BCEAO Instruction 003-03-2025 on Customer Identification, Identity Verification and Due Diligence by Financial Institutions

BCEAO BANQUE CENTRALE DES ETATS DE l'AFRIQUE DE l'OUEST

The Governor 003-03-2025 INSTRUCTION NO. RELATIVE TO IDENTIFICATION, IDENTITY VERIFICATION AND CUSTOMER KNOWLEDGE BY FINANCIAL INSTITUTIONS

The Governor of the Central Bank of West African States (BCEAO), Having regard to the Treaty of the West African Monetary Union (UMOA) of 20 January 2007, particularly Article 34; Having regard to the Statutes of the Central Bank of West African States (BCEAO), annexed to the UMOA Treaty of 20 January 2007, particularly Articles 30 and 59; Having regard to the Uniform Act on combating money laundering, terrorist financing and proliferation of weapons of mass destruction in UMOA member states, particularly Articles 12 to 23, 25, 26 and 35; Having regard to Decision No. 021 of 21/12/2023/CM/UMOA setting the threshold amounts for implementing the Uniform Act on combating money laundering, terrorist financing and proliferation of weapons of mass destruction in UMOA member states; Having regard to Decision No. 003 of 28/03/2024/CM/UMOA setting complementary threshold amounts for implementing the Uniform Act on combating money laundering, terrorist financing and proliferation of weapons of mass destruction in UMOA member states,

DECIDES

Avenue Abdoulaye FADIGA, BP 3108 - Dakar - Sénégal Tél. (221) 33 839 05 00 / Fax. (221) 33 323 93 35 courrier.bccao@bceao.int - www.bceao.int

PRELIMINARY TITLE: GENERAL PROVISIONS Article 1: Object This Instruction specifies the implementation procedures by financial institutions of customer vigilance obligations.

Article 2: Definitions For the purposes of this Instruction, the following terms are defined as:

1. Manual exchange dealer (Agréé de change manuel): any legal entity established in the territory of a UEMOA member state and having received approval from the Minister responsible for Finance of the establishment state to carry out manual exchange operations in said state;
2. Authentication: an electronic verification process that confirms the electronic identification of a natural or legal person, or the origin and integrity of data in digital form;
3. Bank: a legal entity authorized to conduct all banking activities as provided by the Uniform Act on banking regulation in UMOA;
4. BC/FT/FP: money laundering, terrorist financing and proliferation of weapons of mass destruction;
5. Beneficial owner(s): the natural person(s) who, ultimately, own or control the client, the client's agent, or the beneficiary of life insurance contracts and/or the natural person(s) for whom an operation is executed or a business relationship established. The following are considered as ultimately owning or controlling the client, the client's agent, or a beneficiary of a legal entity or legal structure: a. in the case of a company, the natural person(s) who either directly or indirectly hold more than twenty-five percent (25%) of the share capital or voting rights, or exercise, by any other means, control power over the management, administration, or directing bodies of the company or its general meeting; b. in the case of a collective investment scheme, the natural person(s) who either directly or indirectly hold more than twenty-five percent (25%) of the shares or units, or exercise control power over the administration or directing bodies of the collective investment scheme, or, where applicable, the management company or portfolio management company representing it; c. in the case of a legal entity that is neither a company nor a collective investment scheme, or when the client acts within the framework of a trust or other comparable legal structure governed by foreign law, the natural person(s) meeting one of the following conditions: i. they are destined, by virtue of a legal act designating them for this purpose, to become holders of rights over at least twenty-five percent (25%) of the assets of the legal entity or assets transferred to a trust estate or other comparable foreign legal structure; ii. they belong to a group in whose main interest the legal entity, trust, or other comparable foreign legal structure was established or produced its effects, when the natural persons who are the beneficiaries have not yet been designated; iii. they hold rights over at least twenty-five percent (25%) of the assets of the legal entity, trust, or other comparable foreign legal structure; iv. they hold the status of settlor, trustee, or beneficiary, in accordance with current legislative and regulatory provisions;
6. CENTIF: National Financial Intelligence Unit;
7. Occasional client: any person who approaches one of the financial institutions referred to in Article 3 of this Instruction, with the exclusive purpose of preparing or carrying out a one-off transaction or being assisted in preparing or executing such an operation, whether carried out in a single transaction or several transactions appearing to be linked. The concept of occasional client excludes the existence of an account in the client's name opened in the books of financial institutions subject to this Instruction;
8. Clientele: all natural or legal persons who are in a business relationship with one of the financial institutions referred to in Article 3 of this Instruction, or who approach them to enter into a business relationship. The concept of clientele also includes occasional clients, persons acting on behalf of third parties, and beneficial owners;
9. Financial company: a company whose main activity is to take and manage financial participations, which either directly or through companies with the same object, controls one or more companies carrying out financial operations, at least one of which is a credit institution;
10. Legal structures: express trusts or similar legal structures, such as shell companies, foundations, escrow contracts, or trusts;
11. Personal identification data: a set of data enabling the identity of a natural or legal person, or a natural person representing a legal person, to be established;
12. Financial technology company or FinTech: a legal entity that offers financial services or products designed and/or distributed according to an innovative technology-based process;
13. Credit institutions: the collective consisting of banks and credit financial establishments;
14. Electronic money institution: a legal entity, other than a credit institution, payment institution, financial company, or microfinance institution, that issues and distributes electronic money as a profession;
15. Payment institution: a legal entity, other than a credit institution, electronic money institution, financial company, or microfinance institution, that provides payment services as a profession;
16. Credit financial establishment: a legal entity other than a bank that, as a profession, carries out one or more banking operations in compliance with the conditions and limits defined by its approval;
17. Trustee: the person who receives and ensures the management of assets, rights, or securities, or the entirety of present or future assets, rights, or securities, within the framework of a trust and who, keeping them separate from their own estate, acts for a determined purpose in the interest of one or more beneficiaries;
18. Trust: the operation by which one or more settlors transfer assets, rights, or securities, or a set of present or future assets, rights, or securities, to one or more trustees who, keeping them separate from their own estate, act for a determined purpose in the interest of one or more beneficiaries;
19. Identification: the process by which a financial institution collects declarative information necessary to establish the identity of natural persons, legal entities, trusts, or similar legal structures;
20. Electronic identification: the process of using personal identification data in electronic form that unambiguously represents a natural or legal person, or a natural person representing a legal person;
21. Microfinance institution: an approved institution exercising the microfinance activity, as defined by the Uniform Act on microfinance regulation in UMOA;
22. Mandated intermediary: any natural or legal person mandated by a financial institution to carry out activities for which this institution is approved or authorized, under the conditions and modalities fixed by the legal and regulatory provisions governing its activities;
23. LBC/FT/FP: combating money laundering, terrorist financing and proliferation of weapons of mass destruction;
24. Customer vigilance measures: the set of measures to be implemented by financial institutions for customer identification, identity verification, and customer knowledge, within the meaning of LBC/FT/FP regulations;
25. Electronic identification means: a material and/or immaterial element containing personal identification data, used to authenticate for an online service;
26. Atypical transaction: an unusual operation, notably due to its nature, amount, frequency, geographical origin or destination, complexity, or lack of economic justification or apparent lawful purpose;
27. Electronic identification scheme: a system for electronic identification under which electronic identification means are issued to natural or legal persons, or to natural persons representing legal persons;
28. UEMOA: West African Economic and Monetary Union;
29. UMOA: West African Monetary Union;
30. Identity verification: a process confirming the accuracy and authenticity of information provided during identification.

