Article 9 Identification and verification of the identity of the natural or legal persons using a virtual IBAN


This is a draft act

This text has been parsed from the AMLA consultation paper draft as published on 9 February 2026. While we run a suite of validations, the automated parsing can result in errors. Also, before it is finally adopted by the Commission, its wording, numbering and references may change, and entire articles might be removed or added.

Summary What does Article 9 of the RTS on customer due diligence say?

This article addresses a specific scenario within the broader customer due diligence framework: the use of virtual IBANs.

A virtual IBAN is an identifier that redirects payments to an underlying payment account, and this article builds directly on Article 22(3) of Regulation (EU) 2024/1624 by specifying what obliged entities must obtain and verify when a customer uses one.

The article closes a potential transparency gap by ensuring that the use of a virtual IBAN does not obscure who is actually behind a payment or account.

Important points:

  • Obtain and verify the standard identification information required under Article 22(1) of Regulation (EU) 2024/1624 for any natural or legal person using a virtual IBAN.
  • Obtain the specific virtual IBAN number assigned to that person.
  • Obtain the dates on which the associated bank or payment account was opened and, where applicable, closed.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

  1. For the purposes of Article 22(3) of Regulation (EU) 2024/1624, the obliged entity shall obtain and verify the following information:

    1. In relation to the natural or legal persons using the virtual IBAN, the information required pursuant to Article 22(1) of Regulation (EU) 2024/1624;

    2. the virtual IBAN number assigned to that natural person or legal person;

    3. the dates on which the associated bank or payment account was opened and, where applicable, closed.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod