Country:
🇦🇺 Australia
🇧🇪 Belgium
🇧🇩 Bangladesh
🇨🇦 Canada
🇨🇴 Colombia
🇨🇾 Cyprus
🇨🇿 Czech Republic
🇬🇭 Ghana
🇮🇹 Italy
🇨🇮 Ivory Coast
🇯🇵 Japan
🇰🇿 Kazakhstan
🇰🇬 Kyrgyzstan
🇲🇾 Malaysia
🇳🇿 New Zealand
🇳🇬 Nigeria
🇳🇴 Norway
🇵🇭 Philippines
🇵🇱 Poland
🇸🇬 Singapore
🇿🇦 South Africa
🇨🇭 Switzerland
🇦🇪 UAE
🇬🇧 UK
🇺🇸 USA
🇺🇿 Uzbekistan
🇻🇳 Vietnam
Cited Sources:
Is it required to collect user address information?
Yes; Part 4.2.3 of the AML/CFT Rules sets out the minimum KYC information to be collected about an individual customer, which includes their residential address.
Is it required to verify user address information?
As per Part 4.2.6 of the AML/CFT Rules, at least the customer's (i) full name and either (ii)(a) date of birth or (ii)(b) residential address have to be verified.
Is it permissible to use document-free methods for address verification?
Part 4.2.7 of the AML/CFT Rules lists the acceptable methods of verifying the above-mentioned customer data: "(1) reliable and independent documentation; (2) reliable and independent electronic data; or (3) a combination of (1) and (2)
above".
Furthermore, the AML/CTF Rules offer different "safe harbour" verification approaches (documentation-based and electronic-based) depending on the risk profile of the customer. Where the risk is medium or lower and the electronic method
is chosen, "use of reliable and independent electronic data from at least two separate data sources is required. The entity must also verify that the customer has a transaction history for at least the past 3 years" (AML/CTF Rules,
Parts 4.2.12 - 4.2.14).Thus, it is permissible to verify addresses electronically, provided that the customer's full name is validated against a different source.
Cited Sources:
Is it required to collect user address information?
As per Article 26(2) of the AML Law, an individual customer' identification data shall include "last name, first name, date and place of birth and, to the extent possible, address".
Is it required to verify user address information?
In accordance with Article 27(2) of the AML Law, unless simplified due diligence measures are warranted, it is required to verify all information collected pursuant to Article 26(2) (where this is the case) against "one or more
supporting documents or reliable and independent sources of information enabling them to confirm this data".
In relation to address validation specifically, section 2.3.2(a) of the NBB Guidance further explains that "financial institutions' internal procedures should determine the measures to be taken to fulfil this legal obligation in a
sufficiently precise manner. When the supporting document used to verify the customer's identity provides relevant information on the customer's address, this document should logically also be considered as the source of relevant
information on their address. When this is not possible (in particular if the supporting document does not mention the customer's address), the internal procedures should determine how this information can be obtained. In these cases, a
simple declaration signed by the customer, agent or beneficial owner concerning their address generally suffices if the customer, business relationship or transaction does not present a high ML/FT risk".
Is it permissible to use document-free methods for address verification?
Based on the above-cited position of the NBB, address needs to be corroborated by evidence stronger than a self-declaration only if the customer's risk profile is high. However, even in that case regulated entities retain a broad margin
of discretion and apparently may choose whatever means of address verification they deem appropriate, so long as such means allow them to confirm the data in question with sufficient precision.
Cited Sources:
Is it required to collect user address information?
As per both the Guidance Notes (see, e.g., section 7.3.5) and the 2019 Guidelines (see, e.g., section 3.3), both the current and permanent addresses of an individual customer (if different) need to be collected.
Is it required to verify user address information?
As per section 7.3.5 of the Guidance Notes, it is recommended to verify address via one of the following methods:
provision of a recent utility bill, tax assessment or bank statement containing details of the address (to guard against forged copies it is strongly recommended that original documents are examined);
checking the voter lists;
checking the telephone directory;
visiting home/office;
sending thanks letter.
Is it permissible to use document-free methods for address verification?
While the above-cited provision of the Guidance Notes is phrased as a recommendation rather than an obligation, address verification methods not listed therein might require additional justification from the regulated entity. If the
regulated entity chooses to rely on electronic sources for this check, it may therefore be advisable to consult either the "voter lists" or the "telephone directory".
Cited Sources:
Is it required to collect user address information?
Yes; as per Sections 12-14 of the AML/CFT Regulations, address is among the data attributes to be collected from individual customers for identification purposes.
Is it required to verify user address information?
It depends on the method used to verify the customer’s information.
It is not required to verify the address when the government-issued photo verification method is used (as per paragraph 105(1)(a) of the AML/CFT Regulations and section 2.1 of the FINTRAC Guidance).
If the credit file method is used, the financial entity shall verify that the individual’s address matches with the credit file data (as per paragraph 105(1)(c) of the AML/CFT Regulations and section 2.2 of the FINTRAC Guidance).
