Amira van Weegen
Marketing Manager
May 15, 2026
GwG Compliance Check for Virtual Mailboxes: How Providers Can Make Their Mailbox Rental Services Legally Compliant and Scalable
6 min.
What virtual mailbox providers need to know at a glance
A company signs up online, books a virtual business address, and is ready to go within minutes. For providers, that sounds like the perfect customer experience. But behind this seamless process lies a legal obligation that many underestimate: Anyone in Germany who rents out virtual mailboxes or business addresses must verify their customers’ identities before the contract is signed, in line with the GWG. The German Money Laundering Act makes no exceptions here, neither for small providers nor for large platforms.
The key points this article covers:
Under the German Money Laundering Act (GWG), providers of virtual mailboxes are required to verify their customers’ identities before the contract is signed.
Identity verification includes ID checks as well as PEP screening, sanctions list screening, and risk assessment.
anny offers a flexible booking platform for virtual mailboxes; automated GWG-compliant checks are handled via the separate, paid Regpit platform.
Regpit supports modern identification methods such as video identification and the online ID function (eID) of the German ID card.
An automated integration of anny and Regpit enables scalable, audit-proof, and legally compliant verification processes without manual intermediate steps.
What is a virtual mailbox and why is the GWG relevant here?
A virtual mailbox is a rented mailing address where companies or self-employed professionals can receive, digitize, and manage their mail — without having to be physically on site. Typical customers include startups, remote companies, foreign businesses with a presence in Germany, as well as sole proprietors who do not want to use a private address in their legal notice. The Anti-Money Laundering Act (GWG) applies here because such addresses can be misused for money laundering or illegal activities. We explain what obligations providers have and how they can efficiently implement GWG checks for virtual mailboxes with anny and the Regpit integration.
Legal framework: When are providers of virtual business addresses subject to AML obligations?
The GWG requires providers of virtual mailboxes to verify the identity of their customers, as mailbox rental carries an elevated risk of misuse. This obligation applies regardless of company size and applies in particular to the rental of serviceable business addresses that are used in the legal notice or intended for official service. Anyone who does not take KYC mailbox rental seriously risks severe consequences.
Note: This article does not replace legal advice. Providers should seek legal counsel if in doubt. anny and Regpit support the practical implementation of the legal requirements.
Requirement | Description |
|---|---|
Identification | Verification of the identity of natural persons before contract conclusion |
Beneficial Owners | Identification of natural persons holding more than 25% of shares |
PEP Screening | Screening for politically exposed persons |
Sanctions List Screening | Matching against EU, UN, and international sanctions lists |
Risk Assessment | Assessment of the individual risk of the business relationship |
Ongoing Monitoring | Monitoring for suspicious patterns during the business relationship |
Documentation | Audit-proof retention of all review documents |
Violations can lead to substantial fines and regulatory action. That is why automated, documented screening is essential.
anny or anny + Regpit: Which solution is right for my business?
Anyone who rents out virtual mailboxes needs two things: a platform where customers can book and manage subscriptions and, depending on the business model, AML-compliant identity verification. anny handles booking and subscription management. Regpit is a separate, paid compliance platform that can be natively integrated into anny and automates the complete AML check. How the two systems work together is explained in the next sections – first and foremost, the key point is: Not every provider necessarily needs both tools.
Situation / Need | Recommended solution |
|---|---|
Only basic identity verification (e.g. no AML requirement, no business address) | anny alone (ID upload, basic check) |
Full AML-compliant verification (virtual business address, legal notice usage, company registration) | anny + Regpit |
Regpit is not included in the anny subscription and must be licensed separately.
What providers need to check: step-by-step virtual mailbox identity verification
The AML check is not a one-time ID verification; it includes several successive steps that together provide a complete picture of the customer and their risk profile. For virtual mailbox providers, this means:
Identification of natural persons: Collection of valid ID data with holographic security features. Regpit supports modern methods such as video identification and the online ID function (eID) of the German identity card as secure alternatives.
