When a customer in Germany wants to open a bank account from their living room, the bank cannot just take their word for it. Someone has to look them in the eye, check their ID, and confirm they are who they say they are. For years, VideoIdent has been the technology that makes this possible at a distance.
But what exactly does the German regulator, BaFin, require? And with new rules on the horizon, what do banks need to do right now to stay compliant?
This guide breaks it all down in plain language.
What Is VideoIdent?
VideoIdent is a live video call between a trained bank agent and a customer. During the call, the agent checks the customer’s identity document in real time, runs them through a series of security checks, and records the session for compliance purposes.
Before 2015, German banks had no legal way to verify a new customer entirely online. Every new account required either a face-to-face meeting in a branch or a PostIdent process at a post office. This was a real obstacle for digital banking. So BaFin stepped in and created rules that made live video ident legally acceptable as a substitute for in-person checks.
This is different from simply uploading a photo of your passport. The live element matters. A trained human agent must be present, watching in real time, making active judgments. That is the core of what separates VideoIdent from automated alternatives.
For banks looking to move more of their customer journey online, video banking solutions now make it possible to replicate almost the entire branch experience remotely, with compliance built in from the start.
The Legal Foundation: BaFin Circular 3/2017 (GW)
The rulebook that governs VideoIdent for banks today is BaFin Circular 3/2017 (GW), issued on 10 April 2017. It replaced an earlier 2014 guidance letter and set out detailed technical and procedural requirements for video identification under Germany’s Anti-Money Laundering Act (the Geldwäschegesetz, or GwG).
The circular applies to all entities supervised by BaFin. This includes banks, insurance companies, payment service providers, and other financial institutions. Non-financial businesses have generally followed the same guidance as a practical standard, though their legal footing has been less certain.
Here is what the circular requires, broken into the areas that matter most.
What BaFin Requires for a Compliant VideoIdent Session
1. A Trained Human Agent Must Conduct the Session
The most fundamental requirement is that a real, trained person must carry out the identification. VideoIdent is not an automated process. The agent must be specifically trained to detect fraud, spot manipulated documents, and conduct the session according to the defined process. The bank can handle this in-house or outsource it to a third-party provider, but in either case the outsourcing arrangement must be formalised in a written contract and the provider’s reliability must be verified.
2. The Session Must Be Live and Uninterrupted
The video connection must be live at all times during verification. Recording a customer’s session and reviewing it later is not acceptable. The agent must be watching in real time, responding in real time, and making their verification judgment in real time. Any interruption that breaks the connection means the session must restart.
This real-time requirement is one of the reasons VideoIdent has a reputation for friction. If the connection drops or the camera quality is poor, the process fails.
3. Document Verification Is Multi-Step
The agent must carry out several document checks during the call:
- Visual inspection of the document face. The agent checks the photo, personal data fields, and the overall layout against known authentic documents.
- Machine-readable zone (MRZ) or chip data. The customer must hold the document up so the agent can read the machine-readable zone at the bottom of a passport or identity card.
- Security feature check. The agent asks the customer to tilt and move the document under the light to reveal holograms, colour-shifting ink, and other security features that cannot easily be faked on camera.
- Random digit sequence. The customer must write a sequence of random digits (provided by the agent) on a piece of paper and hold it up to the camera. This is an anti-fraud measure to confirm the video is not pre-recorded or manipulated.
4. Technical Requirements for the Video Connection
BaFin sets minimum standards for the quality of the video call itself. The connection must allow the agent to clearly see the customer’s face and the identity document, including fine detail on security features. Audio must be clear enough to conduct a proper conversation. The system must be able to detect and handle technical failures.
Banks must ensure their VideoIdent platform meets these standards. A system that produces blurry video or drops frames at critical moments creates both a compliance risk and a customer experience problem.
5. Data Retention
The entire session must be recorded and stored. Banks must keep records of the verification in a way that allows the process to be reconstructed and audited later. This aligns with broader AML record-keeping obligations under the GwG, which typically require records to be kept for at least five years.
