Identification at financial enterprises
If you are joining a bank as a customer, or another financial enterprise or service provider, such as a credit card company, insurer or tax consultant, they must check your identity document. Sometimes, you also have to identify yourself again if you are already a customer (re-identification). The financial enterprise or service provider may also ask you to send a photo (selfie) or video of yourself if the (re)identification is done remotely.
Quick answers
Is my bank allowed to make or ask for a copy ID?
Yes, this is allowed. When you become a customer, your bank has to check your identification document (ID) to verify whether you really are who you say you are (identification). And sometimes, this has to be done again if you are already a customer (re-identification). When doing so, your bank is allowed to make a copy ID or ask you to prove that your identity has been checked.
Read the detailed explanation: Identification at your bank
Is my bank allowed to ask for a photo or video of me?
Yes, this is allowed. Does the bank check your identity remotely? For example, because you become a customer with an online bank? Then, in addition to a copy ID, the bank is allowed to ask for a photo of your face ("selfie") or a video of yourself. The bank can use this to ascertain that your ID belongs to you.
Read more: Foto or video for identification purposes
Why do I have to provide my bank with proof of identity again if I am a customer already?
Your bank is allowed to ask you to provide proof of your identity again. Even if you have already done this on an earlier occasion. Financial enterprises such as banks must ensure that their customer administration is correct. If this is not the case, they are unable to meet their various statutory requirements.
In addition, the privacy law GDPR says that organisations must ensure that the personal data they process are correct and that they update the data if necessary.
Read more: Identification at financial enterprises
Is a company allowed to check my identity on behalf of my bank?
Yes, this is allowed. Your bank may choose to have (re-)identification performed by another company. For example, with an app through which you can send a copy ID and a photo or video. Or a company that visits you to make a copy of your ID.
In that case, that company is a processor. The bank has to make proper arrangements with this processor about how to handle the personal data of the customers. For example, about the security of these data.
Read more: Identification at financial enterprises
On this page
ID check for identification
The financial enterprise or service provider (hereinafter we call this: financial enterprise) is obliged to check your identity document (ID). This is stated in the Money Laundering and Terrorist Financing (Prevention) Act (Dutch: Wwft). Such a check is called a customer due diligence.
The financial enterprise checks your ID to see if you really are who you say you are. This is also in your interest, because for example, that way no one else can open an account in your name.
Type of ID for customer due diligence
Your ID for customer due diligence may be your passport, identity card or driving licence unless the financial enterprise specifically asks for a passport or identity card. In that case, it cannot be your driving licence. The financial enterprise is free to determine this for itself.
Copy of ID for identification
During the customer due diligence, the financial enterprise must record a number of details about you. The Wwft says that this is permitted by making or asking for a copy, scan or photo (hereinafter: a 'copy') of your ID. The financial enterprise can use this copy to prove that your identity has been verified. And in the event of suspicious transactions, immediately pass on customer data to investigative services.
No writing and no watermark
The financial enterprise is allowed to ask for a 'clean' (unedited) copy of your ID. This means that:
- you cannot write on the copy;
- you are not allowed to render any data illegible on the copy, such as your passport photo or citizen service number;
- you cannot place a watermark on the copy.
The financial enterprise or service provider can check the authenticity of your ID only with an unedited copy. And thus check your identity. This is due to the equipment that financial enterprises use for this.
If the copy bears a watermark, for example, it is not always possible to ascertain the authenticity of the ID. In that case, the financial enterprise or service provider cannot comply with the statutory obligation. That is why the financial enterprise or service provider may request an unedited copy from you.
Does the financial enterprise have equipment that can check the authenticity of your ID even if the copy has been edited? Then the financial enterprise may not request or make an unedited copy.
Citizen service number on copy of ID
You are not allowed to black out your citizen service number (Dutch: BSN) on the copy of your ID. It has to be an unedited copy, as explained before. Unless the financial enterprise can also check the authenticity of your ID with an edited copy. Then you may black out your citizen service number.
Note: Sometimes a financial enterprise needs your citizen service number for something else. For example, for passing on information to the Tax Authorities. The financial enterprise may then request and store your citizen service number for this purpose.
Photo or video for identification
To be able to ascertain that your ID belongs to you, a financial enterprise is allowed to request a photo of your face (selfie) or a video of you. This enables them to check your identity remotely.