Business verification (KYB): Review of the commercial register extract, shareholder list, and articles of association to verify company data.
Identification of beneficial owners: Identification of all natural persons with more than 25% ownership or voting rights.
PEP screening: Detection of politically exposed persons who are subject to enhanced due diligence requirements.
Sanctions list screening: Comparison against current EU, UN, and international sanctions lists.
Risk assessment: Classification of the business relationship into risk levels (e.g., Low, Medium, High Risk).
Documentation and archiving: Audit-proof storage of all verification documents for at least five years after the end of the contract.
Manual low-value asset review and its limitations
Many providers of virtual mailboxes still carry out the AML check manually: customer data and copies of ID documents are requested by email, recorded in Excel lists, and sanctions lists are sporadically matched manually. Documentation ends up in folders or local files – often without clear structure or access control.
The problem: This process is error-prone, carries significant data protection risks due to insecure transmission channels, and rarely provides the audit-proof evidence required during a regulatory review. Media breaks between systems lead to delays that discourage customers. And without automation, the entire model quickly hits its limits as customer numbers grow.
The direct comparison shows exactly where manual processes fail in practice and what an automated solution with anny and Regpit delivers instead:
Aspect | Manual process | anny + Regpit |
|---|---|---|
Consistency | Inconsistent data maintenance and checks | Standardized, automated workflows |
Time required | Hours to days per customer | Minutes per customer through automation |
Error rate | High due to manual entries | Very low through digital validation |
Audit documentation | Patchy, often incomplete | Complete, archived in an audit-proof way |
Scalability | Limited, quickly overloaded as growth increases | High, automated processes without additional effort |
Automated AML Compliance for Mailbox Subscriptions: How anny and Regpit Work Together
The native integration of anny and Regpit turns a multi-step, manual review process into a fully automated workflow — from booking to subscription approval, with not a single manual handoff in between.
Here’s how the automated AML screening works step by step:
Booking via anny: The customer books a subscription for a virtual mailbox directly through anny.
Automatic case creation: anny immediately creates a review case in Regpit and transfers all relevant customer data.
Self-declaration and identification: The customer receives an automatic request to verify their identity — via video identification or the online ID function (eID).
Automated compliance screening: Regpit performs PEP checks, sanctions list screening, and risk assessment.
Automatic approval or rejection: If the review is successful, anny activates the subscription automatically — if the risk is too high, the request is declined without any manual intervention.
How to set up the Regpit integration in anny
The technical connection between both systems is done in just a few steps:
Request a Tenant ID from Regpit Support and purchase a license.
Store the Tenant ID, email, and password in anny.
Configure the integration rules in anny — for example, which products should trigger the AML screening.
Run test bookings to validate the process before going live.
You can find more information about the setup on the anny x Regpit integration page.
Practical example (fictional): CityMail Office Berlin
Imagine this: A provider like CityMail Office Berlin manages around 500 virtual business addresses with manual processes: ID copies by email, Excel lists, occasional sanctions list screening. Documentation is incomplete, and onboarding new customers takes several days.
After switching to anny and Regpit, the entire process would run fully automatically: booking, case creation, video identification, risk assessment, and subscription approval — all without manual intervention. Onboarding would take just a few minutes, the checks would be documented in an audit-proof way, and the team could fully focus on customer service.
Data Protection and IT Security: What Obliged Parties Under the German Money Laundering Act Must Also Consider
AML compliance and data protection go hand in hand — because identity verification involves particularly sensitive personal data that must be processed and protected in GDPR-compliant ways. anny is fully ISO 27001 certified and hosts all data in Germany. Regpit documents all verification processes in an audit-proof manner and thus supports providers in meeting regulatory documentation requirements.