Article 3: Scope of Application This Instruction applies to the following financial institutions:

1. credit institutions;
2. financial companies;
3. microfinance institutions;
4. electronic money institutions;
5. payment institutions;
6. financial technology companies or FinTechs;
7. manual exchange dealers.

The provisions to be implemented by the entities referred to in the first paragraph above relate to all operations carried out under their responsibility. They also include, where applicable, those performed by mandated intermediaries, sub-delegatees in the context of foreign exchange operations for customers, sub-agents regarding rapid money transfers, as well as distributors and sub-distributors of electronic money.

Article 4: Language of Identification Documents In implementing the identification, identity verification, and customer knowledge requirements provided for in Titles One and Two of this Instruction, the financial institution ensures that the client provides documents drafted in the working language of the country where it is established. To this end, it accepts original documents drafted in a foreign language, provided they are accompanied by a certified translation prepared by a competent authority or an authorized professional. However, the financial institution may waive the translation requirement for official identity documents bearing a photograph, such as passports, identity cards, and driver's licenses. Copies of translated documents, applied under this article, are retained in accordance with the provisions of Article 23 of the Uniform Act on LBC/FT/FP.

TITLE ONE: PROCEDURES FOR IDENTIFICATION AND IDENTITY VERIFICATION OF CLIENTELE Chapter 1: Requirements for physically present or represented clients Article 5: Identification of natural persons The financial institution identifies its natural person client by collecting the following information: name and forenames, date and place of birth, nationality; home address; identification document number.

Article 6: Identity verification of natural persons The financial institution verifies the identity of its natural person client based on the original of an official identity document, currently valid and bearing a photograph, issued by a public authority. In the absence of a single document containing all information referred to in Article 5, the financial institution may verify the client's identity by combining several official documents. Documents that can be used for identity verification, particularly those bearing the client's name, forenames, and date of birth, notably include the birth certificate, passport, driver's license, residence permit, consular card, and identity card. For address verification, accepted documents notably include a utility bill, a document issued by an official representative of the place of residence recognized by the concerned State, or a combination of the lease agreement and a document attesting to the tenant's residence provided by the landlord. Except for the lease agreement, these documents must be dated less than three months ago.

