Know Your Customer, or KYC, is a process of identification and verification of customer information by financial entities[1] in accordance with the prevention and combating of money laundering and financing of terrorism. For KYC in Vietnam, financial entities must apply measures to identify customers in the following cases:
- When a customer initially opens an account comprising a checking account, savings account, card account, or other types of account;
- When a customer initially establishes a relationship with the financial entity in order to use products or services supplied by such financial entity;
- When a customer conducts an infrequent high-value transaction (a transaction with a total value of VND300 million or more within the one day by a client without an account or with a checking account but who has not conducted transactions within a period of six (6) months or more);
- When implementing an electronic money transfer without details of the name, address or account number of the sender;
- When there is suspicion about any transaction or parties to a transaction being connected to money laundering activities; or
- When there is suspicion about the accuracy or completeness of previously collected client identification information.
KYC is controlled by the Anti-Money Laundering Law, the Counter-Financing of Terrorism Law and the guiding legislation for each. A financial entity must comply with measures for customer identification and verification, customer identification information, the collection, processing and transfer of information on prevention and combating of money laundering, and responsibilities for reporting high-value transactions as stipulated by the government from time to time.
Information required to be collected for KYC in Vietnam
For individual customers
The main information required for the identification of individual customers includes:
- The full name; date of birth; nationality; occupation, position; phone number, number of people’s identity card or passport along with the date of issuance and place of issuance; permanent registered residential address and current residential address for a Vietnamese individual customer; or
- The full name; date of birth; nationality; occupation, position; number of passport together with the date of issuance and place of issuance, entry visa; registered residential address overseas and registered residential address in Vietnam for a foreign individual customer.
For Organizational customers
The identification information required includes trading name both in full and in abbreviated form, head office address, telephone number, fax number, operational sector, information about persons establishing and/or representing the organization as set out above.
In addition to customer information, banks must also apply measures for identification and updating information of the beneficial owner of the customer being an organization. The determination of the ultimate beneficial owner shall be based on three criteria as follows:
- The individual actually owning one account or transaction: the account-holder or joint accountholders or any person controlling the activities of such account or transaction or the beneficiary of such account or transaction;
- The individual with the right of controlling the legal entity: an individual, directly or indirectly, owning at least 25% of the charter capital (equity) of such legal entity; owner of private enterprise; other individuals actually control such legal entity; and
- Individuals with the controlling right over the investment entrustment or authorization agreement; the entrustor or person delegating authority; or the person with the right to control the individual, legal entity or entrustor organization or organization delegating authority.
Electronic-KYC in Vietnam (“eKYC”)
Transactions using technology that enables customers in their conduct and do not require a meeting in person with a member of the staff of a bank are regulated as transactions related to new technology. Regulations from last year (which are discussed more fully in eKYC Comes to Vietnam) grant permission to the banks to decide whether to meet the customer in person on the initial establishment of the relationship[3]. In case they choose not to meet the customer in person, the financial entity must apply measures and technology to identify and verify the customer.
Specifically, an individual customer of a bank is allowed to open a personal checking account online with that bank with the application of four steps, (1) the collection of information concerning the application for checking account opening, (2) the check of that information, (3) examination, and (4) verification of the customer identification information. For the purposes of eKYC, the customer can send an application enclosed with documents directly or by post or by other electronic means to the bank.
A bank is entitled to decide, at its sole discretion, measures, methods and technology to identify and verify the customer for the purpose of opening a checking account online, provided that they satisfy the following minimum requirements:
- The bank must adopt solutions/technologies for collecting, checking and verifying to ensure the match between a client’s identity and biometric data (including biological factors/characteristics that are specifically used to identify a person, cannot be forged, and are rarely matched with those of another person such as fingerprints, face, iris, voice and other biometric factors) and corresponding information and biometric data on the client’s identity papers or personal identity data certified by competent authorities or other credit institutions or electronic certification and identification service providers;
- The bank must adopt technical methods for certifying the identified client’s consent to contents of the agreement on opening and use of the checking account;
- The bank must formulate procedures for risk management, control and assessment that include measures for preventing acts of impersonating, intervening, correcting or falsifying the verification of a client’s identity before, during and after the checking account opening, and measures for checking and verifying a client’s identity to make sure that transactions made via a checking account opened online are made by the holder of that checking account. Where any risks or differences between identity and biometric factors of a client or any suspicious transactions, as prescribed in the Anti-Money Laundering Law, are detected during the use of a checking account, the bank or foreign bank branch must promptly refuse or suspend transactions, block or freeze that checking account, and re-verify the client’s identity. Procedures for risk management and control must be regularly reviewed and adjusted based on information/data updated during the provision of services; and
- The bank must adequately store and manage information/data used for identifying clients during their opening and use of checking accounts in chronological order, including: client’s identity and biometric factors, sounds, images, videos and recordings, telephone number used when making transaction, and transaction log. Information/data must be stored safely, kept confidential, backed up and have its adequacy and integrity ensured to serve the inspection, examination and solving of trace requests, complaints and disputes, and provide information at the request of competent authorities. Storage period shall comply with the Anti-Money Laundering Law.