Skip to content
Case studiesPricingSecurityCompareBlog
GlossaryCountry guidesChecklistsROI Calculator

Europe

Americas

Oceania

All guides
🇫🇷

KYC Obligations in France — Complete 2026 Guide

Comprehensive guide to KYC and anti-money laundering obligations in France: ACPR requirements, Tracfin declarations, document verification, and best practices for obligated entities.

Regulators:ACPR, Tracfin, AMF
Key laws:Code monétaire et financier, Ordonnance 2009-104, AMLD6
Last updated 2026-03-28

Regulatory Framework

France has one of the most structured anti-money laundering (AML) frameworks in Europe. The legal foundation rests primarily on the Code monétaire et financier (CMF — Monetary and Financial Code), supplemented by Ordonnance n° 2009-104 of 30 January 2009, which transposed the Third EU Anti-Money Laundering Directive. Since then, each successive directive — from the 4th Directive (AMLD4, transposed in 2017) to the 6th Directive (AMLD6, transposed in 2023) — has strengthened due diligence requirements, expanded the scope of obligated entities, and increased penalties.

The French institutional architecture is built on three pillars. The Autorité de contrôle prudentiel et de résolution (ACPR), backed by the Banque de France, supervises credit institutions, investment firms, insurance companies, and financial intermediaries. It conducts both off-site and on-site inspections and can impose sanctions ranging from formal warnings to prohibition from practice. Tracfin (Traitement du renseignement et action contre les circuits financiers clandestins), France's financial intelligence unit (FIU), receives and analyses suspicious transaction reports (STRs) submitted by obligated entities. The Autorité des marchés financiers (AMF) regulates capital markets and ensures compliance with AML/CFT obligations by asset management companies and investment service providers.

The French framework is characterised by a risk-based approach: obligated entities must carry out a risk classification specific to their business activity, adapt their due diligence measures accordingly, and document the entire process. The ACPR regularly publishes sector-specific guidelines and application principles — notably for banking, insurance, and real estate — that clarify the regulator's expectations.

Who Must Comply

The scope of professionals subject to KYC obligations in France is defined in Articles L.561-2 et seq. of the Monetary and Financial Code. It covers a broad range of professions and activities:

  • Credit institutions and finance companies: commercial banks, online banks, neobanks, specialised credit institutions
  • Investment firms and management companies: investment service providers (PSI), portfolio management companies, financial investment advisors
  • Insurance companies and intermediaries: life insurers, brokers, general agents for contracts involving capitalisation operations
  • Payment institutions and electronic money institutions: fintechs, payment service operators, electronic money issuers
  • Digital asset service providers (PSAN): crypto-asset exchange platforms, custody services
  • Legal and accounting professions: notaries, lawyers (for certain transactions), statutory auditors, chartered accountants
  • Real estate professions: estate agents, property managers, condominium administrators
  • Other professions: high-value goods dealers, casinos, online gaming operators, art dealers for transactions exceeding EUR 10,000

Each category is subject to specific obligations defined by regulatory texts and sector-specific guidelines. The ACPR and professional bodies (Order of Chartered Accountants, Chamber of Notaries, etc.) issue recommendations tailored to each sector.

Customer Due Diligence Requirements

Standard Due Diligence (CDD)

Standard due diligence forms the foundation of KYC obligations in France. Before entering into a business relationship or carrying out an occasional transaction above regulatory thresholds, the obligated entity must:

Identify the customer: collect identity information (surname, first names, date and place of birth, nationality, address) and verify these elements on the basis of a valid official identity document. For natural persons, accepted documents include the carte nationale d'identité (national ID card), passport, residence permit, or driving licence in certain cases. For legal persons, this means an extract from the Trade and Companies Register (Kbis extract) or equivalent, up-to-date articles of association, and identification of directors and legal representatives.

Verify identity: verification must be carried out through reliable and independent means. The ACPR accepts face-to-face verification, remote verification by video conference (under conditions set by the eIDAS regulation and ACPR positions), or verification via a qualified digital identity scheme (France Identité, La Poste digital identity, etc.).

