KYC file in Belgium: mandatory content, format and retention
What must a complete KYC file in Belgium contain to pass an SPF Economie inspection? Exhaustive list of mandatory documents per client type, accepted formats, retention period, timestamped electronic archiving and common mistakes to avoid.
In brief
A complete KYC file in Belgium must contain 6 mandatory sections: client identification, beneficial owner (UBO) identification, risk assessment, understanding of the business relationship, sanctions and PEP screening, ongoing monitoring. Every document must be retained for 10 years in a legible and integral format. The SPF Economie inspector must be able to extract a complete file in 5 minutes.
Why the KYC file is the #1 item checked during inspection
When SPF Economie inspects a firm subject to the Act of 18 September 2017, it asks for three things: your risk assessment, your AML policy, and a sample of KYC files. Among those three, the KYC file most directly reveals whether your compliance is real or cosmetic.
A complete KYC file is not just "I have a copy of an ID card". It is a structured, dated, verifiable set demonstrating that you have identified, verified, understood and tracked the business relationship.
This article details every expected piece per client type, the format to keep it in, and the legal retention period.
Mandatory KYC file structure
A well-kept KYC file is structured in 6 standardized sections. That is how the inspector looks for them, and how your AMLCO must organize them.
Section 1 — Client identification
For a natural person (individual or self-employed):
- Legible copy of valid ID card or passport (both sides for Belgian card)
- Full name, first names, date and place of birth, nationality(ies)
- Main address of residence (proof if address not on the ID — bill < 3 months, residence certificate)
- National register number for Belgian residents
For a legal person (company, non-profit, foundation):
- Recent BCE/KBO extract (less than 6 months) with name, enterprise number, legal form, registered office, corporate purpose, directors
- Consolidated articles of association published in the Belgian Official Journal
- Composition of the board (appointment dates)
- Belgian or European VAT number if different
Section 2 — Ultimate beneficial owner identification (UBO)
For legal persons, see details in our UBO article:
- Group org chart: control chain down to the natural person
- ID documents of identified UBOs (level 1 and 2 of the cascade)
- Recent Belgian UBO register extract
- Shareholders' agreement if relevant (control by other means)
- Justification if UBO category 3 (default senior officers)
- BCE ↔ UBO register comparison with flagged divergences
Section 3 — Risk assessment
- Risk grade assigned: Low / Standard / High
- Written justification of criteria leading to the grade
- Corresponding measures to implement
- AMLCO signature and date
Section 4 — Understanding of the relationship
- Written description of the economic purpose of the relationship (KYC purpose statement)
- For high-risk files: proof of source of funds (bank statement, sales contract, inheritance, dividend)
- For PEPs: explicit management approval and documented enhanced monitoring
Section 5 — Screening and official lists
- Result of international sanctions screening (EU, UN, OFAC), dated
- Result of PEP screening (politically exposed persons)
- UBO list divergence check
- Date and screening tool (proof of operation)
Section 6 — Ongoing monitoring and events
- Annual review log (with date and signature)
- Reported events since onboarding (director change, UBO declaration, sanction, litigation)
- Internal decisions taken (status quo, enhanced measure, CTIF report, termination)
Additional documents per client type
Capital company (SA, SRL, SC)
Beyond the common core:
- Annual accounts filed with NBB (last 2 financial years)
- Shareholders list or share register
- Powers of attorney if signing is delegated
Non-profit / foundation
In addition:
- Articles of association published
- List of directors and officers
- Main funding sources
Trust / fiduciary
- Constitutive deed (deed of trust)
- Identification of settlor, trustee, protector, beneficiaries
Self-employed natural person
- Social status (INASTI/RSVZ)
- VAT (if subject)
- Real activity carried out
Retention format
Paper and electronic are legally equivalent, but in 2026 timestamped digital has become the norm. The Act of 18/09/2017 does not prescribe a specific format but requires:
- Legibility throughout the retention period
- Integrity: no modification after creation (or change history tracked)
- Authenticity: you must be able to prove a document is the one collected
- Accessibility: extractable on authority request within 48 hours
In practice:
- PDF/A for finalized documents (long-term archive standard)
- Qualified electronic signature (eIDAS) for internal documents (AMLCO decisions, risk notes)
