Anti-Money Laundering: who are the recipients of the obligations?
The recipients of anti-money laundering obligations, in the presence of some signals, must strengthened the measures and carry out strict controls. The anti-money laundering legislation affects a wide range of recipients. Among those we can found:
– banking and financial intermediaries;
– professionals (accountants, career counselors);
– notaries and lawyers;
– statutory auditors and auditing companies;
– real estate agents;
– civil mediators;
– gaming service providers.
The obligations required to these subjects, the intensity of which varies in relation to the different situations, takes the form of identifying and verifying the identity of the client at the time of the assignment and then, controlling his conduct during the execution of the relationship . In fact, the anti-money laundering system is based on:
A. identification of the customer and verification of identity based on documents;
B. obtain information on the purpose and intended nature of the continuous relationship;
C. control during the relationship and suspicious transactions reporting.
D. traceability of verifications and evaluations; the geographical area of
residence / registered office of the client or counterparty;
F. a corporate structure consistent behavior;
G. proving to the authorities that the measures identified are effectively proportional to the level of risk identified.
Point A. Customer identification: in case of a natural person, it is necessary to identify his/her with an identity document. A copy of the document must be kept and the source of this documentation must be “reliable and independent”, having a customer’s highest level if digital identity or a certificate for the digital signature generation.
Customer due diligence: measures
Customer verification can be simplified or strengthened when using particular subjective or objective requirements. In fact, in grading the extent of the investigation, the obliged parties must take into account certain factors. In relation to the subject:
- the legal nature of the customer;
- the main activity carried out;
- the geographical area of residence.
- In relation to the operation carried out:
- the type of operation;
- the methods of carrying out the operation;
- the geographical area of destination of the product or service.
As you can easily deduce, the enhanced customer verification is carried out in presence of a high risk of money laundering. In these cases, bank intermediaries (and in general all obliged professionals) must take into account diverse risk factors, including those of a geographical nature.
Electronic Signature (ES)
The Art. 3 no. 10 of the eIDAS European Regulation defines the Electronic Signature:
“Data in electronic form, enclosed or connected by logical association to other electronic data and used by the signatory to sign”.
Therefore, the Article defines the Electronic Signature as an exclusive tool of subscription and no longer an identification and authentication method, as was assumed before the CAD reform.
The Electronic Signature is in consequence the weakest form of signature in the IT field, as it does not provide for signatory authentication mechanisms or the signed data integrity. This is why it is called “simple”.
Example: scanning a signature on paper is the most significant example of electronic signature.
Advanced Electronic Signature (AES)
The Art. 3 no. 11 of the European Regulation eIDAS defines the Advanced Electronic Signature that meets all the requirements set out in Art. 26, “Requirements for an Advanced Electronic Signature”:
- it is suitable for identifying the signatory;
- is created using data to generate an electronic signature that the signatory can, with a high level of security, use under his/her own exclusive control;
- is linked to the signed data in order to allow the identification of any subsequent data modification.
Summarizing these points, the Advanced Electronic Signature can be defined as an Electronic Signature which:
- allows to identify the signatory;
- guarantees the unique connection with the signatory;
- it is created through the use of data on which the signatory keeps exclusive control;
- is linked to this data so that the signer can detect any subsequent changes.
The graphometry signature on a Tablet is a good example of an Advanced Electronic Signature.
Qualified Electronic Signature (FEQ)
The Art. 3 no. 12 of the eIDAS European Regulation defines the Qualified Electronic Signature: “An advanced electronic signature created using a specific device for qualified electronic signatures and based on qualified certificate for electronic signatures”.
In addition to the required information by the European eIDAS Regulation, the CAD in art. 28 states that the tax code or a similar univocal identification can be inserted in the qualified electronic signature, the specific qualifications of the electronic signature holder (belonging to orders or professional colleges, the qualification of public official, registration in rolls or possession of other professional qualifications and powers of representation), the limits of use of the certificate, limits on the value of unilateral acts and contracts for which the certificate can be used, a pseudonym. Summarizing these points, the Qualified Electronic Signature can be defined as an Electronic Signature which:
- represents an electronic certificate that links the data of a electronic signature to a natural person;
- requires the use of a special device containing data and certificates that can uniquely identify the signer
An example of a Qualified Electronic Signature is a card with a chip that it contains some personal data and the tax code. For example, the Social Security Card.
