What exactly are they and how to meet them?
Establishing a strong, long-lasting relationship with a financial institution requires trust on both sides. Just like customers do their research before approaching a banking service provider, companies need a system to evaluate risks related to their potential clients. In such cases, KYC (know your customer) requirements offer a well-founded system for identification of natural persons. It allows financial service providers to assess risks related to source of funds and check if the subject is politically exposed or on a sanctions list. What is more, in cases where companies are involved, it offers a reliable way to identify who the beneficial owner is.
The majority of EU states already have national anti-money laundering systems and KYC requirements in place, but most licensed companies struggle to meet them. This problem is especially common in remote digital environments.
Establishment of reliable digital KYC guidelines in France has been a major concern for financial service providers in recent years. In line with evolving market needs, the ACPR, french financial regulator, effectively addressed the topic in 2021 with the introduction of a PVID option.
The certification process performed by the French ANSSI is now a reality!
This option is fully compliant with eIDAS and is designed to meet the requirements of AML, eIDAS qualified services, and eIDAS eID. In this article, we would like to break down the requirements that were put in place, discuss compliance with eIDAS regulations, and outline what the future looks like for French KYC.
According to the new remote identification requirements, licensed parties have three options by which they can identify:
Here is a short overview of their main pros and cons:
The answer is yes. The eIDAS regulation is fully compliant with French law, which allows for creation of a qualified certificate by using other identification methods recognised at national level which provide assurance that is equivalent to physical presence. This is especially useful in cases when an in-person meeting or an identity proofing process is not possible
As long as a qualified trust service provider is on the EU trusted list with a registration method that is certified and confirmed by a member state supervisory body, the qualified certificate and signature meets the requirements of French AML. The EU has a common market and France is obligated to recognize, for example, German certificates and signatures. There is no requirement in eIDAS or French law that the qualified trust service provider must be French.
eIDAS regulates how qualified certificates can be created (article 24) and - if on the trusted list - they are compliant with French law. Before any qualified trust service providers can identify users remotely, they need to comply with national regulations similar to PVID. A good example is German VDG §11 and all guidelines issued by the Bundesnetzagentur.
The German Bundesnetzagentur implemented the “VDG”, which was similar to the PVID, years ago. It was recently updated with guidance on machine identification, removing the human agent in the actual video conference. Much like PVID, VDG requires manual vetting and carefully outlines all the requirements involved in every identification process. More specifically, VDG addresses how to treat identity cards and related requirements for an identity vetting center.
VDG and PVID are related in the following aspects:
We are a leading EU provider of qualified certificates to natural persons on the EU trusted list. ZealiD users can register remotely with either an eIDAS certified identity proofing method. Following a short registration on the ZealiD app, users can generate remote qualified signatures in accordance with French law. For a financial institution regulated in France, ZealiD is a fully legally viable KYC option. ZealiD’s remote identification is eIDAS certified under relevant provisions of German VDG and, as such, it already meets most of PVID requirements.
Staying up to date with the newest requirements is at the core of our mission. As a result, ZealiD will include PVID certification in its upcoming re-certification under eIDAS. By taking this step forward, ZealiD will become the first organization in the EU to run a combined super compliance scheme. It is fully compliant with the following regulations and standards on remote identification certification:
With KYC and base remote identification purposes in mind, this framework suits the highest legal and compliance standards. And, as an added benefit, all of our users receive qualified signatures, which are an emerging requirement for financial, insurance, health care and labour- related contracts.
References:
https://www.legifrance.gouv.fr/codes/article_lc/LEGIARTI000041577229/