For the dual-process method, it is not mandatory to verify the address each and every case, rather the address verification forms part of one of the verification options available. For example, if it is possible to verify (i) the person’s name and date of birth along with (ii) person’s name and account with a financial entity, there will be no need to verify the address. Otherwise, if it is not possible to verify either (i) or (ii), it will be required to verify (iii) the person’s name and address (as per paragraph 105(1)(d) of the AML/CFT Regulations and section 2.3 of the FINTRAC Guidance).
Is it permissible to use document-free methods for address verification?
where the identity verification is conducted on the basis of government-issued documents, it is not required to verify the address;
where the identity verification is conducted via the credit file method, which does not require the customer to present an ID, the obliged entity is expected to retrieve the information about the customer’s address from the credit file issued by a Canadian credit bureau;
where the identity verification is conducted under the dual-process method and it is possible to get a Canadian credit file on the person with the information from at least two independent original sources (where each source will confirm one of the two types of information that shall be confirmed under the dual-process method), it will not be required to get any documents from the customer. Otherwise, some documents will be required (e.g., a utility bill).
Cited Sources:
Is it required to collect user address information?
Yes; for example, Part I, Title IV, section 4.2.2.2.1.1.3.2 of the Prudential Standards lists address among other identity attributes to always be "obtained and kept updated" as part of the KYC procedure.
Likewise, Art. 5.2(a) of the External Circular 100-000005 states: "To strengthen the security of the process of KYC, and when the transaction allows it, it is recommended, as an example, the following: get to know by any legal means the
origin of resources, verify the customer's identity, their address [...]".
Is it required to verify user address information?
Based on the following provision of the Prudential Standards, only the identity document presented by the customer is subject to mandatory verification (while a separate procedure for address validation is recommended as shown above but
not obligatory):
"4.2.2.2.1.1.1.1. Client identification. The supervised institutions must have policies and procedures that allow them to identify and verify the identity of the potential client, whether it is a natural person, legal entity or
structure without legal status, at the time of their linking in face-to-face environments or not.
In the case of natural persons, such policies and procedures must consist in verifying the identity document issued by the competent authority [...]".
Is it permissible to use document-free methods for address verification?
Should the regulated entity choose to verify the customer's address separately, they have broad discretion in choosing the exact method. For instance, section 4.2.2.2.1 of the Prudential Standards allows the use, among other KYC
solutions, "public databases, digital citizen services providers, their own databases and/or external databases", as long as the engaged source undergoes prior risk assessment.
Cited Sources:
Is it required to collect user address information?
Yes; both the CBC AML/CFT Directive (section 4.13.1, para. 122) and the CySEC AML/CFT Directive (Fifth Appendix, para. 1) mention the customer's residential address as a necessary element of the identification procedure,therefore,its
collection is mandatory.
Is it required to verify user address information?
Yes; this is emphasized in both the CBC AML/CFT Directive and the CySEC AML/CFT Directive:
"it is pointed out that a person's residential address is considered an integral part of the identity of the person and, thus, there needs to be a separate procedure for the verification of the customer's address" (the CBC AML/CFT
Directive, section 4.11, para. 104);
"the address of residence and work is considered a basic element of identity of a person and, therefore, a separate procedure is followed for its verification [...] Under no circumstances shall the same evidence be accepted for the
verification of the customer's identity and residential address" (the CySEC AML/CFT Directive, section 21).
Is it permissible to use document-free methods for address verification?
Both the CBC AML/CFT Directive and the CySEC AML/CFT Directive set out an exhaustive list of address verification methods that do not include electronic sources as a standalone alternative:
"further to the verification of name, the customer's permanent residence address is verified by one of the following ways: (i) visit to the place of residence [...], (ii) the presentation of a recent (up to 6 months) utility bill
(e.g. electricity, water), or housing insurance document, or municipal taxes and/or bank account statement" (the CBC AML/CFT Directive, section 4.13.1 , para. 126);
An identical provision is contained in the Fifth Appendix to the CySEC AML/CFT Directive; additionally, it is required to obtain "a recent (up to 6 months) telephone bill, electricity bill, municipal taxes or bank account statement, or
other similar document" as part of the identification data.
Nevertheless, the Directive DI144-2007-08 permits electronic verification as long as information can be retrieved from electronic
databases which provide access to information referred to both present and past situations showing that the person really exists and also provide both positive information (at least the customer's full name, address and date of birth),
they provide real-time updates, have transparent procedures and are approved by the Data Protection Commissioner.
Also,CySEC's amendment of theAnti-Money Laundering (AML) Directive , formalized through
Directive 282/2024 was designed to strengthen the existing AML/CFT framework for obliged entities regulated by CySEC, by improving
measures for the prevention of money laundering and terrorist financing, particularly clarifying identification document requirements and the use of electronic verification methods.
