KBC uses personal data to prevent fraud, money laundering and the financing of terrorism & to manage risks​

Banks are required by law to prevent, detect and report abuse of inside information or market manipulation and to report suspicious transactions to the authorities.      

Banks are required by law to deploy all possible means to prevent, detect and/or report instances of money laundering and financing of terrorism to the authorities. This is a matter of public interest.  

To achieve these objectives, KBC must verify AML and sanctions requirements during the onboarding of new customers, and monitor your actions and transactions, for the purpose of which KBC may share your personal data with other banks.  

Specifically, KBC has to:  

• identify you as a customer, representative or ultimate beneficial owner   
• verify your identity   
• determine your profile (in relation to the risk of money laundering), which involves collating various personal and business data, such as whether you’re a politically exposed person.  

KBC must prevent certain transactions and report them to the Financial Intelligence Processing Unit (CTIF - CFI).    

In the context of their obligations under sanctions rules, banks are required to screen customer details against sanctions lists.

KBC has to be in possession of a recent copy of your identity card for this purpose. 

KBC is responsible for appropriately controlling risks (including at group level). This is required by law. It is required to detect, prevent, mitigate and address risks. Examples include credit, insurance, counterparty and market risk, risks concerning information management and statutory compliance, the risk of staff, customer and/or supplier fraud, the risk of unethical behaviour by staff or breaches by them of their duties of care. In addition, KBC can put customers in touch with third-party service providers either directly or indirectly as part of ethical due diligence.

To assess the reliability of these service providers, KBC may subject them to a screening on the basis of a legal requirement. For this purpose, KBC processes both company data and personal data of the company’s legal representative(s) and/or UBO(s) This risk management has to be ensured at both central level (gathering data on customers and groups of customers) and local level (e.g., by disseminating risk alerts). All manner of other types of risk profile are also determined in this context.    

KBC conducts in-depth data analyses to comply with its legitimate interest to identify key risks, such as fraud, cyber and credit risk. This includes:   

• Developing and conducting or creating studies, models – including those based on AI – and statistics for various non-commercial purposes  
• Detecting risk signals in internal or external sources. These could indicate, for example, that you are in arrears with the repayment of a credit or that you are involved in a fraud case or a money laundering case. A risk signal may have considerable consequences, for example that KBC won’t give you credit, or refuses or phases out the customer relationship with you  
• Preventing fiscal fraud    
• Guaranteeing the safety of persons and goods    
• Combating fraud and detecting cyber risks For example, every time you add a KBC debit card in the Payconiq by Bancontact app, Bancontact Payconiq Company sends data such as the card number and IP address to KBC through a secure channel, which KBC can then analyse further