RTS on customer due diligence

Information collected by obliged entities for customer due diligence purposes may not always be in the form of documents. This Regulation specifies the situations where documents should be collected.

Obtaining data and documents from independent and reliable sources is key to ensuring that obliged entities can be satisfied that they know who their customers are. Reliable and independent sources of information for customers that are not natural persons include, but are not limited to: statutory documents of the legal entity or legal arrangementmeans an express trust or an arrangement which has a similar structure or function to an express trust, including fiducie and certain types of Treuhand and fideicomiso; required by law, including certificates of incorporation or audited financial statements; the most recent version of the constitutive documents establishing the legal entity or legal arrangementmeans an express trust or an arrangement which has a similar structure or function to an express trust, including fiducie and certain types of Treuhand and fideicomiso;, including the Memorandum of Association and Articles of Association, or a recent official copy of these documents issued by the applicable public registers and lists or an unofficial copy thereof certified by an independent professional or a public authority. In the case of a trust or similar legal arrangementmeans an express trust or an arrangement which has a similar structure or function to an express trust, including fiducie and certain types of Treuhand and fideicomiso; that may not be subject to registration, a recent copy of the trust deed, or an extract thereof, together with any other document that determines the exercise of any powers by the trustees or similar administrators, certified by an independent professional, could qualify as reliable and independent sources of information.

Obliged entities should assess the level of reliability and independence of the sources of information they have obtained as part of their customer due diligence process based on certain criteria. For example, unless it has been issued by a state or public authority, a recent document may be more reliable than information that dates back several years. Once such assessment of a certain source is completed, the results of such assessment can be used for multiple customers.

There may be situations where identity documents issued to or held by the customer do not meet the attributes of an identity card or passport. This could be the case, for example, where the customer has credible and legitimate reasons for being unable to provide traditional forms of identity documentation: being an asylum seeker; a refugee; a person to whom a residence permit was not granted, but whose repatriation is impossible for legal or factual reasons; being homeless or being otherwise vulnerable. Regulation (EU) 2024/1624 does not provide an exemption from the list of information obliged entities should collect for natural persons in this category. To mitigate the risk of financial exclusion and unwarranted de-risking, this Regulation makes the approach more flexible by allowing obliged entities to obtain the requested information from these natural persons via other credible means. This could be the case where the customer is or acts on behalf of a minor child who does not possess a passport or identity document. In view of the minor’s representation by a parent or legal guardian, who would themselves be subject to identification and verification, it would be appropriate to consider a birth certificate as a credible source for the purposes of identifying and verifying the identity of the minor child.

Obtaining beneficial ownermeans any natural person who ultimately owns or controls a legal entity or an express trust or similar legal arrangement; information for all customers that are not natural persons is essential for complying with anti-money laundering and countering the financing of terrorism (AML/CFT) requirements and with targeted financial sanctionsmeans both asset freezing and prohibitions to make funds or other assets available, directly or indirectly, for the benefit of designated persons and entities pursuant to Council Decisions adopted on the basis of Article 29 TEU and Council Regulations adopted on the basis of Article 215 TFEU; obligations. For this reason, consultation of central registers for information on beneficial ownersmeans any natural person who ultimately owns or controls a legal entity or an express trust or similar legal arrangement; is necessary but not sufficient to fulfil the verification requirements.

There are legitimate situations where the obliged entity may be unable to identify a natural person as the beneficial ownermeans any natural person who ultimately owns or controls a legal entity or an express trust or similar legal arrangement; of its customer. In these situations, Regulation (EU) 2024/1624 instead requires the identification of senior managing officials (SMOs). While SMOs are not beneficial ownersmeans any natural person who ultimately owns or controls a legal entity or an express trust or similar legal arrangement;, for the purposes of identification and verification measures, obliged entities should collect equivalent information for SMOs as they do for the beneficial ownersmeans any natural person who ultimately owns or controls a legal entity or an express trust or similar legal arrangement;.

The identification of SMOs is permitted under Regulation (EU) 2024/1624 only in cases where the obliged entity has been unable to identify beneficial ownersmeans any natural person who ultimately owns or controls a legal entity or an express trust or similar legal arrangement; having ‘exhausted all possible means of identification’ or where ‘there are doubts that the persons identified are the beneficial ownersmeans any natural person who ultimately owns or controls a legal entity or an express trust or similar legal arrangement;’. Finding it difficult to identify the beneficial ownermeans any natural person who ultimately owns or controls a legal entity or an express trust or similar legal arrangement;, for example in cases of complex corporate structures, does not amount to ‘doubts’ and therefore will not provide a sufficient basis for the obliged entity to instead identify the SMOs.

