Bulgaria - AML KYC ​Regulations

Document History

Issue Date Version Comments

21.10.2019 1.0 -

Disclaimer​: Neither Shufti Pro nor the authors of this document shall be held responsible, liable or accountable for the contents of
this document. The responsibility to comply with AML - KYC regulations lies with the Client. Achieving full compliance with legal
obligations requires a thorough analysis of the specific situation, organizational requirements, and regulatory practices. The
information provided in this document should be seen as an overview of requirements and measures towards conducting proper
and satisfactory Identity Verification procedures. This document suggests general measures in line with recommendations,
resources, or procedures provided by relevant laws and authorities to support identity verification requirements. The mere
reference to or reliance placed on this document alone does not constitute a warranty of any system nor does it guarantee legal
compliance. It remains the sole responsibility of the Client to comply with its legal obligations.
 Index

Introduction 3

Scope 3

Definitions 3

References 4

Due Diligence Requirements 4

Identity Verification Requirements 4

Compliant CDD Methods 4

Documents Required for Verification 5

Timing of Verification 5

Politically Exposed Persons and EDD Measures 6

Reliance on External Services 6

Record Retention 6

Page 2 of 6 Copyright ​©​ 2020 Shufti Pro

 1. Introduction
The state of Bulgaria introduced its recent ‘Measures Against Money Laundering Act’ or
‘MAMLA’ in the state gazette, issue 27, dated 27 March 2018. Implementing Directive (EU)
2015/849 of the European Parliament and of the Council of 20 May 2015. The new
legislation stresses for the prevention of the use of the financial system for the purposes of
money laundering or terrorist financing.

This new Act transposes the provisions of Directive (EU) 2015/849 of the European
Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial
system for the purposes of money laundering or terrorist financing (the “Directive”) and
repeals the current Measures against Money Laundering Act.

2. Scope
The ‘Bulgarian - AML KYC Regulations’ report may be used as a reference to highlight
information from the Bulgarian ​‘Measures Against Money Laundering Act’-2018 ​or ‘MAMLA’
and the​ ​ ‘​Law For The Bulgarian Identification Documents’.
Under the guidelines from Bulgarian National Bank, Financial Supervision Commission, and
the aforementioned act(s), this document highlights the necessary requirements for AML
and KYC procedures, in particular, Identity Verification required in Bulgaria. These
requirements are approximated from relevant information/laws/directives from the
aforementioned Act.

3. Definitions

● Client​:​ Shufti Pro’s customer is referred to as the Client.

● Customer​:​ The client’s customer whose subject to the KYC - AML checks.

● End-user​: The client’s customer is referred to as end-user but from Shufti Pro’s
perspective.

● Document Verification​: ​The process of verifying the authenticity of a

government-issued identity document.

● Identity Verification​:​ The process of verifying the identity of the client’s customers.

● Proof of Identity​: Any government-issued identity document that can be used to

identify an individual (natural person).

● EDD​: Enhanced Due Diligence (EDD) is a process that executes a greater level of
scrutiny related to the potential business relationships.

Page 3 of 6 Copyright ​©​ 2020 Shufti Pro

 ● Third-Party Diligence​: Outsourcing of the due diligence process to an external
party by the Client who is originally responsible for carrying out due diligence
activities.

● PEP​: Politically Exposed Person (PEP) is a person with a higher risk for potential
involvement in bribery/corruption.

● Due Diligence​: ​Refers to the measures taken to mitigate risk before entering into an
agreement or carrying out a financial transaction with another party.

4. References

● Measures Against Money Laundering Act or ‘MAMLA-2018

● Law For The Bulgarian Identification Documents

5. Due Diligence Requirements

5.1. Identity Verification Requirements
As per the requirements of the Bulgarian regulations, these are the following ID attributes
required for the purpose of identifying a natural person (Individual) from official documents.
● Name;
● Date and Place of Birth;
● Personal Identification Number/ Unique Identification Number of Client;
● Nationality;
● Country of permanent residence;
● Address.

5.2. Compliant CDD Methods

We ​(Shufti Pro) ​may apply one or more of the following measures at the request of the
Client to perform Identity Verification on its behalf. Where an End-user is an individual, who
does not present himself to the Client for verification in physical presence.

5.2.1. Shufti Pro shall perform verification of the ​E​nd-user’s identity on the basis of
documents that are highlighted in 5.3. These documents provide reasonable
reliability to the confirmation of the identity in Bulgaria. Shufti Pro shall ensure
that documents being utilized are photo-based biometric identification
documents that suffice requirements for Identity Verification.

5.2.2. For the purpose of verifying the End-user’s identity, Shufti Pro shall also verify
the documents that are submitted. We utilize our specialized Document

Page 4 of 6 Copyright ​©​ 2020 Shufti Pro

 Verification service to perform checks on the authenticity of the document.
This includes checks on security features such as holograms,
tapered/crumpled edges, doctored elements, form inconsistencies, document
expiration, MRZ, reflected colors and microprinting.

5.3. Documents Required for Verification

The following documents are considered in Bulgaria as Proof of Identity:
Identity Verification
● A valid passport;
● A current Bulgarian driver's license;
● A National ID Card;
● Other Valid Photo ID.
Address Verification
The following documents are considered as proof of address:
● A current utility bill (such as gas, electricity, telephone or mobile phone bill);
(issued no more than three months ago that shows the End-user’s address
and name);
● Bank statement (issued no more than three months ago that shows the
End-user’s address and name);
● A document issued by a government department that shows the End-user’s
address and name.
● A social insurance document (that shows the End-user’s address).

5.4. Timing of Verification

Identity Verification is not limited to a one-time, one instance process. In fact, it is required
in multiple instances as per regulations. The application and choice of when to deploy
Identity Verification procedures depend on your requirements and it’s conveyance to Shufti
Pro.
You are to pursue Identity Verification when you onboard a new Customer. If you are
dealing with transaction data, you should apply Identity Verification as per the monetary
thresholds defined in Bulgarian regulations. In other instances, Identity Verification
becomes more important to employ if you face higher risks from your Customers. A high
risk situation would be any instance where an Individual might represent above normal
exposure of money laundering related threats to you.

Page 5 of 6 Copyright ​©​ 2020 Shufti Pro

 6. Politically Exposed Persons and EDD Measures
As per the Enhanced Due Diligence requirements under ​Bulgarian​’s regulations, you are
required to determine if your Customer is a Politically Exposed Person, holds a public
office, or exhibits a higher risk profile. In order to fulfill your obligations, Shufti Pro provides
you it’s AML ​Screening service. The service screens an individual’s selected ID attributes of
Name and ​DOB against watchlists of global regulatory authorities, foreign and domestic
databases, compromised PEPs and sanctioned individuals.
The service highlights the category of the PEP based on the degree of risks they pose and
also any immediate family member, or a close associate of the PEP.
You may utilize such services as per your requirements. This includes before or after
establishing a relationship with your Customer.

7. Reliance on External Services

In the absence of explicit regulations, clients on their discretion, may seek the services of a
third party for fulfilling AML/KYC obligations. Regardless of reliance on a third party, the
client will remain liable for maintaining regulatory compliance as well as fulfilling AML and
KYC obligations.

8. Record Retention
As per the Bulgarian Act, you are required to retain data for not less than five (5) years.
These are a part of your AML and KYC obligations for due diligence. In the case where this
information is processed, collected and managed by a relevant third-party. You are liable to
collect all such necessary information(Due Diligence Data) from the third party without
undue delay.

Page 6 of 6 Copyright ​©​ 2020 Shufti Pro