Document Beats Database – Why Compliance Needs Evidence

The collection of data for identification and determining the beneficial owner (UBO) is a key component of anti-money laundering (AML) measures. However, while some companies continue to rely solely on transparency registers and databases, the German Money Laundering Act (GwG) and the financial regulator BaFin have made it clear in their latest interpretation: These methods alone are not sufficient.

Current Regulatory Developments: The Money Laundering Act and BaFin Guidelines

According to Section 12 (2) of the German Money Laundering Act (GwG), all relevant data must be verified against an official register. This means that companies cannot rely on credit agencies or the transparency register alone.

BaFin's latest interpretation (November 2024) further details in Chapter 5.2.3.2 that data collection must come directly from the contracting party or from official sources such as the commercial register or shareholder lists. It explicitly states:

"Data collection solely through publicly accessible sources, credit agencies, or the transparency register does not meet legal requirements."

This clarification is significant, as many providers rely entirely on databases or credit agencies without cross-checking with primary sources such as the commercial register or shareholder lists.

Why Register Documents Are Essential

Companies must understand that correct and legally compliant identification of beneficial owners must always be based on primary register documents. Even if the initial identification is done through a database and the required documents are downloaded afterward, it does not create a reliable picture.

Databases do not guarantee up-to-date information at all times. To ensure no discrepancies exist between a database and subsequently downloaded documents, an analyst must manually compare the information—an error-prone and tedious task.

When Does Simplified Due Diligence Apply?

Simplified due diligence is governed by Section 14 of the GwG and the criteria outlined in Annex 1. It can only be applied if multiple factors are met. Additionally, a risk assessment system must clearly define when a simplification is permissible. This ensures transparency and guarantees that simplified due diligence is only used in appropriate cases.

A practical example of simplified due diligence is the Know Your Customer (KYC) check for a public institution, such as the City of Hamburg. Similarly, a church opening an account at a savings bank (Sparkasse) may qualify under these simplified requirements. In both cases, the risk of money laundering or other illegal activities is lower, justifying the relaxation of due diligence requirements.

However, every decision must be based on a thorough risk assessment rather than applied as a blanket rule. Even under simplified due diligence, companies should always use register documents instead of databases. This is because a customer’s risk profile can change at any time.

A client initially classified as low-risk may later fall into the medium-risk category. If register documents are only obtained at a later stage, this can cause additional effort and delays. Using official register documents from the beginning helps avoid such rework and ensures compliance requirements are met efficiently.

Challenges Without Register Documents

• Manual Verification is Still Required – Companies must always cross-check transparency register data with primary sources, increasing the workload.
• Lack of Evidence – Database-only solutions do not provide reliable primary data, which can lead to compliance violations and high penalties.
• Higher Risk of Misjudgment – Without a verified primary data source, the identification of companies and beneficial owners remains uncertain.

Automation as a Solution

Identifying beneficial owners can be a challenge—but it doesn’t have to be. With modern Natural Language Processing (NLP) and AI technologies, Sinpex automates this process efficiently and with evidence-based verification.

Benefits of the Sinpex Solution:

• Primary Data-Based Automation – Direct analysis of commercial register and shareholder lists.
• Real-Time Data – Primary documents are retrieved directly from registers, ensuring up-to-date information for the KYB (Know Your Business) process.
• Maximum Efficiency – Significant reduction in manual effort through automated extraction and verification of shareholder information. Extracted data is automatically compared with self-declared information, allowing discrepancies to be detected immediately.
• Standardized Shareholder Calculation – Preconfigured logic compliant with BaFin requirements.
• Regulatory Compliance – Fully meets the latest requirements of BaFin and the GwG.

Without an automated, evidence-based analysis, the identification process remains inefficient and error-prone. Companies that continue to rely on transparency register data or external credit agencies risk failing to meet legal requirements.

Conclusion: Only Those Who Rely on Register Documents Remain Compliant

BaFin’s guidelines make it unmistakably clear: A complete and accurate identification of beneficial owners is only possible through primary sources such as the commercial register. Companies that continue to rely on secondary sources expose themselves to significant risks.

With Sinpex, the KYB process becomes efficient, secure, and fully compliant. Companies should not wait until regulatory sanctions force them to rethink their approach—now is the time to implement the right technology.

‍