When collecting information on the identity of SMOs in line with Article 22(2), second subparagraph, of Regulation (EU) 2024/1624, the obliged entity may collect the address of the registered office of the legal entity instead of the residential address and country of residence required under Article 62(1), second subparagraph, point (a), of Regulation (EU) 2024/1624.

This Regulation specifies that, in addition to the information to be collected pursuant to the relevant provisions of Section 2 of this Regulation, obliged entities shall obtain information enabling them to verify the existence and scope of any power of representation. Such information may include documentation evidencing a power of attorney or statutory representation, such as proof of legal or parental representation by means of a birth certificate or court-appointed guardianship.

Understanding the purpose and intended nature of a business relationshipmeans a business, professional or commercial relationship connected with the professional activities of an obliged entity, which is set up between an obliged entity and a customer, including in the absence of a written contract and which is expected to have, at the time when the contact is established, or which subsequently acquires, an element of repetition or duration; or occasional transaction is an important component of the customer due diligence process and the modalities are set out in Article 25 of Regulation (EU) 2024/1624. Obliged entities should assess whether the information already at their disposal is sufficient to understand its purpose and intended nature. In situations where they need further information in order to be satisfied that they understand the purpose and intended nature of the business relationshipmeans a business, professional or commercial relationship connected with the professional activities of an obliged entity, which is set up between an obliged entity and a customer, including in the absence of a written contract and which is expected to have, at the time when the contact is established, or which subsequently acquires, an element of repetition or duration; or occasional transaction, this Regulation specifies which information obliged entities should obtain before entering into a business relationshipmeans a business, professional or commercial relationship connected with the professional activities of an obliged entity, which is set up between an obliged entity and a customer, including in the absence of a written contract and which is expected to have, at the time when the contact is established, or which subsequently acquires, an element of repetition or duration; or performing an occasional transaction to satisfy their information needs.

Article 20(1), point (h), of Regulation (EU) 2024/1624 requires that obliged entities identify and verify the identity of the natural person on whose behalf or for the benefit of whom a transaction or activity is being conducted. This Regulation lays down specific rules for the identification and verification of the identity of the final investors of a collective investment undertaking (CIU) that distributes its shares or units through another credit or financial institutionmeans:an undertaking other than a credit institution or an investment firm, which carries out one or more of the activities listed in points (2) to (12), (14) and (15) of Annex I to Directive 2013/36/EU of the European Parliament and of the Council(32) Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC (OJ L 176, 27.6.2013, p. 338)., including the activities of currency exchange offices (bureaux de change), but excluding the activities referred to in point (8) of Annex I to Directive (EU) 2015/2366, or an undertaking the principal activity of which is to acquire holdings, including a financial holding company, a mixed financial holding company and a financial mixed activity holding company;Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC (OJ L 176, 27.6.2013, p. 338).an insurance undertaking as defined in Article 13, point (1), of Directive 2009/138/EC of the European Parliament and of the Council(33) Directive 2009/138/EC of the European Parliament and of the Council of 25 November 2009 on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II) (OJ L 335, 17.12.2009, p. 1)., insofar as it carries out life or other investment-related assurance activities covered by that Directive, including insurance holding companies and mixed-activity insurance holding companies as defined, respectively, in Article 212(1), points (f) and (g), of Directive 2009/138/EC;Directive 2009/138/EC of the European Parliament and of the Council of 25 November 2009 on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II) (OJ L 335, 17.12.2009, p. 1).an insurance intermediary as defined in Article 2(1), point (3), of Directive (EU) 2016/97 where it acts with respect to life insurance and other investment-related insurance services, with the exception of an insurance intermediary that does not collect premiums or amounts intended for the customer and which acts under the responsibility of one or more insurance undertakings or intermediaries for the products which concern them respectively;an investment firm as defined in Article 4(1), point (1), of Directive 2014/65/EU of the European Parliament and of the Council(34) Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (OJ L 173, 12.6.2014, p. 349).;Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (OJ L 173, 12.6.2014, p. 349).a collective investment undertaking, in particular:an undertaking for collective investment in transferable securities (UCITS) as defined in Article 1(2) of Directive 2009/65/EC and its management company as defined in Article 2(1), point (b), of that Directive or an investment company authorised in accordance with that Directive and which has not designated a management company, that makes available for purchase units of UCITS in the Union;an alternative investment fund as defined in Article 4(1), point (a), of Directive 2011/61/EU and its alternative investment fund manager as defined in Article 4(1), point (b), of that Directive that fall within the scope set out in Article 2 of that Directive;a central securities depository as defined in Article 2(1), point (1), of Regulation (EU) No 909/2014 of the European Parliament and of the Council(35) Regulation (EU) No 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving securities settlement in the European Union and on central securities depositories and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No 236/2012 (OJ L 257, 28.8.2014, p. 1).;Regulation (EU) No 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving securities settlement in the European Union and on central securities depositories and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No 236/2012 (OJ L 257, 28.8.2014, p. 1).a creditor as defined in Article 4, point (2), of Directive 2014/17/EU of the European Parliament and of the Council(36) Directive 2014/17/EU of the European Parliament and of the Council of 4 February 2014 on credit agreements for consumers relating to residential immovable property and amending Directives 2008/48/EC and 2013/36/EU and Regulation (EU) No 1093/2010 (OJ L 60, 28.2.2014, p. 34). and in Article 3, point (b), of Directive 2008/48/EC of the European Parliament and of the Council(37) Directive 2008/48/EC of the European Parliament and of the Council of 23 April 2008 on credit agreements for consumers and repealing Council Directive 87/102/EEC (OJ L 133, 22.5.2008, p. 66).;Directive 2014/17/EU of the European Parliament and of the Council of 4 February 2014 on credit agreements for consumers relating to residential immovable property and amending Directives 2008/48/EC and 2013/36/EU and Regulation (EU) No 1093/2010 (OJ L 60, 28.2.2014, p. 34).Directive 2008/48/EC of the European Parliament and of the Council of 23 April 2008 on credit agreements for consumers and repealing Council Directive 87/102/EEC (OJ L 133, 22.5.2008, p. 66).a credit intermediary as defined in Article 4, point (5), of Directive 2014/17/EU and in Article 3, point (f), of Directive 2008/48/EC, when holding the funds as defined in Article 4, point (25), of Directive (EU) 2015/2366 in connection with the credit agreement, with the exception of the credit intermediary carrying out activities under the responsibility of one or more creditors or credit intermediaries;a crypto-asset service provider;a branch of a financial institution referred to in points (a) to (i), when located in the Union, whether its head office is located in a Member State or in a third country;, which acts in its own name but on behalf or for the benefit of one or more final investors. To ensure the effectiveness of customer due diligence measures and the proportionality of their application, it is appropriate to allow CIUs, where the relationship with the intermediary institution is assessed as low or standard risk, to rely on that institution for the identification and verification of the final investors, provided that strict conditions are met and that information on the final investors can be obtained without undue delay. CIUs do not need to obtain information on the identity of the underlying investor in all cases and in a systematic manner. Consistent with a risk-based approach and in line with the principle of proportionality, the extent, including frequency and timing, and rationale for obtaining such information should be determined by the specific risks to be mitigated.