The financial enterprise can also engage another company for this. For example, a company that offers an app that allows you to send a copy ID and a photo or video.
If you do not want to send a photo or video, ask if you can visit the financial enterprise. The person who checks your identity document can then see on site if the person in the photo in your ID is you.
Note: The financial enterprise is not obliged to give you the opportunity to visit. So if that option is not available, you must still send a photo or video. Or you choose to become a customer of another financial enterprise.
Identifying yourself again (re-identification)
A financial enterprise may ask you to identify yourself again, even if you have already done so before. This is also called re-identification.
Financial enterprises have to ensure that their customer administration is correct. If not, they are unable to meet the various statutory obligations imposed on them.
In addition, the privacy law GDPR says that organisations have to ensure that the personal data they process are correct and that they update the data if necessary.
Copy of ID for re-identification
The financial enterprise is allowed to make or ask for a copy of your ID if you have to identify yourself again. They are also allowed to ask you for an unedited copy.
Photo or video for re-identification
The financial enterprise is allowed to request a photo of your face (selfie) or a video of you if you have to identify yourself again.
Biometric data
Photos or videos of you may be biometric personal data. This depends on what exactly the financial enterprise does with your photo or video. Do these 3 points apply? Then these are biometric personal data.
Processing of biometric personal data is prohibited, unless an exception applies. One of the exceptions stated in the GDPR Implementation Act is that organisations are allowed to process biometric data if processing is necessary for purposes of authentication or security.
There will only be a necessity if it concerns a substantial public interest. This is the case with customer identification, because it helps fight serious organised crime. Checking the identity of customers falls under authentication. That is why processing of biometric data is permitted in this case.
(Re)identification by another organisation
A financial enterprise can also choose to outsource (re-)identification of customers to a different organisation. Such an organisation can, for example, offer an app for (re)identification, or offer you the opportunity to choose a time and location at which an employee of the organisation will visit you for (re)identification.
In that case, that other organisation is a processor. The financial enterprise or service provider has to make sound agreements with this processor about how it handles the personal data of the customers. For example, about the security of these data.
Copy of ID by tax consultant
Have you used the services of a tax consultant? Under the Wwft, your tax consultant is also obliged to ask for or make a copy of your ID and to retain that copy for as long as you are a customer and for a period of 5 years after that. Your tax consultant is allowed to ask you for an unedited copy.
Exception: advice on legal proceedings
There is 1 exception: if your tax consultant only gives you exploratory advice about legal proceedings, such as advice on initiating or avoiding a court case. And if it is only an exploratory consultation, without discussing your financial situation, your tax consultant does not have to ascertain your identity. And therefore not ask for or make a copy of your ID either.
Other types of advice
If other types of advice are provided, your tax consultant will be obliged to establish your identity and ask for or make a copy of your ID. For example, if your tax consultant:
- gives you advice on tax matters;
- gives you advice on or assists you in buying or selling property subject to registration, such as a house;
- gives you advice on or assists you in managing a company;
- keeps money, coins, gold, precious stones or other items of value for you.
Copy of ID by life insurer
If your life insurer pays out a single premium policy or annuity policy to you, the insurer is by virtue of Wwft obliged to ascertain your identity. Your life ensurer is therefore allowed to ask you for an unedited copy.
Normally, a financial enterprise must conduct customer due diligence if someone wants to become a customer. A life insurer is an exception to this rule. Even after someone has become a customer, a life insurer is allowed to identify the beneficiary (the person who receives the payment) of a life insurance policy. This is done at the time of payment.
Protection of copy of ID
Organisations that process copies of identity documents have to meet additional security requirements. The financial enterprise must therefore ensure that the copy of your ID is properly protected.
Securely sending copy of ID digitally
If the financial enterprise asks you to provide a copy of your ID digitally, they must ensure this can be done securely. For example, through the online environment of the financial enterprise.
Note: Sending it by email is not safe enough.
Securely retaining copy of ID
The financial enterprise must keep the copy of your ID secure. They can do so by:
- blacking out certain data on the copy;
- adding a watermark to the copy.
Retention of copy of ID
The financial enterprise has to retain the copy of your ID for a period of 5 years after the time you stopped being a customer. It must then destroy the copy.