Authorisation Check

Authorisation Check

Authorisation Check for persons acting on behalf of a contracting party

The authorization check for individuals acting on behalf of a contracting party stands as a cornerstone of compliance and security measures. This process, deeply rooted in the mandates of the European Union’s 4th and 5th AMLDs and further detailed in Germany’s GwG along with the BaFin Interpretation and Application Guidance, serves as a critical safeguard against financial fraud, money laundering, and terrorist financing.

The Essence of Authorization Checks

Authorization checks are designed to verify that any person claiming to act on behalf of another—a contracting party—is indeed authorized to do so. This fundamental step ensures that entities, particularly financial institutions, are engaging with individuals who are legitimately representing their respective organizations or clients. The 4th AMLD laid the foundation for this process, emphasizing the need for rigorous identification and verification of both customers and their representatives.

Advancements in the 5th AMLD

The 5th AMLD built upon its predecessor by incorporating advanced technological methods for identification purposes. It advocates for the use of electronic identification means and relevant trust services, as outlined in eIDAS-Regulation (Regulation (EU) No 910/2014), to bolster the reliability and efficiency of the verification process. This directive underscores the importance of adapting to digital advancements to maintain robust compliance frameworks.

German GwG and BaFin Guidance

In Germany, the GwG echoes these directives, specifying the necessity of identifying not just the contracting parties but also any individuals acting on their behalf. The BaFin’s guidance clarifies that while the GwG does not prescribe specific methods for conducting these checks, the verification of a representative’s authority is paramount. In financial transactions, particularly, this is often satisfied through civil law authorization checks, ensuring that only those with legitimate authority can initiate actions on accounts.

Best Practices for Compliance

Entities must adopt comprehensive and adaptive strategies to meet these regulatory requirements. Key practices include:

  • Implementing Advanced Verification Technologies: Leveraging electronic identification and trust services to streamline and secure the verification process.
  • Maintaining Detailed Records: Keeping meticulous records of verification efforts and any challenges encountered is essential for demonstrating compliance.
  • Staying Informed: Entities must remain vigilant, keeping abreast of regulatory changes and technological advancements to ensure their processes remain effective and compliant.


Authorization checks are more than just a regulatory requirement; they are a critical component of a financial institution’s risk management and security protocols. By ensuring that individuals acting on behalf of contracting parties are properly authorized, entities can safeguard against unauthorized transactions and activities, thereby contributing to the integrity and stability of the financial system. As regulations evolve and technology advances, so too must the practices surrounding authorization checks, ensuring they remain effective in the face of emerging threats and challenges.

By adhering to the mandates set forth in the AMLDs and national laws like Germany’s GwG, and by following the guidance provided by regulatory bodies such as BaFin, entities can navigate the complexities of authorization checks with confidence, ensuring compliance, enhancing security, and fostering trust in their business relationships.

4th AMLD

Te 4th AMLD (Directive (EU) 2015/849), specifically from Article 13, outlines the requirements for customer due diligence measures that financial institutions and other obliged entities must undertake.

The focus on „any person purporting to act on behalf of the customer“ highlights the need for these entities to not only identify and verify the identity of their direct customers but also to ensure that individuals claiming to represent these customers are duly authorized to do so.

The directive mandates a multi-faceted approach to customer due diligence, which includes:

  1. Identifying the Customer: This involves collecting information that establishes the customer’s identity, using documents or data from reliable, independent sources.
  2. Verifying the Customer’s Identity: Beyond merely identifying the customer, entities must verify the authenticity of the information provided, ensuring it is accurate and comes from trustworthy sources.
  3. Identifying and Verifying the Beneficial Owner: For entities like legal persons and arrangements (e.g., trusts, companies), the directive requires understanding who ultimately owns or controls the customer. This means identifying the beneficial owners and verifying their identities to the satisfaction of the obliged entity.
  4. Understanding the Business Relationship: Entities must gather information about the intended nature and purpose of the business relationship with the customer.
  5. Ongoing Monitoring: There needs to be continuous scrutiny of the customer’s transactions and the business relationship as a whole. This includes ensuring transactions are consistent with the entity’s understanding of the customer’s profile and that all related information remains current.

The specific emphasis on verifying the authority of any individual claiming to act on behalf of a customer is crucial. This ensures that transactions or activities purportedly carried out in the name of a customer are legitimate and authorized. It involves not just recognizing the individual’s claim to represent the customer, but also rigorously verifying their identity and the extent of their authorization.

This comprehensive due diligence process is designed to prevent money laundering and terrorist financing by establishing clear accountability and transparency in financial transactions and business relationships. It underscores the importance of not just knowing the customer but also understanding the nature of their business and the legitimacy of those acting on their behalf.

5th AMLD

The amendment to Article 13(1) of Directive (EU) 2015/849, as detailed in the 5th Anti-Money Laundering Directive (AMLD), Directive (EU) 2018/843, introduces significant updates to the customer due diligence process. The focus here is on enhancing the methods and reliability of identifying and verifying the identity of customers and, by extension, any individuals purporting to act on their behalf.