Regulation (EU) 2024/1624 requires specific measures to be applied to transactions or business relationshipsmeans a business, professional or commercial relationship connected with the professional activities of an obliged entity, which is set up between an obliged entity and a customer, including in the absence of a written contract and which is expected to have, at the time when the contact is established, or which subsequently acquires, an element of repetition or duration; with politically exposed personsmeans a natural person who is or has been entrusted with prominent public functions including:in a Member State:heads of State, heads of government, ministers and deputy or assistant ministers;members of parliament or of similar legislative bodies;members of the governing bodies of political parties that hold seats in national executive or legislative bodies, or in regional or local executive or legislative bodies representing constituencies of at least 50 000 inhabitants;members of supreme courts, of constitutional courts or of other high-level judicial bodies, the decisions of which are not subject to further appeal, except in exceptional circumstances;members of courts of auditors or of the boards of central banks;ambassadors, chargés d’affaires and high-ranking officers in the armed forces;members of the administrative, management or supervisory bodies of enterprises controlled under any of the relationships listed in Article 22 of Directive 2013/34/EU either by the state, or, where those enterprises qualify as medium sized or large undertakings or medium sized or large groups, as defined in Article 3(3), (4), (6) and (7) of that Directive, by regional or local authorities;heads of regional and local authorities, including groupings of municipalities and metropolitan regions, with at least 50 000 inhabitants;other prominent public functions provided for by Member States;in an international organisation:the highest ranking officials, their deputies and members of the board or equivalent functions of an international organisation;representatives to a Member State or to the Union;at Union level:functions at the level of Union institutions and bodies that are equivalent to those listed in points (a) (i), (ii), (iv), (v) and (vi);in a third country:functions that are equivalent to those listed in point (a); (PEPs). The focus of this Regulation is on measures for the identification, by obliged entities, of politically exposed personsmeans a natural person who is or has been entrusted with prominent public functions including:in a Member State:heads of State, heads of government, ministers and deputy or assistant ministers;members of parliament or of similar legislative bodies;members of the governing bodies of political parties that hold seats in national executive or legislative bodies, or in regional or local executive or legislative bodies representing constituencies of at least 50 000 inhabitants;members of supreme courts, of constitutional courts or of other high-level judicial bodies, the decisions of which are not subject to further appeal, except in exceptional circumstances;members of courts of auditors or of the boards of central banks;ambassadors, chargés d’affaires and high-ranking officers in the armed forces;members of the administrative, management or supervisory bodies of enterprises controlled under any of the relationships listed in Article 22 of Directive 2013/34/EU either by the state, or, where those enterprises qualify as medium sized or large undertakings or medium sized or large groups, as defined in Article 3(3), (4), (6) and (7) of that Directive, by regional or local authorities;heads of regional and local authorities, including groupings of municipalities and metropolitan regions, with at least 50 000 inhabitants;other prominent public functions provided for by Member States;in an international organisation:the highest ranking officials, their deputies and members of the board or equivalent functions of an international organisation;representatives to a Member State or to the Union;at Union level:functions at the level of Union institutions and bodies that are equivalent to those listed in points (a) (i), (ii), (iv), (v) and (vi);in a third country:functions that are equivalent to those listed in point (a);, their family membersmeans:a spouse, or a person in a registered partnership or civil union or in a similar arrangement;a child and a spouse of, or a person in a registered partnership or civil union or in a similar arrangement with, that child;a parent;for the functions referred to in point (34)(a)(i) and equivalent functions at Union level or in a third country, a sibling; or persons known to be close associates. PEP screening measures should apply to the customer, its beneficial ownermeans any natural person who ultimately owns or controls a legal entity or an express trust or similar legal arrangement; and the person on whose behalf or for the benefit of whom a transaction or activity is being carried out. These measures are important because once a PEP is identified, the obliged entity should apply specific and additional customer due diligence measures in relation to that customer.

