Tel: 070 985 38 00 | E-mail: info@strathus.se
KYC & Client Verification
KYC & Reporting Obligations – Client Verification at Strathus
When you engage Strathus for tax or legal advice, we are required by law to carry out a KYC process – Know Your Customer, or in Swedish, kundkännedom. This is not a formality we have chosen to add: it is a statutory obligation under the Swedish Anti-Money Laundering Act (penningtvättslagen), which implements the EU’s Anti-Money Laundering Directives and the international recommendations of the Financial Action Task Force (FATF).
All law firms and tax advisers in Sweden are covered by these rules. The purpose is to prevent money laundering and the financing of terrorism by ensuring that professional services are not used for unlawful purposes.
What KYC means in practice
Before we can begin an engagement, we need to:
- Verify your identity – using BankID (Sweden), Freja eID (Sweden/Norway), MitID (Denmark), Bankkoder (Finland/Norway) or iDIN (Netherlands). For clients outside these countries, a valid government-issued identity document is accepted.
- Understand your business, the nature of the matter and the purpose of the engagement.
- Identify the beneficial owner of the company or structure involved, where relevant.
- Carry out a risk assessment and, if necessary, ask follow-up questions.
Where we identify factors that indicate a higher risk level – such as cross-border transactions, complex ownership structures or significant capital movements – we are required by law to carry out enhanced due diligence (EDD). This means a more thorough review before the engagement can proceed.
Reporting obligations
Strathus has a statutory obligation to report suspicions of money laundering or terrorist financing to the Swedish Financial Intelligence Unit (Finanspolisen, FiPo). This obligation applies regardless of client confidentiality and cannot be waived. We are not permitted to inform a client if a report has been filed.
Your data and GDPR
All information collected as part of the KYC process is handled in accordance with the EU General Data Protection Regulation (GDPR) and our privacy policy. KYC data is retained for ten years after the end of the engagement. As a law firm practising in tax law, this reflects the applicable limitation periods under Swedish law.
Why this matters for you as a client
A thorough KYC process protects you as well as us. It ensures that:
- The engagement rests on a documented, legally sound foundation.
- Your matter is handled by a firm that meets its regulatory obligations.
- There is no ambiguity about the scope or parties involved in the engagement.
We aim to make the process straightforward and will explain what we need and why if any step is unclear.
If you have questions about the KYC process or what we will need from you, get in touch before we begin – we are happy to explain what to expect.