Article 28 Regulatory technical standards on the information necessary for the performance of customer due diligence

1. the requirements that apply to obliged entities pursuant to Article 20 and the information to be collected for the purpose of performing standard, simplified and enhanced due diligence pursuant to Articles 22 and 25 and Articles 33(1) and 34(4), including minimum requirements in situations of lower risk;

2. the type of simplified due diligence measures which obliged entities may apply in situations of lower risk pursuant to Article 33(1) of this Regulation, including measures applicable to specific categories of obliged entities and products or services, having regard to the results of the risk assessment at Union level conducted by the Commission pursuant to Article 7 of Directive (EU) 2024/1640;

3. the risk factors associated with features of electronic moneymeans electronic money as defined in Article 2, point (2), of Directive 2009/110/EC of the European Parliament and of the Council(38) Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC (OJ L 267, 10.10.2009, p. 7)., but excluding monetary value as referred to in Article 1(4) and (5) of that Directive;Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC (OJ L 267, 10.10.2009, p. 7). instruments that should be taken into account by supervisorsmeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620; when determining the extent of the exemption under Article 19(7);

4. the reliable and independent sources of information that may be used to verify the identification data of natural or legal persons for the purposes of Article 22(6) and (7);

5. the list of attributes which electronic identification means and relevant qualified trust services referred to in Article 22(6), point (b), must feature in order to fulfil the requirements of Article 20(1), points (a) and (b), in the case of standard, simplified and enhanced due diligence.

1. the inherent risk involved in the service provided;

2. the risks associated with categories of customers;

3. the nature, amount and recurrence of the transaction;

4. the channels used for conducting the business relationshipmeans a business, professional or commercial relationship connected with the professional activities of an obliged entity, which is set up between an obliged entity and a customer, including in the absence of a written contract and which is expected to have, at the time when the contact is established, or which subsequently acquires, an element of repetition or duration; or the occasional transaction.

AMLA shall review regularly the regulatory technical standards and, if necessary, prepare and submit to the Commission the draft for updating those standards in order, inter alia, to take account of innovation and technological developments.

Power is delegated to the Commission to supplement this Regulation by adopting the regulatory technical standards referred to in paragraphs 1 and 3 of this Article in accordance with Articles 49 to 52 of Regulation (EU) 2024/1620.