A regular customer must be identified prior to commencement of the customer relationship or at least prior to the customer being able to use the funds connected with a business activity.
Verification of the identity of a beneficiary under an insurance policy must take place when the beneficiary’s right vested under the policy may be exercised. A regular customer relationship means, for example, the opening of an account, the existence of a credit relationship, the subscription of fund units, the conclusion of a securities brokerage contract, the signing of an insurance policy, or the presence of an equivalent permanent customer relationship. The size of a business transaction does not affect the obligation to identify a customer.
An occasional customer is a person carrying out a single business transaction. Such a person must be identified if the value of a single business transaction or interlinked operations exceeds EUR 15,000. A single business transaction refers, for instance, an exchange of currency. A person subject to the reporting obligation always has the right to identify a customer, even if the underlying business transaction is smaller in value.
Providers of payment services must identify their customers and ensure that transfers of funds are accompanied with information on the payer, as required under the relevant regulation (EU regulation 1781/2006 on information on the payer accompanying transfers of funds). If the funds are not transferred from an account and the payment exceeds EUR 1,000, the customer’s identity must be verified. A cash payment into the customer’s own account or payment of a bill in cash, for example, is considered a transfer of funds under the regulation.
In addition, a customer must be identified and his/her identity verified if the underlying business transaction deviates from the ordinary; for instance, if the supervised entity is suspicious of the origin of the funds or the use of the business transaction or funds.
A customer must also be identified if the supervised entity suspects the veracity of previously obtained customer due diligence data.
Simplified customer due diligence
Simplified customer due diligence may be applied if the customer is
- a Finnish authority
- a credit institution, financial institution, investment firm, fund management company, or insurance company authorised in an EEA member state
- a credit institution, financial institution, investment firm, fund management company, or insurance company authorised in a state other than an EEA member state and subject to obligations equivalent to those laid down in the Finnish Act on Preventing and Clearing Money Laundering and Terrorist Financing and supervised for compliance with such obligations
- a branch operating in an EEA member state of a credit institution, financial institution, investment firm, fund management company, or insurance company authorised in a state other than an EEA member state
- a company whose securities are subject to public trading, as referred to in the Securities Markets Act and subject to disclosure requirements equivalent to those laid down in the Markets in Financial Instruments Directive.
In the insurance sector, a simplified customer due diligence procedure may be applied if the matter concerns
- an insurance policy where the insurance premium for the period of insurance is no more than EUR 1,000 or where the single premium is no more than EUR 2,500
- a statutory employee pension scheme or a self-employed person’s pension scheme where there is no surrender clause and the policy cannot be used as collateral for a loan
- a pension, superannuation or similar scheme that provides retirement benefits to employees, where contributions are made by way of deduction from wages and the scheme rules do not permit the assignment of a member's interest under the scheme.
The simplified customer due diligence procedure is justified on the grounds that public and reliable information is available on the customers listed above, their operations are transparent and supervised, and they are subject to regulation concerning money laundering and terrorist financing that is equivalent to Finnish requirements. In applying the simplified procedure, however, supervised entities need to ensure that the customer is an entity to which the simplified procedure may be applied. Supervised entities must also ascertain that a person acting on behalf of a customer has the right and powers to do so. Supervised entities also need to ensure fulfilment of the obligation of ongoing monitoring of these customer relationships.
Enhanced customer due diligence
Supervised entities must comply with the customer due diligence requirements in an enhanced fashion, ie with particular care, if a higher risk of money laundering or terrorist financing is related to a customer, service, product or business transaction, or if a customer has links with a state whose anti-money laundering and terrorist financing regime does not meet international standards. Enhanced customer due diligence requires that supervised entities observe particular care and conduct ongoing monitoring of these customers.
The enhanced customer due diligence requirements need to be complied with particularly when the customer is a politically exposed person or a family member or close associate of such a person. A similar procedure should be applied if a correspondent banking or equivalent business relationship is concerned or if the customer relationship commences without the customer being physically present.
Commencement of a customer relationship with a politically exposed person and a correspondent banking or equivalent business relationship requires the obtaining of sufficient information on the counterparty and approval from senior management. The customer relationship also needs to be monitored and reviewed regularly.
By virtue of the AML Act, identification of a customer without a face-to-face meeting is an example of a situation which requires enhanced customer due diligence. Sufficient information must be requested from the customer, and the information must be verified from a reliable source.
At the time of establishment of a customer relationship when the customer is not physically present for identification and verification purposes, supervised entities must apply the following measures in order to reduce the risk of money laundering and terrorist financing:
- verify the customer’s identity on the basis of additional documents, data or information obtained from a reliable source for example from the population register, trade register, credit register and other public registers.
- ensure that the payment related to the business transaction is made from an account with a credit institution or paid into an account previously opened in the customer's name or
- verify the customer’s identify by means of a qualified electronic certificate as referred to in the Act on Electronic Signatures (14/2003) or by other means of electronic identification that ensure information security and are based on evidence (i.e. are verifiable).
A supervised entity may require that a customer submit further documentation and clarifications to enable the supervised entity to verify the data provided by the customer without being physically present.Verification may also be based on a procedure under which an agreement or other document is sent as registered mail against a notice of receipt, so that the customer collects the documents personally. In this case, postal authorities establish the customer’s identity and forward a copy of the notice of receipt to the supervised entity.