Digital Signature (DS)
Art. 1 paragraph 1 letter s of the CAD defines the Digital Signature: “A particular type of qualified signature based on a cryptographic key system, one public and one private, related to each other, which allows the electronic signature holder via the private key and a third party via the public key, respectively, to make manifest and to verify the origin and integrity of a document IT or a set of IT documents “.
For each user, the two keys are generated by a special algorithm with the guarantee that the private key is the only one capable to correctly decrypt messages encrypted with the public key associated and vice versa. The scenario where a sender wants to send a message to a recipient in secure mode is as follows: the sender uses the recipient’s public key to encrypt the message to be sent, then sends the encrypted message to the recipient; the recipient receives the encrypted message and uses the private key to obtain the message “in clear text”. Further information on the Digital Signature is contained in Art. 24 of the DAC and in particular paragraph 2 establishes that:
“The affixing of digital signature integrates and replaces the affixing of seals, punches, stamps, marks and trademarks of any kind and for any purpose provided by current legislation. “Summarizing these points, the Digital Signature can be defined as an Electronic Signature which: is the electronic equivalent of the handwritten signature on paper, as it is associated with the electronic document on which it is affixed; certifies its integrity, authenticity and non-repudiation; requires the use of a special signature device that appears in the form of a smart card to be inserted in a suitable reader, or a USB stick accompanied by a signature software released by a certification authority.
An example of a digital signature is the National Service Card (CNS) of the Chamber of Commerce.
Evidential value of the document signed with “Simple” (Electronic Signature) or “strong” (Advanced, Qualified or Digital Electronic Signature) signature
Since 12/01/2018, the legal value of the IT documents signed with a “simple” or “strong” electronic signature, it is regulated in the new paragraph 1-bis of Art. 20 of the DAC, “Validity and effectiveness evidentiary of IT documents “, which replaces Art. 21.
Here the text: “The electronic document satisfies the requirement of the written form and has the effectiveness provided for by the article 2702 of the Civil Code when there is a digital signature, other type of qualified electronic signature or an advanced electronic signature or, in any case, it is formed, after computer identification of its author, through a process having the requirements set by the AgID pursuant to Article 71 in order to guarantee the security, integrity and immutability of the document and, in a clear and unequivocal manner, its author traceability. In all other cases, the suitability of the IT document to meet the requirement of written form and its probative value can be freely evaluated in court, in relation to the characteristics of security, integrity and immutability. The date and the time of the IT document formation are enforceable against third parties if affixed in accordance with the guidelines. “
In summary, the legal value of simple and strong signatures is distinguished between:
ELECTRONIC SIGNATURE (“simple” signature) or IT DOCUMENT WITHOUT SIGNATURE: the Electronic Signature probative value is at the discretion of the judge. Even if it is not providing some elements that guarantee the authentication of the signatory and the integrity of the signed data, the Electronic Signature is admissible as evidence in judicial proceedings and is capable of having legal effects.
ADVANCED, QUALIFIED OR DIGITAL ELECTRONIC SIGNATURE (“strong” signatures): the probative value of strong electronic signatures is guaranteed by the fact that the electronic document, which is signed, satisfies the requirement of the written form and has the effectiveness provided for by art. 2702 of the Italian Civil Code, which is to make full proof, up to the complaint of forgery, of the declarations origin by the person who signed it.
In terms of civil proceedings, the amendment of art. 21 involves a sensational novelty. In fact, it introduces a real overturning of the concepts of “written” and “written test”, relevant in the application of the code’s rules of rite receptive to such concepts.
From this moment, with the reformulation of Art. 21 CAD and the connected introduction of the principle of non-discrimination referred to in Art. 46 eIDAS, any electronic document (for example, a voice recording) satisfies the requirement of the written form, provided it is associated with an electronic signature.
Download here the summary table of the legal validity of the various types of signatures in relation to the documents on which they are applied (updated to the legislation of EU Regulation no. 910/2014 e changes to the CAD).