KYC.IO

Global Regulations and Requirements for KYC Onboarding
(powered by KYC-Chain)

KYC to onboard domestic persons

namedate of birthplace of birthaddress

KYC to onboard international persons

namedate of birthsurnameplace of birthaddress

corporate requirements

nameregistered office&directors

National ID card name

(Dutch: Identiteitskaart, French: Carte d’identité, German: Personalausweis)

National ID Photo

back of national id photo back

Does the country have Esignature Laws?

Unofficial translation of the Belgian Act of 20 October 2000

E-sig law files

What year did the relevant AML laws and regulations become effective?

2010

Further details on AML regime

The local law became effective in 1993. However, to incorporate the third AML Directive, it has been amended by the law of 18 Jan 2010

Who is the regulator for AML controls for Banking

Since April 2011, the supervision of the Belgian financial sector has been organised according to the “Twin Peaks” model, with two autonomous supervisors, namely the National Bank of Belgium (’NBB’) and the Financial Services and Markets Authority (‘FSMA’), both of which are competent (depending on the licence, NBB or FSMA is competent) in the field of AML related matters to the financial sector. Within the “Twin Peaks” model the micro-prudential and systemic control, as well as the macro-prudential supervision is entrusted to the NBB. The supervision of the compliance with good conduct rules to which financial intermediaries are subject to are entrusted to the FSMA

Link to site

http://www.fsma.be/LanguageChoice.aspx , https://www.nbb.be/en/language-picker

Other financial Services

N/A

Website of Regulator

N/A

Financial Sector regulator

N/A

Practical Guidance for AML

There is specific guidance per sector on the website of the Belgian Financial Intelligence Processing Unit (‘CTIF-CFI’) for a risk-based approach

Practical guidance PDF's

index.php

Is there a requirement to verify the identity of customers retroactively?

Retroactive details

No - however, the local law requires identification data to be updated in cases where there are doubts about the veracity or accuracy of previously obtained identification data, or where the risk sensitivity of the client requires this (Art. 7, §3 and Art. 8, §2).

Has the country been the subject of FATF mutal evaluation in the last 3 years?

After the adoption of their Mutual Evaluation Report (‘MER’), FATF member countries are required to provide information on the measures that have been implemented to deal with the deficiencies identified in the report. Belgium is subject to this process of providing a biennial update (i.e. every two years) to the FATF Plenary on any of the 40 Recommendations that are rated PC (Partially Compliant) or NC (Non-Compliant). The fourth update was provided to the Plenary on 26 Feb 2015 and is available on the website of CTIF-CFI

PDF of FATF review

Are there minimum transaction thresholds (Y/N)

Yes

More details on minimum transaction thresholds.

Yes, when the customer wishes to carry out a transaction outside the context of a business relationship: a) for an amount below EUR10,000 (art. 7, §1, 2°, a); and b) consisting in a transfer of funds to a payee’s account within Belgium for an amount less than or equal to EUR1,000 on condition that (art. 7, §1, 2°, b) these transfers are not considered to fall under the Regulation on information on the payer accompanying transfers of funds (No. 1781/2006): a. the transfer is a payment within the terms of an agreement for the provision of goods or services, concluded between the payer and the payee; b. the payee’s account was opened to enable the payment for the provision of goods or services; c. the payment service provider of the payee is subject to the obligations set out in the Law of 11 Jan 1993; and d. this payment service provider is able, by means of a unique identifier, to trace the transaction via the payee back to the payer. If customers wish to carry out a financial transaction related to gaming for an amount less than or equal to EUR1,000) (art.9). Companies are not obliged to carry out the identification and identity verification of the following persons (art. 11, §1): a) a credit or financial institution, as referred to in Article 2 of Directive 2005/60/EC, situated in Belgium or in another country of the European Economic Area; b) a listed company whose securities are admitted to trading on a regulated market within the meaning of Directive 2004/39/EC in a country of the European Economic Area; c) the beneficial owners of pooled accounts held by notaries and other independent legal professionals established in Belgium, in another country of the European Economic Area; d) a customer or beneficial owner that is a Belgian public authority; and e) customers that are European public authorities or institutions. Companies are not obliged to carry out the identification and identity verification of the following products or transactions (art. 11, §2): a) life insurance policies where the annual premium is no more than EUR1,000 or the single premium is no more than EUR2,500; b) insurance policies for pension schemes if there is no surrender clause and the policy cannot be used as collateral; and c) a pension, superannuation or similar scheme that provides retirement benefits to employees, where contributions are made by way of deduction from wages and the scheme rules do not permit the assignment of a member’s interest. The above exceptions cannot apply where there is a suspicion of money laundering or terrorist financing or when there are doubts about the veracity or accuracy of previously obtained identification data regarding a customer who has already been identified.