The Cyprus regulations also aligns with the EU5AMLD and
6AMLD which emphasize a risk-based approach.There are also explicit references to the use of
electronic verification methods which are not only permitted and supported by both directives.
In general, there is no explicit allowance to address verification through electronic means and on standalone basis, however, the adoption of the EU directives and the references to electronic verification methods-which are permitted as
long as they are sucre and reliable-allow us to conclude that electronic address verification is also permitted as long as this is based on a risk-based approach. The Cyprus AML Law referring to the requirement of submission of
documentation seems to not align with the current industry practice or the adoption of EU AML Directives.
Cited Sources:
Is it required to collect user address information?
Yes; in accordance with Section 5(1) of the AML Act, an individual customer's "address of permanent or other
residence" must be obtained as part of their "identification data".
Is it required to verify user address information?
Based on Sections 8 and 8a of the AML Act, there are two self-sufficient ways of verifying an individual customer's identity:
where the customer is physically present, "an obliged entity records identification data [including address] and verifies them from an identity card should they be included thereon , and subsequently records the type
and serial number of the identity card, the issuing country or issuing authority and the card's validity; at the same time, the obliged entity verifies the holder's appearance and the holder's facial image as pictured on the
identity card". It can therefore be inferred that, where the submitted identity document does not contain the holder's address, the latter needs to be verified separately. However, there is no prescribed procedure in case of a
mismatch between the address featured in the ID and that of the customer's actual residence ("document-based KYC option "); and
where the onboarding is conducted remotely either (i) in accordance with the eIDAS Regulation and the Act on Electronic Identification or (ii) as otherwise explicitly permitted under the Bank Act, in which case the address
information is retrieved alongside the rest of the identity information ("e-KYC option ").
Is it permissible to use document-free methods for address verification?
Yes; in accordance with the Sections 8a of the AML Act, non-documentary methods for address verification are permitted as long as they correspond to the approved tools used for customer onboarding.
Cited Sources:
Is it required to collect user address information?
Appendix B to the Guideline requires different sets of identity data and supporting evidence, depending on whether the individual in question is a citizen or resident of Ghana, as well as on their special status, if any (applicable to
minors, students, refugees and asylum seekers, foreign diplomats and their dependents). By way of illustration, a Ghanian citizen and a foreign citizen permanently residing in Ghana would need to provide, respectively, in relation to
their address:
Ghanian citizen:
Proof of residential address:
GPS Address, or
Tenancy Agreement, or
Any other relevant document issued by an authorized government agency or institution;
Foreign citizen permanently residing in Ghana:
Proof of Residential Address (local)
GPS Address, or
Tenancy Agreement, or
Any other relevant document;
Proof of Residential address (foreign)
Utility Bill, or
Tenancy Agreement, or
Any other relevant document issued by an authorized government agency or institution.
Is it required to verify user address information?
Based on the provisions cited above, user address information needs to be corroborated with evidence, specifically certain types of documentation and/or (where the customer resides in Ghana) GPS data.
Is it permissible to use document-free methods for address verification?
As demonstrated above, non-documentary confirmation of the customer's address is only possible via a GPS check and only if the place of residence is in Ghana. A non-Ghanian address (including one belonging to a foreign citizen
permanently residing in Ghana) would need to be verified based on additional documentation such as a utility bill or a tenancy agreement.
Cited Sources:
Is it required to collect user address information?
Yes; Art. 1(2)(n) of the Legislative Decree defines "identification data" as "name and surname, place and date of birth, registered residence and domicile (where different from registered residence) and, where assigned,
the tax code or, in the case of subjects other than a natural person, the name, registered office and, where assigned, the tax code".
Is it required to verify user address information?
Part 2, Section VIII of the CDD Provisions states that an individual's "identification data" (which, as shown above, includes address) needs to be "verified via a copy - obtained by fax, post, in electronic format or with similar
methods - of a valid identity document", unless the customer's identity is being confirmed via an eIDAS-compliant solution (the two electronic identification schemes
notified by Italy with a "high" level of assurance are Italian eID based on National ID
card (CIE) and SPID (Public System of Digital Identity) identities with the Level of Assurance (LoA) 3), in which scenario, as follows from Part 2, Section III, such a copy is not necessary. However, no mandatory verification procedure
is prescribed where the submitted ID does not contain address-related information (or if the regulated entity becomes aware that the address indicated in the ID is different from the customer's actual place of residence).
Is it permissible to use document-free methods for address verification?
Yes; as per Part 2, Section III of the CDD Provisions, if the person’s identity is verified using an eIDAS-notified electronic identification scheme, the address information can be verified relying on the same source. However, if the ID lacks the customer’s current address, the regulator prescribes to collect it separately but does not explicitly specify how it should be verified. Therefore, supplementary procedures adopted by regulated entities in this case could involve, e.g., requesting additional documents or consulting external data sources. The specific requirements for proof of address might vary depending on the customer's risk profile.
Cited Sources:
Is it required to collect user address information?
