A new step towards the digitalisation of AML compliance – Roca Junyent
The enhanced due diligence measures required for non-face-to-face transactions under the Spanish Anti-Money Laundering (AML) regulations are not suitable for all types of business relationships or transactions, and may create additional hurdles for the obliged subject, since (i) not all the customers have the electronic signature or (ii) the customer’s first payment does not always take place at the beginning of the relationship, let alone the hard copy of identification documents which totally distorts the nature of online transactions.
In order to overcome this situation, a German credit mediation platform has been given legal advice with regard to obtaining authorisation from SEPBLAC to identify clients in non-face-to-face transactions by using a videoconferencing system, such as the one it uses in Germany.
This has led SEPBLAC to recognise for the first time in Spain the Know Your Customer (KYC) video process as a secure client identification procedure, pursuant to Article 21.1(d) of the Spanish AML Regulations. Authorisation for this new client identification system came into effect on 1 March 2016 and it may be used by any person officially requiring such information under the Spanish AML Act (which also includes foreign individuals acting in Spain through branches or agents or under the freedom to provide services programme).
The main requirements set out by SEPBLAC are as follows:
- liability for ensuring that the technical requirements are in place
- the identification system needs to be managed by specifically trained personnel
- the client shall expressly consent to the use of this system and to the process being recorded and kept on file, prior to or during the course of said recording
- during the videoconferencing, measures shall be taken to ensure the privacy of the conversation with the client
- the quality of the picture or a snapshot of the front and back of the identification document must meet the quality and sharpness requirements needed to allow its use in investigations or analyses.
Another interesting aspect of the authorisation granted by the SEPBLAC is that it expressly recognises the possibility of outsourcing the implementation of this identification system, as long as the person officially requiring such information retains full liability for the latter. We understand that this outsourcing is not to be confused with the reliance mechanism set out in Article 8 of the Spanish AML Act, which requires that the entity relied upon must also be a person officially requiring such information, such reliance only being recognised for simplified due diligence measures (and not for enhanced due diligence measures as in the case in question).
To sum up, we are glad to see that the Spanish authorities are starting to realise, as stated by SEPBLAC, that technological innovation in the financial sector may reduce costs, increase competitiveness and provide a better service for clients. We will never achieve real digitisation of traditional sectors like banking if we continue using offline procedures that do not fit the needs of new realities such as fintech. In any event, there is no doubt that this shall be implemented without a decrease in client protection levels taking place.
Xavier Foz is a partner at Roca Junyent. He can be contacted at x.foz@rocajunyent.com
Anton Golovkin is a lawyer at Roca Junyent. He can be contacted at a.golovkin@rocajunyent.com
