KYC.IO

Global Regulations and Requirements for KYC Onboarding
(powered by KYC-Chain)

KYC to onboard domestic persons

namephotographidentification numberpassportdriving license

KYC to onboard international persons

namesignaturephotographidentification numberpassport

corporate requirements

certificate of registrationcertificate of incorporation

National ID card name

No national identity card

National ID Photo

back of national id photo back

Does the country have Esignature Laws?

The Electronic Signatures Act of 15 June 2001 no. 81

E-sig law files

What year did the relevant AML laws and regulations become effective?

2009

Further details on AML regime

2009 (15 April 2009). A new Circular No. 8/2009 was published by the Financial Supervisory Authority of Norway on 23 June 2009

Who is the regulator for AML controls for Banking

Finanstilsynet (The Financial Supervisory Authority of Norway)

Link to site

http://www.finanstilsynet.no/en

Other financial Services

Finanstilsynet (The Financial Supervisory Authority of Norway

Website of Regulator

http://www.finanstilsynet.no/en

Financial Sector regulator

N/A

Practical Guidance for AML

Yes, guidance by The Financial Supervisory Authority of Norway – Circular no 8/2009

Practical guidance PDF's

www.finanstilsynet.no

Is there a requirement to verify the identity of customers retroactively?

Yes

Retroactive details

Yes

Has the country been the subject of FATF mutal evaluation in the last 3 years?

Yes, latest report was 26 February, 2009

PDF of FATF review

www.fatf-gafi.org

Are there minimum transaction thresholds (Y/N)

More details on minimum transaction thresholds.

What are the requirements for customer identification information for individuals

a natural person's identity is normally verified by producing a document issued by a public authority, which normally contains full name, signature, photograph and personal identity number or D-number (non-residents liable to pay tax are registered with a unique Dnumber). Examples of suitable documents include a passport, bank card and driving licence.

Details to be Collected on Corporates

a legal person's identity is verified by Certificate of Registration/Certificate of Incorporation from the Public Register.

What are the high level requirements around beneficial ownership (identification and verification)?

The Money Laundering Act (MLA) requires financial institutions to verify the identity of beneficial owners on the basis of reasonable measures. The MLA defines ‘beneficial owners’ generally as the ‘natural persons who ultimately own or control the customer and/or on whose behalf a transaction or activity is being carried out’. The definition is then further elaborated to describe five situations where a person ‘in all cases’ is to be regarded as a beneficial owner.

What circumstances are enhanced customer due diligence measures required?

The MLA requires financial institutions to apply ‘other customer due diligence measures’, in addition to the basic customer due diligence measures stipulated in the MLA in the following cases: a) situations that by their nature involve a ‘high risk of transactions associated with proceeds of crime’ or certain designated offences listed in the Criminal Code (including terrorist financing and terrorism offences); b) business relationships and transactions with Politically Exposed Persons (‘PEPs’); and c) correspondent banking relationships.

How should FI's deal with Politically exposed persons

Reporting entities are required to conduct ‘appropriate customer due diligence measures’ to verify whether the customers are PEPs. Such measures include: a) obtaining approval from senior management before establishing a customer relationship; b) taking appropriate measures to ascertain the origin of the customer’s assets and of capital involved in the customer relationship or the transaction; and c) carrying out enhanced ongoing monitoring of the relationship.

What enhanced due diligence must be performed for correspondent banking relationships?

When establishing cross-border correspondent banking relationships with institutions outside the EEA area, institutions are required to: a) gather sufficient information concerning the correspondent institution to fully understand the nature of its activities and, on the basis of publicly available information, to determine the reputation of the institution and the quality of supervision; b) assess the institution’s control measures; c) ensure that the decision maker obtains approval from senior management before establishing a new correspondent relationship; d) document the respective responsibilities; and e) ascertain that the correspondent institution conducts ongoing monitoring of customers

Are relationships with banks who might be considered a 'shell' and without substance permitted?

In what circumstances is additional due diligence required for non face-to-face transactions and/or relationships?

The former requirement of face-to-face relationships is replaced by the implementation of risk based customer due diligence and ongoing monitoring of customer relationships.