Yes; as per Article 27 of the Uniform AML/CFT Regulation, obtaining the address of the customer's main residence is one of the essential identification procedure elements.
Is it required to verify user address information?
Yes; in accordance with the same Article 27, "verification of [an individual customer's] address is carried out by the presentation of a document capable of providing proof [thereof] or by any other means . [...] The
financial institution verifies the authenticity of the document presented".
Is it permissible to use document-free methods for address verification?
Based on the above-cited provision, there are no restrictions regarding possible address verification methods; therefore, regulated entities may choose such solutions as they consider appropriate.
Cited Sources:
Is it required to collect user address information?
Yes, address is among the items that shall be obtained as part of the process of verification of identity for individual customers as per Article 4 of the AML Law.
Is it required to verify user address information?
Yes, according to Article 4 of the AML Act and Article 7 of the AML Enforcement Order, the obliged entities shall verify the identity of a customer when certain types of transactions are performed, e.g.:
When concluding a contract to accept deposits or savings;
When concluding an insurance contract;
When concluding a contract for securities provision;
When concluding a contract to lend money (e.g., a credit card contract);
When concluding a contract for opening a prepaid payment instrument account.
Is it permissible to use document-free methods for address verification?
Yes, in certain cases. As per Article 6 of the AML Rules, the only non-documentary method for verification of information (including address) is the use of an electronic certificate issued by an authorized Japanese state body.
However, as per the clarifications provided in section 5-2 of the 2020 JAFIC Guidelines,
“When the current residence of the customer or the representative is different from the one stated or recorded in the identification documents or when the residence is not stated, other identification documents or supplementary documents (such as tax certificates, receipts of social insurance premiums, receipts of public utility bills, documents issued by government offices, etc.) shall be presented.”.
Therefore, if there is any discrepancy between the address in the identification documents or if the address is not indicated there at all, it will be necessary to apply the documentary method for the address verification.
Cited Sources:
Is it required to collect user address information?
Yes; as per para. 26 of the AML Rules for Banks and para. 27 of the AML Rules for Securities Market, respectively, the legal address is among the data attributes to be collected from individual customers for identification purposes. While the AML Rules for VASPs do not provide a specific list of data that shall be collected from individual customers for identification purposes, we assume that the same scope of information as established for the banks and professional participants of the securities market will be applicable to them (i.e., it should include address).
Is it required to verify user address information?
As a general rule, CDD measures shall include “verification of the accuracy of information required to identify the client” as per Article 5(3)(6) of the AML Law.
Is it permissible to use document-free methods for address verification?
Banks, insurance companies, professional participants in the securities market , and some other entities as per para. 1 of the Remote CDD Rules are allowed to apply non-documentary identity verification in certain cases, while VASPs shall always use documentary identity verification pursuant to para. 23 of the AML Rules for VASPs.
Cited sources:
Is it required to collect user address information?
Yes; as per para. 16 of Appendix 12 “Position on the procedure for conducting a proper customer check” (the “CDD Rules ”) to the AML Regulation, which, in turn, refers to Annex 1 thereto, permanent (registration) and/or temporary (residence) addresses are among the data attributes to be collected from individual customers for identification purposes.
Is it required to verify user address information?
In our view, it depends on the type of address. Thus, the permanent (registration) address is to be collected, if specified in the identification documents of the client (as per line 13 of the questionnaire as per Annex 1 to the AML Regulation) and the temporary (residence) address is to be collected from the client’s words (as per line 14 of the questionnaire as per Annex 1 to the AML Regulation).
Therefore, we believe that when it comes to the permanent (registration) address its verification will be required, while the temporary (residence) address does not require verification as it will be based on the client’s statement.
Is it permissible to use document-free methods for address verification?
It depends on the type of address: verification of the permanent (registration) address shall be done on the basis of a document, while verification of temporary (residence) address is not required at all.
Cited Sources:
Is it required to collect user address information?
Yes; section 16(3)(a) of the AMLA requires reporting institutions to ascertain the domicile of any person as part of customer due diligence measures. Likewise, AML/CFT Policies for both FIs and DNFBPs / NBFIs (sections 14A.9 and 14.10.1
respectively), as well as section 3.3 of the CDD Guidance, name "residential and mailing address" among the minimum identification data.
Is it required to verify user address information?
Yes; as per section 16(3)(b) of the AMLA, domicile, among certain other identification data, needs to be "verified, by reliable means or from an independent source, or from any document, data or information [...] through the use of
documents which include identity card, passport, birth certificate, driver's licence, constituent document or any other official or private document as well as other identifying information relating to that person".
Is it permissible to use document-free methods for address verification?
