FATF consultation on global standards for digital identity
Advice and recommendations from Vanessa Richards, Chief Product Officer at NorthRow
The Financial Action Task Force (FATF) recently published a consultation on its draft guidance surrounding Digital Identity standards for consideration by regulated entities, anti-money laundering authorities and governments.
It concerns the use of digital identity verification systems for customer due diligence checks during remote client onboarding and ongoing monitoring of customer transactions.
As Chief Product Officer of NorthRow, an established RegTech firm that provides digital verification solutions, here are my thoughts on the new FAFT guidance for the use of digital identity to help your organisation accelerate your client onboarding processes.
The use of digital identity systems is rapidly gaining popularity across the world. FATF has recognised the numerous benefits offered by remote client onboarding, it can reduce the risk of platforms being used for money laundering and terrorist financing while providing a better experience for customers. But it has also outlined some of the key risks that come with exchanging sensitive information over the Internet including identity theft in a cyberattack.
What is a digital identity system?
A digital identity system is used to verify a person’s ID through electronic means generally through two steps: information collection and information authentication.
In the first step, a new customer is asked to submit key ID details like name, age, and date of birth by filling out a form online or uploading a picture of a passport or driving license. This is used to create a digital profile.
These details are then validated using software and/or checked against any existing databases such as voter or national ID registers.
In the second step, the details submitted are authenticated to check whether the customer is who they say they are. This is done by asking a customer for one of:
- Something only they could know – a password or other sensitive information
- Something only they have – a certificate, card, or security key
- Something only they are – physical features like fingerprints, iris structure, facial features (also called biometric authentication)
Is the use of remote onboarding/digital identity a safe option?
As per FATF’s Recommendations to combat money laundering and terrorist financing, first published in 1990, regulated entities are obliged to identify and counter any illicit finance risks. They must also keep conducting customer due diligence checks throughout the duration of the business relationship.
In this consultation, the FATF has noted that digital identity verification can reduce human errors that occur during client due diligence – as long as the system is reliable and independent. This is because sophisticated technology and identity experts with significant training and access to tools to detect fraud are usually employed.
Greater financial inclusion has also been highlighted as a key benefit. This is because customers without access to ID documents like a passport or driving license can still be onboarded using secondary evidence and guarantees from third parties.
Potential issues with remote onboarding
However, the consultation points out that digital identity verification could also result in the exclusion of certain groups. Those who do not have access to a mobile, computer or good internet connection that is required to complete remote client onboarding. Or in communities where there is little understanding of technology. This may shut out women, refugees, the disabled, and those living in conflict zones.
Moreover, because digital identity systems often use physical features to authenticate ID, this can be a problem for manual labourers with worn fingerprints, the elderly whose facial features may have changed with age, and some ethnic groups who have darker skin or different eye shapes that may be harder for certain software to read.
Some information may also be difficult to verify remotely, like where an ID needs to be checked using a UV light or the construction of a document needs to be physically examined for tampering.
Benefits of remote onboarding/digital identity
The FATF notes that remote client onboarding could strengthen customer due diligence checks and anti-money laundering and counter-terrorist financing compliance because the use of digital identity verification systems leaves little room for subjective human errors and is much quicker than traditional checks.
This can in turn cuts costs for regulated entities when verifying new customers. A study conducted in 2019 by think tank McKinsey Global Institute found that companies using digital identity systems with high levels of assurance could see a 90% cut in client on-boarding costs with a reduction in onboarding time from weeks or days to just minutes.
Money saved can then be put towards other anti-money laundering and counter-terrorist financing duties.
Draft FATF guidance
Regulated entities using digital identity verification systems should consider the following:
- Can any further measures be taken to counter the risks associated with remote client onboarding? One example would be to use a few authentication factors instead of just one.
- What is the digital identity system’s assurance level, or, how reliable and independent is it? This is not necessary for those entities that have government approval, but those that do not must conduct an assurance test themselves or have an accredited body do it for them.
- Is the digital system being used for client onboarding appropriate given the potential money laundering risks associated with customers and their geographical location? Areas, where there is a higher risk of illicit financial activity or identity theft, require a higher assurance digital identity verification system, whereas the converse is true in low-risk areas.
- Where there is a risk of financial exclusion due to difficulties in providing relevant documents, entities have been asked to be as flexible as possible. For example, instead of making the provision of a permanent address a mandatory requirement, it can be made optional. Customers without access to ID documents should be allowed to use secondary evidence and a guarantor.
I welcome FATF’s efforts to provide a standardised framework for assessing the risks associated with different digital identity verification schemes as to use these tools effectively they have to be consistent across the world.
The Article Originally Appeared in Money Laundering Bulletin: Digital ID – setting the standard (28 Jan 2020)