On 31’ st of October 2019 The Financial Action Task Force (FATF) has published 77-page draft guidance on how financial institutions, governments, and other relevant entities should get ready to implement Digital Identity (digital ID) systems into customer due diligence (CDD).
And although the recommendation doesn’t change anything, it gives businesses an important food for thought as to how Digital ID is an asset to market security.
What is a Digital ID?
In its draft FATF describes as to what Digital Identity (digital ID) system is,—“i.e. systems that cover the process of identity proofing/enrolment and authentication. Digital ID systems can involve different operational models and may rely on various entities and types of technology, processes and architecture.”
The report reads: “Digital ID standards, technology and processes, have evolved to a point where digital ID systems are, or could soon be, available at scale. Some of these relevant technologies include: a range of biometric technology; […] artificial intelligence/machine learning (e.g., for determining the validity of government-issued ID); and distributed ledger technology (DLT)”.
FATF states that the digital identity system shouldn’t necessarily be fully digital—identity proofing and enrolment can be either digital or/and physical (documentary), but binding, credentialing, authentication, and portability/federation (where applicable) must be digital.
What Digital ID could bring to regulated businesses
Referring to the NIST Digital ID Guidelines and the EU’s e-IDAS regulation, FATF explains how, the right identity verification supports AML/CFT efforts and how to apply a risk-based approach to using available at scale digital ID systems for customer identification and verification enforcing anti-money laundering (AML) and counter financing terrorism (CFT) measures.
- Effective identification and reporting of suspicious transactions
Robust digital authentication of customer ID for ongoing account access ensures that the person accessing an account and conducting transactions today is the same person who accessed the account previously, and is in fact, the identified/verified customer who holds that account.
- More valuable data
Digital ID authentication and authorisation for account access may enable regulated entities to capture additional information, such as geolocation, IP address, or the identity of the digital device used to conduct transactions, giving a more detailed understanding of the client’s behaviour as a basis for determining when its financial transactions appear to be unusual or suspicious.
FATF claims authorities have to “develop clear guidelines or regulations allowing the appropriate, risk-based use of reliable, independent digital ID systems by entities regulated for AML/CFT purposes.” The Guidance also clarifies that non-face-to-face customer-identification and transactions that rely on reliable, independent digital ID systems, may present a standard level of risk, or may even be lower-risk.
How did the FATF draft affect blockchain
The draft gave crypto exchanges (virtual asset service providers) a good portion of attention, putting them together with other regulated institutions to “take an informed risk-based approach to relying on digital ID systems for Customer Due Diligence”—authenticate new and existing customers to authorize transactions and account access.
In the paper FATF names distributed ledger technology (DLT) such as blockchain as a tool that can potentially support the development of digital ID. It also outlines that digital identity is able to keep crypto transactions compliant by identifying the stakeholders, as the security offered by blockchain technology exemplifies the digital ID assurance frameworks and standards that FATF outlines.
FATF shoutout to cryptocurrency platforms binds VASPs to existing KYC/AML rules, showcasing the growing the acceptance of digital payments gains trust among users.
The Key Takeaways
- Digital ID supports efforts against AML/CFT
Digital ID systems have the potential to improve the reliability, security, privacy, convenience, and efficiency of identifying individuals and performing CDD. It can also potentially “eliminates the role of subjective human judgement in determining that customers are who they claim to be”.
- Digital ID is to aid blockchain transaction monitoring
With the rise of stablecoins across international financial systems, digital identity can be effectively used in payment systems to identify stakeholders in stablecoin-related transactions.
- Regulated institutions must develop guidelines to the risk-based use of digital ID systems;
Deciding to implement Digital ID, entities have to consider relevant risks of technology-based safeguards and implement security management practices, policies, approaches to risk management, and other recognised controls.
The draft aims to determine what the CDD demands to support the proper use of digital ID and what approach should providers strive towards, considering that non-face-to-face business relationships or financial transactions have higher risks for money laundering and terrorist financing purposes.
The FATF is currently welcoming feedback and proposals from banks, virtual asset service providers, regulators and authorities until 29 November 2019.