Sign a KYC file / online account opening
Account opening and Know Your Customer (KYC) file between a regulated entity (bank, insurer, fintech, payment institution, broker) and its client, electronically signed with strong identification. Compliant with AML/CFT due diligence obligations under articles L561-5 and L561-6 of the French Monetary and Financial Code, timestamped consent collection, compliant archiving included.
- Legal framework
- Art. L561-5/6 CMF · AML/CFT
- Signature level
- eIDAS AES recommended
- Legal archiving
- 5 years after the relationship
What is account opening and KYC?
Account opening is the process by which a regulated entity subject to AML/CFT (bank, insurer, fintech, payment institution, broker) establishes a business relationship with a new client. Article L561-5 of the French Monetary and Financial Code requires, before any account opening, to identify the client and verify their identity upon presentation of a written probative document. Article L561-6 then requires ongoing due diligence throughout the duration of the business relationship, with collection and updating of information on the purpose and nature of the business relationship. KYC (Know Your Customer) encompasses these due diligence measures: identity, beneficial owner, source of funds, risk profile. Advanced electronic signature + SMS OTP enables collection of client consent and precise timestamping of each step, while satisfying strong client authentication (SCA) under PSD2.
Why digitize account opening?
Compliant strong identification
Article L561-5 requires verification of identity on a probative document. Certyneo combines identity document upload, verification, and authentication via dual-channel SMS OTP — compatible with strong client authentication (SCA) under PSD2.
Timestamped consent collection
Each document in the KYC file (customer due diligence form, beneficial ownership declaration, data processing consent) is signed with a qualified timestamp that proves the exact date of collection — enforceable in ACPR audit or in support of a TRACFIN declaration.
Traced ongoing due diligence
Article L561-6 requires ongoing due diligence and file updates. Certyneo retains each signed version with its audit trail, enabling you to demonstrate regular updates to customer knowledge throughout the business relationship.
Audit trail enforceable against ACPR / TRACFIN
Each file is delivered with a proof PDF: identity verified by SMS OTP, qualified timestamp, SHA-256 hash, IP address. Enforceable in case of ACPR audit of the AML-CFT system, and usable to support a suspicious activity report to TRACFIN.
4-step procedure
From document collection to compliant archiving, in less than 5 minutes.
1. Constitute the KYC file
Gather the customer due diligence form, the client''s identity document (or the manager''s and beneficial owner''s for a legal entity), proof of address, and declaration of source of funds.
2. Add the client as signatory
The client (natural person) or legal representative (legal entity) receives a personalized secure link by email. Identity is verified by SMS OTP on a confirmed phone number.
3. Choose the eIDAS level
Advanced signature (AES) recommended to satisfy strong authentication under PSD2 and provide the presumption of reliability under Article 1367 of the Civil Code: unique certificate per signatory, qualified timestamp compliant with Article 26 of the eIDAS Regulation.
4. Sign and archive
The client signs the relationship initiation file from their phone or computer. The finalized file + proof PDF are archived and remain accessible for any ACPR audit or ongoing due diligence update.
Frequently asked questions
- Can the relationship initiation file be signed electronically?
- Yes, without restriction. AML-CFT due diligence obligations (Articles L561-5 and L561-6 of the Monetary and Financial Code) do not require paper form. Certyneo''s advanced signature (AES), with strong identification by SMS OTP, satisfies both the identity verification requirement and strong customer authentication (SCA) under PSD2.
- What documents make up a KYC file?
- Valid identity document, proof of address, customer knowledge form (activity, purpose of relationship, origin of funds), and for a legal entity: Kbis less than 3 months old, bylaws, beneficial owner declaration (UBO register). Certyneo enables uploading and electronic signature of all documents.
- Does electronic signature satisfy the identity verification obligation under Article L561-5?
- Article L561-5 requires verifying the customer''s identity by presenting a reliable written document. Electronic signature does not replace this documentary verification, but complements it: it timestamps the collection of documents, authenticates the customer by SMS OTP, and seals the file with an enforceable audit trail. This is the foundation of a compliant remote onboarding process.
- Which signature level to choose: SES, AES or QES?
- For a customer onboarding file, advanced signature (AES) is recommended: it provides the presumption of reliability under Article 1367 of the Civil Code and satisfies strong customer authentication under DSP2. QES may be required for business relationships presenting high money laundering risk.
- How long must the KYC file be kept?
- 5 years from the end of the business relationship (Art. L561-12 of the Monetary and Financial Code). Certyneo automatically archives the signed file plus its eIDAS audit trail, accessible at a click for any ACPR inspection.
- Is remote onboarding authorized by AML/CFT regulations?
- Yes. Remote onboarding is permitted provided that supplementary due diligence measures are implemented (Art. L561-10 of the Monetary and Financial Code and associated regulatory provisions): for example an additional supporting document, a first transaction from an account opened in the customer''s name, or use of an electronic identification means. Certyneo records these measures with qualified timestamping.
- How to prove the ongoing due diligence required by Article L561-6?
- Article L561-6 requires updating customer knowledge throughout the entire relationship. Certyneo retains each signed version of the file with its audit trail, enabling demonstration to ACPR of the dates and content of each due diligence update.
- Is the electronically signed file enforceable in ACPR inspection?
- Yes. The Certyneo audit trail (identity verified by OTP, qualified timestamping, SHA-256 hash) documents each AML/CFT measure. It is exportable as a certified PDF and enforceable against ACPR to demonstrate compliance of the onboarding process, as well as in legal proceedings if disputes arise.
Also read
Digitalize your next customer onboarding
Permanent free plan (5 envelopes / month), no credit card required. AML/CFT and eIDAS compliant. Strong authentication, audit trail and archiving included.