Anyone who wants to be on the safe side as an AML-obliged entity should also keep the following measures in mind:
Secure access with two-factor authentication (2FA)
Role-based access rights for team members
Encryption for data in transit and at rest
Logging all access to sensitive data
Clear deletion and retention periods in accordance with the AML Act (5 years after contract end)
Conclusion & Get Started with GWG-Compliant Resource Booking Now
If you rent out virtual mailboxes, you need a GwG-compliant identity verification. With anny and the Regpit integration, this process can be fully automated – scalable, audit-proof, and with no manual effort.
See for yourself: Try anny for free, book a demo, or learn more directly about the Regpit integration.
Frequently Asked Questions About GwG Compliance Checks for Virtual Mailboxes (FAQ)
Does the AML Act also apply to small providers with only a few virtual mailboxes?
Yes — the AML obligation depends on the type of service provided, not on company size or revenue. Anyone who rents out serviceable business addresses may be considered an obligated entity — regardless of whether they operate five or five hundred mailboxes. When in doubt, legal advice is recommended.
Do I have to re-identify every existing customer afterwards?
The AML Act provides for event-based, risk-based verification. Re-identification is especially useful if ownership structures have changed, a customer's risk rating needs to be adjusted, or legal requirements have changed significantly since the contract was signed.
Can I also carry out identity verification for virtual mailboxes via the online ID function? Yes. Regpit supports eID — the online ID function of the German identity card — as a modern and secure alternative to video identification. Customers can identify themselves fully digitally, without physical contact or a visit to a post office.
Can I accept ID copies by email if I then store them locally?
This is problematic from a data protection perspective: unencrypted emails are not a secure transmission channel for sensitive identity data, and local folders offer little access control or logging. For an AML-compliant and GDPR-secure solution, we recommend using anny and Regpit, which handle upload, storage, and documentation in an audit-proof way.
Do I have to buy Regpit if I use anny?
No. Regpit is a separate, paid platform and is not included in the anny subscription. Providers who only need a simple ID check and are not subject to the AML obligation can use anny without Regpit. The AML compliance mailbox solution with Regpit is only required when a full AML check, including PEP screening and sanctions list screening, is necessary.
Can only virtual mailboxes be rented and verified with anny?
No — anny is designed as a flexible booking and subscription platform and can map a wide range of resources: desks, meeting rooms, parking spaces, and more. The Regpit integration for automated identity verification in subscription workflows can be used wherever an AML-compliant check is required — not just for mailbox rentals.