What Documents Are Accepted?
BaFin’s circular specifies which identity documents are acceptable for VideoIdent verification. Generally, these include:
- German national identity cards (Personalausweis)
- Passports (German and foreign)
- Residence permits with biometric features
The document must be valid and must contain the biometric features (such as a chip or machine-readable zone) that allow the agent to carry out the required checks. Expired documents are not acceptable.
The Compliance Challenge: Why Getting This Right Is Hard
The requirements above sound logical on paper. In practice, meeting all of them consistently at scale is genuinely difficult.
Training agents to the required standard takes time and ongoing investment. Keeping them up to date on the latest document formats and fraud techniques is a continuous process. The video technology must work reliably for customers using a wide range of devices and internet connections. And the whole session must be recorded, stored, and retrievable for audit purposes.
Banks that treat VideoIdent as an afterthought often find themselves with compliance gaps. The most common problems are:
- Agents who miss security feature checks because they were not properly trained
- Sessions that are not recorded correctly
- Platforms that do not meet the technical quality standards
- Poor customer experience that drives abandonment before the check is complete
For credit institutions, getting credit and lending verification processes right is especially important, as the AML obligations at onboarding flow through to the products being sold.
Penalties for Non-Compliance
BaFin takes AML compliance seriously and has shown it is willing to impose significant fines. In 2024, for example, BaFin fined Solaris SE €6.5 million for delayed suspicious activity reports related to money laundering. A VideoIdent process that does not meet the required standards is an AML risk, not just a technical one.
Banks should treat their VideoIdent procedures as a core part of their compliance programme, subject to regular internal audit and review.
What Is Changing: The GwVideoIdentV Draft Regulation
The current framework has a legal quirk worth understanding. BaFin’s Circular 3/2017 is a regulatory circular, not a statute. The German Anti-Money Laundering Act has always envisaged that video identification would eventually be regulated by a formal ordinance issued by the Federal Ministry of Finance (BMF). That ordinance has been a long time coming.
In April 2024, the BMF finally published a draft regulation: the Geldwäschevideoidentifizierungsverordnung (GwVideoIdentV), which translates as the Anti-Money Laundering Video Identification Ordinance. The consultation period for the draft closed in June 2025, with final guidance expected around October 2025.
The key things banks need to know about the draft:
Most of the existing requirements are carried over. The draft is largely based on Circular 3/2017. The core requirements for trained agents, real-time sessions, document checks, and technical standards remain.
The real-time requirement is explicitly confirmed. The draft makes clear that verification by reviewing a recording is not permitted. The session must be conducted live.
The regulation will extend to non-financial businesses. One significant change is that the ordinance will apply to all AML-obliged entities, not just financial institutions. This brings legal clarity to sectors that have previously operated under the assumption that the BaFin circular applied to them by analogy.
An eID alternative requirement may be added. The draft includes a provision that obliged entities must also offer an electronic identity card (eID) verification alternative alongside VideoIdent. This has been viewed with some concern by industry, as it adds implementation complexity.
The “bridge technology” framing. In a 2024 draft resolution, the German Ministry of Finance and BaFin referred to VideoIdent as a “bridge technology”, acknowledging its role as a transitional method as the digital identity landscape evolves toward the EU Digital Identity Wallet (expected to require acceptance by member states by around 2027).
VideoIdent vs Alternatives: What BaFin Currently Allows
Banks sometimes assume that VideoIdent is the only way to onboard a customer remotely. That is not quite right. BaFin explicitly recognises several methods:
Method | Status | Practical Reality |
|---|---|---|
VideoIdent | Accepted under Circular 3/2017 | Widely used, well understood |
German eID (electronic chip) | Accepted | Rarely used; eID function often not activated |
Qualified Electronic Signature (QES) + bank account verification | Accepted | Growing in adoption, especially for digital-native processes |
Notified electronic identification system | Accepted | Same as eID in practice |
AI-based automated verification | Sandbox/testing only | Not yet broadly approved |
The data on VideoIdent’s cost and user experience is revealing. Automated alternatives cost three to four times less than VideoIdent, and only about 11% of customers find the VideoIdent process user-friendly. At the same time, millions of German customers used automated alternatives successfully in 2024 alone.
