Customer due diligence and customer identification

Why is my bank asking about my money matters?

Financial service providers have a statutory obligation to identify and know their customers. Banks, insurance companies, investment firms, fund management companies, payment institutions and virtual currency providers must assure themselves of their customers’ true identity.

They must also know their customers’ activities and background to such an extent as required by the nature of the customer relationship. Customer due diligence also requires that the service provider knows on whose orders transactions are

On what laws are the bank’s questions based?

Customer due diligence is required by, for example

  • The Act on Detecting and Preventing Money Laundering and Terrorist Financing (Money Laundering Act)
  • The Credit Institutions Act
  • The Insurance Companies Act
  • The Investment Firms Act
  • The Mutual Funds Act
  • The Payment Institutions Act
  • The Act on the Book Entry System and
  • The Act on Alternative Investment Fund Managers
  • The Act on Virtual Currency Providers.

In what instances does a bank identify the customer?

The service provider must, as a rule, identify the customer prior to the commencement of the customer relationship. A customer relationship refers to, for example: 

  • opening of an account
  • entering into a credit agreement
  • subscribing for fund units
  • concluding a securities brokerage contract
  • signing of an insurance policy or
  • an equivalent permanent customer relationship.

What happens if I don’t answer?

Service providers have the right to refuse customers that do not give adequate information on themselves or their operations or whose size, place of business or nature of operations is in conflict with the business strategy of the service provider.

How do I verify my identity?

The following documents issued by Finnish authorities are commonly used for identity verification:

  • identity card
  • passport
  • driving licence
  • diplomatic passport
  • alien’s passport and refugee travel document and SII card (Kela card) containing photo
  • passport granted by foreign authorities
  • identity card acceptable as travel document.

On the basis of its own risk management principles, the service provider may decide which documents it will accept for identity verification.

How do I verify my identity on the internet?

When you connect to an internet service, you can verify your identity remotely by using, for example, a means of strong electronic identification, such as online banking codes or a mobile certificate.

What information should I give to the bank?

The following information is necessary and essential in establishing and maintaining a customer relationship involving basic banking services:

  • customer’s name, address, personal identity number and nationality
  • information on whether the customer holds an important public position (politically exposed person, PEP) or whether he/she is a family member or a close associate of such a person
  • information on the customer’s life situation, describing his/her financial status (e.g. employer, pensioner, student)
  • information on whether the customer relationship to be established is the customer’s main banking customer relationship
  • information on the origins or source of funds and regular payment transfers/cash flows
  • assessment of the customer’s regular payment transaction volumes
  • assessment of the customer’s foreign payment transaction volumes and the grounds for such transactions

In the context of basic banking services, a customer relationship refers to one in which the customer only has a payment account, a payment card and access to online banking.

In customer relationships other those involving basic banking services, the bank may be justified in requesting, in addition to the information referred to above, other information affecting customer due diligence. The necessity for such information depends on the nature and extent of the customer relationship.

When a person handles some other person’s matters, acting as his/her representative, for example a guardian of a minor, some other advocate, an administrator of an estate or an agent of anyone, it is not necessary to request from the representative due diligence information concerning him/herself. The service provider must, however, identify and verify the identity of the representative and ascertain that he/she has the right to act on behalf of the customer.

The bank may also, if necessary, request from the customer documentation to clarify information he/she has provided.

Can the bank request clarification about where I received my money?

Customer due diligence requires that the service provider knows on whose orders transactions are made and with whose funds. Service providers have a statutory obligation to request from the customer information on the customer's need to use the services and information on the customer's transactions, financial status and use of services.

In some situations, these clarifications may be referred to as a “money laundering form” or “money laundering questions”, even though they generally only concern the statutory collection of information required for customer due diligence.

The service provider is also entitled to enquire, if necessary, about the origin and purpose of funds paid into an account. A bank may, for example, request from the customer written clarification on the origin of funds paid into the customer’s account as well as certificates on the customer's business, extracts from various registers, or other documents, such as bills of sale or a will.

Why does the bank require verification of identity when I pay an invoice?

The requesting of personal information, for example at a bank in connection with the payment of an invoice, is based on the EU regulation on information on the payer accompanying transfers of funds. In connection with cash deposits and cash payment of an invoice exceeding EUR 1,000, banks are required under the relevant regulation to verify the identity of their customers.

Banks and other service providers may apply stricter internal instructions on the verification of customer identity, and some banking groups may apply a lower limit for the verification of identity.

Why does the bank take a copy of my proof of identity?

Service providers must document the customer identification and due diligence information. The information may be documented by, for example, taking a copy of the verification document.

Under the relevant regulations, service providers are also required to keep records of the name, number or other identifying information of the document used in the verification of identity, and information on the authority that issued the document. The information must be retained for five years after the termination of a regular customer relationship.