What is compliance?
In general terms, compliance means to conform to a rule, such as a policy, directive, regulation or law. Compliance is the goal that businesses and organizations need to achieve in order to ensure that they are aware of and take the necessary steps to comply with the relevant laws, policies, and regulations of the industry and jurisdictions in which they operate.
Compliance in the financial industry
Compliance varies widely between industries and within different jurisdictions. In the financial industry, compliance plays an important role when businesses and institutions carry out the due diligence requirements which manage the risks of financial crime.
A large sub-section of financial compliance has to do with Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations. AML refers to the laws, regulations and procedures intended to prevent criminals from disguising illegally obtained funds as legitimate income. KYC are the steps that businesses take to comply with AML by verifying their customers’ identities.
KYC processes are employed by companies of all sizes for the purpose of ensuring their proposed customers, agents, consultants, or distributors are who they claim to be. Banks and other financial institutions are increasingly demanding that customers provide ever more detailed due diligence information. KYC regulations were initially imposed only on banks and financial institutions but nowadays non-financial industry entities are also liable to oblige.
Of note is that there is no global political authority that applies and enforces conformity to these KYC and AML regulations. Instead, various governments around the world have cooperated to establish a host of institutions and practices which have collectively intertwined to form a defacto regulatory framework as part of the global financial system.
Financial compliance in Germany
BaFin (Bundesanstalt für Finanzdienstleistungsaufsicht), is Germany’s Federal Financial Supervisory Authority which works to ensure, as well as enforce when necessary, regulatory compliance in Germany’s financial market. Most countries around the world have established an authority to regulate the financial activity in their country, and in some cases of its citizens, no matter where they reside (such as in the United States of America).
In BaFin’s English translation of its AML proceedings (in German: Geldwäschegesetz – GwG) we read:
“In accordance with section 51(8) of the Anti-Money Laundering Act, BaFin provides the obligated persons and entities under its supervision with regularly updated interpretation and application instructions for the implementation of due diligence obligations and internal safeguarding measures in accordance with the statutory provisions on the prevention of money laundering and terrorist financing. BaFin also currently issues circulars on topics relating to the prevention of money laundering and terrorist financing.”
This finely worded introduction is followed by a 66-page downloadable PDF in English of the most recent version of the AML proceedings for Germany. The document has also been transposed into a click-through website for added convenience. It is important to note that these English language versions have been translated from the German language as a favour to the non-German speaking audience residing and/or running a business in Germany. The official “binding” version is the German edition, found here as a PDF.
The complexity of financial compliance in Germany
For the purposes of this post we will outline various Parts and Sections of the English language translation of the GwG in order to outline some of the compliance complexities in Germany and, by extension, the global financial system.
The aim is to promote the idea that outsourcing your businesses’ due diligence requirements is a smart business move. In doing so, you will be able to focus more effort on your company’s product / service and its core operations – with the assurance that you are BaFin compliant.
There are a number of companies such as ours which have developed compliance software, commonly referred to as digital onboarding software or as an online identity verification platform, for this purpose.
*Note: The following excerpts are taken from bafin.de’s Geldwäschegesetz – GwG (Money Laundering Act – AML) website. It is in no way complete and is also heavily edited for expediency. It is recorded here for demonstration purposes and to provide an example of the complexities of compliance in Germany. The entire GwG is between 60-70 pages in length and consists of 7 Parts, 59 Sections and 2 Annexes.
Part 2 – Risk management – GwG
Section 4 Risk management
(1) In order to prevent money laundering and terrorist financing, the obliged entities must have in place effective risk management systems that are appropriate for the nature and size of their business.
Section 5 Risk analysis
(1) The obliged entities are to determine and evaluate the risks of money laundering and terrorist financing associated with the business activities they engage in.
Section 7 Money laundering reporting officer
(1) Obliged entities under section … are to appoint a money laundering reporting officer at senior management level and a deputy. The money laundering reporting officer is responsible for compliance with the provisions under anti-money laundering and counter terrorist financing law.
Section 8 Recording and retention requirement
(1) The obliged entity is to record and retain
- data collected and information gathered in the fulfilment of its due diligence requirements
(3) The records may also be stored digitally on a storage medium. The obliged entities must ensure that the stored data
- are consistent with the data and information gathered,
- are available for the duration of the retention period and
- can be made readable within a reasonable period of time at any time.
Part 3 – Customer due diligence requirements – GwG
Section 10 General due diligence requirements
(1) The general due diligence requirements are:
- identifying the contracting party and, where applicable, the person acting on their behalf in accordance with section … and checking whether the person acting on behalf of the contracting party is entitled to do so.
Section 11 Identification
(1) Obliged entities are to identify contracting parties and, if applicable, persons acting on their behalf and (beneficial owners, before establishing a business relationship or executing a transaction.
(4) In the identification, the obliged entity is to collect the following information:
- in the case of a natural person:
- a) their first name and surname,
- b) their place of birth,
- c) their date of birth,
- d) their nationality and
- e) a residential address
- in the case of a legal person or a partnership:
- a) the company, name or trading name,
- b) the legal form,
- c) the commercial register number if available,
- d) the address of the registered office or head office and
- e) the names of the members of its representative bodies or the names of its legal representatives and, if a member of its representative body or the legal representative is a legal person, the data listed under letters (a) to (d) for this legal person.
Section 12 Identity verification, authorisation to issue regulations
(1) In the cases set out in section 10 (1) no. 1, the verification of the identity of natural persons is to be carried out on the basis of
- a valid official identity document which includes a photograph of the holder and satisfies the passport and identification requirements in Germany, in particular a German passport, identity card or substitute of a passport or identity card, or a passport, identity card or substitute of a passport or identity card recognised or accepted under German provisions for foreign nationals…
Section 13 Identity verification procedures, authorisation to issue regulations
(1) Obliged entities verify the identity of natural persons by one of the following procedures:
- appropriate examination of the document presented physically or
- another procedure suitable for verifying identity under anti-money laundering and counter terrorist financing law and having a security level equivalent to the procedure set out in no. 1.
Section 15 Enhanced due diligence requirements, authorisation to issue regulations
(1) The enhanced due diligence requirements are to be fulfilled in addition to the general due diligence requirements.
(2) Obliged entities are to fulfil enhanced due diligence requirements if they find out, through a risk analysis or by taking into account the risk factors specified in annexes 1 and 2 in an individual case, that a higher risk of money laundering or terrorist financing may arise.
If you were able to make it through the above legalese, you will have made it through some of the complexities involved in attaining financial compliance in Germany. And these are just the Parts dealing with risk management and due diligence, which involves risk analysis, reporting officers, data retention, due diligence, enhanced due diligence, proper identification procedures, and so on. This is precisely why the identity verification industry exists.
Compliance in Germany: Kafka’s nightmare
This article was originally going to be titled Compliance in Germany: Kafka’s nightmare. However, further research suggested that the comparison of the famed German-language novelist and the bureaucratic nightmare of regulatory compliance at BaFin was not very apt. However, not wanting to leave out the comparison in its entirety, here is a short read for the interested.
Prague-born author, Frank Kafka, writer of the world-renowned The Trial and The Metamorphosis, wrote about the soul-crushing bureaucracy of the Austro-Hungarian empire. The word Kafkaesque is often applied to complex, bizarre and impersonal administrative situations where the individual feels powerless to understand or control what is happening. If Kafka had written in the 21st Century, it would probably have an entrepreneur as the protagonist, attempting to comply with BaFin’s AML regulations.
How to ensure BAFIN Compliance in Germany and around the world
Learn how PXL Vision can help you cut through the bureaucratic nightmare of due diligence requirements.