What are the requirements for customer identification information for individuals

surname, first name, date and place of birth and, whenever possible, relevant information on the address of the identified person (art. 7, §1, paragraph 3).

Details to be Collected on Corporates

corporate name, registered office and directors, and note must be taken of the provisions regarding the power to commit the legal person, trust, fiduciary or similar legal arrangement (art. 7, §1, paragraph 4). The identification must be verified by means of a supporting document, of which a copy is made on paper or by electronic means. For natural persons, a copy of their identity card or passport is required and for legal person, a copy of their coordinated statutes (art. 7, §2). Together with the identification, information must be collected regarding the purpose and intended nature of the business relationship (art. 7, §1, paragraph 5).

What are the high level requirements around beneficial ownership (identification and verification)?

For the beneficial owner, the identification must cover the surname, first name and, whenever possible, the date and place of birth. In addition, whenever possible, relevant information must be collected with regard to address details. Furthermore, appropriate risk based measures must be taken to verify these data sources (art. 8, §1, paragraph 4).

What circumstances are enhanced customer due diligence measures required?

Local regulation foresees enhanced customer due diligence measures on a risk sensitive basis in situations which by their nature can represent a higher risk of money laundering or terrorist financing, and at least in the following situations (art. 12, §1): a) establishing a business relationship with or carrying out a transaction for a customer that was not physically present for identification purposes (non face-to-face contact) (art. 12, §2); b) establishing a business relationship or carrying out a transaction with or for a PEP (art. 12, §3) (see A14 below); and c) engaging in cross-border correspondent banking relationships with respondent institutions from third countries (art. 12, §4) (see A15 below).

How should FI's deal with Politically exposed persons

Belgium has instituted a comprehensive set of measures applicable to PEPs. These measures include (art. 12, §3, paragraph 4): a) applying appropriate risk based procedures to determine whether the customer or his beneficial owner is a PEP; b) obtaining approval from a sufficiently senior level of management before establishing business relations with such customers; c) taking appropriate risk-based measures to establish the source of wealth and funds that are involved in the business relationship or transaction; and d) conducting enhanced ongoing monitoring of the business relationship.

What enhanced due diligence must be performed for correspondent banking relationships?

Belgium is in full compliance with the FATF recommendations regarding issues of correspondent banking. It is obliged to (art. 12, §4, paragraph 1): a) gather sufficient information about the respondent institution in question to understand fully the nature of its business and to determine from publicly available information its reputation and the quality of the supervision to which it is subject; b) assess the respondent institution’s anti-money laundering and anti-terrorist financing controls; c) obtain approval from a sufficiently senior level of management before establishing new relationships; d) document in writing the respective responsibilities of each institution; and e) with respect to payable-through accounts, be satisfied that the respondent institution has verified the identity of and has performed ongoing due diligence on the customers having direct access to accounts of the correspondent and that it is able to provide relevant customer due diligence data to the correspondent institution, upon request.

Are relationships with banks who might be considered a 'shell' and without substance permitted?

Yes

In what circumstances is additional due diligence required for non face-to-face transactions and/or relationships?

When entering into a business relationship with a client that is not physically present, specific and adequate measures need to be taken to deal with the increased risk of money laundering and terrorism financing that exist in such circumstances (art. 12, §2)

To whom are SAR's made? (suspicious activity reports)

The Belgian Financial Intelligence Processing Unit (CTIF-CFI), established by the Law of 11 Jan 1993, is a central part of the Belgian AML/CFT system. CTIF-CFI is an independent administrative authority with legal personality and is supervised by the Ministers of Justice and Finance. CTIF-CFI is in charge of processing suspicious financial facts and transactions linked to money laundering and terrorism financing and which are reported by institutions and individuals specified in the law (http://www.ctif-cfi.be/). In accordance with the Law of 11 Jan 1993 on preventing use of the financial system for purposes of money laundering and terrorist financing, CTIF-CFI received a total of 27,767 disclosures in 2014, which is approximately an 33% increase compared to 2012.

Link to website of SAR reporting

http://www.ctif-cfi.be/

Other Suspicious or unusual transactions obligations.

