Article 20 AMLR – Customer due diligence measures
1. For the purpose of conducting customer due diligence, obliged entities shall apply all of the following measures:
| (a) | identifying the customer and verifying the customer’s identity; |
| (b) | identifying the beneficial owners and taking reasonable measures to verify their identity so that the obliged entity is satisfied that it knows who the beneficial owner is and that it understands the ownership and control structure of the customer; |
| (c) | assessing and, as appropriate, obtaining information on and understanding the purpose and intended nature of the business relationship or the occasional transactions; |
| (d) | verifying whether the customer or the beneficial owners are subject to targeted financial sanctions, and, in the case of a customer or party to a legal arrangement who is a legal entity, whether natural or legal persons subject to targeted financial sanctions control the legal entity or have more than 50 % of the proprietary rights of that legal entity or majority interest in it, whether individually or collectively; |
| (e) | assessing and, as appropriate, obtaining information on the nature of the customers’ business, including, in the case of undertakings, whether they carry out activities, or of their employment or occupation; |
| (f) | conducting ongoing monitoring of the business relationship including scrutiny of transactions undertaken throughout the course of the business relationship to ensure that the transactions being conducted are consistent with the obliged entity’s knowledge of the customer, the business and risk profile, including where necessary the source of funds; |
| (g) | determining whether the customer, the beneficial owner of the customer and, where relevant, the person on whose behalf or for the benefit of whom a transaction or activity is being carried out is a politically exposed person, a family member or person known to be a close associate; |
| (h) | where a transaction or activity is being conducted on behalf of or for the benefit of natural persons other than the customer, identifying and verifying the identity of those natural persons; |
| (i) | verifying that any person purporting to act on behalf of the customer is so authorised and identify and verify their identity. |
2. Obliged entities shall determine the extent of the measures referred to in paragraph 1 on the basis of an individual analysis of the risks of money laundering and terrorist financing having regard to the specific characteristics of the client and of the business relationship or occasional transaction, and taking into account the business-wide risk assessment by the obliged entity pursuant to Article 10 and the money laundering and terrorist financing variables set out in Annex I as well as the risk factors set out in Annexes II and III.
Where obliged entities identify an increased risk of money laundering or terrorist financing they shall apply enhanced due diligence measures pursuant to Section 4 of this Chapter. Where situations of lower risk are identified, obliged entities may apply simplified due diligence measures pursuant to Section 3 of this Chapter.
3. By 10 July 2026, AMLA shall issue guidelines on the risk variables and risk factors to be taken into account by obliged entities when entering into business relationships or carrying out occasional transactions.
4. Obliged entities shall at all times be able to demonstrate to their supervisors that the measures taken are appropriate in view of the risks of money laundering and terrorist financing that have been identified.