In situations where the ML/TF risk is assessed as low, Regulation (EU) 2024/1624 allows the application of simplified due diligence measures. Simplified due diligence measures should ease the administrative burden on obliged entities and on their customers.

Minimum requirements for the identification of natural persons in low-risk situations should include at least the type of information that is usually included in a passport or identity document. This ensures that obliged entities have sufficient and verifiable information to establish the identity of their customers, while keeping the requirements proportionate to the lower level of ML/TF risk.

This Regulation identifies a service that would benefit from specific simplified due diligence measures. This is the case where a credit institutionmeans:a credit institution as defined in Article 4(1), point (1), of Regulation (EU) No 575/2013;a branch of a credit institution, as defined in Article 4(1), point (17), of Regulation (EU) No 575/2013, when located in the Union, whether its head office is located in a Member State or in a third country; opens a pooled account for a customer that is an obliged entity, to hold or administer fundsor ‘property’ means property as defined in Article 2, point (2), of Directive (EU) 2018/1673; that belong to the customer’s own clients, where the ML/TF risk of that service is assessed as low, based on the credit institutionmeans:a credit institution as defined in Article 4(1), point (1), of Regulation (EU) No 575/2013;a branch of a credit institution, as defined in Article 4(1), point (17), of Regulation (EU) No 575/2013, when located in the Union, whether its head office is located in a Member State or in a third country;’s risk assessment. In such cases, since the final customers are already subject to the customer due diligence measures applied by the obliged entity, it is proportionate to allow specific simplified due diligence measures, in order to avoid duplication of controls while ensuring that appropriate safeguards remain in place. Situations where credit institutionsmeans:a credit institution as defined in Article 4(1), point (1), of Regulation (EU) No 575/2013;a branch of a credit institution, as defined in Article 4(1), point (17), of Regulation (EU) No 575/2013, when located in the Union, whether its head office is located in a Member State or in a third country; open a payment account for payment institutions or electronic moneymeans electronic money as defined in Article 2, point (2), of Directive 2009/110/EC of the European Parliament and of the Council(38) Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC (OJ L 267, 10.10.2009, p. 7)., but excluding monetary value as referred to in Article 1(4) and (5) of that Directive;Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC (OJ L 267, 10.10.2009, p. 7). institutions will fall outside the scope of the sectoral simplified measures provision of this Regulation. Such situations would be regarded as correspondent relationshipsmeans:the provision of banking services by one credit institution as the correspondent to another credit institution as the respondent, including providing a current or other liability account and related services, such as cash management, international transfers of funds as defined in Article 4, point (25), of Directive (EU) 2015/2366, cheque clearing, payable-through accounts and foreign exchange services;the relationships between and among credit institutions and financial institutions including where similar services are provided by a correspondent institution to a respondent institution, and including relationships established for securities transactions or transfers of funds as defined in Article 4, point (25), of Directive (EU) 2015/2366, transactions in crypto-assets or transfers of crypto-assets; within the meaning of Article 2(22), point (b), of Regulation (EU) 2024/1624.

