Anti-Money Laundering (AML) Regulation and eSignatures



Money laundering is the illegal process of concealing the origins of money obtained illegally by passing it through a complex sequence of banking transfers or commercial transactions. Anti-money laundering regulation (AML) is typically the legal controls that require financial institutions and other regulated entities to prevent, detect, and report money laundering activities. 


ZealiD plays an important role in the world of AML. ZealiD allows finance service providers to meet so called know your customer regulations (KYC) in the jurisdiction in which service providers are licensed. KYC is one of several anti money laundering procedures. Although KYC is only a portion of AML, it is in ZealiD’s view the most challenging part where relationships are entered into remotely online. 


AML Regulation


ZealiD’s KYC guide describes the regulatory requirements throughout the EU. It is important to understand that a finance service provider will be subject to the AML/KYC regulations in the jurisdiction in which they are licensed. 


ZealiD distinguishes between two types of KYC requirements: 


  1. Method: most regulations define how compliant remote KYC can be carried out. It is typically a list of methods ranging from physical identification to “high risk” remote methods. Anything that is not on the methods list is per definition non compliant, regardless of the level of assurance or security. 


  1. Data attributes:  it is important to pay attention to the attributes required. These are for example name(s), date of birth, registered address, but may also include nationality and place of birth. The latter two data attributes will indirectly place a requirement to request certain types of ID documents that contain the right data. 



With the eIDAS regulation ((EU) nr 910/2014), EU created a de facto standard for both electronic identities and electronic signatures. Under so called Trust Service Providership, the EU created regulations and defined governing ETSI standards for electronic signature issuance. Once the regulation came into force, EU created a legal framework forcing all member states to accept eIDAS eIDs and eSignatures. Depending on the level of the esignature (advanced or qualified) the following applies: 


  • An advanced eIDAS electronic signature is recognized in all of EU. Depending on member state national implementation it can or cannot be legally binding in courts and vis-a-vis public authorities and bodies.


  • A qualified eIDAS electronic signature is recognized in all of EU. It is legally binding in all courts and vis-a-vis public authorities and bodies, unless special legislation, requires other kind of form or format. An example would be the Swedish Promissory Note Law dating back to the 18th century requiring that all Promissory Notes be in physical paper form (and hence signature physical). 


KYC = eSignatures


As a natural extension of eIDAS, EU member states are approaching eIDAS in many different legal areas. The process is one of adopting eIDAS and providing the framework for harmonization and digitalization in local legislation. 


One of the best examples of this is in the area of AML/KYC. In most EU member state AML statutes, KYC requirements can be met with either an advanced or qualified signature. This means that the requirement is not on an eID but instead on the nature of the eIDAS signature provided. 

FaceID in User Journeys


The future of KYC is the versatile eSignature. Not only because it is based on a persistent form of identity but also because with modern technology the eSignature can be both issued, and controlled remotely. ZealiD users benefit from Touch or FaceID processes for invoking their esignature. As simple and secure as it gets. This means creating new relationships online with FaceID, signing in with FaceID and signing a contract with FaceID. Welcome to the ZealiD revolution.