Before learning about the AML identification requirements, it is important to understand what a digital identity is. Nowadays, digital payments are at an annual growth of 12.7% and estimated to reach 726 billion transactions by 2020. It’s also estimated that 60% of world GDP will be digitized by 2022. The digital identity space transformation has reached an inflection point and the standards, technology, and processes have evolved to a point where digital ID systems are becoming available at a large scale. As a response to this growth in digital identity systems, the Financial Action Task Force (FATF) recently released guidance to help governments and financial institutions integrate AML identification requirements into their compliance frameworks and ensure that their CDD and KYC, among other measures, remain effective.
Digital ID systems issue the process of identity proofing and authentication. The systems are used as an electronic means to check the official identity of a person online or in-person in different assurance levels. The system involves different operational models and relies on various entities and types of technologies and processes.
Identity proofing of digital ID systems can either be digital or in-person, or a combination of both, but the process of binding, authentication, credentialing, and portability must be completed digitally. Digital ID systems can use digital technology in the following ways:
The digital identity verification process comprises the following steps:
Collection: Customers are required to present and collect identity attributes and evidence, either in person and/or online. This is done by filling in an online form, sending a selfie photo, and uploading documents, such as a passport or driving license, etc.
Validation: Inspection is conducted digitally or in-person to ensure the authenticity of the documents and accuracy of the data. This is achieved by checking physical security features, expiration dates, and verifying attributes via other services.
Deduplication: Firms need to establish that the identification attributes and evidence relate to a unique person in the ID system via duplicate record searches, biometric recognition, or deduplication algorithms.
Verification: After collecting the evidence, firms need to link the individual to the identity evidence provided, using biometric solutions like facial recognition and liveness detection.
Enrolment in Identity Account and Binding: Firms create a new identity account and issue and link one or more authenticators with the identity account, such as passwords, a one-time code (OTC) generator on a smartphone, and so forth. This process enables the account’s authentication.
AML Identification Requirements: FATF is committed to ensuring that the global AML/CFT standards encourage responsible financial innovation. The use of new technologies is supported in the financial sector, which strengthens the implementation of AML/CFT standards and financial inclusion goals.
Yet, FIs should also understand the risks in integrating large-scale digital ID systems, which can risk privacy, fraud, identity theft, data security, and so forth. The purpose of FATF Guidance is to assist governments, regulatory bodies, and other authorities in determining how digital ID systems can be used to conduct certain elements of customer due diligence (CDD), and how it works is essential to apply the risk-based approach.
The FATF AML Identification Requirements include the requirement to identify and verify customers’ identities using ‘reliable, independent’ source documents, data, or information.
Here, “identity” refers to an official identity, which is distinct from broader concepts of personal and social identity that may be relevant for unofficial purposes (e.g., unregulated commercial or social/peer-to-peer interactions, which are conducted in person or on the Internet).
Official identity is the specification of a unique natural person that is based on their characteristics or attributes which establishes their uniqueness in the population or particular context and is recognized by the state for regulatory and other relevant official purposes. It is required that digital source documents, data, or information must be reliable and independent. This means that the digital ID system used to conduct CDD relies upon the technology, adequate governance, processes, and procedures to provide assurance that the system produces correct results.
The recommendations provided by the Financial Action Task Force (FATF) for Digital ID is applicable to government authorities, Digital ID service providers, and regulated entities, such as banks and credit unions, which must complete CDD.
The FATF Guidance suggests a risk-based approach to using Digital ID systems for customer identification applied by the government, regulated entities, and other relevant authorities.
This requires:
The following includes a number of recommendations for government authorities under the FATF Guidance:
Recommendations for Digital ID service providers include understanding AML/CFT requirements. The service providers are required to understand the AML identification requirements for CDD (particularly customer identification/verification and ongoing due diligence) and other regulations in relation. Firms should seek assurance testing and certification by governmental or other reputable bodies and should provide transparent information to AML/CFT regulators regarding Digital ID systems.
Recommendations for regulated entities that are subject to CDD requirements include:
If you wish to understand more about the role of an MLRO, who looks after a firm’s AML systems, read here.