- TSA timestamp (Time Stamping Authority) for sensitive documents
- Encrypted at-rest storage (AES-256 minimum)
- Access log: who consulted, modified, exported each file
Retention period
10 years after end of business relationship or last significant transaction (Article 60 of the Act of 18/09/2017).
Important:
- 10 years = not 5, not 7, not "as long as we have room"
- Countdown starts at the end of the relationship, not at file opening
- Beyond 10 years, deletion must be controlled and documented (GDPR compatible)
- Historical archives from before 2017 must still be accessible per prior law
Preparing a KYC file audit
The AMLCO must be able to present a complete file in 5 minutes during an inspection. Internal quarterly test:
If it takes more than 15 minutes, your archive is failing.
Frequent inspection findings
How Company Belgium structures your KYC files
The Company Belgium KYC module natively imposes the structure expected by SPF Economie:
- 6-section file template pre-filled from the BCE/KBO API
- Automatic UBO cascade over 3 levels, cross-checked with the Belgian register
- Sanctions and PEP screening integrated, dated and tracked
- Risk note generated by the configured matrix
- Review log: automatic reminders, electronic AMLCO signature
- PDF/A archiving with TSA timestamp, encrypted 10-year retention
- Full file export in 1 click for inspection
See also: the full KYC guide, the 2026 compliance checklist and the risk assessment methodology.
Bottom line
A compliant KYC file rests on 6 non-negotiable sections: client identification, UBO, risk assessment, economic purpose, screening, ongoing monitoring. Each section has its list of documents, accepted format, and retention period.
The ultimate test: an SPF Economie inspector points at a random file. In 5 minutes, your AMLCO must produce everything. If yes, you are ready. If not, this article tells you what is missing.
Frequently asked questions
Which documents are mandatory in a KYC file for a company in Belgium?
For a legal person, the KYC file must include a BCE/KBO extract less than 6 months old, consolidated articles of association, the composition of the board of directors, the UBO org chart down to natural persons, extracts from the Belgian UBO register, the risk note signed by the AMLCO, results of sanctions and PEP screening, and a description of the economic purpose of the relationship. For capital companies, the last two annual accounts filed with the NBB are also required.
How long must a KYC file be retained in Belgium?
The Act of 18 September 2017 requires retention for 10 years from the end of the business relationship or the last significant transaction. This period starts from the end of the relationship, not from the opening of the file. Beyond 10 years, deletion must be documented and GDPR-compliant. Archives predating 2017 remain subject to the rules applicable when they were created.
What format is accepted for archiving a KYC file in Belgium?
The law does not prescribe a specific format but requires legibility, integrity, authenticity and accessibility throughout the retention period. In practice, PDF/A with a TSA timestamp is recommended for finalized documents. Internal AMLCO decisions must be electronically signed at qualified level (eIDAS). Storage must be encrypted at rest (AES-256 minimum) with a complete access log.
Which KYC file errors are most often sanctioned during an SPF Economie inspection?
The most frequent errors at inspection are: an illegible ID card copy, a BCE extract that is too old (more than 6 months), no UBO register consultation, an incomplete UBO cascade (level 2 missing), no signed risk assessment note, absent or outdated PEP and sanctions screening, and no annual review log. A disorganized file or one without an AMLCO signature almost systematically leads to a non-compliance finding.
Comments
Related articles

Notaries: verifying beneficial owners before an authentic act
Notaries are on the front line to block money-laundering setups via companies. Incorporation, merger, share transfer, real estate sale: every act demands enhanced UBO due diligence. Here is the complete checklist to secure an authentic act without burdening practice.

The Belgian trial period is back: what the Clarinval reform changes for SMEs from day one
On 21 May 2026, the Belgian Chamber voted to reinstate a trial regime covering the first six months of the employment contract. Notice cut to one week, written reasoning, scope limited to new contracts: what employers need to grasp before publication in the Moniteur belge.

Branch in Belgium and the UBO register: what the foreign company must do
A foreign company opening a branch in Belgium is not a Belgian company: the branch has no separate legal personality. That changes everything for the UBO register. Find out who must declare what, and why a Belgian SRL subsidiary offers a cleaner compliance footprint.
