Option A – Video ID
The legal framework for digitised onboarding is set by the Austrian Financial Market Authority (“FMA”) in its Ordinance on Online Identification (“FMA Online Identification Ordinance”). Many banks use third-party providers to comply with the rather strict standards for online identification set out in the FMA Online Identification Ordinance by way of outsourcing. The strict standards comprise, e.g. that the conduct of the identification is done only by educated personnel in a separate room with access control and in live conditions.
Such onboarding is most commonly conducted via videoconference (e.g. IDnow), where an operator verifies the identity of the customers in compliance with the FMA Online Identification Ordinance.
Option B – QES
Alternatively, the customer can submit a declaration signed by QES, provided that in addition:
- regarding legal entities, the registered office is also the seat of the central administration, in respect of which the customer is required to make a written declaration;
- a copy of the official photo identification of the customer or his/her legal representative or, in the case of legal entities, of the body authorised to represent the customer, is presented to the obliged entity before the time of conclusion of the contract, unless the legal transaction is concluded electronically by means of a QES; and
- in the case of customers who have their registered office or place of residence in a third country, the obliged entity has received a written confirmation from another credit institution with which the customer has a permanent business relationship in which that credit institution confirms to the obliged entity that the identity of the customer has been established and verified and that the permanent business relationship is maintained. If the confirming credit institution has its registered office in a third country, this third country must fulfil the requirements pursuant to the 5AMLD. Instead of identification and confirmation by a credit institution, identification and written confirmation by the Austrian representative authority in the third country concerned or by a recognised certification office is also permissible.
Option C – Biometric identification procedures
Alternatively, online identification may also be carried out by means of appropriate biometric identification procedures, provided that this is permissible under Article 9(2)(a) of Regulation (EU) 2016/679.
This option does not require interference of an employee but can be conducted through an automated electronic procedure.
However, only photo IDs whose content has been electronically signed by the issuing authority may be used for biometric identification procedures. This requirement is currently not applied and will enter into force on 1 January 2023.
The biometric identification procedure must
- correspond to the current state of the art (to be updated on an ad hoc basis); and
- achieve a level of security that ensures at least equivalent compliance to online identification by employees.
The obligated party must take appropriate measures to ensure the integrity and security of the procedures used, including ongoing active monitoring measures to immediately detect and eliminate any problems.
The biometric identification procedure shall be documented by the obliged party in a comprehensible manner. The obligated party shall verify the actual participation of the potential customer or his authorised natural person in the online identification by means of suitable security measures, which shall in any case include verification by means of a video recording made during the online identification (presence verification).
Social Media cookies collect information about you sharing information from our website via social media tools, or analytics to understand your browsing between social media tools or our Social Media campaigns and our own websites. We do this to optimise the mix of channels to provide you with our content. Details concerning the tools in use are in our privacy policy.