The institutions and persons as referred to in the law, shall carefully examine any transaction or action they consider particularly likely, by its nature or its unusual character in view of the customer’s activities, by the circumstantial elements or by the capacity of the persons involved, to be related to money laundering or terrorist financing (art. 14, §1, paragraph 2). The following institutions and persons should report the following transactions: a) the sales price of real property may only be paid by means of a bank transfer or cheque. The agreement and deed of sale must specify the number of the financial account from which the amount was or will be debited (art. 20); b) in case of doubt about the veracity or accuracy of previously obtained identification data about a customer who has already been identified (discretionary) (art. 7, §1, 4°); c) in case of a suspicion of money-laundering or terrorism financing (art. 23 – 26); d) in case of international transactions and facts involving natural or legal persons domiciled, registered or situated in a country or territory whose legislation is considered insufficient by a competent international consultative and coordinating authority or whose practices are deemed by this authority to impede the fight against money laundering and terrorist financing (art. 27); e) in case of the suspicion of serious and organised fiscal fraud (art. 28).

Are there any de-minimis thresholds below which transactions do not need to be reported?

The price of a sale by a merchant of one or more products, as well as the price of one or more provision of services supplied by a service provider, for an amount of EUR3,000 or more may not be paid in cash, unless the amount does not exceed 10% of the sale price and as long as this amount does not exceed EUR3,000 regardless of whether the sale or service takes place in a single or in several apparently related transactions. The price of a purchase by a merchant in precious metals of one or more products, for an amount of EUR3,000 or more may not be paid in cash, unless the amount does not exceed 10% of the purchase price and as long as this amount does not exceed EUR3,000 regardless of whether the purchase takes place in a single or in several apparently related transactions (art. 21).

Are there any penalties for non compliance with reporting requirements e.g. tipping off?

According to article 40 of the AML law of 1993, non-compliance with reporting requirements towards CTIF-CFI can result in the following sanctions imposed by the competent authority: a) publish, in accordance with terms it determines, the decisions and measures it shall adopt; b) impose an administrative fine of not less than EUR250 and not more than EUR1.25m after hearing the defence of the institutions and persons or at least after having duly summoned them.

Are there any requirements (legal or regulatory) to use automated Suspicious Transaction monitoring technology?

Yes

Is there a requirement to obtain authority to proceed with a current/ongoing transaction that is identified as suspicious?

According to article 23 of the law, the CTIF-CFI may, should it deem such action necessary due to the seriousness or urgency of the matter, oppose execution of any suspected transaction of which it has been informed. The CTIF-CFI shall determine to which transactions and to which accounts the opposition shall apply and shall inform the institutions and persons referred to in article 2, §1 immediately. This opposition shall halt the execution of the transaction for a maximum of two working days starting from the time of notification. If the CTIF-CFI thinks the measure should be extended, it shall refer the matter to the Public Prosecutor, who will take the necessary decisions. In the absence of a decision within the abovementioned two days after notification, the said institutions and persons are free to execute the transaction.

Does the local legislation allow transactions to be monitored outside the jurisdiction?

There is no specific restriction to monitor the transactions in another jurisdiction but the responsibility remains within the entity in Belgium. In particular, transactions of some branches of foreign banks are monitored by the parent company.

Is there a legal requirement for a bank’s external auditor/other external organisation to report on the bank’s AML systems and controls?

If an external report on the bank’s AML systems and controls is required: a) how frequently must the report be provided?

N/A

To whom should the report on AML systems be submitted?

N/A

Is an AML system part of the financial statement audit?

N/A

What are the requirements for the content of this external report on a bank’s AML systems and controls? Does it require: a) sample testing of KYC files? b) sample testing of SAR reports? c) examination of risk assessments?

N/A

Data Protection Laws And Personal Data

Yes

Data Protection for Corporate Data

Yes

Data protection for "sensitive Data" and additional protections.

yes. By principle, the processing of sensitive data is forbidden (exceptions exist). Sensitive data relate to race, political opinions, religious or philosophical beliefs, trade-union membership, health,

Do any restrictions on the transfer of credit reports exist?

From a privacy perspective, transfer of credit reports fall under the general requirements of personal data processing, to the extent these qualify as personal data

Regulator Acronym

NBB, FSMA

Year of last FATF mutual evaluation

2015

Field 67

specific&adequate measures

National ID card details

The card is first issued at age 12, compulsory by 15.

Compulsory?

