BankID is an easy and practical way to identify your customer, and get good data material for conducting a risk based due diligence in connection with a  for example a KYC process. BankID AML will help you with the following:

• Identifying your customer
• Supplying the following data about your customer, to be included in your own business processes:
  • National Identity Number
  • Name
  • Search results to assess whether your customer is a PEP (Politically Exposed Person) og RCA (Relative or Close Associate)
  • Search results to asses whether your customer is on any sanction lists (EU og UN lists)
  • Address from the national registry

The search results are available in both machine readable format (JSON) and PDF report.

Please note that although BankID supports the authentication of the end-user, and supplies data for the due diligence process, the responsibility for making the risk based decision to accept a customer or not lies with the Merchant. The Merchant has to interpret the data that BankID AML provides, in addition to other necessary information and make the decision.

Integration overview

Integration with BankID AML is easy to setup and use. The process consists of three steps.

1) Identify the customer

In order to start a due diligence process the Merchant is obliged by law to identify the customer, either in person (with e g a passport) or electronically. 

The service supports three different variants of this identification process.

Variant 1: Authenticate the customer using BankID OIDC

The BankID authentication service in BankID OIDC is used to identify the customer.

Note that the terms of BankID AML requires the Merchant to retrieve consent from the user to use the National Identity Number to conduct a due diligence process. This consent can be retrieved by having the end user check a required checkbox giving the consent, before starting the authentication. This consent should be stored by the merchant.

Variant 2: Identify the customer through a BankID signature on the Bank Server platform

Merchants on the BankID Server platform will not be able to call the BankID AML resource in conjunction with a BankID authentication, as this is only possible through the OIDC platform.

However a Merchant on the BankID Server platform can still integrate with the BankID AML service by using a document signed with the end users national identity number. The user signs a document on the merchant web site using the BankID Server platform. The resulting "Signed Data Object" (SDO) embeds data on the authenticated end-user, and will be used as a parameter in the request to the AML service.

Variant 3: Manual authentication of the customer

The merchant identifies the customer in person (with e g a passport), and takes note of the customer's national identity number. This is further used as a parameter in the request to the AML service.

2) Data searches

After authenticating the user, the Merchant can request information needed to conduct the due diligence process.

The identification of the customer must be provided to the service in different ways, depending on the identification method used in step one.

The service is separated into two distinct resources

• By requesting the sanction_pep resource, the Merchant will receive search results from PEP/RCA and sanction lists in a JSON format. 
• By requesting the address resource, the Merchant will receive the end users address from the National Registry.

3) Storing the Data / further evaluation

For most use cases, the Merchant should store the data, either to support business processes on their side or to be able to document that the Merchant has fulfilled their obligations with regard to conducting a due diligence process. 

The Merchant should now have supporting material to assess whether an enhanced customer due diligence process is required. This assessment is the Merchants responsibility, and what further steps are necessary should also be decided by the Merchant.

Further reading

See the following sections for further product-level details, including info on each of the said variants of the AML service.