Money laundering; information on data protection
The Money Laundering Act (GwG) contains special legal regulations on the collection of data by the obligated party in business relationships and transactions; in particular, also personal data.
What personal data may be collected and processed under the Money Laundering Act?
The Money Laundering Act permits the collection and processing of personal data for the purpose of identification (Section 11 (4) No. 1 AMLA). This includes:
- In the case of a natural person:
- First name and last name,
- place of birth,
- date of birth,
- nationality and
- a residential address or, if there is no fixed abode with legal residence in the European Union and the verification of identity is carried out within the framework of the conclusion of a basic account agreement within the meaning of Section 38 of the Payment Accounts Act, the postal address at which the contracting party and the person acting vis-à-vis the obligor can be reached;
- in the case of a legal entity or a partnership:
- company name or designation
- legal form
- registration number, if any,
- address of the registered office or principal place of business and
- the names of the members of the representative body or the names of the legal representatives and, if a member of the representative body or the legal representative is a legal entity, from this legal entity the data under letters a) to d).
The verification of the data concerning the contracting party and, if applicable, the person appearing on behalf of the contracting party shall be carried out in the case of natural persons on the basis of a valid official identification document which contains a photograph of the holder and with which the passport and identification obligation is fulfilled in Germany, in particular on the basis of a domestic passport, identity card or passport or identity card substitute which is recognized or approved in accordance with the provisions of aliens law. The type, number and issuing authority that issued the document presented for verification of identity may be recorded. The identification document may be copied or optically digitized for documentation purposes (Section 8 (2) sentence 2 AMLA).
The same applies to the collection of personal data of the beneficial owner. Either this is done in a restricted form (first name and surname), but as a rule in more detail, or in individual cases comprehensively (Section 11 (5) AMLA).
Note: Against the background of the increase in the use of new technical procedures, in order to fulfill the recording and storage obligation (Section 8 AMLA), in addition to making a copy of the document used to verify identity, this can alternatively also be optically digitized (scanned) and stored digitally on a data carrier. At the same time, it is clarified that both the Passport Act and the ID Card Act prohibit automated processing of copies of ID cards or scanned documents used to verify identity; copies on paper or pure image files without any further evaluation options are thus possible.
When must obligated parties observe the Federal Data Protection Act (BDSG)?
The Federal Data Protection Act must be observed when personal data is processed either electronically or in manual files such as card indexes.
Links to more information
Responsible for editing: Bayerisches Staatsministerium des Innern, für Sport und Integration
- Online transactions, Bavaria-wide
- Online transactions, locally limited
- Prefillable Form, Bavaria-wide
- Legal bases, Bavaria-wide
- Legal bases, locally limited
- Fees, Bavaria-wide
- Fees, locally limited