BankID is an easy and practical way to identify your customer, and get good data material for conducting a risk based due diligence in connection with a for example a KYC process. BankID AML will help you with the following:
- Identifying your customer
- Supplying the following data about your customer, to be included in your own business processes:
- National Identity Number
- Name
- Search results to assess whether your customer is a PEP (Politically Exposed Person) og RCA (Relative or Close Associate)
- Search results to asses whether your customer is on any sanction lists (EU og UN lists)
- Address from the national registry
The search results are available in both machine readable format (JSON) and PDF report.
Please note that although BankID supports the authentication of the end-user, and supplies data for the due diligence process, the responsibility for making the risk based decision to accept a customer or not lies with the Merchant. The Merchant has to interpret the data that BankID AML provides, in addition to other necessary information and make the decision.
Integration overview
Integration with BankID AML is easy to setup and use. The process consists of three steps.
1) Identify the customer
In order to start a due diligence process the Merchant is obliged by law to identify the customer, either in person (with e g a passport) or electronically.
The service supports three different variants of this identification process.
Variant 1: Authenticate the customer using BankID OIDC
The BankID authentication service in BankID OIDC is used to identify the customer.
Note that the terms of BankID AML requires the Merchant to retrieve consent from the user to use the National Identity Number to conduct a due diligence process. This consent can be retrieved by having the end user check a required checkbox giving the consent, before starting the authentication. This consent should be stored by the merchant.
Variant 2: Identify the customer through a BankID signature on the Bank Server platform
Merchants on the BankID Server platform will not be able to call the BankID AML resource in conjunction with a BankID authentication, as this is only possible through the OIDC platform.
However a Merchant on the BankID Server platform can still integrate with the BankID AML service by using a document signed with the end users national identity number. The user signs a document on the merchant web site using the BankID Server platform. The resulting "Signed Data Object" (SDO) embeds data on the authenticated end-user, and will be used as a parameter in the request to the AML service.
Variant 3: Manual authentication of the customer
The merchant identifies the customer in person (with e g a passport), and takes note of the customer's national identity number. This is further used as a parameter in the request to the AML service.
| Info |
|---|
See the technical documentation for further details on these variants and how to integrate with the AML Service for each variant. |
2) Data searches
After authenticating the user, the Merchant can request information needed to conduct the due diligence process.
The identification of the customer must be provided to the service in different ways, depending on the identification method used in step one.
The service is separated into two distinct resources
- By requesting the sanction_pep resource, the Merchant will receive search results from PEP/RCA and sanction lists in a JSON format.
- By requesting the address resource, the Merchant will receive the end users address from the National Registry.
3) Storing the Data / further evaluation
For most use cases, the Merchant should store the data, either to support business processes on their side or to be able to document that the Merchant has fulfilled their obligations with regard to conducting a due diligence process.
The Merchant should now have supporting material to assess whether an enhanced customer due diligence process is required. This assessment is the Merchants responsibility, and what further steps are necessary should also be decided by the Merchant.
Further reading
See the following sections for further product-level details, including info on each of the said variants of the AML service.AML/KYC requirements are a “moving target” and continually growing the demands on compliance.
BankID AML is an API toolkit that helps the merchant do its share in countering money laundering and terror financing and closing the gap in being compliant with the AML legislation. At the same time operational efficiencies and capacity increases.
The different resources are designed to be integrated in the merchants customer due diligence processes and help save time spent doing lookups for data in many separate sources.
See AML Technical documentations for technical details about how to integrated with the services.
The following resources are in place, or in a beta stage, and more will be added in the future.
| The person resource is used to screen and gather data about an individual for a customer due diligence process, either a private customer or an individual that holds a role in an organization. |
| The organization resource is used to screen and gather information about a business or organization for a B2B customer due diligence process, in combination with the person resource. |
| The continuous screening service is used to keep tabs on your customer base, and get noticed as soon as an individual becomes a pep or is listed on a sanction list. The service can be used for ongoing follow-up of individuals and/or for role |