Malaysian AML/CFT regulations explicitly permit reliance on electronic sources (including databases) for CDD purposes; e.g., section 14C.16.11(c) of the AML/CFT Policy for FIs allows, in the context of non-face-to-face onboarding, to
use "a database maintained by relevant authorities including the National Registration Department or Immigration Department of Malaysia; telecommunication companies, sanctions lists issued by credible domestic or international sources
in addition to the mandatory sanctions lists or social media platforms with a broad outreach". This is mentioned as an equivalent alternative to requesting additional documentation such as "recent utility bills, bank statements, student
identification or confirmation of employment".
Similarly, section 5.1 of the CDD Guidance emphasizes that "there is no restriction on the form of evidence to be taken by reporting institutions in verifying the identity. Reporting institutions may accept either physical documents,
electronic or digital information and data, or a combination of both". The only instance where it is recommended to obtain documentary proof of address (specifically, a utility bill) is when "residential and NRIC address are different"
(section 6.1).
Cited sources:
Is it required to collect user address information?
Yes; as per section 15 of the AML/CFT Act, the person’s address is among the data attributes to be collected from individual customers for identification purposes.
Is it required to verify user address information?
Yes, under section 16 of the AML/CFT Act a reporting entity must take reasonable steps to satisfy itself that the information obtained under section 15 (i.e. including the address) is correct.
Is it permissible to use document-free methods for address verification?
Section 13 of the AML/CFT Act foresees that the verification of identity (which scope includes the address) must be done either on the basis of documents, data, or information issued by a reliable and independent source; or any other basis applying to a specified situation, customer, product, service, business relationship, or transaction prescribed by regulations. Neither the Code , nor other explanatory documents prescribe the way in which reporting entities can fulfil their obligation to conduct verification of a customer’s address. Thus, the address verification method is determined by the obliged entity within its discretion.
In our view, document-free verification of address is permitted as a standalone method as long as it uses a reliable and independent source. For instance, RealMe® (a government-backed digital identity and authentication service) may be used to verify a residential address. This involves a process where the user’s selected residential address is checked against trusted online data sources, such as New Zealand Post’s records. If a match is found, the address is marked as “NZ Post verified”, and no further action is required. This verified address can then be shared with organizations that use RealMe® to prove where the user lives. However, a RealMe® verified identity does not automatically include address information unless the user opts to verify it.
Given that RealMe® is deemed to provide a high level of confidence for the purpose of the name and date of birth verification (as it contains biometric information), in our view, it could also be used as a means of verification for a customer’s address.
In addition, we believe that VASPs and other reporting institutions may use supplementary checks such as, for example, geolocation or IP address tracking, though such checks are not sufficient as a standalone verification method.
In conclusion, non-documentary address verification via the use of electronic sources is explicitly permitted for customer identification processes in New Zealand if RealMe® is used.
Cited Sources:
Is it required to collect user address information?
Yes; Art. 6(a) of the CDD Regulations lists both "permanent address (full physical address)" and "residential address (where the customer can be located)" among data items to be collected as part of the KYC procedure.
Is it required to verify user address information?
Yes; Art. 7(2) of the CDD Regulations elaborates on the possible means of address verification:"FIs shall verify the identity of individuals by confirming the - [...]
(b) residential address through physical visitation and use of other sources, including utility bill, tax assessment, bank statement, or letter from a public authority".
In addition, as per Art. 27(2) of the CDD Regulations, "where a foreign national has recently arrived in Nigeria, the residential address in [their] home country shall be notarized". For resident non-Nigerians, a valid residence permit
is obligatory.
Is it permissible to use document-free methods for address verification?
It appears that the word "including" in Art. 7(2)(b) of the CDD Regulations should not be understood as imposing a limitation, since "other sources" could in general be interpreted broadly so as to encompass, e.g., external databases.
This is supported by Art. 26(1) of the CDD Regulations, applicable to non-residents and stating that "FIs shall obtain and verify applicant's name, date of birth and permanent residential address (in host country) directly through a
reputable Credit Institution or FI in the applicant's country of residence or a correspondent bank, provided that particular care shall be taken when relying on identification evidence obtained from other countries".
Additionally, Nigerian AML/CFT regulations are generally favourable towards non-documentary KYC solutions. For instance, Arts. 14, 16 and 35 of the CDD Regulations, as well as Art. 26 of the AML Regulations, specify that both "physical"
and "electronic" methods of customer onboarding may be adopted by financial institutions, so long as the "tiered" approach and other e-KYC standards endorsed by the CBN are complied with. In turn, the CBN 2023 Circular not only permits,
but prescribes to validate customer identity data via governmental NIBSS' BVN or NIMC's NIN databases.
Therefore, it may be assumed that, where technically possible, addresses may be verified electronically at least through official national databases such as NIBSS or NIMC.
Cited Sources:
Is it required to collect user address information?
Yes; Section 12(1) of the AML Act stipulates that, in the case of a natural person, address needs to be collected among other identity data.
Is it required to verify user address information?
