New BaFin AuA 2025: What obliged entities now need to know and implement

March 20, 2025

On February 1, 2025, the new Interpretive and Application Guidelines (AuA) for the Money Laundering Act issued by BaFin entered into force. These changes affect obligated companies and institutions involved in combating money laundering and terrorist financing. The new regulations provide greater clarity and standardization, but also entail increased implementation effort.

In this article, we summarize the most important changes, explain their impact on practice, and provide guidance on how those obligated can best prepare for them.

More detailed risk analysis: More sources of information are needed.

Risk analysis remains the central element of anti-money laundering risk management. However, the requirements for identifying and assessing risks are being significantly increased.

Obligated parties must continue to draw on a broader information base. This includes, among other things:

  • National and supranational risk analyses,
  • Fatf-Standards and recommendations,
  • EBA guidelines on risk factors,
  • FIU typology papers,
  • New: Findings from media analyses and suspected case reports.

One special feature is the Adverse Media ScreeningObligated entities should check for negative media reports about their customers – BaFin already recommended this at the beginning of 2024. However, the new due diligence requirements do not impose a formal obligation to do so.

These changes mean a more intensive data research and documentationto meet the requirements.

Money laundering and terrorist financing risks must be assessed separately. The reason for this is that... Terrorist financing Often legal means are used, whereas in money laundering, the origin of the funds is crucial.

Determining beneficial owners: New clarifications

Politically Exposed Persons (PEPs) They are subject to increased due diligence obligations. The new BaFin guidelines specify that obliged entities must ensure that PEP checks are always based on up-to-date lists.

The responsibility for the quality and timeliness of the data used lies directly with the obliged entities. While there is no explicit obligation to use commercial PEP databases, their use is considered an indicator of proper compliance with regulatory requirements.

The demands on service provider management and monitoring are increasing, which closer cooperation with providers of compliance tools This is necessary. With KYCnow, you're on the safe side when it comes to PeP verification. We'd be happy to provide you with information about our data sources.

Shorter update periods for KYC data

One of the most significant changes concerns the deadlines for data updates:

  • Customers with enhanced due diligence obligations: Update at least every 1 year (previously 2 years).
  • Customers with general due diligence obligations: Update at least every 5 years (previously 10 years).
  • Simplified due diligence: No fixed deadline, but a risk-based assessment is required.

This change represents a significant This results in increased operational costs, especially for companies with many existing customers. A process automation strategy can provide a solution.

Even though the BaFin Due Diligence Regulations have been in effect since February 01, 2025, those subject to the new due diligence obligations still have some time to implement them. These regulations will only apply from July 10, 2027.

Documentation and reporting requirements are being tightened.

BaFin reiterates that detailed documentation is essential. Extracts from the commercial register and company lists must not only be up-to-date but also verified to ensure that the information is accurate and reliable.

Obligated parties must demonstrate that they have been in contact with their contractual partners and have validated the information received. Incomplete or incomplete documentation can lead to significant sanctions during an audit, which is why structured and traceable recording of all relevant data is essential.

Automation as the key to efficiency

Given the increasing demands, technology will play a crucial role. Perpetual KYC, or continuous data updates, can help minimize manual processes and make them more efficient.

With our KYC monitoring We are already one step ahead here and offer continuous monitoring of KYC data – both in our KYCnow platform and as direct integration into your systems.

The increased use of artificial intelligence and automation also facilitates the analysis of adverse media screenings by reducing false positives. To efficiently meet regulatory requirements and manage the increasing workload, companies should increasingly rely on digital solutions and modernize their compliance processes accordingly.

Conclusion & Recommendations

The new BaFin AuA bring both This brings greater clarity but also increased implementation effort. Obligated parties should prepare for the new requirements early on.

  • Adapt internal processesThe requirements for risk analysis, PEP screening and identification of beneficial owners should be reviewed and optimized.
  • Use digital toolsAutomation can significantly reduce the additional effort in the areas of adverse media screening, KYC updates and documentation obligations.
  • Training of employeesCompliance teams should be prepared for the new regulations and receive ongoing training.

The The full recording of the webinar is available on the SCHUFA Campus available and offers further insights as well as practical tips on implementing the new requirements.

Are you interested in an automated, digital KYC solution that meets the requirements of BaFin? Then Book your free introductory meeting here now. We look forward to speaking with you.

Sources

BaFin AuA 
https://www.bafin.de/SharedDocs/Downloads/DE/Auslegungsentscheidung/dl_ae_auas_2025_gw.html

Roczniewski