PASS Account Retrieval Service for banks

Service for the fulfillment of regulatory requirements

Procedure for your duty to provide information pursuant to section 24c KWG

Mandatory for financial institutions - PASS Account Retrieval Service (PASS ARS)

Pursuant to Section 24c of the German Banking Act (Kreditwesengesetz - KWG), financial institutions are required to provide information on the accounts, custody accounts and safe deposit boxes held with them. The Federal Financial Supervisory Authority (BaFin) and the Federal Central Tax Office (BZSt) do not hold this data themselves, but require financial institutions to be able to access the data around the clock.

Customer data is accessed in such a way that neither the financial institutions nor the customers are aware of it. BaFin and BZSt cannot themselves make any changes to the data held. For data protection and quality control purposes only, they document all cases in which an account has been accessed.

What is the regulation § 24c KWG?

Pursuant to Section 24c (1) of the German Banking Act (KWG), financial institutions, capital management companies and payment institutions are required to store certain account master data such as the account number, name and date of birth of the account holders and authorized signatories as well as the date of establishment and closure in a file. BaFin and BZSt may retrieve individual items of information from this file by means of an account retrieval procedure to the extent that this is necessary to fulfill their supervisory duties. In addition, BaFin and BZSt shall, upon request, provide information from the account retrieval file to the authorities specified in section 24c(3) KWG, such as law enforcement authorities.

The automated account retrieval procedure is governed by Section 24c KWG in conjunction with Section 93 (7) to (10) and Section 93b AO. Further regulations are contained in the Application Decree on Section 93 of the Fiscal Code (Anwendungserlass zur Abgabenordnung, AEAO).

Retrieval by authorities, so-called demand carriers

The procedure is available exclusively to the authorities designated by law (e.g. tax authorities, social security authorities, bailiffs). These authorities (demand entities) transmit their request to the BZSt, which then compares the requested data with the data provided by the financial institutions in a special retrieval procedure.

Our account retrieval service

Data provision with PASS ARS

Sensitive and personal data place special demands on their storage, handling and provision to third parties.

In accordance with service level agreements defined by BaFin and BZSt, PASS ensures that the Central Account Retrieval System is accessible at all times. In this context, the software, the database and the operating service are provided by PASS. The operation takes place in certified PASS bank data centers in Germany.

PASS ARS operates fully automated and ensures that customer-related data is only made available to the responsible authorities. Banking institutions do not gain knowledge of which queries are made to which customers.

Changes to customer data, such as account openings, are automatically imported into the database on a daily basis.

Data interfaces to core banking systems

In accordance with the requirements of the supervisory authority, PASS also provides the data interfaces between various core banking systems, inventory management systems and PASS ARS.

  • API for secure connection of core banking systems and inventory management systems

  • Database for data storage

  • API for secure connection to BaFin and BZSt

Advantages for banks

  • Compliance with BaFin and BzSt requirements

  • Legal certainty for the German market

  • Compliance with legal requirements

  • Storage in PASS banking data centers in Germany according to EU-DSGVO

  • Service, hosting and operation from a single source

Ole Barkmann

PASS Consulting Group

+49 60 21 . 38 81 75 72

s