How to build a pan-European KYC with Qualified Electronic Signature (QES)

Explore how Qualified Electronic Signatures (QES) enhance KYC compliance and streamline financial services across the European Union.

Link to the author's page
Nicolas Debernardi
May 7, 2024
Link to the author's page
How to build a pan-European KYC with Qualified Electronic Signature (QES)

Across Europe, the regulations for remote service offerings are fragmented. But fintech and financial services organizations need to work seamlessly – providing the same level of service regardless of where their customers live and do business. This is especially true when it comes to Know Your Customer (KYC) procedures, as identity verification steps have a significant impact on the customer experience. 

Fortunately, the increasing use of Qualified Electronic Signature (QES) has proved a powerful tool for integrating services across Europe. And because of European Union-level regulation, QES is passable from one member state to another. 

Let’s take a closer look at how fintechs, banks, and other financial services organizations can benefit from the advantages of the Qualified Electronic Signature and best practices for integrating KYC. 

What is the Qualified Electronic Signature (QES)?

Electronic signature now plays an essential role in modern business – speeding up services, ensuring secure transactions, and enabling global relationships. However, signing documents online requires an increased need for identity verification, which is why industry technologies – and regulations – have evolved. 

The “qualified” in Qualified Electronic Signature offers the highest degree of security compared to standard electronic signatures. It’s legally equal to a handwritten signature. Regulated at the European Union level by the Electronic IDentification and Trust Services (eIDAS No 910/2014), to be qualified, the electronic signature must be validated by at least one of the 27 Member States of the European Union. It’s then referenced on the “EU Trusted List” recognized by all other Member States. These factors make the QES passable throughout Europe. 

For every QES, a qualified electronic certificate is issued. This certificate guarantees the integrity of the signature, also known as the token. With this certificate, financial organizations gain confidence that the signing party, or signatory, is who they claim to be – a critical element of entering a remote relationship. 

A remote identity verification service provider (PVID) must be used to issue a certificate – making identity verification a significant step in the qualified electronic signature process. Effectively, QES consists of two complementary solutions: the electronic signature and certified identity verification. 

Why do financial organizations need to leverage QES?

Fintechs, banks, and other financial service organizations are subject to the rules of the Fight Against Money Laundering and Terrorism (LCB-FT) regulations. And a critical component of complying with LCB-FT is verifying customers’ identities before providing a financial service. This verification process is known as Know Your Customer (KYC) procedure. However, each Member State of the European Union has its own rules for remote KYC. The result is significant regulatory fragmentation and added complexity for organizations attempting to comply. This complexity slows international deployment for European fintech organizations and diminishes customer value. 

Fortunately, because QES is passable from one Member State to another, more nations recognize QES as a means of achieving valid, permanently compliant KYC throughout Europe. 

Are all Qualified Electronic Signature solutions equal?

To review the basics, electronic signature solutions must be validated by a Member State of the European Union. Then, the certificate is referenced on the “EU Trusted List,” which makes it recognizable by all other State members. At the foundation of this passport-ability, each nation needs confidence in the qualifications of its neighbors. 

For several years, no technical standard was available for remote identity verification. This meant EU countries had differing practices and varying values for qualified electronic signatures. This environment led to security dumping, a practice of lowering security standards, often for economic or competitive advantages. However, this is a strategy that rarely wins in the long term. 

To overcome security dumping, and at the request of the European Commission, a new European ETSI standard was published in June 2021 for identity verification when issuing a qualified electronic certificate. Specifically, ETSI requires video in remote identity verification – the closest option to a face-to-face meeting. 

At the same time, the National Cybersecurity Agency of France (ANSSI) published a French standard associated with state certification for remote identity verification providers (PVID). 

These two standards work together to create a standard for electronic signatures. When an electronic signature solution attempts to qualify in France, ANSSI ensures its remote identity verification provider is PVID-certified. So, when a remote identity verification technology obtains its PVID certification, it’s automatically compliant with the ETSI standard. 

Questions to ask before committing to an electronic signature partner

If the identity verification of a QES certificate from a fintech, bank, or financial services organization doesn’t comply with the ETSI standard, your business has significant risks. When looking for the right signature partner, ask yourself these questions to maintain compliance with AML-FT.

  • Is my partner involved in issuing the signature, or is it a simple intermediary? It’s important to know who holds the qualification and your contractual responsibilities. 
  • Which country is my electronic signature partner qualified in?
  • Is the electronic signature partnership with the remote identity verification provider set up for the long term?

Understanding these details about your electronic signature partner is essential for building secure KYC procedures that are stable and dependable for years to come. 

Maximizing your KYC compliance with the right identity verification solution

Checkout.com’s Identity Verification solution was one of the first to receive ANSSI SecurityCertification. And we partner with trusted electronic signature players like Docusign or Yousign to ensure we continually meet the highest security standards.

Working with a certified identification provider puts you in a position to succeed. With a PVID-certified QES, you fully comply with the LCB-FT directives and the ETSI standard. 

We know that security is necessary, and it’s also strategic. This is why we built our three identity verification pillars to enable maximum compliance with your KYC: 

  1. A video KYC for remote identity verification 
  2. An online identity verification based on a hybrid model (AI and identity experts)
  3. Secure KYC, backed by a SecNumCloud-certified cloud

Opting for a certified QES means ensuring that your service provider will be compliant everywhere in Europe – and for the long run. The PVID solution is a critical gateway to European compliance for qualified electronic signatures.

Ready to become build a fully compliant KYC procedure? Contact our sales team today!

*Checkout.com’s Identity Verification solution was originally developed by ubble. To read more about Checkout.com’s acquisition of ubble, read here

Stay up-to-date

Get Checkout.com news in your inbox.

Back to top button
May 7, 2024 16:07
May 7, 2024 16:11