Whitepaper — Navigating Remote Customer Onboarding: Key Insights from EBA Guidance.
A Practical Framework for Compliant, Secure, and Scalable Digital Identity Verification in the EU.

Executive Summary
In October 2023, the European Banking Authority (EBA) introduced a set of formal expectations around how financial institutions across the EU should implement remote customer onboarding. These Remote Customer Onboarding Guidelines aim to standardize how banks and other regulated entities verify identity, manage compliance risks, and adopt technology in the onboarding process. This paper explores the core requirements and outlines a strategic approach for putting them into action.

1. Why These Guidelines Matter
Over the past few years, especially during the COVID-19 pandemic, the financial sector accelerated its shift toward remote interactions. Yet onboarding practices varied widely across jurisdictions, creating legal uncertainty and inconsistent levels of due diligence. The EBA’s remote onboarding guidelines were developed to bring greater consistency, reliability, and regulatory clarity to this process throughout the EU. These rules apply to all EU-based firms subject to anti-money laundering (AML) legislation, and specifically address the use of digital tools and biometric verification during the initial stages of a client relationship.

2. Who Is Affected
The guidelines apply to:

  • Banks and credit institutions
  • Payment and e-money providers
  • Investment firms
  • Insurers and intermediaries (where subject to AML rules)

Scope: These principles apply only to initial identity verification during customer onboarding—where digital or remote methods are used. They do not apply to ongoing monitoring or non-remote onboarding scenarios.

3. Key Principles from the EBA

Internal Policies & Governance

Organizations must establish formal internal rules covering the remote onboarding journey. These rules should define:

  • When and how remote onboarding is permitted
  • Tools used (e.g. facial recognition, document scanning)
  • The division of responsibilities between automated systems and human oversight
  • Measures to detect and address anomalies or fraud risks

A pre-implementation review is required for any new digital solution. Institutions must document how they assess technical reliability, security risks, and data protection concerns.

Identity Verification & Document Validation

  • Remote onboarding must incorporate effective methods to:
  • Capture identity documents clearly and completely
  • Confirm authenticity using features like holograms, MRZ (machine-readable zones), or electronic verification
  • Match facial biometrics or video liveness tests to the ID submitted
  • Identify errors, tampering, or impersonation

If the onboarding process is fully automated, the solution must include sufficient quality and liveness checks to prevent spoofing or image substitution.

Assisted vs. Fully Automated Flows
There is a distinction between:

  • Human-assisted onboarding — where staff interact directly with the customer in real time (e.g., via video call), and
  • Unattended onboarding — which is fully automated and must include robust safeguards

In both cases, institutions need to ensure clear documentation, audit trails, and the ability to escalate any concerns to manual review.

Security & IT Risk Controls
Remote onboarding platforms must be integrated into the institution’s wider cybersecurity and ICT risk management systems. This includes encryption, secure communications, access controls, and ongoing monitoring of tool performance. Firms must regularly test for vulnerabilities and ensure data integrity throughout the onboarding flow.

Outsourcing & Third Parties
When using external service providers, whether for ID verification, document capture, or biometric checks, institutions must:

  • Perform due diligence
  • Maintain oversight and performance checks
  • Ensure third parties comply with the institution’s internal AML and security standards
  • Retain full accountability for the outcomes

Use of eID and Trusted Digital Signatures

Institutions may rely on national electronic ID schemes and trust services (such as eIDAS-compliant digital signatures), but only if they meet minimum assurance standards and are integrated with proper oversight. These services must be carefully evaluated to ensure reliability and consistency with onboarding requirements.

4. Compliance Timeline
The Guidelines became applicable on 2 October 2023, and competent authorities across the EU are expected to supervise firms for compliance. There is no transitional period; firms are expected to align existing onboarding procedures promptly.

5. Business Impacts & Opportunities

Benefits

  • Greater cross-border consistency in onboarding practices
  • Enhanced fraud detection and risk management
  • Increased customer convenience without compromising compliance
  • Enables future integration with advanced tools like AI, eID, and blockchain identity systems.

Challenges

  • Institutions may face technical and operational hurdles in updating legacy systems
  • Requires investment in staff training and policy revision
  • Demands rigorous vendor management and audit controls

6. Implementation Blueprint
Step: Key Actions
Assess: Map current onboarding tools and policies against the EBA’s expectations.
Plan: Identify and prioritize gaps in technology, governance, or risk controls.
Update: Redesign policies; define rules for automated vs human-assisted flows.
Test: Pilot new processes with quality checks, biometric testing, and exception handling.
Train: Upskill teams in fraud detection, technology oversight, and customer due diligence.
Monitor: Set up real-time monitoring, periodic reviews, and feedback loops.

Final Thoughts

The EBA’s guidance reflects a growing need to balance innovation with responsibility. Remote onboarding will continue to evolve, driven by customer expectations and technology, but institutions must ensure that convenience never comes at the cost of due diligence.

These guidelines offer a structured path to build digital journeys that are both secure and scalable, giving firms the confidence to grow their digital presence while staying within regulatory bounds.

Join Us This October!

If you’re navigating the complexities of remote onboarding, regulatory compliance, or digital identity verification, we invite you to join industry leaders at the 8th Annual Digital Client Onboarding Forum 2025.

Date: 22–23 October 2025
Location: Van der Valk Hotel Schiphol, Amsterdam
This year’s forum will provide expert insights and practical strategies on:

  • KYC & AML Best Practices in a remote-first world
  • Digital Identity & Trust Frameworks in the EU
  • Client Onboarding Technologies, from biometrics to automation
  • Balancing Compliance with Customer Experience
  • Digital Transformation and future-proofing your onboarding process
  • Don’t miss this opportunity to network with your peers, hear directly from regulators and financial leaders, and access tools to build secure, compliant, and efficient onboarding journeys.

For group discounts or tailored packages, contact us at +420 216 216 676.