Customer due diligence
The risk assessment of obliged entities forms the basis for customer risk classification. The assessment determines the type of due diligence to be carried out. When a risk assessment shows that there is a low risk, a simplified due diligence may be applied. If, on the other hand, a risk assessment shows a higher risk, more rigorous due diligence should be performed. At the same time, increased due diligence must also be carried out under certain statutory circumstances.
The conducting of due diligence
-
Firstly, customers, beneficial owners and any parties that have authority to represent the customer towards the obliged entity must prove their identities to the obliged entities by presenting recognised ID and legal entities information from an official register.
-
Secondly, the obliged entities themselves must obtain adequate information about customers, beneficial owners and any parties that have authority to represent the customer towards the obliged entity.
-
Thirdly, obliged entities need to ensure the reliability of information about customers and beneficial owners. This involves verifying the identity of the customer and the beneficial owner where applicable. This also applies to any parties that have authority to represent the customer towards the obliged entity. The identity of these parties shall be verified on the basis of reliable and independent information, in addition to which information on the purpose and nature of the proposed transaction shall be assessed. An obliged entity shall independently assess whether the information about the beneficial owner is correct and satisfactory and that the entity understands the ownership, activities and organisational structure of the clients, who are legal entities, trust funds or other comparable entities. There shall also be an assessment of whether the transaction is carried out in the interest of a third party and, if so or if there is reason to believe so, the identity of the third party must be verified. The parties must also confirm, as appropriate, the source of the funds used in the transaction and take appropriate measures to verify the relevant information.
When shall due diligence be carried out?
Under the supervision of the Central Bank of Iceland, obliged entities shall carry out due diligence in the following circumstances:
-
when establishing a contractual relationship,
-
when carrying out individual transactions amounting to EUR 15,000 or more, based on the officially posted exchange rate at any time, whether the transaction is carried out in a single operation or in several operations, which appear to be linked,
-
in the case of a transfer of funds, in the case of individual transactions, whether it be a transfer of funds within the country or across borders, amounting to EUR 1,000 or more at the official exchange rate as recorded at any given time,
-
in the trading of goods and services, which are paid for in cash, whether the transaction is made in one payment or several payments, which appear to be linked, amounting to EUR 10,000 or more, based on the official exchange rate recorded at any given time,
-
when there is a suspicion of money laundering or terrorist financing, regardless of any exemption or threshold,
-
when there are doubts about the veracity or reliability of submitted information on the customer or beneficial owner.
The performance of due diligence is further stipulated in section III of Act no. 140/2018 and Regulations no. 745/2019 on Due Diligence and the guidelines of the European Banking Authority (EBA).
Useful links
- Regulation no. 745/2019 on due diligence (Icelandic)
- Due diligence - educational material of the steering group on measures against Money Laundering and Terrorist Financing (Icelandic)
- Risk Factors Guidelines