General Guide to Account Opening and Customer Identification

February 2003

Attachment to Basel Committee publication No. 85 "Customer due diligence for banks"

1. The Basel Committee on Banking Supervision in its paper on Customer Due Diligence for Banks published in October 2001 referred to the intention of the Working Group on Cross-border Banking 1 to develop guidance on customer identification. Customer identification is an essential element of an effective customer due diligence programme which banks need to put in place to guard against reputational, operational, legal and concentration risks. It is also necessary in order to comply with anti-money laundering legal requirements and a prerequisite for the identification of bank accounts related to terrorism.

2. What follows is account opening and customer identification guidelines and a general guide to good practice based on the principles of the Basel Committee's Customer due diligence for banks paper. This document, which has been developed by the Working Group on Cross-border Banking, does not cover every eventuality, but instead focuses on some of the mechanisms that banks can use in developing an effective customer identification programme.

3. These guidelines represent a starting point for supervisors and banks in the area of customer identification. This document does not address the other elements of the Customer Due Diligence for banks paper, such as the ongoing monitoring of accounts. However, these elements should be considered in the development of effective customer due diligence, anti-money laundering and combating the financing of terrorism procedures.

4. These guidelines may be adapted for use by national supervisors who are seeking to develop or enhance customer identification programmes. However, supervisors should recognize that any customer identification programme should reflect the different types of customers (individual vs. institution) and the different levels of risk resulting from a customer's relationship with a bank. Higher risk transactions and relationships, such as those with politically exposed persons or organisations, will clearly require greater scrutiny than lower risk transactions and accounts.

5. Guidelines and best practices created by national supervisors should also reflect the various types of transactions that are most prevalent in the national banking system. For example, non-face-to-face opening of accounts may be more prevalent in one country than another. For this reason the customer identification procedures may differ between countries.

6. Some identification documents are more vulnerable to fraud than others. For those that are most susceptible to fraud, or where there is uncertainty concerning the validity of the document(s) presented, the bank should verify the information provided by the customer through additional inquiries or other sources of information.

7. Customer identification documents should be retained for at least five years after an account is closed. All financial transaction records should be retained for at least five years after the transaction has taken place.

8. These guidelines are divided into two sections covering different aspects of customer identification. Section A describes what types of information should be collected and verified for natural persons seeking to open accounts or perform transactions. Section B describes what types of information should be collected and verified for institutions and is in two parts, the first relating to corporate vehicles and the second to other types of institutions.

9. All the terms used in these guidelines have the same meaning as in the Customer due diligence for banks paper.

A. Natural Persons

10. For natural persons the following information should be obtained, where applicable:

  • legal name and any other names used (such as maiden name);
  • correct permanent address (the full address should be obtained; a Post Office box number is not sufficient);
  • telephone number, fax number, and e-mail address;
  • date and place of birth;
  • nationality;
  • occupation, public position held and/or name of employer;
  • an official personal identification number or other unique identifier contained in an unexpired official document (e.g. passport, identification card, residence permit, social security records, driving licence) that bears a photograph of the customer;
  • type of account and nature of the banking relationship;
  • signature.

11. The bank should verify this information by at least one of the following methods:

  • confirming the date of birth from an official document (e.g. birth certificate, passport, identity card, social security records);
  • confirming the permanent address (e.g. utility bill, tax assessment, bank statement, a letter from a public authority);
  • contacting the customer by telephone, by letter or by e-mail to confirm the information supplied after an account has been opened (e.g. a disconnected phone, returned mail, or incorrect e-mail address should warrant further investigation);
  • confirming the validity of the official documentation provided through certification by an authorised person (e.g. embassy official, notary public).

12. The examples quoted above are not the only possibilities. In particular jurisdictions there may be other documents of an equivalent nature which may be produced as satisfactory evidence of customers' identity.

13. Financial institutions should apply equally effective customer identification procedures for non-face-to-face customers as for those available for interview.

14. From the information provided in paragraph 10, financial institutions should be able to make an initial assessment of a customer's risk profile. Particular attention needs to be focused on those customers identified thereby as having a higher risk profile and additional inquiries made or information obtained in respect of those customers to include the following:

  • evidence of an individual's permanent address sought through a credit reference agency search, or through independent verification by home visits;
  • personal reference (i.e. by an existing customer of the same institution);
  • prior bank reference and contact with the bank regarding the customer;
  • source of wealth;
  • verification of employment, public position held (where appropriate).

    15. For one-off or occasional transactions where the amount of the transaction or series of linked transactions does not exceed an established minimum monetary value, it might be sufficient to require and record only name and address.

    16. It is important that the customer acceptance policy is not so restrictive that it results in a denial of access by the general public to banking services, especially for people who are financially or socially disadvantaged.

    B. Institutions

    17. The underlying principles of customer identification for natural persons have equal application to customer identification for all institutions. Where in the following the identification and verification of natural persons is involved, the foregoing guidance in respect of such persons should have equal application.

    18. The term institution includes any entity that is not a natural person. In considering the customer identification guidance for the different types of institutions, particular attention should be given to the different levels of risk involved.

    I. Corporate Entities

    19. For corporate entities (i.e. corporations and partnerships), the following information should be obtained:

    • name of institution;
    • principal place of institution's business operations;
    • mailing address of institution;
    • contact telephone and fax numbers;
    • some form of official identification number, if available (e.g. tax identification number);
    • the original or certified copy of the Certificate of Incorporation and Memorandum and Articles of Association;
    • the resolution of the Board of Directors to open an account and identification of those who have authority to operate the account;
    • nature and purpose of business and its legitimacy.