This context matters for banks thinking about their long-term identity verification strategy. VideoIdent remains the most legally certain path today, but the regulatory direction is moving toward automated, eIDAS-compliant solutions.
For insurers, the same dynamics apply. Insurance policy servicing processes increasingly need remote identity verification built in as a default, not an exception.
Key Questions Banks Should Be Asking Now
Is our VideoIdent platform technically compliant? The video quality, recording, and storage requirements are specific. If your platform has not been audited against Circular 3/2017 recently, now is the time.
Are our agents properly trained? Training is not a one-time event. Document formats change, fraud techniques evolve, and agents need refresher training. Check when training was last updated.
Are we keeping the right records? Full session recordings, stored for at least five years, must be retrievable for audit. Make sure your data management processes support this.
Are we ready for the GwVideoIdentV? The new ordinance is likely to be finalised in late 2025. Banks should review the draft requirements now and assess any gaps in their current processes.
Should we be offering alternative verification methods? Given the cost and user experience data, and given the regulatory direction of travel, banks should be evaluating whether QES-based or eID-based flows could serve some customer segments better than VideoIdent.
A video identity verification solution built specifically for the German regulatory environment can help banks meet all of these requirements without rebuilding their compliance stack from scratch.
Key Regulatory Takeaways
VideoIdent has been the backbone of remote customer onboarding for German banks for nearly a decade. The rules governing it are detailed, the compliance stakes are real, and the technology is at a turning point.
BaFin’s Circular 3/2017 remains the operative framework. The forthcoming GwVideoIdentV will formalise and extend these rules while keeping the core requirements intact. Banks that have solid, auditable VideoIdent processes today are well placed. Those that have not recently reviewed their compliance against the technical and procedural requirements should do so now, before the new ordinance arrives.
The longer-term question is whether VideoIdent remains the right tool for every customer segment as automated alternatives become more legally accepted and significantly cheaper to operate. The answer will vary by institution, but the question is worth asking.
Frequently Asked Questions
What is VideoIdent under BaFin? VideoIdent (or Video-Ident) is a live video-based identity verification process that BaFin allows German banks and other financial institutions to use in place of in-person identity checks. The process is governed by BaFin Circular 3/2017 (GW) and must be conducted by a trained agent in real time.
Is VideoIdent legally required for German banks? No. VideoIdent is one of several BaFin-approved methods for remote customer identification. Others include the German eID and QES-based processes combined with bank account verification. However, VideoIdent is currently the most widely used and best understood option in practice.
Can AI or automated software replace the human agent in VideoIdent? Not yet under current rules. BaFin requires a trained human agent to conduct the session. Automated solutions exist in a regulatory sandbox and are being tested, but they are not yet broadly approved as a substitute for the live agent requirement.
What happens if a VideoIdent session is interrupted? If the video connection breaks during a session, the process cannot simply resume. A new session must be started from the beginning, as the real-time continuity requirement is a core part of compliance.
What does the new GwVideoIdentV ordinance change? The draft ordinance, published in April 2024, largely codifies existing BaFin Circular 3/2017 requirements into formal law. Key additions include extending the rules to non-financial businesses and a possible requirement to also offer eID-based verification as an alternative. Final guidance was expected around October 2025.
How long must VideoIdent records be kept? Under the German Anti-Money Laundering Act (GwG), identity verification records must generally be kept for at least five years after the business relationship ends.
Is VideoIdent the same as an automated selfie check? No. VideoIdent requires a trained human agent to be present on the call in real time. An automated selfie or document upload check is a different technology and is not currently approved by BaFin as a standalone alternative to VideoIdent for financial institutions.
What are the penalties for non-compliant VideoIdent processes? BaFin can impose significant fines for AML non-compliance, including deficient customer identification processes. Fines in the millions of euros have been issued to financial institutions for AML failures in recent years.