Key updates and their implications include:

  1. Enhanced Identification Methods: The amendment emphasizes the use of electronic identification means and relevant trust services, as outlined in Regulation (EU) No 910/2014, for verifying customer identities. This includes secure remote or electronic identification processes that are regulated, recognized, approved, or accepted by national authorities. This modernization aims to increase the efficiency and security of the identification process, leveraging technology to improve compliance standards.
  2. Broadened Verification Sources: By allowing a broader range of documents, data, or information obtained from reliable and independent sources, including electronic means, the directive expands the toolbox available for entities to fulfill their due diligence obligations. This flexibility is particularly important in a digital age, enabling entities to adapt to technological advancements and changing regulatory landscapes.
  3. Verification of Senior Managing Officials: In cases where the beneficial owner is identified as a senior managing official, as per Article 3(6)(a)(ii), the amendment mandates that obliged entities must take reasonable measures to verify the identity of the natural person in that position. This includes maintaining records of the verification process and any difficulties encountered therein. This ensures that when ownership information is not directly available, entities have a clear protocol for establishing control via the identification of senior personnel.
  4. Record-Keeping: The requirement to keep detailed records of the verification process and any challenges faced enhances transparency and accountability. This record-keeping obligation ensures that entities can demonstrate compliance with due diligence requirements and facilitates regulatory oversight.

Overall, the amendments introduced by the 5th AMLD aim to strengthen the customer due diligence framework by incorporating more secure and versatile identification and verification methods. This includes a clear emphasis on ensuring that any person acting on behalf of the customer is properly authorized and identified, enhancing the overall effectiveness of anti-money laundering and counter-terrorist financing measures.

German GwG

Section 10(1) No. 1 of the German GwG delineates general due diligence obligations for obliged entities. The focus is on the identification and verification processes associated with both the contracting party and any individuals acting on their behalf.

Key points include:

  1. Identifying the Contracting Party: This involves establishing the identity of the entity or individual entering into a business relationship or transaction. It is the foundational step in the due diligence process, ensuring that the entity knows with whom it is dealing.
  2. Identifying the Person Acting on Behalf: In addition to identifying the contracting party, there is a requirement to identify any individuals who are acting on behalf of the contracting party. This step is crucial when the contracting party does not engage with the entity directly but through representatives.
  3. Legal Basis and Verification: The identification process for persons acting on behalf of the contracting party is governed by specific sections referenced in the GwG – sections 11(4) and 12(1) and (2). These sections likely provide detailed procedures and criteria for how the identification and verification should be conducted.
  4. Authority to Act: A critical component of the due diligence process is verifying that the person acting on behalf of the contracting party is indeed authorized to do so. This involves checking the legal or contractual authority that allows the individual to represent the contracting party in the business relationship or transaction.

The emphasis on verifying the authority of persons acting on behalf of the contracting party underscores the importance of ensuring that all parties involved in a transaction or business relationship are properly identified and authorized. This approach aims to prevent money laundering and terrorist financing by adding layers of verification to prevent unauthorized or fraudulent activities. It ensures transparency and accountability in business transactions, aligning with broader efforts to combat financial crimes.

BaFin-Interpretation and Application Guidance on the German GwG

The BaFin Interpretation and Application Guidance on the German GwG, specifically in section 5.1.5, addresses the requirement for verifying the authority of individuals acting on behalf of a contracting party, as outlined in section 10 (1) no. 1 of the GwG. This guidance provides clarification on how entities should approach the verification of such authority, particularly in the context of financial transactions and relationships.

Key aspects include:

  1. Verification of Authority: Entities are required to verify the authority of any person acting on behalf of a contracting party. This means ensuring that the individual has the legal or otherwise delegated right to act in the name of or represent the contracting party in dealings with the entity.
  2. Lack of Specific Requirements: The GwG does not specify particular requirements or methods for how this verification should be conducted. This absence of detailed stipulations implies that entities have some discretion in determining the most appropriate and effective means of verification, based on the nature of their business and the risks involved.
  3. Civil Law Authorisation Checks: In the context of financial transactions, especially those involving accounts at credit institutions, the guidance notes that the obligation to verify an individual’s authority to act on behalf of a contracting party can be satisfied through existing civil law authorisation checks. This is particularly relevant for payments, where such checks are standard practice to ensure that only individuals with the proper authority can initiate transactions from an account.
  4. Debt-Discharging Effect: The guidance highlights that payments made without proper authority (i.e., by individuals who do not have the right to dispose of account funds) will not be considered as discharging the debtor’s obligation. This underscores the importance of authorisation checks in the financial sector, as they ensure that transactions are both legitimate and legally binding.

Overall, the BaFin guidance emphasizes the necessity of verifying the authority of persons acting on behalf of contracting parties, while acknowledging the role of existing practices within the financial sector to fulfill this requirement. Entities are encouraged to leverage these practices, where applicable, to ensure compliance with the GwG’s due diligence obligations.