Press release 24 February 2016

Banks' procedures in obtaining customer due diligence data

The Financial Supervisory Authority (FIN-FSA) has been contacted by several customers asking whether banks' procedures in obtaining customer due diligence data have been appropriate. FIN-FSA wants to specify the information that has recently appeared in public in respect of customer due diligence and to present its view on banks' procedures regarding customer due diligence.

Both the Credit Institutions Act and the Act on Preventing and Detecting  Money Laundering and Terrorist Financing require the banks to obtain information for the purposes of customer due diligence. A customer relationship cannot be established and maintained if, according to the bank's own risk-based assessment, there are shortcomings in the customer due diligence data.

However, the bank must also take into account the mandatory provisions laid down in the Payment Services Act for customer protection and the agreement between the bank and the customer when the bank considers procedures for obtaining customer due diligence data. The Payment Services Act provides for the preconditions under which the bank is entitled to block a payment instrument (e.g. a payment card or Internet banking identification codes). The Act also requires that customer agreements stipulate the preconditions for blocking payment instruments.

FIN-FSA states that the mutual application of the above Acts is open to interpretation in some respects and may include a contradiction. Some banks have blocked payment instruments in order to enhance the efficiency of obtaining due diligence data. In FIN-FSA's view, the blocking of a payment instrument is not the proper procedure for fulfilling the requirements of regulation regarding customer due diligence. According to FIN-FSA's interpretation, the Payment Services Act does not enable such blocking.

FIN-FSA notes that customers should also in future respond to banks' necessary enquires concerning customer due diligence data. Whether an individual question is necessary or not is a matter that FIN-FSA will continue to assess together with the Data Protection Ombudsman and the banks. The aim is to have the assessment completed as soon as possible.

FIN-FSA's online services provide further information on customer due diligence and on the prevention of money laundering and terrorist financing.

For further information, please contact:

  • Sanna Atrila, Legal Adviser, tel. +358 10 831 5552 or sanna.atrila(at)
  • Maarit Pihkala, Legal Adviser, tel. +358 10 831 5240 or maarit.pihkala(at)
  • Markku Koponen, Head of Division, tel. +358 10 831 5389 or markku.koponen(at)

A corresponding Finnish-language press release was published on 19 February 2016.