FATF issues new guidance on Digital Identity systems

Richard M. March 9, 2020 3 minute read

A guidance paper has been issued by the Financial Action Task Force (FATF) to assist governments, financial institutions, VASPs or virtual asset service providers, and other regulatory bodies to decide whether such systems are relevant for CDD or customer due diligence purposes or not.

Digital transactions are growing by almost 13% a year. Digital ID’s such as ePassports and electronic driving licences using technology like fingerprint and iris scans will become more common. This #FATF guidance paper assesses the issues➡️https://t.co/kwE23V9QN8 #FollowTheMoney pic.twitter.com/LxCMQk8yFu

— FATF (@FATFNews) March 6, 2020

The guidance paper was introduced last month at the FATF meeting and follows the previous draft guidance which was issued in 2019. Although it is focused to be technologically neutral, it still sets a decision process to establish whether a digital identification system meets the FATF requirements for Customer Due Diligence.

According to the FATF, authentic digital identification can make it simple, inexpensive and safe to authenticate individuals in the financial sector. Furthermore, it can also assist with transaction monitoring requirements and reduce weaknesses in human control procedures.

Customer verifications and transactions that depend on authentic digital identity systems with suitable risk minimization protocols in place present an ordinary or low level of risk, according to the guidance paper. It is also highlighted that the use of digital Identity verification systems in customer onboarding can help support financial inclusion targets.

The FATF offers directions for local authorities, specifically to develop explicit guidelines or rules allowing the relevant, risk-based use of reliable, independent digital ID systems by regulatory institutions for AML/CFT purposes. According to the guidance, the risk-based approach depends on consensus-driven assurance models and standards that are constantly polished and modified to develop an extensive worldwide standard for digital identification systems.

For regulated institutions, the guidance says dependence on digital ID systems for customer due diligence should be enlightened by an interpretation of their assurance levels, especially for identity proofing and validation, and whether said assurance levels are suitable for the ML/TF risks associated with the customer, product, jurisdiction, geographic reach, and other factors.