Róisín Shortall (Dublin North West, Social Democrats)
Link to this: Individually | In context | Oireachtas source

56. To ask the Minister for Finance the form of identification that may be legally requested by banks and credit unions when dealing with customers at public counters who wish to carry out a transaction on their accounts; and if he will make a statement on the matter. [47502/18]

Paschal Donohoe (Dublin Central, Fine Gael)
Link to this: Individually | In context | Oireachtas source

In the area of financial services legislation, section 33 of the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, as amended (“the Act”), sets out obligations in relation to the identification and verification of customers and beneficial owners. Section 33(2) sets out the following measures that shall be applied by designated persons (which include banks and credit unions):

“(a) identifying the customer, and verifying the customer's identity on the basis of documents (whether or not in electronic form), or information, that the designated person has reasonable grounds to believe can be relied upon to confirm the identity of the customer, including -

(i) documents from a government source (whether or not a State government source), or (ii) any prescribed class of documents, or any prescribed combination of classes of documents;”.

It is important to note that the Act is not prescriptive as to what documentation and information a designated person must obtain, or the methods by which such documentation and information should be gathered, in order to comply with its customer due diligence obligations. A designated person may apply the measures that it deems appropriate in accordance with the designated person’s own risk based approach; however, the designated person must ensure that the measures applied adhere to the legislative requirements under the Act. The Act also requires designated persons to keep such documents or information used for the purpose of identification and verification up to date.

In relation to applications for credit, the Credit Reporting Act 2013 requires credit information providers (which also includes banks and credit unions) to verify the identity of credit information subjects for the purposes of accurately accessing the central credit register. The information which may be legally requested for this purpose is set out in regulations under that Act (attached: ) and it includes documentation which will verify the person's name and date of birth, address and PPSN.

More generally, the provisions of data protection legislation, including the GDPR, will apply and banks and other financial institutions like all other relevant data controllers will also have to comply with these provisions.