KYC in insurance - Part 1: Which insurance products are subject to money laundering requirements?

Since only a few insurance products are suitable for carrying out money laundering activities, the legislator provides for compliance with KYC requirements only for certain insurance products:

• Life insurance and
• Accident insurance with premium refund.

The principle of due diligence stipulates that insurance companies must carefully determine their customer data in accordance with § 11 GwG and §§ 52 VAG ff.

Depending on the type of insurance line and also within the insurance products, the requirements for the KYC process are differentiated. The requirements for the product-related KYC principles are determined by the risk for the use of money laundering activities of the individual insurance products.

For example, products with individual policyholders in the life insurance sector and, in particular, capitalization products, such as products for temporary surrender ("parking") in exchange for a monetary interest rate or accident insurance with guaranteed premium repayment or return of premiums, have an increased risk of misuse by money launderers.

A life insurance contract for a company pension plan (bAV), especially in the implementation path of direct insurance (Section 1b (2) of the German Company Pension Act (BetrAVG)), generally represents a low risk.

The following obligations apply to insurance policies with money laundering risk

1. identification and verification of customer data, both of natural persons and legal entities (§§ 11 ff. GwG)

For natural persons, the following information must be provided: First name, last name, date of birth, nationality, residential address.

In the case of life insurance, the identification of a legal entity may also be important, as the policyholder is not always a natural person. For example, in the case of occupational pension plans, the employer is always the policyholder.

The following information must be provided to identify a legal entity: Company name, name or designation, legal form, registration number, address of the registered office or principal place of business, the names of the members of the representative body or the names of the legal representatives.

2. identification/authorization check of the persons performing.

Pursuant to Section 10 (1) No. 1 GwG, any person acting on behalf of the contractual partner must be identified (natural person or legal entity) and it must be verified whether the person is authorized to do so. The relevant point in time for this is the establishment of the business relationship.

3. determining whether the customer has a beneficial owner and identifying the beneficial owner

The beneficial owner is the natural person who ultimately owns or controls the contracting party or the natural person at whose instigation a transaction is ultimately carried out or a business relationship is ultimately established (Section 3 (1) AMLA).

Insofar as the provision refers to the terms "control" and "initiation", this is intended to cover the natural person who can actually exert a significant influence on the customer relationship with the obligated party or on transactions.

In the case of occupational pensions, the beneficial owner is exclusively the insured person, i.e. the insured employee, since the employer only has a subordinate economic interest of its own in the contract and the employee is the person at whose instigation the occupational pension is ultimately established. A query of the employer's transparency register is not necessary in this respect.

4. determination of the identity of a beneficiary under the insurance contract who differs from the policyholder (§ 54 ISA)

The establishment and verification of identity must take place no later than the time at which the payout is made or the beneficiary intends to exercise his or her rights under the insurance contract (Section 54 (2) sentence 3 VAG). In the case of beneficiaries determined merely by characteristics, categories or in some other way, the insurance company must have sufficient information to ensure that it will be able to establish and verify their identity at the time of payment, Section 54 (1) sentence 2 VAG.

5. data update

As part of continuous monitoring, there is a periodic updating obligation at appropriate intervals (Section 10 (1) No. 5 GwG).

Insurance companies have regular contact with their policyholders - based, among other things, on the EU Insurance Distribution Directive (IDD). Ongoing updating of key identification data is already ensured by this customer contact and existing standard processes. The continuous updating obligations are thus generally fulfilled, provided that there are no special circumstances that indicate a need for updating beyond this for the insurance company in individual cases.

The frequency of regular updates is based on the money laundering risk assessed in each case, but it must occur at least every 15 years.

In addition to periodic updates, updates may be required when certain circumstances arise.

Occasions for updating data include:

• High co-payments/ premium increases
• Name changes
• Change of the policyholder
• Changes in the corporate form
• Mail Returns.

Further action to update may be indicated upon disbursement, significant change in contributions, or the occurrence of other circumstances relevant from a money laundering prevention perspective.

If you have further interest in the topic of KYC in insurance, we recommend our whitepaper "KYC in insurance". You can find the download here.
https://curentis.com/publikationen