Regular and Event-driven Update

Regular and Event-driven Update

The concept of ‚Update‚ plays a pivotal role in Anti-Money Laundering (AML) and Counter Terrorist Financing (CTF). Key legislative frameworks like the 4th AMLD and 5th AMLD, the German Money Laundering Act (GwG), and the BaFin-Interpretation and Application Guidance, all emphasize the necessity of keeping customer-related information current and accurate.

Periodic Update: A Proactive Approach to Risk Management

The idea of a periodic update is deeply ingrained in AML compliance, acting as a proactive measure to ensure continuous accuracy in customer due diligence (CDD).

  • 4th and 5th AMLDs: The AMLDs underline the importance of ongoing monitoring and updating customer information, especially in relation to the customer’s risk profile and transaction patterns.
  • German GwG: Similarly, the GwG mandates regular review and updating of customer data, aligning with the risk level associated with each customer.
  • BaFin Guidelines: They further detail this approach, suggesting different intervals for updates based on risk categories – from low-risk profiles requiring updates latest every 15 years to high-risk profiles necessitating updates at least every 2 years.

This systematic, time-bound approach helps obliged entities stay ahead in identifying potential risks, ensuring that their knowledge about customers remains relevant and up-to-date.

Event-driven Update: Responding to Changes

Event-driven updates represent a responsive strategy in AML compliance, triggered by specific events or changes in a customer’s profile.

  • Triggering Events: These can include changes in customer circumstances, legal obligations to review beneficial ownership information, or detection of abnormalities in transaction patterns.
  • 4th AMLD, 5th AMLD and GwG Perspective: Both the AMLDs and GwG stress the need to reassess due diligence measures when there’s a significant change in the customer’s situation, ensuring that the customer data aligns with their current profile.
  • BaFin’s Approach: It specifies situations like undeliverable post, updates in customer’s master data, or doubts about the currentness of data as reasons for immediate update action.

Event-driven updates are crucial for addressing any sudden changes that might alter the risk associated with a customer, allowing for a swift and appropriate response to maintain compliance integrity.

By adhering to both periodic and event-driven updates, financial institutions and obliged entities can effectively manage risks, adhere to regulatory requirements, and contribute to a safer financial environment.

4th AMLD

Article 13(1)(d) of the 4th Anti-Money Laundering Directive (Directive (EU) 2015/849) primarily addresses the requirements for customer due diligence measures that financial institutions and other obliged entities must undertake. The focus of this article is on the ongoing monitoring of business relationships and transactions.

Here’s a summary with an emphasis on „updating“ or „keeping up-to-date“:

  1. Ongoing Monitoring of Business Relationships: The article mandates continuous scrutiny of the business relationships that an entity has with its customers. This isn’t a one-time activity but a continuous process throughout the tenure of the business relationship.
  2. Consistency with Customer Profile: Transactions conducted throughout the business relationship should align with the entity’s understanding of the customer’s profile. This includes an assessment of the customer’s behavior, nature of transactions, and associated risks.
  3. Understanding the Source of Funds: A crucial aspect of due diligence is understanding where the customer’s funds are coming from. This helps in assessing the risk of money laundering or other illicit activities.
  4. Keeping Documents and Information Up-to-Date: This is a key element of the article. It emphasizes the importance of ensuring that all documents, data, or information regarding the customer are current and reflect any changes in the customer’s profile or risk assessment. This is vital to ensure that the entity’s understanding of the customer remains accurate over time.
  5. Adjusting Risk Profiles Accordingly: The continuous monitoring and updating of customer information may lead to adjustments in the customer’s risk profile. If new information suggests a higher or lower risk than previously assessed, the obliged entity should adjust their monitoring and due diligence measures accordingly.

In summary, Article 13(1)(d) of the 4th AMLD emphasizes the importance of continuous monitoring and updating of customer-related information to ensure compliance and mitigate risks associated with money laundering and terrorist financing. This ongoing process is critical in maintaining accurate and current knowledge of customers and their transactions.

5th AMLD

The amendment to Article 14, paragraph 5, in the 5th Anti-Money Laundering Directive (Directive (EU) 2018/843) significantly updates and extends the requirements for customer due diligence (CDD) measures. The focus is on ensuring that CDD is not just a one-time activity but an ongoing process, especially in the context of „updating“ or „keeping up-to-date“. Here’s a summary of the key points:

  1. Application to All Customers: Obliged entities are required to apply customer due diligence measures to all customers, both new and existing. This broadens the scope of the directive to include continuous monitoring of existing relationships as well as the assessment of new customers.
  2. Risk-Sensitive Basis: The directive emphasizes that these measures should be applied on a risk-sensitive basis. This means that the frequency and intensity of the monitoring should correspond to the level of risk associated with the customer. Higher risk customers should be subject to more stringent and frequent checks.
  3. Trigger Events for Review: The CDD measures need to be reapplied or updated in certain situations:
    • When there are changes in the relevant circumstances of a customer, suggesting a reassessment is needed.
    • If there is a legal duty during the calendar year to contact the customer for reviewing information related to the beneficial owner(s). This implies a periodic review obligation to ensure information remains current.
    • In cases where there was a duty under Council Directive 2011/16/EU, which relates to administrative cooperation in the field of taxation.
  4. Ongoing Nature of Due Diligence: This amendment underscores the need for ongoing due diligence. It’s not enough to assess customers at the start of their relationship with the entity; there must be continuous assessment and updating of their information, particularly in response to changes in their situation or risk profile.

