Digital ID verification and money-laundering checks
How coronavirus is affecting the issue, and pushing forward solutions
Is digital ID verification allowed?
For any firm subject to obligations under money laundering legislation regarding the verification of customer identity, the current lockdown presents a real challenge. Verifying the identity of customers or potential customers in an environment where meeting face-to-face is, at best, impractical (and will probably remain so for some months), and where even the task of obtaining a certified copy of identification documents could be difficult for a customer calls for alternative thinking.
In the EU, the 4th Money Laundering Directive (implemented in the UK by the Money Laundering Regulations 2017) started the move towards a risk-based approach in terms of identity verification and customer “due diligence”, paving the way for firms to move from an overly rigid, one-size fits all and ultra-cautious approach. The requirement to assess the risk posed by an individual customer and to undertake due diligence to an appropriate level based on that risk assessment is one that most firms should have recognised as providing them with leeway to take a more pragmatic approach. However, whilst it has provided the opportunity to apply a more sensible threshold around verification of identity in cases where the risk of money laundering is lower, it does nothing to address the question of how that verification might actually be carried out in an effective and efficient manner.
Digital identity verification solutions arguably provide an answer in this respect, enabling firms to make use of modern technology to verify the identity of their customers in a faster, more efficient manner, without the need for face-to-face meetings or the submission of significant amounts of documentation. These solutions arguably also lower many of the risks associated with customer due diligence – notably by making it harder for fake identification documents to be used as proof of identity whilst also providing access to the most up to date sources of information regarding PEPs, sanctions and other such data.
Despite this, many firms – particularly those in highly regulated sectors such as financial services – have historically shied away from seeking new, innovative and alternative approaches to meeting their anti-money laundering obligations, perhaps mindful of the seriousness with which financial crime prevention is taken by global regulators and the penalties that have been dished out to those firms who have failed to meet the required standard. Better safe than sorry, even if that leads to an increased regulatory burden and processes more cumbersome than need be the case.
Regulatory responses in light of coronavirus – the FCA and FATF
There has been a gradual shift in regulatory attitudes to the use of e-verification solutions anyway: notably, regulators in the UK have already published guidance on the matter, and the use of electronic verification is specifically being within the contemplation of the UK’s implementation of 5MLD. However, it is now suggested that the use of electronic verification over obtaining physical certified copies of customers’ documents can also help limit the amount of exposure / spreading of the virus amongst the population.
The UK’s financial services regulator, the Financial Conduct Authority, is now openly accepting that firms will need to take a different approach to the verification of identity in the current environment – even suggesting that customers might use a combination of selfies and scanned documentation sent by email to their financial services provider.
Alongside this, on 1 April 2020 the Financial Action Task Force (FATF) issued a statement on measures to combat illicit financing, in which, amongst other things, it urged governments to assess in what ways they might be able to implement the use of the technology in their respective countries to satisfy anti-money laundering obligations in a lockdown scenario. The announcement follows and complements the FATF’s recently published guidance on the use of Digital ID, which is available here.
Electronic verification tools – what is available and how it works
Over the past few years, a number of providers have entered the market that businesses could use to ensure their continuing compliance with the Money Laundering Regulations, without having to collect (or retain) physical copies of ID documentation. Examples of these include Yoti, ID Pal, and Onfido and these, along with many others, have been used extensively by fintechs such as neobanks and challenger banks for several years.
The tools generally perform checks which are beyond the capabilities of the average compliance professional, particularly when it comes to, for example, assessing whether a passport is legitimate or a high-quality forgery. The checks carried out by such providers can include:
- taking a picture of an ID document which is then assessed against a smartphone image of the user (automatically, or by a trained reviewer, or a combination of both) to ensure that the individual providing the document is the same person as that to whom the document relates;=
- assessing the characteristics of the ID document presented against known characteristics of genuine documentation (e.g. precise measurements and markings);
- reading the RFID chips in, for instance, passports (to ensure that the documents are legitimate);
- ‘liveness’ checks, to ensure that the smartphone image of the user presented alongside the ID document is of a real person, rather than being a picture of a picture; and
- cross-checking data presented by the user with data held on registers such as the electoral roll, and PEP and Sanctions lists.
It is worth noting, however, that the checks carried out by each provider may differ, and as such we recommend that the capabilities of each platform should be reviewed against the requirements under the Money Laundering Regulations before businesses decide to implement a particular solution.
Necessity as the mother of progression?
These latest developments are driven by the specific need to deal with the COVID-19 pandemic in a pragmatic manner, by using technology where possible to ensure that regulated businesses are able to continue operating without sacrificing compliance with the country’s AML controls, and to avoid further spreading of the virus. However, they undoubtedly stem from the belief that the available e-verification tools can actually offer an adequate and sufficient alternative to the traditional methods of identity verification. It could be that whilst the current situation has presented the industry with huge challenges, it also provides the final push towards the acceptance of a more efficient, effective solution to the verification of customer identity.
Find all our Covid-19 related advice here.
Share this blog
- Adtech & martech
- Artificial intelligence
- EBA outsourcing
- Cloud computing
- Complex & sensitive investigations
- Cryptocurrencies & blockchain
- Data analytics & big data
- Data breaches
- Data rights
- Digital commerce
- Digital content risk
- Digital health
- Digital media
- Digital infrastructure & telecoms
- Emerging businesses
- Financial services
- KLick DPO
- KLick Trade Mark
- Open banking
- Software & services