National ID source

https://en.wikipedia.org/wiki/Belgian_national_identity_card

Passport Photo

practical Guidance yes / no

Is there a risk based approach

Legal Requirement

Requirement to proceed

Yes

requirement to use automated suspicious transaction tools

Yes

Who are SARS made to?

CTIF-CFI

shell banks

Yes

EDD for correspondent banking

Yes

Minimum transactions

EUR 10,000

Min transaction USD

10902

Personal Data protection

Data Protection for Corporates

Personal Data Protection Act

https://www.privacycommission.be/sites/privacycommission/files/documents/Privacy_Act_1992.pdf

key restrictions

There are no critical exceptions to the law.

Summary

Civil Code Section 1322 recognizes electronic signatures as legal and enforceable. Summary of law Belgium follows the UNCITRAL model law and is similar to the laws of many European Union member states. It is considered a two-tier jurisdiction because it gives digital signatures the same status as handwritten signatures but also recognizes simple electronic signatures as legal and enforceable. Countries that follow this model give companies the opportunity to select different forms of signatures and customize their business processes based on the form that is most convenient and appropriate for each use case. Electronic signatures are presumed valid unless proof to the contrary is produced. Article 4, Section 5, provides that no electronic signature will be denied simply because it is in electronic form or is not based on a digital certificate.

Are e-signatures acceptable

If the AML laws and/or regulations became effective in the last 2 years, what were the requirements of the previous AML regime?

N/A

Non financial sector (e.g. casinos, high value goods etc.)

N/A

Does the country have a risk based approach?

Companies are required to apply fitting measurements on a risk based approach when verifying the identity of the final beneficiary or beneficiary of the client (Art. 8, §1, art. 8, §2 and art. 12, §2)

Where copies of identification documentation are provided, what are the requirements around independent verification or authentication?

Clients must be identified by means of a supporting document, of which a copy is made on paper or by electronic means (art. 7, §2). Such documents need to be probative documents, admissible as evidence. There is no information about certification by external third parties in local legislation.

Is there case law, other constitutional law or any other laws or regulations that may impact upon the transfer of information to this jurisdiction?

There exists specific privacy legislation for certain sectors e.g. public sector, telecom sector which apply in addition to the Privacy Act mentioned above

List of case law, constitutional law or any other laws or regulations that may impact upon the transfer of information.

There is no bank professional secrecy in Belgium (as regards section 458 of Penal Code) but only a discretion obligation policy for income taxation. With respect to the taxpayer himself, section 318 of the Belgian Income Tax Code (“BITC”) provides that tax authorities are not authorised to gather information from the accounts, books and documents of a bank, exchange, credit and savings institutions established in Belgium with a view to taxing its clients. However, if in the course of an inquiry related to the institution’s own tax situation, the tax authorities discover relevant information leading to a suspicion that a mechanism of tax fraud exists or is being prepared, then the tax authorities are allowed to examine the institution’s records in order to determine the client’s tax liability. With respect to third parties, section 322 BITC provides that tax authorities may, for a given taxpayer, gather written evidence, hear third persons, proceed to inquiries and require from natural persons or corporate bodies as well as companies and associations not having legal personality, to produce any information which it may deem necessary for the purpose of assuring the fair collection of tax. As regards to banks, the second paragraph of section 322 provides the tax authorities the possibility to obtain information from clients of the bank provided they first requested information from the taxpayer himself who refused to communicate information, and provided indications of tax fraud or greater wealth exist. Finally, note that a Central Point of Contact has recently been created towards which the banks are deemed to communicate names and accounts of their clients which could later be used by the tax authorities in case of indications of fraud. In case of indication of fraud, an exchange of information may also take place between Belgium and other countries (Member States of the EU, and countries with which Belgium has concluded a double taxation treaty or a treaty relating to an exchange of information). Please refer to following legislation for more details: a) Art. 55-57 Law of 14 Apr 2011 (Dutch: http://www.ejustice.just.fgov.be/cgi_loi/change_lg.pl?language=nl&la=N&table_name=wet&cn=2011041406 and French: http://www.ejustice.just.fgov.be/cgi_loi/change_lg.pl?language=fr&la=F&cn=2011041406&table_name=loi); and b) Royal Decree of 03 Feb 2014 (https://www.nbb.be/doc/cr/cap/ar_kb_2014_02_03_autorisant_bnb_et_declarants_a_acceder_au_rnpp.pdf (Dutch and French)).