Based on Section 12(2) of the AML Act, "information on the customer's identity shall be verified by personal appearance with a valid proof of identity. If verification of the identity shall take place without personal appearance,
additional documentation shall be presented or additional measures shall be applied". Beyond that, no obligatory address verification measures are prescribed under the AML Act, AML Regulations, or the 2019 Circular so long as the
customer's identity in general is confirmed via acceptable evidence as described below.
Is it permissible to use document-free methods for address verification?
As per Section 4-3(4) of AML Regulations, where the customer is not physically present, the only acceptable onboarding solution is an eIDAS-compliant electronic signature, which is self-sufficient for KYC purposes insofar as all the
required identity data (including address) had been previously obtained. However, regulated entities may choose to further validate their customers' residential addresses as part of risk mitigation or enhanced due diligence procedures.
In this case, they are not limited in the choice of methods; for example, Section 4.3.1.3 of the 2019 Circular mentions "other reassuring electronic solutions" on par with "communication with the customer via postal address or digital
address" or "video communication".
Cited Sources:
Is it required to collect user address information?
As per Rule 18, Section 3.4 of the 2018 RIRR, address is indeed among other identity attributes that should be collected from an individual customer before or during account opening or onboarding.
Is it required to verify user address information?
Overall, documentary evidence of identity-related information (including address) appears mandatory. See, e.g., the BSP Manual of Regulations for Banks (MORB) /
Manual of Regulations for Non-Bank Financial Institutions (MORNBFI) on Customer Due Diligence, Section 921/921Q:
"the covered person obtains from individual customers, at the time of account opening / establishing the relationship, the following minimum information [including address] and confirms this information with the official or valid
identification documents";
as one of possible additional safeguards for enhanced due diligence, it is suggested to verify the address "through evaluation of utility bills, bank or credit card statement, sending thank you letters, or other documents showing
address or through on-site visitation".
The above-specified provisions, however, may be overridden by Rule 18, Section 3.7 of the 2018 RIRR, stating that "covered persons shall deem the provision and submission of the PSN or PhilID as official and sufficient proof of
identity, subject to the authentication requirements under the PhilSys Act [Republic Act No. 11055, or the Philippines Identification System Act] and its IRR [Implementing Rules and Regulations of Republic Act No. 11055]". This is
further detailed in Circular No. 1170. Specifically, the Circular states that, "where the PCNor PSN derivative, or the Philippine ldentification (PhillD) card, in physical or digital form, is presented by the customer, it shall be
accepted as official and sufficient proof of identity, subject to proper authentication, and the covered person shall no longer require additional documents to verify the customer's identity". Therefore, accessing an individual's record
in the Philippine Identification System ("PhilSys") is considered a reliable way to verify their identity.
From the above it may be inferred that, so long as a customer's identity is verified via PhilSys (and their address is also extracted in this manner), no further address confirmation is needed. Conversely, where the obliged entity does
not rely on PhilSys, it may be expected that address, like other identity data, will be verified based on documentary evidence.
Is it permissible to use document-free methods for address verification?
Based on the reasoning above, non-documentary address verification is possible via solutions accessing PhilSys; in other cases, the document-based approach remains prevalent.
Cited Sources:
Is it required to collect user address information?
No; as per Article 34(1)(1) of the AML Act the address of residence is only required when “this information is possessed by the obliged institution”. That is, the address seems to be not a mandatory piece of data to be collected by the reporting institutions from individual customers for identification purposes.
Is it required to verify user address information?
If collected, the address needs to be verified as per Article 37(1) of the AML Act.
Is it permissible to use document-free methods for address verification?
Yes. As to the verification of the address, a qualified electronic signature (QES ) issued under the eIDAS EU Regulation is an acceptable method for its verification.
This is also confirmed by the 2019 KNF Comments addressed to the banks, where the regulator states that the most reliable instrument in terms of verifying the customer’s identity without their physical presence is electronic identification referred to in the eIDAS EU Regulation, including a QES . Otherwise, the 2019 KNF Comments instruct the following:
“Utility bills , for example, can be considered as supplementary documents confirming the client's identity and address of residence .”
In the 2023 KNF Comments , the regulator maintains its position that the electronic identification under the eIDAS EU Regulation shall suffice for the verification purposes:
“Supervised entities may consider the above requirements [about verification] as met if one of the following criteria is applied within a given solution :
the electronic identification schemes have been notified in accordance with Article 9 of Regulation (EU) No 910/2014 and meet the requirements of the assurance level “substantial” or “high” in accordance with Article 8 of that Regulation;
the relevant qualified trust services meet the requirements of Regulation (EU) No. 910/2014 , in particular Chapter III, Section 3 of that Regulation.”
Therefore, the AML/CFT regulations of Poland currently provide that the non-documentary approach can be used if the customer’s address is verified via eIDAS-compliant QES . Otherwise, it is required to obtain the documents (e.g., utility bills) and apply other verification measures.
Cited Sources:
Is it required to collect user address information?