To whom are SAR's made? (suspicious activity reports)

ØKOKRIM; The National Authority for Investigation and Prosecution of Economic and Environmental Crime in Norway

Link to website of SAR reporting

http://www.okokrim.no/artikler/in-english

Other Suspicious or unusual transactions obligations.

International wire transfers, foreign exchange and foreign credit and debit card transactions are reported to the: Foreign Exchange, Foreign Currency Register with the Norwegian Directorate of Customs and Excise

Are there any de-minimis thresholds below which transactions do not need to be reported?

Are there any penalties for non compliance with reporting requirements e.g. tipping off?

Yes, breaches of the Money Laundering Act can be punished with fines or imprisonment for up to 1 year when special aggravating circumstances exists.

Are there any requirements (legal or regulatory) to use automated Suspicious Transaction monitoring technology?

Yes, financial institutions have an obligation according to the Money Laundering Act to use electronic suspicious transaction monitoring systems.

Is there a requirement to obtain authority to proceed with a current/ongoing transaction that is identified as suspicious?

Yes, as the principal rule, suspicious transactions shall not be proceeded before a report is made to the FIU (ØKOKRIM). ØKOKRIM can decide that the actual transaction shall not be effected.

Does the local legislation allow transactions to be monitored outside the jurisdiction?

Not mentioned in the regulations.

Is there a legal requirement for a bank’s external auditor/other external organisation to report on the bank’s AML systems and controls?

N/A

If an external report on the bank’s AML systems and controls is required: a) how frequently must the report be provided?

N/A

To whom should the report on AML systems be submitted?

N/A

Is an AML system part of the financial statement audit?

N/A

What are the requirements for the content of this external report on a bank’s AML systems and controls? Does it require: a) sample testing of KYC files? b) sample testing of SAR reports? c) examination of risk assessments?

N/A

Data Protection Laws And Personal Data

N/A

Data Protection for Corporate Data

N/A

Data protection for "sensitive Data" and additional protections.

N/A

Do any restrictions on the transfer of credit reports exist?

N/A

Regulator Acronym

FSAN

Year of last FATF mutual evaluation

2016

Field 67

due diligence

National ID card details

The police will also issue electronic ID when the new national ID card will be issued next year.

National ID source

http://www.dezeen.com/2014/11/15/norway-passports-id-cards-neue-design-studio-redesign/

Passport Photo

Is there a risk based approach

Legal Requirement

Requirement to proceed

Yes

requirement to use automated suspicious transaction tools

Yes

Who are SARS made to?

FIU

shell banks

EDD for correspondent banking

Yes

key restrictions

Debt certificates, premarital agreements and a board's signing of annual accounts are examples of excluded transactions.

Summary

Section 6 recognizes electronic signatures as legal as enforceable. Summary of Law. Norway follows the European Union Model. It is considered a two-tier jurisdiction because it gives digital signatures the same status as handwritten signatures but also recognizes simple electronic signatures as legal and enforceable. Countries that follow this model give companies the opportunity to select different forms of signatures and customize their business processes based on the form that is most convenient and appropriate for each use case. Electronic signatures are presumed valid unless proof to the contrary is produced, but hey do not have the same status as digital (or qualified electronic) signatures.

Are e-signatures acceptable

If the AML laws and/or regulations became effective in the last 2 years, what were the requirements of the previous AML regime?

Customer identification and verification of authentication.

Non financial sector (e.g. casinos, high value goods etc.)

N/A

Does the country have a risk based approach?

Yes - risk based customer due diligence and monitoring customer relationships on an ongoing basis.

Where copies of identification documentation are provided, what are the requirements around independent verification or authentication?

Normally, the establishment of non-face-to-face business relationships is not allowed and the customer must physically appear either at the reporting financial institution or at an agent or outsource company, where identification and verification is performed. Copies can be certified in exceptional circumstances and must be verified by authorised persons, including postal employees, the police and lawyers.

Is there case law, other constitutional law or any other laws or regulations that may impact upon the transfer of information to this jurisdiction?

N/A

List of case law, constitutional law or any other laws or regulations that may impact upon the transfer of information.

N/A