Identify the beneficial owner: any natural person who holds, directly or indirectly, more than 25% of the capital or voting rights of a legal person, or who exercises by any other means a power of control over the management or direction bodies. Information is cross-referenced with the Register of Beneficial Owners (RBE) maintained by the registrars of commercial courts and accessible via the Infogreffe website.

Understand the purpose and nature of the business relationship: understand the customer's economic profile, the source of funds, the purpose of planned transactions, and the expected volume of activity.

Exercise ongoing due diligence: update the information collected throughout the business relationship, monitor transactions carried out, and ensure their consistency with the customer's profile.

Enhanced Due Diligence (EDD)

Enhanced due diligence measures apply when the risk of money laundering or terrorist financing is high. Situations identified by French regulations include:

  • Politically Exposed Persons (PEPs): persons who hold or have held within the last 12 months high-level political, judicial, or administrative functions, as well as direct family members and persons known to be closely associated. Measures include management approval, establishment of the source of wealth and funds, and enhanced ongoing monitoring.
  • Customers residing in high-risk countries: countries on the European Commission's list of high-risk third countries, or identified as such by the FATF. Additional measures are required, which may extend to prohibition of the relationship.
  • Complex, unusual, or abnormally large transactions: any transaction that does not match the customer's profile or presents unusual characteristics must be subject to enhanced review.
  • Remote business relationships: where the customer is not physically present during identification, compensating measures must be implemented (double verification, qualified electronic signature, etc.).
  • Products or services favouring anonymity: anonymous payment instruments, complex legal structures making beneficial owner identification difficult.

Required Documents

French regulations require the collection of specific documents depending on the nature of the customer:

For natural persons:

  • Valid official identity document (national ID card, passport, residence permit)
  • Proof of address less than 3 months old (utility bill, tax notice, rent receipt)
  • Where applicable, proof of professional activity
  • For PEPs: sworn statement, proof of source of wealth

For legal persons:

  • Kbis extract less than 3 months old (or equivalent for associations, foundations, etc.)
  • Up-to-date articles of association certified as true copies
  • Identity document of the legal representative(s)
  • Document attesting to the distribution of share capital and identification of beneficial owners
  • Minutes of appointment of directors
  • Where applicable, power of attorney for agents

For trusts and fiducies:

  • Constituting instrument
  • Identification of the settlor, trustee, beneficiaries, and any person exercising effective control
  • Proof of assets contributed to the trust

Documents must be retained for a period of 5 years after the end of the business relationship or after the execution of the occasional transaction, in accordance with Article L.561-12 of the CMF.

Reporting Obligations

The French reporting system rests on two main mechanisms:

Suspicious transaction report (Déclaration de soupçon): obligated entities must report to Tracfin any sums recorded in their books or transactions involving sums which they know, suspect, or have reasonable grounds to suspect originate from an offence punishable by imprisonment exceeding one year, or which participate in the financing of terrorism. The report must be made via Tracfin's ERMES platform, as soon as possible after detection of the suspicion. In 2024, Tracfin received more than 180,000 suspicious transaction reports, a 12% increase over the previous year.

Systematic reports: certain transactions must be reported regardless of any suspicion. This includes cross-border fund transfers above certain thresholds, cash transactions exceeding EUR 10,000 for manual currency exchangers, and information required by EU regulations on fund transfers.

Tracfin's opposition right: Tracfin may exercise a right of opposition that suspends the execution of a transaction for a period of up to 10 business days, renewable by decision of the president of the tribunal. This mechanism allows suspect funds to be temporarily frozen while analysis is completed.

Systematic information communication (COSI): introduced by the ordinance of 1 December 2016, it allows obligated entities to transmit to Tracfin information relating to transactions presenting a high risk of money laundering, even in the absence of a formalised suspicion.

