Richard Simms explains how you can use online identity verification checks to truly Know Your Customer
The HM Treasury consultation on the transposition of the Fifth EU money laundering directive includes questions on electronic identification processes. It seemed appropriate to consider the current legislation and guidance surrounding the Know Your Client (KYC) or, using more current terminology, Customer Due Diligence (CDD) requirements.
Reference to online or electronic identification searches or checks is in relation to searches of electronic databases to aid with the verification of the identity of an individual. This article focuses on the UK accountancy sector in the form of some Q&As.
What do the 2017 Money Laundering Regulations (MLR17) require for identifying and verifying customers?
I won’t discuss when CDD should be applied but rather what constitutes CDD with regards to identifying and verifying a customer; be aware that the customer identification and verification is only a part of CDD requirements for a customer.
MLR17 R.28(2) refers to the need to identify and verify the identity of a customer unless the identity of a customer is known and has already been verified.
R.28 continues to explain that we should, R.28(11) “conduct ongoing monitoring of a business relationship” that includes review of existing records and keeping identity and verification documents and information up to date.
Helpful also is R.28 (18)’s explanation of ‘verify’, which refers to using documents or information from a reliable source that is independent of the person being identified.
In short, identify and verify every customer using documents and information from a reliable and independent source and keep this up-to-date. It’s not my intention to discuss beneficial owner definitions other than to say that if a customer is “beneficially owned by another person” then the identification and verification scope is extended; this could extend up through a number of entities until a natural person(s) is identified.
What does AMLGAS (Anti-Money Laundering Guidance for the Accountancy Sector) say about electronic ID verifications?
Within Section 5, Customer Due Diligence (CDD), of AMLGAS is a discussion on the Use of Electronic Data (5.4.41 and 5.4.42).
5.4.42 states that before using an electronic service; whether the information is reliable, comprehensive and accurate should be considered. AMLGAS goes on to explain the criteria that are important for electronic data sources, and of particular interest is “does the system provide adequate evidence that the client is who they claim to be?” I’ll come back to this.
We need to be clear on what sources are being used by a provider and how the accuracy of the data provided is checked and controlled. Any electronic data provider should be able to confirm the sources used and how that data is controlled and managed.
Regarding the question of confirming that a person is what they claim to be, this can be more difficult. Is the person in front of you the person that they say they are? Unless an online verification contains a unique physical identifier (known as biometric identifiers) for that person, for example a photo or fingerprint, how can you be sure that the person that has been electronically verified is that person in front of you?
This, to me at least, seems to be a barrier to electronic verifications working as a stand-alone identity verification process. Unless a physical identifier is included within an electronic verification, then a physical copy of an independent and reliable source of identification will still be required to be seen and certified. If this is not done, then the risk of identify fraud is not addressed. Don’t forget that an acceptable third party could certify a copy for you if they have met the client along with their ID documents.
How are electronic ID verifications helpful for KYC?
It is important to be clear on what checks are performed by a provider and what sources are used. For example, I have had explanations from clients that the verification service that they use can check the passport number of a client of theirs. In this case, be clear whether the passport number is being checked against a government passport database or whether a format check is being performed on the passport number.
So yes, electronic ID checks can be helpful. Particularly in the following areas:
• Sanction checks: If you’re not aware of the Office of Financial Sanctions Implementation (OFSI) then take a look and review the consolidated list of financial sanction targets. An electronic verification service will usually check this for you, but you can do it manually by visiting OFSI’s website.
• Politically Exposed Persons (PEPs): I’m not aware of publicly available global PEP list that we can search without using an electronic verification service. The alternative is to ask a customer if they are a PEP or related to a PEP, or a business associate of a PEP, and to perform a web search check on an individual. A web search is generally a good thing to form part of your verification process anyway, just to see what comes up.
• Mortality database: Sounds a little morbid but if a person who is seeking to be your customer is dead, then that might not be a client for you. What this is referring to is people fraudulently adopting the identify of a deceased person, usually for illicit purposes.
• Proscribed Terrorist Groups or Organisations (usually referred to as the PTO): Slightly a trick question as the PTO contains organisations and groups and not individual people’s names. A person cannot be checked against the PTO, but entities can be and should be. The best method I’m aware of is to visit the website and check manually; there may well be a data provider who will check this list for an entity.
Our approach to our insolvency work, is to certify physical documents and to undertake an online verification report as well; better safe than sorry.
For additional guidance on the use of electronic ID verification reports it’s worth looking at the JMLSG (The Joint Money Laundering Steering Group) Guidance for the UK Financial Sector. Though not directly relevant for the accountancy sector, it provides some useful insight.
• Richard Simms is Managing Director of the AMLCC
Accounting Practice Online is part of the ICPA, which is an organisation designed to provide support and guidance for accountants in practice. With 35+ practice specific benefits there has never been a better time to join. Take a look at the routes to membership today.