Anti-money laundering and counter-terrorist financing

We are committed to knowing and making risk classification of our customers. In order for you to become a customer , we must therefore process a series of personal data about you. We ask multiple questions, and we require documentation, such as identification papers, contact details, citizenship and country of birth. We collect information about your adress from Bisnode/the National Population Register. You must state the purpose of your customer relationship with us , and you must also answer questions about relationship with politically exposed persons (PEP).

To ensure correct due diligence, we will consider whether there is a need for enhanced customer due diligence. Some customers will therefore be marked with a need for enhanced customer due diligence, based on certain predefined criteria.

We are also required to have electronic surveillance systems in place for detecting circumstances that may indicate money laundering and terrorist financing, including risk classifying you as a customer. Each individual DNB company processes personal data about its own customers if there are alerts from the electronic surveillance system, including alerts related to 'in-store cash' service, sanction alerts and PEP alerts.

As part of the customer relationship, we are required to screen customers and transactions against sanction lists from the UN, EU and OFAC. We also screen customers to determine whether the customer or other parties in the customer relationship are PEPs or close associates of a PEP. We must also identify whether the customer, representatives and account signatories are beneficial owners pursuant to the Norwegian Anti-Money Laundering Act.

If we detect anything suspicious during the course of the customer relationship, we have a duty to conduct examinations, which we follow up and possibly report to Økokrim (the Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime).

DNB Bank ASA and the individual Group companies where you have a customer relationship are responsible for the processing of your personal data.

If you are not already a customer of DNB, there may be a shared responsibility for processing between DNB Bank ASA and DNB Boligkreditt AS in connection with the establishment of a mortgage.

The purpose of the processing of personal data is to comply with the rules and legislation for anti-money laundering and terrorist financing when establishing customer relationships as well as during the customer relationship.

Our legal basis is the Norwegian Anti-Money Laundering Act and appurtenant regulations, as well as the sanctions regime.

• Identification data
• Contact details
• Relationship data
• Financial data

We are obliged to retain information that is processed in accordance with the Norwegian Anti-Money Laundering Act, as a general rule for five years after the customer relationship has ended, or an individual transaction has been completed.

The retention period is ten years if, at the end of the customer relationship, the customer relationship was subject to enhanced customer due diligence measures or a transaction was subject to enhanced customer due diligence measures.

We are obliged to disclose personal data to public authorities and other obliged entities. We may also share your personal data with other obliged entities in the Group when we have a right or obligation to do so.

Each individual company will exchange information about Group-wide customers with other companies in the DNB Group, both within the EU/EEA and to third countries. Group companies are data controllers upon receipt of such information.

We are working systematically to prevent our products and services from being used for criminal activities. In order for us to be able to prevent, detect, investigate and deal with fraud and other criminal acts against the bank and you as a customer, we need to process personal data.

It is often difficult to detect fraud and other criminal acts carried out against us and our customers. It often takes a long time for such actions to be detected, or for suspicions to arise at all. Our banking licence clearly stipulates that banks have the right to process personal data for this purpose. We are also required by law to have monitoring solutions for certain forms of fraud.

For this reason, we have access to personal data that has already been collected from you as a customer to the extent necessary to detect, report or prevent financial crime. We emphasise that access to personal data reused in such cases is strictly regulated.

DNB Bank ASA is responsible for the processing of your personal data.

The purpose of the processing of personal data is to prevent, detect, investigate and deal with financial fraud and other criminal acts against the bank and you as a customer.

The legal basis is a combination of a legitimate interest to protect the vital interests of customers and to fulfil a statutory duty. We have a legitimate interest in preventing, detecting, investigating and dealing with other criminal offences against the bank or any other company in the Group.

The processing also has the purpose of protecting customers against loss, and is thus necessary to protect our customers’ vital interests.

The Payment Services Directive requires us to have monitoring solutions to detect fraud.

• Identification data
• Contact details
• Relationship data
• Financial data

We retain your personal data for at least five years due to the authorities’ case processing time from the receipt of reports until a legally enforceable decision has been made.

We are obliged to disclose personal data to the police upon request.