Digital Identity Guidance from the Financial Action Task Force (FATF)

Michael Magrath, March 27, 2020
Digital Identity Guidance from the Financial Action Task Force (FATF)

From a customer standpoint, going to a bank branch to open an account is typically a less-than-stellar experience which too often involves waiting in line for a bank representative, providing required documentation, answering questions to prove who you are, and physically signing the account opening forms. At the end of the process, the bank representative photocopies your account opening forms and provides you with a set. Finally, the account is open. Having done this recently, the process can take about one hour depending on the queue. In the end, I walked away knowing I could have used that hour much more productively.

Banks and other financial institutions have long strived to balance customer experience with security while complying with regulations in each jurisdiction they do business in. Banks often struggle to comply with customer due diligence (CDD) regulations in-branch. They simply do not have trained forensic document examiners in every branch who can tell if the driver license presented by the prospective customer is authentic or not.

Financial Action Task Force and Updated Regulations

In recent years, several countries have updated their laws and regulations to permit new accounts to be opened remotely. The Financial Action Task Force (FATF) refers to this process as a “Non-Face-to-Face On-boarding”, but the process is the same.

Contrary to what might be expected, banking customers and financial institutions alike can be more assured that the applicant is who they claim to be in a digital process than a physical one. The bank can leverage sophisticated biometric and document verification technology to open new accounts and have high confidence that subsequent transactions are made by that person.

The FATF is the international watchdog formed 30 years ago to combat money laundering, corruption, and terrorist financing. Comprised of 37 member jurisdictions and two regional organizations, the European Commission and the Co-operation Council for the Arab States of the Gulf (GCC), FATF is represented by financial regulators from each member jurisdiction (country) and seeks to set international standards for anti-money laundering, terrorist financing initiatives, and other related financial crimes.

FATF Guidance on Digital Identity

FATF’s latest guidance for governments, Digital Identity, published early this month was driven by the rapid growth in digital payments and the need to know who is really transacting. The FATF appropriately notes that “the growth in digital financial transactions requires a better understanding of how individuals are being identified and verified in the world of digital financial services”. The guidance includes numerous recommendations for government authorities, regulated entities (financial institutions), and digital identity service providers to strengthen security as it pertains to digital identity in global financial systems.

The guidance includes five sections:

  • Introduction
  • Digital ID Terminology and Key Features
  • FATF Standards on Customer Due Diligence
  • Benefits and Risks of Digital ID Stems for Anti-money Laundering (AML) and Countering Financing of Terrorism (CFT) Compliance
  • Assessing Whether Digital ID Systems Are Sufficiently Reliable and Independent Under a Risk-Based Approach to CDD

Included in the guidance are details on the best way to apply customer due diligence to digital ID systems for customer identity verification onboarding and authentication for transactions. It also includes a description of how third-party reliance between regulated entities can be used by financial institutions to meet the requirements.

According to the FATF, “Reliable digital ID can make it easier, cheaper and more secure to identify individuals in the financial sector.  It can also help with transaction monitoring requirements and minimise weaknesses in human control measures”

Additionally, strong digital identities serve as the foundation for agreement automation. Many types of financial agreements are being automated in order to provide customers with an end-to-end digital process, especially in use cases such as digital account opening and lending. This requires enrollment and binding of strong authentication credentials; and secure and auditable electronic signatures to sign documents. Banks and financial institutions have embraced digital account opening to efficiently cross-sell additional products and services like auto loans, mortgages, and brokerage accounts to existing customers while achieving improved customer experiences, security, and regulatory balance.

The guidance states that “The risk-based approach recommended by this Guidance relies on a set of open source, consensus-driven assurance frameworks and technical standards for digital ID systems.” Among the standards referenced are the:

  • International Organization for Standardization (ISO)
  • World Wide Web Consortium (W3C)
  • Fast Identity Online (FIDO) Alliance
  • OpenID Foundation and the United Nations’ International Telecommunication Union (ITU)

In addition, the guidance leverages the work of NIST and its 2017 Special Publication 800-63-3 revision entitled, “Digital Identity Guidelines”. It also includes an overview of U.S. and E.U. Digital Assurance Frameworks and Technical Standards, which provide descriptions and definitions of identity proofing, authentication, and federation levels of assurance.

FATF notes that digital identity systems “have the potential to improve the reliability, security, privacy, convenience, and efficiency of identifying individuals in the provision of financial services”.

FATF cites a 2019 McKinsey Global Institute report suggesting that “regulated entities using digital ID systems could see up to 90 percent cost reduction in customer onboarding with the time taken for Identification/verification and other CDD elements reduced from days or weeks to minutes. These cost savings could enable regulated entities to allocate compliance resources to other AML/CFT compliance functions, and also facilitate financial inclusion for otherwise excluded or under-served individuals by reducing on-boarding costs and eliminating what can be long journeys to a bank since for several years, banks around the world have contracted the number of physical branches.”

Immediate and Long-term Impacts of the FATF Recommendations

With COVID-19 spreading across the globe at this time of this writing, “Non-Face-to-Face On-boarding” is not only convenient but also reduces the health risks associated with close human interaction within bank branches which is beneficial to both customers and the financial institution’s employees. Read the FATF's recent statement on COVID-19 and combating illicit financing.

The impact of the Financial Action Task Force’s Digital Identity guidance will be far reaching.  Local regulators will undoubtedly revise or replace altogether their existing regulations as they pertain to customer due diligence for the early part of this decade. Moreover, FATF’s guidance may help to increase financial inclusion for the world’s unbanked and underbanked by enabling secure and trusted remote account opening in the digital customer journey.

Top 2020 Banking Regulations & Security Compliance Requirements

Top 2020 Banking Regulations & Security Compliance Requirements

The rapid growth of technology and digitization in the financial industry is continuing to drive new regulations around the globe, and there is already a lot happening in 2020.
 

Read More

Michael Magrath is responsible for aligning OneSpan’s solution roadmap with standards and regulatory requirements globally. He is Co-Chair of the FIDO Alliance’s Government Deployment Working Group and is on the Board of Directors of the Electronic Signature and Records Association (ESRA).

Digital Account Opening | How Banks Can Transform & Protect The Customer Journey

Download this white paper and learn how facial biometrics, e-signature, and machine learning-based fraud analytics can transform and secure digital account opening. 

Download Now