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 120 40" xmlns="http://www.w3.org/2000/svg"><path d="M 55.501 13.158 L 59.216 13.158 L 59.216 30.294 L 55.501 30.294 L 55.501 27.83 C 54.088 29.78 52.094 30.741 49.482 30.741 C 47.113 30.741 45.112 29.883 43.427 28.138 C 41.743 26.393 40.919 24.23 40.919 21.729 C 40.919 19.192 41.743 17.073 43.427 15.321 C 45.112 13.576 47.106 12.718 49.482 12.718 C 52.094 12.718 54.088 13.678 55.501 15.599 Z M 50.071 27.207 C 51.616 27.207 52.925 26.693 53.955 25.667 C 54.986 24.604 55.501 23.306 55.501 21.729 C 55.501 20.153 54.986 18.855 53.955 17.821 C 52.925 16.758 51.616 16.245 50.071 16.245 C 48.526 16.245 47.216 16.758 46.186 17.821 C 45.156 18.848 44.641 20.153 44.641 21.729 C 44.641 23.306 45.156 24.611 46.186 25.667 C 47.216 26.693 48.526 27.207 50.071 27.207 Z M 79.191 19.771 L 79.191 30.294 L 75.475 30.294 L 75.475 20.153 C 75.475 17.586 73.997 16.179 71.628 16.179 C 69.016 16.179 67.265 17.792 67.265 21.113 L 67.265 30.294 L 63.549 30.294 L 63.549 13.158 L 67.265 13.158 L 67.265 15.357 C 68.398 13.612 70.149 12.718 72.591 12.718 C 76.542 12.718 79.191 15.387 79.191 19.771 Z M 98.82 19.771 L 98.82 30.294 L 95.104 30.294 L 95.104 20.153 C 95.104 17.586 93.626 16.179 91.257 16.179 C 88.645 16.179 86.894 17.792 86.894 21.113 L 86.894 30.294 L 83.178 30.294 L 83.178 13.158 L 86.894 13.158 L 86.894 15.357 C 88.027 13.612 89.778 12.718 92.22 12.718 C 96.171 12.718 98.82 15.387 98.82 19.771 Z M 114.049 13.158 L 118 13.158 L 111.401 30.836 C 109.753 35.258 106.964 37.384 103.013 37.142 L 103.013 33.689 C 105.353 33.828 106.655 32.691 107.59 30.33 L 107.759 29.986 L 100.468 13.158 L 104.522 13.158 L 109.642 25.593 Z M 36.232 8.186 C 36.188 5.033 35.879 2.203 35.827 1.77 C 35.798 1.066 35.371 0.458 34.694 0.164 C 33.959 -0.151 33.113 -0.004 32.539 0.531 C 19.487 12.828 19.413 12.916 19.377 12.96 C 19.229 13.128 19.156 13.224 19.082 13.334 L 19.075 13.348 C 19.053 13.385 19.031 13.414 19.009 13.451 C 18.84 13.737 18.744 14.147 18.766 14.477 C 18.788 14.807 18.862 15.152 19.001 15.511 C 19.023 15.592 19.046 15.665 19.075 15.739 C 19.2 16.091 19.568 17.161 19.641 21.003 C 19.722 25.102 19.207 26.965 18.935 27.962 C 18.884 28.138 18.847 28.292 18.81 28.438 C 18.766 28.578 18.656 28.952 18.759 29.465 C 18.81 29.707 18.906 29.912 18.965 30.022 C 18.994 30.074 19.023 30.125 19.06 30.176 C 19.119 30.264 19.215 30.404 19.369 30.536 L 26.712 37.487 C 27.065 37.824 27.536 38 28.014 38 C 28.271 38 28.536 37.949 28.779 37.839 C 29.456 37.545 29.875 36.929 29.875 36.218 L 29.875 24.42 C 29.875 23.504 29.419 22.924 29.073 22.565 L 28.978 22.462 C 29.706 21.803 31.943 19.764 34.452 17.227 C 35.717 15.944 36.298 12.989 36.232 8.186 Z M 27.624 34.605 C 27.624 34.847 27.33 34.972 27.153 34.803 L 21.363 29.326 L 21.378 29.311 L 21.407 29.282 L 21.495 29.194 L 21.532 29.157 C 21.569 29.12 21.606 29.091 21.643 29.054 C 21.65 29.047 21.665 29.04 21.672 29.025 C 21.724 28.981 21.775 28.93 21.827 28.878 L 21.841 28.864 C 21.893 28.82 21.937 28.776 21.988 28.724 C 22.003 28.71 22.018 28.702 22.033 28.688 C 22.084 28.636 22.136 28.592 22.194 28.541 C 22.261 28.482 22.319 28.424 22.386 28.365 L 22.665 28.116 L 22.754 