Scanning customers' ID complies with the record keeping requierments of the German Money Laundering Act


According to Section 3 (1) No. 1 GwG, all persons and entities covered by the German Money Laundering Act – e.g. credit institutions, financial services institutions, payment institutions, real estate agents, lawyers – are required to identify their contracting parties before establishing a business relationship.

The data that needs to be collected, according to Section 4 (3) No. 1 GwG vis-à-vis natural persons is their full name (surname and at least one given name), place and date of birth, nationality and address. Section 4 (4) No. 1 GwG requires the verification of identity on the basis of a valid official identity document that includes the holder‘s photograph, which satisfies domestic requirements for identity cards or passports, or which are recognized or accepted under foreign laws.

For companies, the following data is required - the (company) name or designation, legal form, register number if applicable, address of the seat or headquarters and the name of the legal representatives or members of the representative body (Section 4 (3) No. 2 GwG). Section 4 (4) No. 2 GwG, requires the firm to obtain an excerpt from the commercial register or a comparable official register, articles of association or equivalent conclusive documents.

According to Section 8 (1) and (3) GwG, all the information collected needs to be recorded and retained for at least five years. A copy of the documents presented or used for the verification of identity qualify as a record of the information contained therein (cf. Section 8 (1) Sentence 3 GwG).

BaFin has been asked to confirm that the scanning of such documents (to retain the copy in electronic form or “soft copy”) equates with printing and retaining a hard copy (i.e. to confirm BaFin’s administrative practice to date). BaFin has now officially confirmed that this is the case but has emphasised that firms retaining scanned or electronic copies require adequate technical and organisational safeguards.

You can read the (German language) Circular here.