In situations where the ML/TF risks are higher, Regulation (EU) 2024/1624 calls for the application of enhanced due diligence measures to manage and mitigate these risks appropriately. Where obliged entities obtain additional information in relation to the measures mentioned in Article 34(4) of Regulation (EU) 2024/1624 to meet these requirements and to mitigate the higher risk appropriately and effectively, this information should be of sufficient quality to enable them to assess the authenticity and accuracy of the information provided. It should also meet the criteria of reliability and independence.

Additional information obliged entities obtain for understanding the source of fundsor ‘property’ means property as defined in Article 2, point (2), of Directive (EU) 2018/1673; and the source of wealth of the customer and of the beneficial ownersmeans any natural person who ultimately owns or controls a legal entity or an express trust or similar legal arrangement; in high-risk situations should enable them to satisfy themselves that the fundsor ‘property’ means property as defined in Article 2, point (2), of Directive (EU) 2018/1673; and assets used by the customer and beneficial ownersmeans any natural person who ultimately owns or controls a legal entity or an express trust or similar legal arrangement; are of legitimate origin.

There may be situations where the information to be collected under Regulation (EU) 2024/1624 and this Regulation is already available to the obliged entity or, for example, to other obliged entities within the groupmeans a group of undertakings which consists of a parent undertaking, its subsidiaries, as well as undertakings linked to each other by a relationship within the meaning of Article 22 of Directive 2013/34/EU;. This could also be the case when information is obtained, for instance, to understand the customer's investment profile, or the nature of the engagement, or as part of the audit acceptance process. Where this is the case, obliged entities should consider how such information contributes to complying with their AML/CFT requirements, such as understanding the purpose and intended nature of the beneficial ownership or occasional transaction, before requesting similar information to avoid unnecessary duplication and reduce the regulatory burden on both the obliged entity and its customers. Where the existing information is not deemed sufficient, additional information should be obtained.

Customer due diligence measures include a specific requirement for obliged entities to verify whether the customer or the beneficial ownermeans any natural person who ultimately owns or controls a legal entity or an express trust or similar legal arrangement; is subject to targeted financial sanctionsmeans both asset freezing and prohibitions to make funds or other assets available, directly or indirectly, for the benefit of designated persons and entities pursuant to Council Decisions adopted on the basis of Article 29 TEU and Council Regulations adopted on the basis of Article 215 TFEU; as defined by Article 2(49) of Regulation (EU) 2024/1624. Screening for the application of trade or economic sanctions such as arms embargoes, trade restrictions or travel bans falls outside the scope of Regulation (EU) 2024/1624 and, consequently, of this Regulation.

Article 19(7) of Regulation (EU) 2024/1624 provides for a list of four conditions on the basis of which AML/CFT supervisorsmeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620; may decide to grant an exemption for electronic moneymeans electronic money as defined in Article 2, point (2), of Directive 2009/110/EC of the European Parliament and of the Council(38) Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC (OJ L 267, 10.10.2009, p. 7)., but excluding monetary value as referred to in Article 1(4) and (5) of that Directive;Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC (OJ L 267, 10.10.2009, p. 7). issuers from the customer due diligence measures in Article 20(1), points (a), (b) and (c), of that Regulation. To enable supervisorsmeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620; to determine the extent of such exemption (i.e. ‘fully or partially’) in a consistent way across Member States, this Regulation provides AML/CFT supervisorsmeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620; with a non-exhaustive list of risk factors associated with features of electronic moneymeans electronic money as defined in Article 2, point (2), of Directive 2009/110/EC of the European Parliament and of the Council(38) Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC (OJ L 267, 10.10.2009, p. 7)., but excluding monetary value as referred to in Article 1(4) and (5) of that Directive;Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC (OJ L 267, 10.10.2009, p. 7). instruments.

The use of attributes of means of electronic identification and qualified trust services for customer due diligence purposes should be aligned with the risk of ML/TF posed by the customer or beneficial ownermeans any natural person who ultimately owns or controls a legal entity or an express trust or similar legal arrangement;.

Obliged entities need to ensure that their customer information remains up to date. The maximum periods of 1 and 5 years, respectively, for updating customer information in accordance with the requirements of the Regulation (EU) 2024/1624 should only start with the application date of this Commission Delegated Regulation for existing customers onboarded before Regulation (EU) 2024/1624 took effect.