Article 7: Identification of legal persons The financial institution identifies its legal person client, whose duly authorized representative is physically present, by collecting the following information: corporate name, legal form, list of directors and shareholders or partners; identification elements referred to in Article 5 for the natural persons authorized to represent the concerned legal entity vis-à-vis third parties or to act on its behalf under a mandate; registered office address, or the address where strategic decisions necessary for conducting the legal entity's business are taken, if different from the registered office; list of beneficial owners; national registration number, commercial and credit register number, or tax identification number, where applicable.

Article 8: Identity verification of legal persons The financial institution verifies the identity of its legal person client by confirming the identification information provided under Article 7, based on one or more official documents, notably: the original or certified copy of any act or extract from an official register dated less than three months; an extract from the Official Journal; identity verification elements referred to in Article 6 for the natural persons authorized to represent the concerned legal entity vis-à-vis third parties or to act on its behalf under a mandate.

Article 9: Identification within the framework of a trust or similar legal structure The financial institution identifies its client acting within the framework of a trust or similar legal structure by collecting the following information: name and forenames, as well as date and place of birth for each settlor, trustee, beneficiary, and, where applicable, third party, when they are natural persons; corporate name, legal form, registration number, and registered office address, when they are legal entities.

Article 10: Identity verification within the framework of a trust or similar legal structure The financial institution verifies the identity of its client acting within the framework of a trust or similar legal structure by requesting confirmation of the information provided under Article 9, along with a copy of the trust contract, by presenting one of the following documents: the original or certified copy of any act or extract from an official register dated less than three months; an extract from the Official Journal; a document or official act issued by a foreign public authority establishing the trust or similar legal structure.

Article 11: Identification and identity verification of mandated third parties The financial institution identifies and verifies the identity of its natural or legal person client acting as a mandated third party under the conditions provided in Articles 5 to 8. It collects from the client a certified document justifying their status as representative of the principal and ensures that the business relationship or envisaged transaction is consistent with the powers delegated to said representative.

Article 12: Identification and identity verification of the beneficial owner The financial institution identifies and verifies the identity of the beneficial owner(s) of its client under the conditions provided in Articles 5 and 6. It maintains an internal file tracking, among other things, the name and forenames, shareholding, voting rights, and control percentages of the identified beneficial owner(s) for each of its clients. The financial institution verifies the accuracy of the list of beneficial owners provided by its client by consulting the register referred to in Article 122 of the Uniform Act on LBC/FT/FP. The financial institution informs the competent Authority responsible for maintaining the aforementioned register when: there is a discrepancy between the information provided by the client and that appearing in said register; the financial institution doubts the accuracy of the information recorded in this register, notably based on the information it holds about its client. In cases where consulting the aforementioned register does not allow the financial institution to verify the accuracy of the list of beneficial owners provided by its client, it may carry out this verification by any other reliable means applying a risk-based approach.

Chapter 2: Requirements for remotely or physically unrepresented clients Article 13: Identification and identity verification of remote clients Subject to compliance with the requirements provided in Articles 5 to 11, the financial institution may, under its responsibility, carry out identification and identity verification of remote or physically unrepresented clients upon entering into a business relationship based on reliable electronic identification schemes and means.

Article 14: Internal organization and control related to remote business relationship entry within financial institutions The policies, procedures, programs, and control measures developed in accordance with Articles 12 to 14 of the Uniform Act on LBC/FT/FP must, where applicable, take into account the remote identification and identity verification devices provided by the financial institution and include, notably:

1. a detailed presentation of electronic identification schemes, fully describing the client's (natural or legal person) journey;
2. a description of measures provided to guarantee the reliability of the remote identification process;
3. an authentication and data retention procedure;
4. an internal compliance policy with regulations on cybersecurity and personal data protection;
5. an internal control system ensuring that the first transaction with a remote client in a business relationship is carried out only after verification of the client's identity and, where applicable, the beneficial owner. The internal LBC/FT/FP structure, established under Article 12 of the Uniform Act on LBC/FT/FP, ensures the development and effective implementation of the policies, procedures, programs, and control measures mentioned in the preceding paragraph.

Article 15: Evaluation of the remote business relationship device The financial institution evaluates the risks associated with its remote business relationship device, taking into account, notably: the BC/FT/FP risk associated with its deployment; the impact of implementing said device on other risks incurred by the financial institution and its clients.

Article 16: Specific provisions for remote identification of legal persons A financial institution wishing to enter into remote business relationships with legal persons is required to include in the policies, procedures, programs, and control measures referred to in Article 14 a typology of legal persons specifying for each category the level of BC/FT/FP risk as well as the degree of human intervention required for authenticating identification information. The financial institution ensures that the technological solution used for remote business relationship entry allows collecting and retaining all information referred to in Articles 7 to 12.

Article 17: Remote verification criteria The financial institution ensures that the technological solution for remote business relationship entry it uses allows comparing the client's physical characteristics with those appearing on the documents provided. When using biometric data for remote verification, the financial institution ensures that these data can be unambiguously associated with the client.

Article 18: Measures to be taken in case of insufficient elements for verification