KYC.IO

Global Regulations and Requirements for KYC Onboarding
(powered by KYC-Chain)

KYC to onboard domestic persons

namedate of birthidentification numberpassportdriving licenseidentity card

KYC to onboard international persons

namedate of birthidentification numberpassport numbercitizenshippassportdriving licenseidentity card

corporate requirements

nameidentification numberdate of registrationdate of birth and citizenship of members

National ID card name

henkilökortti/identitetskort

National ID Photo

back of national id photo back

Does the country have Esignature Laws?

Act on Electronic Signatures

E-sig law files

What year did the relevant AML laws and regulations become effective?

2008

Further details on AML regime

2008 Act on Detecting and Preventing Money Laundering and Terrorist Financing (503/2008) - last amended Jan 2016 (Original 1998, amended 2003). 2013 Act on Freezing of Assets to Combat Terrorism (325/2013). 1889 Criminal Code (39/1889) - last amended in 2015 on the part of Terrorist Financing.

Who is the regulator for AML controls for Banking

- Financial Supervisory Authority (http://www.fin-fsa.fi); - Financial Supervisory Authority (http://www.fin-fsa.fi); and - Ministry of the Interior and Regional State Administrative agencies.

Link to site

http://www.finfsa.fi/en/pages/default.aspx

Other financial Services

- Financial Supervisory Authority (http://www.fin-fsa.fi); - Financial Supervisory Authority (http://www.fin-fsa.fi); and - Ministry of the Interior and Regional State Administrative agencies.

Website of Regulator

http://www.fin-fsa.fi

Financial Sector regulator

Practical Guidance for AML

Yes. Guidance is provided by the Money Laundering Clearing House of Finland which operates within the National Bureau of Investigation (“NBI”)

Practical guidance PDF's

national_bureau_of_investigation

Is there a requirement to verify the identity of customers retroactively?

Yes

Retroactive details

Yes, following a risk-based assessment.

Has the country been the subject of FATF mutal evaluation in the last 3 years?

The latest follow-up report was in 2013

PDF of FATF review

finland-fur-2013.html

Are there minimum transaction thresholds (Y/N)

More details on minimum transaction thresholds.

There is no minimum Euro threshold for taking customer due diligence measures. Customer due diligence must be followed when transactions are unusual. Due diligence must take place if one of the following is true: a) if the reporting entity is planning to engage in a permanent business relationship with a customer; b) if the transaction or transactions related to the same business amounts to EUR15,000 or more and the relationship between the reporting entity and a customer is occasional; c) if the customer is a gambling service provider; d) if the transaction is suspicious or the reporting entity is suspecting that the money related to the transaction is used to finance terrorism; or e) if the reporting entity is questioning the reliability of the information previously used to identify the customer.

What are the requirements for customer identification information for individuals

Full name, date of birth, identification number (for foreign citizens: citizenship and passport number). Required documents for individuals: passport, driving licence or official identity card.

Details to be Collected on Corporates

Name, business identification number, date of registration (and name of registration authority), field of activity as well as full name, date of birth and citizenship of members of the statutory bodies and the person(s) representing the legal entity. Required documents for legal entities: trade register extract or equivalent official extract from a relevant public register and relevant documents for the individuals previously mentioned.

What are the high level requirements around beneficial ownership (identification and verification)?

The name, date of birth and identification number of the beneficial owner(s) (for foreign citizens, citizenship and passport number) must be verified

What circumstances are enhanced customer due diligence measures required?

Enhanced due diligence measures are required if there is a high risk of money laundering or the financing of terrorism in connection to the customer, product, service or field of activity. Enhanced due

How should FI's deal with Politically exposed persons

Additional due diligence is required if the customer himself is a PEP or is related to a PEP, or is an individual who is known to be the business partner of a PEP

What enhanced due diligence must be performed for correspondent banking relationships?

Firstly, the management of the credit institution has to approve the correspondent banking relationship. Should it be approved, the credit institution has to collect sufficient information about the correspondent

Are relationships with banks who might be considered a 'shell' and without substance permitted?

In what circumstances is additional due diligence required for non face-to-face transactions and/or relationships?

Additional due diligence is always required if the customer is not physically present for identification.

To whom are SAR's made? (suspicious activity reports)

Money Laundering Clearing House of Finland, which operates within the NBI (

Link to website of SAR reporting

https://www.poliisi.fi/en/national_bureau_of_investigation

Other Suspicious or unusual transactions obligations.

If customers do not provide the information required for performing customer due diligence or if parties subject to the reporting obligation consider that the information provided is not reliable, the parties must make a suspicious transaction report. A suspicious transaction report must also be made if legal persons cannot be identified or their beneficiaries cannot be established in a reliable way, or if enhanced identification of the person for whom a customer is acting is not possible.

