It is a well-known fact that remote business relationships are included in the list of activities capable of presenting a greater level of risk as regards money laundering and the financing of terrorism. This means that we have to resort to enhanced due diligence measures in establishing a remote business relationship with the client.

The indicated enhanced due diligence measures are not suitable for every type of relationship or commercial operation and may create additional problems for regulated entities, since not all clients have e-signatures nor does the first payment made by the client always occur at the commencement of a relationship.

This fact results in some regulated entities being forced to request their clients for a certified copy of their identity documents, which distorts the nature of remote activities.

In order to overcome this situation Roca Junyent has advised using a German third party exchange facility in relation to obtaining authorisation from the Government Service for the Prevention of Money Laundering ("SEPBLAC") in order to identify its clients in remote activities through the use of a videoconferencing system ("Video KYC"), as is used in Germany (thus allowing the process of identifying clients that is established in Spain and Germany to be standardised).

This has led SEPBLAC to recognise the Video KYC process for the first time in Spain as a secure procedure for the identification of clients, in accordance with article 21.1.d) of Law 10/2010 of 28 April on the prevention of money laundering and the financing of terrorism (the "Anti Money Laundering Act"), which empowers SEPBLAC to authorise other identification procedures different from those established expressly by the regulations.

The approval of this new system of client identification came into force on 1 March 2016, and it can be used by any person in respect of whom this information is required under the Anti Money Laundering Act (which also includes foreigners operating in Spain through branches, agents or the free provision of services).

The main requirements set out by SEPBLAC are as follows:

  • The actual prior implementation of a remote identification process via videoconference, with the regulated entity having to carry out the specific risk analysis referred to in article 32.2 of the Regulations concerning Law 10/2010.
  • The remote identification procedures via videoconference must be managed by staff with specific training.
  • The client must explicitly consent to carrying out the remote identification procedures via videoconference and their recording and storage, either in advance or in the course thereof.
  • During the videoconference, the regulated entity shall adopt measures to ensure the privacy of the conversation held with the client.
  • Any photographs or snapshots from mobile applications obtained must meet the conditions of quality and clarity for them to be used for enquiries or assessment and shall be kept in accordance with the provisions of article 25 of Law 10/2010.

Another matter to be highlighted from the permission granted by SEPBLAC is that it explicitly recognises the opportunity to outsource the application of this system of identification, provided that the regulated entity retains all of the related liability. We understand that this outsourcing must not be confused with the third-party review mechanism established under article 8 of the Anti Money Laundering Act, which is intended solely for ordinary due diligence measures (and not for the enhanced due diligence measures applicable to remote activities).

In view of the above, we are pleased to confirm that the Spanish authorities are beginning to appreciate, as SEPBLAC makes clear by its approval, that technological innovation in the financial sector may reduce costs, increase competitiveness and offer better service to clients. There will never be an actual digitalization of traditional sectors such as banking if we continue to use only offline procedures that do not adapt to the needs of the new realities such as Fintech. In any event, there is no doubt that the establishment of these measures must take place without reducing the levels of protection for the clients. In any case, we acknowledge that this move on the part of SEPBLAC is going in the right direction and is a first step towards accommodating regulations to new online anti money laundering procedures.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.