Body
The know your customer or know your client (KYC) guidelines and regulations for financial services require that professionals try to verify the identity, suitability, and risks involved with maintaining a business relationship.
Legal affairs
National regulatory framework regarding AML and effective date of the regulations
The main piece of legislation regulating AML in Croatia is the AML Act which came into force on 25 April 2019.
National regulator or relevant authority for AML controls
There are several supervisory authorities, including the CNB, the Financial Inspectorate, HANFA, the Tax Administration.
The Anti-Money Laundering Office (Office) is responsible for collecting, analysing, and disseminating AML/CTF data and coordinates and cooperates with the supervisory and other competent authorities in in the AML/CTF matters, such as the State Attorney’s Office, the Ministry of the Interior – the General Police Directorate, the Security-Intelligence Agency, the Ministry of Foreign and European Affairs, the Ministry of Justice and other state bodies.
Customer Due Diligence
Conduct of a typical KYC identification process
According to the Croatian AML Act, KYC measures (i.e. customer due diligence) include, inter alia, the obligation to establish the identity of the party and to verify its identity on the basis of documents, data or information obtained from a credible, reliable and independent source, including, if applicable, a qualified certificate for electronic signature or electronic seal or any other secure, remote or electronic identification process regulated, recognised, approved or accepted by the relevant national authorities.
Therefore, majority of banks and other financial institutions request a face-to-face identification of their clients. The AML Act prescribes a possibility of identification with a video call, but so far, such procedure did not come to life. Moreover, in a process of opening a bank account, some banks may allow representation of the authorised person through a power of attorney (notarised and apostilled). Generally, the KYC/AML procedures of Croatian banks tend to be complex, time-consuming, and cumbersome.
Possibility to meet customer due diligence requirements by relying on third parties who are obliged by law themselves to comply with AML regulations
Yes. The AML Act prescribes a possibility of customer due diligence conducted by third parties. It is important to note that the responsibility for the implementation of the customer due diligence entrusted to a third party remains with the AML obligor.
The AML obligor is permitted to outsource its customer due diligence to third parties only for the following services: (i) establishing and verifying the identity of the customer; (ii) establishing the identity of the actual owner of the customer; and (iii) collecting data on the purpose and intended nature of the customer’s business relationship. However, the obligor is always obliged to implement the measure of constant monitoring of the business relationship independently, and not through a third party.
Possibility to outsource customer due diligence by contract to other third parties who are not obliged by law to meet AML regulations and rely on these (e.g., WebID, IDnow, PostIdent)
No. The AML Act explicitly lists who can be a third party in the process of customer due diligence, limiting third parties to (i) public notary; (ii) FINA; (iii) HP-Hrvatska pošta d.d. (Croatian Post), and certain credit or financial institutions as prescribed by the AML Act, including but not limited to investment fund management companies, pension funds and insurance funds. According to the AML Act, third parties also include mentioned enti