In essence, this amendment to Article 14 of the 5th AMLD reinforces the importance of continuous and dynamic customer due diligence. It requires obliged entities to regularly update and reassess customer information, particularly in response to changes in customer circumstances or risk profiles, ensuring a proactive approach to anti-money laundering and counter-terrorist financing.

German GwG

The sections from the German Money Laundering Act (GwG) you’ve mentioned primarily focus on the general due diligence requirements, particularly emphasizing the importance of continuous monitoring and updating of information in the context of business relationships. Here’s a summary with a focus on „updating“ or „keeping up-to-date“:

Continuous Monitoring including Updating

  1. Continuous Monitoring: Obliged entities must constantly monitor their business relationships, including scrutinizing transactions that occur within these relationships.
  2. Consistency with Customer Information: The transactions and business relationship should be consistent with:
    • a) The documents and information the obliged entity has about the contracting party and, where applicable, the beneficial owner. This includes understanding their business activity and customer profile.
    • b) Information about the source of wealth, where necessary.
  3. Updating Information: During continuous monitoring, obliged entities are required to update the relevant documents, data, or information at appropriate intervals. This updating should be based on the risk associated with the customer, implying that higher-risk customers might need more frequent updates.


  1. Application to all customers: Due diligence requirements must be fulfilled for all new customers. For existing business relationships, these requirements must be applied at suitable times, based on a risk-sensitive approach.
  2. Situations triggering a re-assessment:
    • a) When there are changes in the relevant circumstances of a customer.
    • b) When there is a legal obligation to contact the customer during the calendar year to review information related to the beneficial owner.
    • c) Obligations under Council Directive 2011/16/EU related to administrative cooperation in the field of taxation.

In summary, both sections from the German GwG emphasize the necessity for ongoing due diligence in business relationships, highlighting the importance of continuously monitoring and updating customer-related information. This process is not static but dynamic, adjusting to changes in customer circumstances, risk profiles, and legal obligations. The objective is to maintain an accurate, current understanding of customers and their transactions, thereby aiding in the prevention of money laundering and terrorist financing activities.

BaFin-Interpretation and Application Guidance on the German GwG

The BaFin Interpretation and Application Guidance on the German GwG provides detailed insights into customer due diligence obligations, particularly focusing on the updating or keeping up-to-date of customer-related information. Here’s a summary of the key points from the specified sections:

Triggers for Customer Due Diligence (CDD)

  • When there’s a change in a customer’s relevant circumstances, obliged entities must update or supplement the general due diligence obligations.
  • This could mean re-fulfilling certain due diligence obligations based on a risk-based approach.
  • Changes that might trigger this include a change in corporate form, a merger, or a significant change in ownership and control structure.

Risk-based Customer Due Diligence (CDD)

  • Obligation to Update: Obliged entities must ensure that documents, data, or information about the contracting party are updated at appropriate intervals on a risk-oriented basis.
  • Points of Reference for Updates:
    • IT-based monitoring abnormalities.
    • General correspondence (like account statements, financial statements).
    • General contacts during the business relationship.
    • Other reasons for reviewing customer data (like creditworthiness checks).
  • Method of Updating: Update measures can be fulfilled without direct customer contact, using information from reliable sources. Section 11 (3) of the GwG, which refers to the identification obligation, does not apply to the update obligation.
Regular Updating
  • Review Periods According to Risk Classes:
    • Inactive accounts: Update measures required upon reactivation.
    • Low risk: Update at least every 15 years; consider further measures if no customer reaction.
    • Normal risk: Update at least every 10 years; reassess risk if update is unsuccessful/unclear.
    • High risk: Update at least every 2 years; appropriate monitoring is necessary.
Event-Driven Update
  • Review in Specific Cases:
    • Undeliverable post.
    • Customer notifies change in master data (name, address, marital status).
    • Doubts about the currentness of customer data.

The BaFin guidelines emphasize a dynamic approach to customer due diligence, with the need for regular and event-driven updates of customer information. These updates are guided by a risk-oriented approach, where the frequency and intensity of the updates depend on the risk category of the customer. The guidelines also recognize various triggers and methods for updating customer information, ensuring that the data held by obliged entities remains current and reflective of any changes in the customer’s circumstances or risk profile. This approach is crucial for effective anti-money laundering and counter-terrorist financing efforts.