Are there any de-minimis thresholds below which transactions do not need to be reported?

No.

Are there any penalties for non compliance with reporting requirements e.g. tipping off?

Yes:

Are there any requirements (legal or regulatory) to use automated Suspicious Transaction monitoring technology?

Is there a requirement to obtain authority to proceed with a current/ongoing transaction that is identified as suspicious?

Does the local legislation allow transactions to be monitored outside the jurisdiction?

No.

Is there a legal requirement for a bank’s external auditor/other external organisation to report on the bank’s AML systems and controls?

No.

If an external report on the bank’s AML systems and controls is required: a) how frequently must the report be provided?

N/A

To whom should the report on AML systems be submitted?

N/A

Is an AML system part of the financial statement audit?

N/A

What are the requirements for the content of this external report on a bank’s AML systems and controls? Does it require: a) sample testing of KYC files? b) sample testing of SAR reports? c) examination of risk assessments?

N/A

Data Protection Laws And Personal Data

Yes

Data Protection for Corporate Data

Yes

Data protection for "sensitive Data" and additional protections.

yes, “sensitive data” is defined as personal data related to or intended to be related to for example race or ethnic origin, the social, political or religious affiliation or trade-union membership of a person, a criminal act, punishment or other criminal sanction, the state of health, illness or handicap of a person or the treatment or other comparable measures directed at a person, the sexual preferences or sex life of a person or the social welfare needs of a person or the benefits, support or other social welfare assistance received by the person. As a main rule, the processing of sensitive data is prohibited but Finnish law provides certain detailed derogations from the prohibition

Do any restrictions on the transfer of credit reports exist?

Yes, there are prohibitions on the transfer of such personal data.

Regulator Acronym

FSA

Year of last FATF mutual evaluation

2013

Field 67

due diligence

National ID card details

A national identity card exists, usable all over the EU, but commonly people use their driving licences or national social security cards as ID.

National ID source

https://en.wikipedia.org/wiki/Finnish_identity_card

Passport Photo

practical Guidance yes / no

Is there a risk based approach

Legal Requirement

Requirement to proceed

requirement to use automated suspicious transaction tools

Who are SARS made to?

MLCHF

shell banks

EDD for correspondent banking

Yes

PDF of case law

Minimum transactions

EUR 15,000

Min transaction USD

16377

Personal Data protection

Data Protection for Corporates

Personal Data Protection Act

http://www.finlex.fi/en/laki/kaannokset/1999/en19990523.pdf

key restrictions

Agreements related to the purchase or transfer of real estate and family law or inheritance are exempted from the law.

Summary

With consent. Summary of law Finland follows the UNCITRAL model law and is similar to the laws of many European Union member states. It is considered a two-tier jurisdiction because it gives digital signatures the same status as handwritten signatures but also recognizes simple electronic signatures as legal and enforceable. Countries that follow this model give companies the opportunity to select different forms of signatures and customize their business processes based on the form that is most convenient and appropriate for each use case. Electronic signatures are presumed valid unless proof to the contrary is produced.

Are e-signatures acceptable

If the AML laws and/or regulations became effective in the last 2 years, what were the requirements of the previous AML regime?

In general, previous AML laws followed previous European Union (“EU”) directives.

Non financial sector (e.g. casinos, high value goods etc.)

- Financial Supervisory Authority (http://www.fin-fsa.fi); - Financial Supervisory Authority (http://www.fin-fsa.fi); and - Ministry of the Interior and Regional State Administrative agencies.

Does the country have a risk based approach?

In general, previous AML laws followed previous European Union (“EU”) directives.

Where copies of identification documentation are provided, what are the requirements around independent verification or authentication?

A certified copy signed by two qualified individuals is required. The qualified individual does not have to be a notary, lawyer or accountant.

Is there case law, other constitutional law or any other laws or regulations that may impact upon the transfer of information to this jurisdiction?

Yes, EU Data Protection Directive 95/46/EC and legislation based on the implementation of the said Directive apply when personal data is transferred from another EU country. If the information is transferred from outside of the EU, local legislation may be applicable. Personal Data Act (523/1999) is applicable on personal data and as special legislation may be applicable, for example Act on the Protection of Privacy in Working Life (759/2004), Employment Contracts Act (55/2001), Act on Cooperation within Undertakings (725/1978), Occupational Safety and Health Act (738/2002) Credit Data Act (527/2007) and other legislation.

List of case law, constitutional law or any other laws or regulations that may impact upon the transfer of information.

Yes, under the Credit Institutions Act. Bank secrecy protects private individuals, undertakings and other corporations and it applies to information that can be used for identifying a bank’s customer. For example, information related to a customer's economic status or an individual's personal circumstances concerning information such as family relations. Business or professional secrets are also subject to regulation.