While the Monetary Authority of Singapore (MAS) maintains separate Notices and Guidelines addressing each type of AML-regulated business (e.g., banks, merchant banks, finance companies, specified payment services, digital payment token
services), the requirement to collect an individual customer's residential address is universal. See, for instance: "where a customer is a natural person, a bank must obtain residential address based on national identity card, recent
utility or telephone bill, bank statement or correspondence from a government agency"
(Guidelines to MAS Notice 626 - Banks , para. 6-6-2) .
Is it required to verify user address information?
Based on the same para. 6-6-2 of the Guidelines to MAS Notice 626 - Banks (and identical provisions contained in the Guidelines related to other industries), user address information needs to be corroborated with evidence, specifically
certain types of documentation.
Is it permissible to use document-free methods for address verification?
An exception to the document-based approach to address verification is MyInfo, a government service that enables citizens and residents to manage the use of their personal data for simpler online transactions. The 2018 MAS Circular,
para. 3, describes MyInfo as a "reliable and independent source for the purposes of verifying the customer's name, unique identification number, date of birth, nationality and residential address ", as well as other
personal attributes. It is simultaneously confirmed that, "where MyInfo is used, MAS will not require FIs to obtain additional identification documents to verify a customer's identity".
Cited sources:
Is it required to collect address information?
The Guidance Note, while stating that full name, date of birth and unique identifying number issued by a government source are "basic attributes" that should be collected from an individual customer in any event (para. 85), also
describes data such as residential address as supplementary (para. 86) and therefore, presumably, not mandatory to establish as part of the KYC procedure.
Is it required to verify user address information?
Since it is not necessary for obliged entities to collect address information in the first place, whether to do so and whether to subsequently verify such data remains within their discretion.
Is it permissible to use document-free methods for address verification?
Para. 74 of the Guidance Note emphasizes that regulated entities "have the flexibility to choose the type of information by means of which they will establish clients' identities and also the means of verification of clients'
identities". More specifically, both "documents" and "electronic data issued or created by reliable and independent third-party sources" are permitted for confirming a customer's identity (para. 83) and, consequently, isolated identity
attributes such as address.
Cited sources:
Is it required to collect user address information?
Yes, it is required to collect user address information based on the FINMA Circular 2016/7 on "Video and online identification", Section IV(B)(a), margin 34, stating that "the financial intermediary must also [in addition to other
identity data] confirm the contracting party's residential address".
Is it required to verify user address information?
Yes, it is required to verify user address information. As per the FINMA Circular 2016/7 on "Video and online identification", Section IV(B)(a), margin 34, such information must be not simply obtained, but also further "confirmed".
Is it permissible to use document-free methods for address verification?
The FINMA Circular 2016/7 on "Video and online identification", Section IV(B)(a), margins 35-37.1, provides an exhaustive list of means by which a contracting party's residential address can be confirmed, namely: "tax invoice or any
other official invoice or power, water or telephone invoices (utility bill); postal delivery; a public register, or a trustworthy, privately managed database/directory; or geolocation ".
Cited Sources:
Is it required to collect user address information?
Yes; in accordance with Article 8(1) of the AML-CFT Decision, an individual customer's address needs to be obtained along with their "name, as in the identification card or travel document, nationality, [...] place of birth, name and
address of employer, attaching a copy of the original and valid identification card or travel document", cumulatively referred to as "identity".
Is it required to verify user address information?
The same Article 8(1) of the AML-CFT Decision states that the customer's "identity" (consisting of the elements as cited above) needs to be verified, which therefore applies to address in particular. This is further corroborated by
section 6.3.1 of the AML Guidelines:
"The verification of a customer's identity, including their address , should be based on original, official (i.e. government-issued) documents whenever possible. When that is not possible, FIs should augment the number
of verifying documents or the amount of information they obtain from different independent sources".
Is it permissible to use a non-document method to verify an address?
Despite the overall preference for documentary evidence, section 6.3.1 of the AML Guidelines and section 3.1 of the CDD Guidance seem to suggest that verification via electronic sources is an acceptable alternative:
"An example of alternative verification means is verification by way of digital identification systems. Such digital identification systems should rely upon technology, adequate governance, processes and procedures that provide
appropriate levels of confidence that the system produces accurate results";
"Under Article 8 of the AML-CFT Decision, LFIs are required to identify each customer and verify the customer's identity using documents, data, or any other identification information from a reliable and independent source. This
requirement is technology neutral and expressly permits LFIs to use documentary as well as non-documentary sources (i.e., information or data) when performing identification and verification; it does not impose any restrictions on the
form-physical or digital-that identity evidence must take, nor does it impose limitations as to the use of digital ID systems for the purpose of linking a customer's verified identity to a unique, real-life individual, provided this is
done using a "reliable" and "independent" source. As such, LFIs are permitted to utilise digital ID systems as well as physical forms to perform customer identification and verification, consistent with the expectations set forth in
this Guidance".
Therefore, according to the Article 8(1) of the AML-CFT Decision, the address as well as personal identifiable information may be verified via any sufficiently reliable means, whether documentary or electronic.
