Positive confirmation may be carried out by means such as address
verification letter, contact point verification, deliverables, etc."
Is it permissible to use document-free methods for address verification?
With the exception of the case where the customer presents an OVD not featuring their current address and provided they are being onboarded via Aadhaar OTP-based e-KYC, no additional address verification procedures appear to be
required. However, if the regulated entity prefers to further confirm the customer's address, they may choose any means of doing so.
Cited Sources:
Is it required to collect user address information?
Yes; Art. 25(1) of the OJK Regulation specifies it is necessary to collect an individual customer's "residential address according to the ID and other residential addresses, if any".
Is it required to verify user address information?
It appears that the fact a person's identity document contains an address serves as sufficient evidence of the latter's validity. The OJK Regulation further states that, where the actual residential address of the customer differs from
the one indicated in the ID, the alternative address needs to be recorded as well; however, no particular verification procedures are prescribed.
Is it permissible to use document-free methods for address verification?
Since no mandatory procedures for address verification exist (besides extracting the address information out of the customer's ID), regulated entities may choose any methods they consider reasonable.
Cited Sources:
Is it required to collect user address information?
Yes; as per Article 27 of the Uniform AML/CFT Regulation, obtaining the address of the customer's main residence is one of the essential identification procedure elements.
Is it required to verify user address information?
Yes; in accordance with the same Article 27, "verification of [an individual customer's] address is carried out by the presentation of a document capable of providing proof [thereof] or by any other means . [...] The
financial institution verifies the authenticity of the document presented".
Is it permissible to use document-free methods for address verification?
Based on the above-cited provision, there are no restrictions regarding possible address verification methods; therefore, regulated entities may choose such solutions as they consider appropriate.
Cited Sources:
Is it required to collect user address information?
Yes; Art. 1(2)(n) of the Legislative Decree defines "identification data" as "name and surname, place and date of birth, registered residence and domicile (where different from registered residence) and, where assigned,
the tax code or, in the case of subjects other than a natural person, the name, registered office and, where assigned, the tax code".
Is it required to verify user address information?
Part 2, Section VIII of the CDD Provisions states that an individual's "identification data" (which, as shown above, includes address) needs to be "verified via a copy - obtained by fax, post, in electronic format or with similar
methods - of a valid identity document" (unless the customer's identity is being confirmed via an eIDAS-compliant solution (the two electronic identification schemes
notified by Italy with a "high" level of assurance are Italian eID based on National ID
card (CIE) and SPID (Public System of Digital Identity) identities with the Level of Assurance(LoA) 3), in which scenario, as follows from Part 2, Section III, such a copy is not necessary). However, no mandatory verification procedure
is prescribed where the submitted ID does not contain address-related information (or if the regulated entity becomes aware that the address indicated in the ID is different from the customer's actual place of residence).
Is it permissible to use document-free methods for address verification?
While neither the Legislative Decree nor the CDD Provisions explicitly mention "proof of address", the following can be inferred: (i) if the presented identity document or eID contains the customer's current address, it will likely be
sufficient for address verification purposes; (ii) if the ID lacks the customer's current address, the regulator prescribes to collect it separately but does not explicitly specify how it should be verified; (iii) therefore,
supplementary procedures adopted by regulated entities in this case could involve, e.g., requesting additional documents or consulting external data sources. The specific requirements for proof of address might vary depending on the
customer's risk profile.
Cited Sources:
Is it required to collect user address information?
Yes; section 5.6.7.2 of the Prudential Guidelines, addressing non-face-to-face onboarding specifically, emphasizes an obliged entity must "ensure that there is sufficient communication to confirm address and personal identity" of an
individual customer.
Is it required to verify user address information?
Yes; as per section 5.6.7.4 of the Prudential Guidelines, "the procedures to check identity must serve two purposes: (i) they must ensure that a person bearing the name of the applicant exists
and lives at the address provided ; and (ii) that the applicant is that person". From this, it can be inferred that user address information needs to be supported with evidence.
Is it permissible to use document-free methods for address verification?
