![Updated Instructions for Remote Authentication for Companies in France [November 2021]](/en/content/images/size/w1280/format/webp/20250730014419_remote-verification-for-french.jpeg)
Instructions for Conducting Remote Authentication for Companies functioning in France (Latest Update: November 2021)
Strengthened Anti-Money Laundering Measures in France Simplify Verification Processes for Businesses
In response to the Fifth Anti-Money Laundering Directive (5AMLD) and the implementation of Decree No 2020-118 and Decree No 2021-387, French businesses are now faced with updated identification and verification requirements aimed at enhancing anti-money laundering (AML) controls, particularly in customer due diligence (CDD) and enhanced due diligence (EDD).
These updated requirements emphasize enhanced, risk-based CDD with robust ongoing monitoring, thorough verification of identity and beneficial ownership, strict record-keeping, and timely suspicious activity reporting to TRACFIN, the French AML financial intelligence unit.
Key updated requirements for French businesses include:
- Customer Identification and Verification: Businesses must verify customer identities using reliable, independent source documents, data, or information as part of CDD. This includes checking official identity documents and proof of address and ensuring their authenticity and validity through verification processes such as biometric checks or document validation.
- Risk-Based Approach: CDD is applied using a risk-based approach where the level of scrutiny adapts according to the assessed risk of money laundering or terrorist financing linked to the customer or transaction. Higher-risk customers or scenarios (e.g., Politically Exposed Persons (PEPs) or sectors prone to illicit activities) require EDD, which involves more stringent identity verification and continuous monitoring.
- Ongoing Monitoring: Verification doesn’t stop at onboarding; continuous monitoring of the business relationship and transactions is mandatory to detect suspicious behavior or changes in risk profile.
- Record-Keeping: Entities must retain records of customer identification and transactions for at least five years from the end of the business relationship or transaction completion to enable effective audits and investigations.
- Suspicious Transaction Reporting: Upon detecting suspicious transactions or activities, firms must report these promptly to TRACFIN detailing the nature of suspicion, parties involved, and supporting evidence. Reporting should happen through the designated Ermes platform.
- Legislative Basis: These identification and verification updates are consistent with the legal frameworks set by 5AMLD and reinforced by French decrees (No 2020-118 and No 2021-387), ensuring alignment with EU AML standards and addressing previous gaps. These decrees have formalized provisions around customer identity verification, risk-based CDD measures, and strengthened supervisory oversight, particularly focusing on transparency and control over beneficial ownership and politically exposed persons.
In terms of customer identification, businesses must identify the purpose and the nature of the business relationship they are establishing with a client. For natural persons, this includes obtaining their first and last name, as well as their date and place of birth. Official documents such as national identity cards, passports, driver licenses, residence permits, and receipts for residence permits/residence cards/asylum applications in progress can be used for online onboarding.
For legal entities, businesses must obtain its legal form, name, registration number, head office address, and the place of actual activity if it differs from the legal address. The beneficial owner of the legal entity must also be identified, which can be done by collecting the same information required from natural persons.
Remote verification is now considered as secure as face-to-face verification in France. As of April, 2020, French businesses can use providers certified by the ANSSI under the same regulation. The list of AML compliant verification providers has expanded to include services certified by the National Cybersecurity Agency of France (ANSSI). Businesses can choose from three sole verification solutions approved by French regulators: national identification schemes, providers certified by the ANSSI, and software certified by the ANSSI.
If the first three solutions are not available, businesses can use a combination of at least two of the following measures: obtaining a copy of one official document, verifying and certifying a copied document through an independent third-party, requiring that the first transaction be made by an AML-obliged entity, verifying the client through a third party meeting requirements under the Article L561-7 of the French Monetary and Financial Code, using remote verification providers certified by the ANSSI, obtaining an electronic signature or an electronic seal under the eIDAS Regulation.
Providers conforming to Regulation (EU) N°910/2014 (eIDAS Regulation) are now subject to more flexible security requirements, even when they're used as a single method of verification. The new rules also apply to foreign firms onboarding French clients if they are established in the EU/EEA and operate in France through a branch or an agent.
The adopted measures make remote verification more available for businesses while enabling them to check French users faster and easier, all without neglecting security and compliance. The changes were ushered in by Decree No 2020-118 issued February 12th, 2020 and Decree No 2021-387 issued April 2, 2021. The beneficial owner of a company is a person who directly or indirectly owns more than 25% of its capital/voting rights or otherwise exercises ultimate control over it. France has transposed the principles of the Fifth AML Directive into its Financial and Monetary Code.
[1] Source: Official Journal of the French Republic [2] Source: Autorité de contrôle prudentiel et de résolution [3] Source: Autorité des marchés financiers
- In the context of strengthened Anti-Money Laundering measures in France, businesses must adapt their finance and technology infrastructure to verify customer identities remotely, using certified providers and national identification schemes for secure and compliant identification processes.
- With enhanced customer due diligence requirements, French businesses employ technology and innovative solutions to meet risk-based approach demands, ensuring comprehensive identity and beneficial ownership verification, ongoing monitoring, rigorous record-keeping, and timely suspicious activity reporting, thus aligning with international business and technology standards for AML compliance.
){kind=link}