    20. The bank should verify this information by at least one of the following methods:

    • for established corporate entities - reviewing a copy of the latest report and accounts (audited, if available);
    • conducting an enquiry by a business information service, or an undertaking from a reputable and known firm of lawyers or accountants confirming the documents submitted;
    • undertaking a company search and/or other commercial enquiries to see that the institution has not been, or is not in the process of being, dissolved, struck off, wound up or terminated;
    • utilising an independent information verification process, such as by accessing public and private databases;
    • obtaining prior bank references;
    • visiting the corporate entity, where practical;
    • contacting the corporate entity by telephone, mail or e-mail.

    21. The bank should also take reasonable steps to verify the identity and reputation of any agent that opens an account on behalf of a corporate customer, if that agent is not an officer of the corporate customer.

    Corporations/Partnerships

    22. For corporations/partnerships, the principal guidance is to look behind the institution to identify those who have control over the business and the company's/partnership's assets, including those who have ultimate control. For corporations, particular attention should be paid to shareholders, signatories, or others who inject a significant proportion of the capital or financial support or otherwise exercise control. Where the owner is another corporate entity or trust, the objective is to undertake reasonable measures to look behind that company or entity and to verify the identity of the principals. What constitutes control for this purpose will depend on the nature of a company, and may rest in those who are mandated to manage funds, accounts or investments without requiring further authorisation, and who would be in a position to override internal procedures and control mechanisms. For partnerships, each partner should be identified and it is also important to identify immediate family members that have ownership control.

    23. Where a company is listed on a recognised stock exchange or is a subsidiary of such a company then the company itself may be considered to be the principal to be identified. However, consideration should be given to whether there is effective control of a listed company by an individual, small group of individuals or another corporate entity or trust. If this is the case then those controllers should also be considered to be principals and identified accordingly.

    II. Other Types of Institution

    24. For the account categories referred to paragraphs 26 to 34, the following information should be obtained in addition to that required to verify the identity of the principals:

    • name of account;
    • mailing address;
    • contact telephone and fax numbers;
    • some form of official identification number, if available (e.g. tax identification number);
    • description of the purpose/activities of the account holder (e.g. in a formal constitution);
    • copy of documentation confirming the legal existence of the account holder (e.g. register of charities).

    25. The bank should verify this information by at least one of the following:

    • obtaining an independent undertaking from a reputable and known firm of lawyers or accountants confirming the documents submitted;
    • obtaining prior bank references;
    • accessing public and private databases or official sources.

    Retirement Benefit Programmes

    26. Where an occupational pension programme, employee benefit trust or share option plan is an applicant for an account the trustee and any other person who has control over the relationship (e.g. administrator, programme manager, and account signatories) should be considered as principals and the bank should take steps to verify their identities.

    Mutuals/Friendly Societies, Cooperatives and Provident Societies

    27. Where these entities are an applicant for an account, the principals to be identified should be considered to be those persons exercising control or significant influence over the organisation's assets. This will often include board members plus executives and account signatories.

    Charities, Clubs and Associations

    28. In the case of accounts to be opened for charities, clubs, and societies, the bank should take reasonable steps to identify and verify at least two signatories along with the institution itself. The principals who should be identified should be considered to be those persons exercising control or significant influence over the organisation's assets. This will often include members of a governing body or committee, the President, any board members, the treasurer, and all signatories.

    29. In all cases independent verification should be obtained that the persons involved are true representatives of the institution. Independent confirmation should also be obtained of the purpose of the institution.

    Trusts and Foundations

    30. When opening an account for a trust, the bank should take reasonable steps to verify the trustee(s), the settlor(s) of the trust (including any persons settling assets into the trust) any protector(s), beneficiary(ies), and signatories. Beneficiaries should be identified when they are defined. In the case of a foundation, steps should be taken to verify the founder, the managers/directors and the beneficiaries.

    Professional Intermediaries

    31. When a professional intermediary opens a client account on behalf of a single client that client must be identified. Professional intermediaries will often open "pooled" accounts on behalf of a number of entities. Where funds held by the intermediary are not co-mingled but where there are "sub-accounts" which can be attributable to each beneficial owner, all beneficial owners of the account held by the intermediary should be identified. Where the funds are co-mingled, the bank should look through to the beneficial owners; however, there may be circumstances which should be set out in supervisory guidance where the bank may not need to look beyond the intermediary (e.g. when the intermediary is subject to the same due diligence standards in respect of its client base as the bank).

    32. Where such circumstances apply and an account is opened for an open or closed ended investment company, unit trust or limited partnership which is also subject to the same due diligence standards in respect of its client base as the bank, the following should be considered as principals and the bank should take steps to identify:

    • the fund itself;
    • its directors or any controlling board where it is a company;
    • its trustee where it is a unit trust;
    • its managing (general) partner where it is a limited partnership;
    • account signatories;
    • any other person who has control over the relationship e.g. fund administrator or manager.

    33. Where other investment vehicles are involved, the same steps should be taken as in paragraph 32 where it is appropriate to do so. In addition all reasonable steps should be taken to verify the identity of the beneficial owners of the funds and of those who have control of the funds.

    34. Intermediaries should be treated as individual customers of the bank and the standing of the intermediary should be separately verified by obtaining the appropriate information drawn from the itemised lists included in paragraphs 19-20 above.


    1 The Working Group on Cross-border Banking is a joint group consisting of members of the Basel Committee and of the Offshore Group of Banking Supervisors.