In terms of address verification specifically, obtaining a utility bill or other forms of documentation is recommended under paras. 5.6.5.1 and 5.6.7.7 of the Prudential Guidelines as the best practice and there are no explicit
references to the possibility of relying on electronic sources instead. However, para. 5.6.7.5 suggests this method is not the only permissible one and ultimately "it is for each institution to decide upon which checks to employ".
Cited Sources:
Is it required to collect user address information?
Neither the AML Law nor the Order stipulates a necessity to collect user address information. However, as per Art. 10(1)(6) of the AML Law, it is required to understand an individual customer's "citizenship (except for the cases where
it is optional in the identification document) and in the case of a stateless person - the state which issued their identification document". While obliged entities may still be expected to collect data related to the customer's
location (e.g., to determine whether enhanced due diligence should be applied to the customer or to fulfill the requirement to obtain the customer's IP data as set out in para. 26 of the Order), the format in which this information
should be gathered and confirmed is determined by the obliged entity itself.
Is it required to verify user address information?
The AML/CFT regulations of Lithuania do not specify any particular means for verifying the customer's residential address.
Is it permissible to use document-free methods for address verification?
Yes, insofar as this matter is not explicitly regulated under the AML Law or the Order and obliged entities have the freedom of discretion in it.
Cited Sources:
Is it required to collect user address information?
Pursuant to Art. 12 of the General Rules and Annexes thereto, the scope of identification data to be collected from individual customers depends on whether the person is a local citizen or permanent resident and whether they have their
current place of residence abroad. In the latter case, both the foreign residential address and the address in Mexico where the customer "can receive correspondence" must be submitted. See, e.g., Annex 3 (relating to natural persons who
are citizens of Mexico or foreign citizens with a temporary or permanent residence permit):"vi) Home address at your place of residence, consisting of the following information: name of the street, avenue or road in question, duly
specified; exterior number and, where applicable, interior number; neighborhood or urbanization; territorial demarcation, municipality or similar political demarcation that corresponds, where applicable; city or town, federal entity,
state, province, department or similar political demarcation that corresponds, where applicable; postal code and country";"[...] Additionally, in the case of persons who have their place of residence abroad and at the same time have an
address in national territory where they can receive correspondence addressed to them, the data relating to said address must be entered in the file, with the same elements as those contemplated in section vi) above".
Additionally, in 2021, it was prescribed that financial institutions track the real-time
geolocation of their customers with an otherwise unknown location when they perform remote operations via their devices.
Is it required to verify user address information?
Regarding address verification, the approach also varies depending on the customer's citizenship and place of residence:
for Mexican citizens permanently residing in Mexico, no specific requirements are prescribed;
for Mexican citizens or foreign citizens with a temporary or permanent Mexican residence permit who reside abroad, proof of address is necessary when "the address stated by the [person] does not match the one on the identity
document or the latter does not contain it" (General Rules, Annex 3);
for foreign citizens permanently residing abroad and without a Mexican residence permit, proof of address is necessary in relation to "the address in the national territory where the [person] may receive correspondence addressed to
them" and when "the address stated by the [person] does not match the one on the identity document or the latter does not contain it" (General Rules, Annex 5).
Is it permissible to use document-free methods for address verification?
Insofar as no address verification methods are prescribed as mandatory in relation to Mexican citizens permanently residing in Mexico, it can be assumed that document-free solutions are permissible. Otherwise, where proof of address is
explicitly required, both Annex 3 and Annex 5 to the General Rules specify it needs to be in the form of "a copy of a document that proves the [customer's] address, which may be a receipt for payment for home services or bank
statements, all of them [...] not older than three months from the date of issue, or the contract of lease in force on the date of submission by the [customer] and registered with the competent tax authority, the Certificate of
registration in the Federal Registry of Taxpayers, as well as any other documents that, where applicable, are approved by the UIF".
Cited Sources:
Is it required to collect user address information?
Yes; Art. 6(a) of the CDD Regulations lists both "permanent address (full physical address)" and "residential address (where the customer can be located)" among data items to be collected as part of the KYC procedure.
Is it required to verify user address information?
Yes; Art. 7(2) of the CDD Regulations elaborates on the possible means of address verification:"FIs shall verify the identity of individuals by confirming the - [...]