Cited Sources:
Is it required to collect user address information?
Yes, it is necessary to collect an individual customer's residential address, according to the Joint Money Laundering Steering Group (JMLSG) Guidance. Para. 5.3.29 thereof specifically states that "knowledge of an individual's
residential address is central to being reasonably satisfied that the customer is who they say they are".
Is it required to verify user address information?
No particular method of verifying address is explicitly promoted. Furthermore, para. 5.3.112 of the Guidance emphasizes that address data does not even necessarily have to be validated in all cases (e.g., it may be omitted when the
customer lacks a permanent place of residence); this is a matter within obliged entities' discretion.
Is it permissible to use document-free methods for address verification?
As a general rule, Art. 27(19) of the ML Regulations explains that "information may be regarded as obtained from a reliable source [...] where - (a) it is obtained by means of an electronic identification process [...]; and (b) that
process is secure from fraud and misuse and capable of providing assurance that the person claiming a particular identity is in fact the person with that identity, to a degree that is necessary for effectively managing and mitigating
any risks of money laundering and terrorist financing". Therefore, obliged entities are granted a broad margin of discretion in their choice of CDD procedures, and electronic solutions are within the scope of permissible remote
onboarding methods.
Furthermore, as per paras. 5.3.72 and 5.3.80 of the Guidance, address - like any other identity attributes - may be confirmed via electronic checks, including by relying on external databases so long as they are sufficiently robust.
Cited sources:
Is it required to collect user address information?
Yes, as per the BSA ("Customer Identification Program: minimum requirements", section 1020.220(a)(2)(i)(A)), identity data to be collected from each individual customer includes: "address, which shall be: (i) for an individual, a
residential or business street address; (ii) for an individual who does not have a residential or business street address, an Army Post Office (APO) or Fleet Post Office (FPO) box number, or the residential or business street address of
next of kin or of another contact individual".
Is it required to verify user address information?
As a general rule, the BSA (section 1020.220(a)(2)(ii)) dictates that financial institutions must have in place "procedures for verifying the identity of the customer, using information obtained in accordance with paragraph (a)(2)(i) of
this section" [identity data, including address]. Therefore, it would likely be expected for a financial institution to validate the previously collected user address information unless it can reasonably demonstrate that, even without
this check, it knows the customer's identity.
Is it permissible to use document-free methods for address verification?
Yes, the BSA (section 1020.220(a)(2)(ii)) states that both documentary and non-documentary verification methods (as well as their combinations) are acceptable so long as the chosen procedures "enable the [obliged entity] to form a
reasonable belief that it knows the true identity of each customer". Several examples of non-documentary KYC processes are also given for reference, such as "contacting a customer; independently verifying the customer's identity through
the comparison of information provided by the customer with information obtained from a consumer reporting agency, public database, or other source; checking references with other financial institutions; and obtaining a financial
statement".
Cited sources:
Is it required to collect user address information?
Yes; as per Appendix 1 to the 2017 CBU Resolution, permanent and/or temporary address is among the data attributes to be collected from individual customers for identification purposes.
Is it required to verify user address information?
There is no explicit requirement to verify address in the cited sources, arguably because every national ID acceptable for KYC purposes as per the 2017 CBU Resolution (passport, ID card, new-model driving license) already contains this
data.
Is it permissible to use document-free methods for address verification?
where the identity verification is conducted on the basis of identity documents, address is considered confirmed as a result of being featured in such documents;
where the identity verification is conducted via "digital authentication" (as per the 2021 CBU Decision), which does not require the customer to present an ID, the obliged entity is expected to retrieve the information about the
customer's place of residence from the "Electronic Government" database;
otherwise, the address verification method is determined by the obliged entity within its discretion.
Cited sources:
Is it required to collect user address information?
Yes; based on Article 10(1) of the AML Law, an individual customer's address in Vietnam and/or abroad (whichever is applicable depending on the person's citizenship and residence) needs to be collected.
Is it required to verify user address information?
Yes; while Article 10(1) of the AML Law lists residential address as part of "customer identification data", Article 12(1) stipulates the obligation to verify this dataset via documents and information which, in the case of individual
customers, must include "identity card, citizen identification card or passport with valid term of use; other documents issued by competent authorities".
Is it permissible to use document-free methods for address verification?
According to Article 12(2) of the AML Law, "reporting subjects can exploit information in national databases according to the provisions of law, through competent state agencies and other organizations specified in Article 13 [a
third-party provider engaged by the reporting subject] or regulated third parties specified in Article 14 [a financial institution or a legal entity in a related non-financial industry that has established relationships with customers
(excluding agency and outsourcing relationships); conducts CDD according to the AML Act of, for foreign entities, the FATF recommendations; is subject to the management and supervision of a competent authority] of this Law to compare
and verify information provided by customers". This grants regulated entities an option to validate address via official electronic sources where it is not already featured in the identity document presented by the customer.