In Germany, financial compliance is a complex and ever-changing landscape. Businesses must navigate a variety of rules and regulations, including those related to banking, accounting, and taxation. To complicate matters further, the interpretation and enforcement of these laws can vary from one jurisdiction to the next. As a result, complying with all the applicable financial regulations can be a challenge for even the most experienced businesses. In this article, In this article we would like to introduce you to the most important financial compliance regularities.
What does compliance mean?
In general terms, compliance means to conform to a rule, such as a policy, directive, regulation or law. Compliance is the goal that businesses and organizations need to achieve in order to ensure that they are aware of and take the necessary steps to comply with the relevant laws, policies, and regulations of the industry and jurisdictions in which they operate.
Compliance in the financial industry
Compliance varies widely between industries and within different jurisdictions. In the financial industry, compliance plays an important role when businesses and institutions carry out the due diligence requirements which manage the risks of financial crime. Financial compliance is essential for businesses operating in Germany. Failure to comply with the law can result in significant penalties, including heavy fines and even jail time. As such, companies must make sure that they have a solid understanding of the compliance landscape and put in place the necessary procedures and controls to ensure compliance.
A large sub-section of financial compliance has to do with Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations. AML refers to the laws, regulations and procedures intended to prevent criminals from disguising illegally obtained funds as legitimate income. KYC are the steps that businesses take to comply with AML by verifying their customers’ identities.
KYC processes are employed by companies of all sizes for the purpose of ensuring their proposed customers, agents, consultants, or distributors are who they claim to be. Banks and other financial institutions are increasingly demanding that customers provide ever more detailed due diligence information. KYC regulations were initially imposed only on banks and financial institutions but nowadays non-financial industry entities are also liable to oblige.
Of note is that there is no global political authority that applies and enforces conformity to these KYC and AML regulations. Instead, various governments around the world have cooperated to establish a host of institutions and practices which have collectively intertwined to form a defacto regulatory framework as part of the global financial system.
Financial compliance in Germany
BaFin (Bundesanstalt für Finanzdienstleistungsaufsicht), is Germany’s Federal Financial Supervisory Authority which works to ensure, as well as enforce when necessary, regulatory compliance in Germany’s financial market. Most countries around the world have established an authority to regulate the financial activity in their country, and in some cases of its citizens, no matter where they reside (such as in the United States of America).
In BaFin’s English translation of its AML proceedings (in German: Geldwäschegesetz – GwG) we read:
“In accordance with section 51(8) of the Anti-Money Laundering Act, BaFin provides the obligated persons and entities under its supervision with regularly updated interpretation and application instructions for the implementation of due diligence obligations and internal safeguarding measures in accordance with the statutory provisions on the prevention of money laundering and terrorist financing. BaFin also currently issues circulars on topics relating to the prevention of money laundering and terrorist financing.”
This finely worded introduction is followed by a 66-page downloadable PDF in English of the most recent version of the AML proceedings for Germany. The document has also been transposed into a click-through website for added convenience. It is important to note that these English language versions have been translated from the German language as a favour to the non-German speaking audience residing and/or running a business in Germany. The official “binding” version is the German edition, found here as a PDF.
The complexity of financial compliance in Germany
For the purposes of this post we will outline various parts and sections of the English language translation of the GwG in order to outline some of the compliance complexities in Germany and, by extension, the global financial system.
The aim is to promote the idea that outsourcing your businesses’ due diligence requirements is a smart business move. In doing so, you will be able to focus more effort on your company’s product / service and its core operations – with the assurance that you are BaFin compliant.
There are a number of companies such as ours which have developed compliance software, commonly referred to as digital onboarding software or as an online identity verification platform, for this purpose.
*Note: The following excerpts are taken from bafin.de’s Geldwäschegesetz – GwG (Money Laundering Act – AML) website. It is in no way complete and is also heavily edited for expediency. It is recorded here for demonstration purposes and to provide an example of the complexities of compliance in Germany. The entire GwG is between 60-70 pages in length and consists of 7 Parts, 59 Sections and 2 Annexes.
Part 2 – Risk management – GwG
Section 4 Risk management
(1) In order to prevent money laundering and terrorist financing, the obliged entities must have in place effective risk management systems that are appropriate for the nature and size of their business.
Section 5 Risk analysis
(1) The obliged entities are to determine and evaluate the risks of money laundering and terrorist financing associated with the business activities they engage in.
Section 7 Money laundering reporting officer
(1) Obliged entities under section … are to appoint a money laundering reporting officer at senior management level and a deputy. The money laundering reporting officer is responsible for compliance with the provisions under anti-money laundering and counter terrorist financing law.
Section 8 Recording and retention requirement
(1) The obliged entity is to record and retain
(2) data collected and information gathered in the fulfilment of its due diligence requirements
(3) The records may also be stored digitally on a storage medium. The obliged entities must ensure that the stored data
2. are available for the duration of the retention period and
3. can be made readable within a reasonable period of time at any time.
Part 3 – Customer due diligence requirements – GwG
Section 10 General due diligence requirements
(1) The general due diligence requirements are:
identifying the contracting party and, where applicable, the person acting on their behalf in accordance with section … and checking whether the person acting on behalf of the contracting party is entitled to do so.
Section 11 Identification
(1) Obliged entities are to identify contracting parties and, if applicable, persons acting on their behalf and (beneficial owners, before establishing a business relationship or executing a transaction.
(4) In the identification, the obliged entity is to collect the following information:
in the case of a natural person:
a) their first name and surname,
b) their place of birth,
c) their date of birth,
d) their nationality and
e) a residential address
a) the company, name or trading name,
b) the legal form,
c) the commercial register number if available,
d) the address of the registered office or head office and
e) the names of the members of its representative bodies or the names of its legal representatives and, if a member of its representative body or the legal representative is a legal person, the data listed under letters (a) to (d) for this legal person.
Section 12 Identity verification, authorization to issue regulations
(1) In the cases set out in section 10 (1) no. 1, the verification of the identity of natural persons is to be carried out on the basis of
Section 13 Identity verification procedures, authorisation to issue regulations
(1) Obliged entities verify the identity of natural persons by one of the following procedures:
a) appropriate examination of the document presented physically or
b) another procedure suitable for verifying identity under anti-money laundering and counter terrorist financing law and having a security level equivalent to the procedure set out in no. 1.
Section 15 Enhanced due diligence requirements, authorisation to issue regulations
(1) The enhanced due diligence requirements are to be fulfilled in addition to the general due diligence requirements.
(2) Obliged entities are to fulfil enhanced due diligence requirements if they find out, through a risk analysis or by taking into account the risk factors specified in annexes 1 and 2 in an individual case, that a higher risk of money laundering or terrorist financing may arise.
If you were able to make it through the above legalese, you will have made it through some of the complexities involved in attaining financial compliance in Germany. And these are just the Parts dealing with risk management and due diligence, which involves risk analysis, reporting officers, data retention, due diligence, enhanced due diligence, proper identification procedures, and so on. This is precisely why the identity verification industry exists.
How to ensure BAFIN Compliance in Germany and around the world
Bank on identity verification with built-in compliancePXL Vision has a lot of experience with regulation in the finance sector and offers a higly individualized identity verification solution for financial services.