Financial Crime World

KYC Guidelines for Financial Institutions in Austria Undergo Significant Changes

===========================================================

Austria’s financial sector is undergoing significant transformations as the country embarks on its digitalization journey. This article explores the recent changes to Know Your Customer (KYC) guidelines for financial institutions in Austria, specifically focusing on the requirements for financial service providers.

Background

In January 2017, the Austrian Financial Market Authority (FMA) approved video-based identification for onboarding new customers, allowing businesses to onboard their customers remotely by identifying them through a video chat. This marked the first step towards digitalization in Austria’s financial sector.

Recent Developments

In November 2021, the FMA issued an amendment to the Austrian Online Identification Regulation that allowed fully automated biometric procedures for identity verification under the Austrian Anti-Money Laundering Act (Finanzmarkt-Geldwäschegesetz). This has given financial institutions and other entities subjected to AML regulations the opportunity to use biometric identity verification in addition to previous verification means.

Affected Entities

Austria’s recently amended regulations allow the use of biometric KYC onboarding for:

  • Financial service providers
  • Credit institutions
  • Cryptocurrency service providers

For the purpose of this article, we will focus on the requirements for financial service providers.

New Requirements

To onboard customers online through biometrics in line with the FMA online identification regulation, financial service providers must:

Technical and Security Measures

  • Use appropriate technical and security measures to ensure the integrity and confidentiality of customer data.
  • Implement robust authentication processes to prevent unauthorized access to customer information.

Presence Check Recording

  • Record a video of the whole presence check process, ensuring that all aspects of the verification are captured.
  • Keep records of the presence check process (including audio, if available).

Records Management

  • Maintain accurate and up-to-date records of all online identification processes, including biometric data.
  • Ensure that these records are secure and comply with relevant regulations.

Compliance Challenges

There are already concerns about requiring electronically-signed ID documents with NFC chips. Many ID cards lack NFC chips or have included this feature very recently and are not yet active and valid.

Financial service providers must strike a balance between the full implementation of biometric identification and regulatory compliance. This may require:

  • Developing new policies and procedures to accommodate biometric identity verification.
  • Ensuring that existing systems and processes can support the use of biometrics.
  • Providing training for staff on the new requirements and procedures.

By understanding these changes, financial institutions in Austria can ensure they remain compliant with regulatory requirements while embracing digitalization.