Penalties for Non-Compliance

The penalty regime in France is particularly dissuasive and covers both administrative and criminal sanctions:

Administrative sanctions (imposed by the ACPR or AMF):

  • Warning or formal reprimand
  • Prohibition from carrying out certain transactions or limitation in the exercise of activity
  • Temporary suspension of officers
  • Total or partial withdrawal of licence or authorisation
  • Financial penalty of up to EUR 100 million or 10% of annual net turnover (whichever is higher), in accordance with provisions transposing AMLD4 and AMLD5

Criminal sanctions:

  • Money laundering is punishable by 5 years' imprisonment and a EUR 375,000 fine (Article 324-1 of the Penal Code), increased to 10 years and EUR 750,000 in aggravating circumstances (organised crime, repeat offence, use of facilities provided by professional activity)
  • Terrorist financing is punishable by 10 years' imprisonment and a EUR 225,000 fine
  • Failure to report is punishable by a EUR 22,500 fine

Disciplinary sanctions: professional bodies (notaries, chartered accountants, lawyers) may impose disciplinary sanctions ranging from a warning to disbarment.

Publication of sanctions: the ACPR and AMF systematically publish their sanction decisions on their websites, creating a major reputational risk for sanctioned entities. In 2024, the ACPR imposed 14 AML/CFT sanctions totalling more than EUR 35 million.

How CheckFile Helps

Given the increasing complexity of KYC obligations in France, CheckFile provides an AI-powered document verification solution that enables obligated entities to comply with regulatory requirements while optimising the customer experience.

The CheckFile platform automates the entire document verification process: data extraction from identity documents (national ID cards, passports, residence permits), authenticity verification through analysis of security features (holograms, watermarks, fonts, MRZ zones), and cross-validation of information with data declared by the customer. CheckFile's AI detects document fraud attempts — forgery, counterfeiting, identity theft — with a detection rate exceeding 99%, significantly reducing the risk of accepting a fraudulent document.

To meet the ACPR's audit requirements, CheckFile automatically generates a complete audit trail for each verification: timestamp, result of each check, confidence score, reasons for rejection where applicable, and secure archival of documents for the regulatory retention period of 5 years. This traceability allows compliance teams to demonstrate the rigour of their framework during on-site and off-site inspections.

CheckFile natively integrates with the onboarding processes of financial institutions, insurers, and regulated professions via its RESTful API. The solution supports more than 6,000 types of identity documents from 200 countries, which is particularly relevant for French institutions operating internationally or serving a foreign clientele. Processing is GDPR-compliant, with data hosted in Europe and automatic pseudonymisation and deletion mechanisms.

FAQ

What documents are required for KYC in France?

For natural persons, obligated entities must collect a valid official identity document (national ID card, passport, or residence permit) and proof of address less than 3 months old. For legal persons, a Kbis extract less than 3 months old, up-to-date articles of association, identity documents of legal representatives, and documents relating to beneficial owner identification are required. All documents must be retained for 5 years after the end of the business relationship, in accordance with Article L.561-12 of the Monetary and Financial Code.

What are the penalties for KYC non-compliance in France?

Penalties are both administrative and criminal. The ACPR can impose financial penalties of up to EUR 100 million or 10% of annual turnover, as well as activity prohibitions or licence withdrawals. Criminally, money laundering carries 5 to 10 years' imprisonment and EUR 375,000 to EUR 750,000 in fines. Sanction decisions are systematically published, exposing entities to considerable reputational risk.

How often must KYC checks be updated in France?

French regulations require ongoing due diligence throughout the business relationship. The frequency of updates depends on the customer's risk level: high-risk customers (PEPs, high-risk countries) must be reviewed at least annually, while standard-risk customers are generally reviewed every 3 to 5 years. Any significant event (change of officer, change in shareholding, unusual transaction) must trigger an immediate KYC file update. The ACPR systematically checks that files are kept up to date during its inspections.

Frequently asked questions

Automate your compliance

CheckFile simplifies document verification compliant with local requirements.