28.035 L 27.308 23.958 L 27.44 24.098 C 27.447 24.105 27.455 24.112 27.455 24.12 C 27.631 24.303 27.631 24.34 27.631 24.428 L 27.631 34.605 Z M 32.848 15.658 C 29.875 18.657 27.278 20.967 27.256 20.989 L 27.249 20.989 L 26.623 21.546 L 25.792 22.294 C 24.586 23.372 23.173 24.633 22.187 25.52 C 21.996 25.689 21.701 25.535 21.724 25.285 C 21.841 24.171 21.915 22.756 21.885 20.945 C 21.804 16.743 21.378 15.511 21.194 14.983 C 21.186 14.969 21.179 14.954 21.179 14.939 C 21.157 14.844 21.135 14.778 21.12 14.741 C 21.106 14.705 21.091 14.668 21.083 14.639 C 21.047 14.536 21.076 14.426 21.157 14.353 C 22.239 13.326 29 6.954 33.252 2.951 C 33.422 2.789 33.694 2.899 33.716 3.127 C 33.826 4.293 33.966 6.214 33.995 8.23 C 34.062 13.971 33.135 15.365 32.848 15.658 Z M 17.302 27.955 C 17.03 26.957 16.522 25.095 16.596 20.996 C 16.669 17.146 17.044 16.076 17.162 15.731 C 17.184 15.658 17.214 15.585 17.236 15.504 C 17.368 15.152 17.449 14.8 17.471 14.47 C 17.493 14.147 17.39 13.737 17.228 13.444 C 17.206 13.407 17.184 13.378 17.162 13.341 L 17.155 13.326 C 17.081 13.224 17.008 13.121 16.86 12.952 C 16.824 12.908 16.743 12.828 3.698 0.538 C 3.125 -0.004 2.278 -0.144 1.543 0.172 C 0.866 0.465 0.439 1.074 0.41 1.778 C 0.358 2.21 0.049 5.041 0.005 8.193 C -0.061 12.996 0.52 15.951 1.793 17.234 C 4.316 19.786 6.568 21.839 7.267 22.47 L 7.171 22.572 C 6.825 22.932 6.369 23.511 6.369 24.428 L 6.369 36.211 C 6.369 36.922 6.788 37.545 7.465 37.831 C 7.715 37.941 7.973 37.993 8.23 37.993 C 8.709 37.993 9.172 37.817 9.533 37.479 L 16.912 30.499 C 17.044 30.382 17.133 30.25 17.184 30.184 C 17.221 30.132 17.25 30.081 17.272 30.044 C 17.346 29.92 17.442 29.722 17.486 29.472 C 17.581 28.974 17.478 28.6 17.434 28.446 C 17.398 28.284 17.353 28.13 17.302 27.955 Z M 3.389 15.658 C 3.102 15.365 2.168 13.979 2.249 8.237 C 2.278 6.221 2.426 4.3 2.529 3.134 C 2.551 2.907 2.823 2.797 2.992 2.958 C 7.245 6.962 14.006 13.334 15.087 14.36 C 15.161 14.433 15.19 14.543 15.161 14.646 C 15.154 14.675 15.139 14.712 15.124 14.749 C 15.109 14.785 15.087 14.851 15.065 14.947 C 15.058 14.961 15.058 14.976 15.051 14.991 C 14.867 15.519 14.44 16.75 14.359 20.952 C 14.322 22.763 14.396 24.178 14.521 25.293 C 14.55 25.542 14.249 25.696 14.057 25.527 C 13.071 24.64 11.659 23.379 10.452 22.301 L 9.621 21.553 L 8.988 20.989 C 8.871 20.893 6.325 18.62 3.389 15.658 Z M 9.077 34.81 C 8.9 34.979 8.606 34.854 8.606 34.612 L 8.606 24.42 C 8.606 24.34 8.606 24.296 8.782 24.112 C 8.79 24.105 8.797 24.098 8.797 24.09 L 8.929 23.951 L 13.476 28.028 L 13.792 28.314 L 13.851 28.365 C 13.866 28.38 13.881 28.394 13.895 28.402 C 13.932 28.438 13.976 28.475 14.013 28.512 C 14.035 28.534 14.057 28.548 14.072 28.57 C 14.109 28.607 14.153 28.644 14.19 28.68 C 14.212 28.695 14.227 28.717 14.249 28.732 C 14.293 28.776 14.337 28.812 14.381 28.856 L 14.41 28.886 C 14.462 28.937 14.513 28.981 14.558 29.025 L 14.587 29.054 C 14.624 29.091 14.661 29.12 14.69 29.157 L 14.727 29.194 C 14.756 29.223 14.793 29.26 14.815 29.289 L 14.837 29.311 L 14.852 29.326 Z" fill="rgb(0, 0, 0)" height="38px" id="bH388uk2E" transform="translate(1 1)" width="118.00000395534607px"/></svg>)