(b) residential address through physical visitation and use of other sources, including utility bill, tax assessment, bank statement, or letter from a public authority".
In addition, as per Art. 27(2) of the CDD Regulations, "where a foreign national has recently arrived in Nigeria, the residential address in [their] home country shall be notarized". For resident non-Nigerians, a valid residence permit
is obligatory.
Is it permissible to use document-free methods for address verification?
It appears that the word "including" in Art. 7(2)(b) of the CDD Regulations should not be understood as imposing a limitation, since "other sources" could in general be interpreted broadly so as to encompass, e.g., external databases.
This is supported by Art. 26(1) of the CDD Regulations, applicable to non-residents and stating that "FIs shall obtain and verify applicant's name, date of birth and permanent residential address (in host country) directly through a
reputable Credit Institution or FI in the applicant's country of residence or a correspondent bank, provided that particular care shall be taken when relying on identification evidence obtained from other countries".
Additionally, Nigerian AML/CFT regulations are generally favourable towards non-documentary KYC solutions. For instance, Arts. 14, 16 and 35 of the CDD Regulations, as well as Art. 26 of the AML Regulations, specify that both "physical"
and "electronic" methods of customer onboarding may be adopted by financial institutions, so long as the "tiered" approach and other e-KYC standards endorsed by the CBN are complied with. In turn, the CBN 2023 Circular not only permits,
but prescribes to validate customer identity data via governmental NIBSS' BVN or NIMC's NIN databases.
Therefore, it may be assumed that, where technically possible, addresses may be verified electronically at least through official national databases such as NIBSS or NIMC.
Cited Sources:
Is it required to collect user address information?
As per Article 4bis of the AML Law, in relation to natural persons that are ultimate beneficial owners for the purposes of the business relationship in question, only the "country of residence" is required to ascertain their address.
There are no further indications in the AML Law or the Royal Decree that the information on the customer's place of residence needs to be collected with higher precision.
Is it required to verify user address information?
In terms of the overall identity verification duty, Articles 3 and 12 of the AML Law generally require a copy of the customer's "reliable document" (unless the KYC procedure is being conducted via an eIDAS-compliant qualified electronic
signature, which exemption is provided under Article 12(1)(a) of the AML Law). In turn, a "reliable document", pursuant to Article 6(1)(a) of the Royal Decree, means:
for individuals who are Spanish nationals, the national identity card;
for foreign individuals, the residence card, foreign identity card, passport or, in the case of citizens of the European Union or the European Economic Area, the official personal identity document, letter or card issued by the home
authorities;
exceptionally, obliged subjects may accept other personal identification documents issued by a government authority provided they enjoy adequate guarantees of authenticity and show a photograph of the holder.
However, no mandatory verification procedures are prescribed where the presented identity document does not feature the customer's address.
Is it permissible to use document-free methods for address verification?
Since no mandatory procedures for address verification (besides collecting a copy of the customer's identity document) exist, regulated entities may choose any methods they consider appropriate.
Cited Sources:
Is it required to collect user address information?
Yes; Article 4 of the Prime Minister Notification, providing the minimum identification information to be obtained in respect of an individual customer for CDD purposes, specifically mentions "address as appears in personal
identification card or in the house registration and current address. In case of a foreigner, the country of citizenship and current address in Thailand shall be provided, except for the case of a foreigner with no address in Thailand,
whose current address shall be used instead". The ALMO Guideline further confirms this requirement refers to:
in case of Thai national, meaning address in the house registration book and in case of not living therein, stating also the present address;
in case of alien, meaning address in the country of nationality and address in Thailand.
Is it required to verify user address information?
There appears to be no obligatory procedure for address verification prescribed under the AML/CFT regulations of Thailand. Whereas Article 5 of the AMLO Notification suggests requesting additional documentation (such as utility bills)
as an enhanced due diligence measure where the customer's risk profile is high, nothing indicates that this is the only acceptable way of validating address in principle.
Is it permissible to use document-free methods for address verification?
Since no mandatory procedures for address verification exist, regulated entities may choose any methods they consider appropriate.
