FATF launches consultation on draft Guidance on digital identity

News

FATF launches consultation on draft Guidance on digital identity  

6 November 2019

Regulatory News Alert

Context and objectives

The growth in digital financial transactions requires a better understanding of how individuals are being identified and verified in the world of digital financial services. Digital identity (ID) technologies are evolving rapidly, giving rise to a variety of digital ID systems. This Guidance is intended to assist governments, regulated entities and other relevant stakeholders determine how digital ID systems can be used to conduct certain elements of customer due diligence (CDD) under FATF Recommendation 10.
 

Recommended approach

The Guidelines provide main FATF requirements for customer identification and verification and ongoing due diligence based on the risk-based approach that relies on a set of open source, consensus-driven assurance frameworks and technical standards for digital ID systems (referred to as ‘digital ID assurance frameworks and standards’) that have been developed in several jurisdictions. In this context, the Guidance primarily refers to the US National Institute of Standards and Technology (NIST) digital ID assurance framework and standards (NIST Digital ID Guidelines) and the EU’s e-IDAS regulation. The recommended approach is technology neutral (i.e., it does not prefer any particular types of digital ID systems). There are two elements of this approach:

  • Understanding of the assurance levels of the digital ID system’s technology main components (including its architecture and governance) to determine its reliability/independence; and
  • Making a broader, risk-based determination of whether, given its assurance levels, the particular digital ID system provides an appropriate level of reliability and independence in light of the potential ML, TF, fraud, and other illicit financing risks at stake.
     

Risks and benefits of ID systems

The Guidance explores some of the benefits of digital ID systems, as well as the risks they pose. Identity proofing and authenticating individuals over an open communications network (the Internet) creates risks specific to digital ID systems – particularly in relation to cyberattacks and potential large-scale identity theft. On the other hand, digital ID systems that mitigate these risks in accordance with digital ID assurance frameworks and standards hold great promise for strengthening CDD and AML/CFT controls, increasing financial inclusion, improving customer experience, and reducing costs for regulated entities.
 

Financial inclusion

Many ways in which the use of digital ID systems for CDD can support financial inclusion have been highlighted. Hence, digital ID systems may enable governments to take a more flexible and forward-leaning approach in establishing the required attributes, identity evidence and processes for proving official identity – including for the purposes of conducting customer identification and verification at on boarding in ways that facilitate financial inclusion objectives.

Furthermore, the digital ID assurance frameworks provide some flexibility in the process that can be used to identity proof and authenticate individuals, which can be tailored to meet financial inclusion objectives.

Lastly, supervisors and regulated entities, in taking a risk-based approach to CDD can support financial inclusion, including via the use of digital ID systems, in line with the approach in the 2017 FATF supplement on CDD and financial inclusion.
 

Next steps

The FATF is consulting private sector stakeholders before finalising the guidance and will make further amendments at its February 2020 meetings.
 

How can Deloitte help?

In this rapidly evolving regulatory landscape, Deloitte can help you stay ahead of the game with our Kaleidoscope Regulatory Watch services, which monitors and analyzes upcoming changes.

Deloitte’s AML/CTF advisory specialists and dedicated services will also help you design and implement your renewed business strategy in light of the future evolution of the AML/CFT framework.

Key Deloitte AML services:

  • AML/KYC remediation plan
  • AML/CTF training
  • AML/CTF policy, procedure, and process design or review
  • DKYC: externalizing KYC processes
PDF - 133kb

Contacts

Pascal Eber
Partner – Operations Excellence &
Human Capital
Tel : +352 45145 2649
peber@deloitte.lu

Eric Collard
Partner – Forensic & AML, Restructuring
Tel : +352 45145 4985
ecollard@deloitte.lu

Bastien Collette
Director – Advisory & Consulting (AML/CTF)
Tel : +352 45145 3372
bacollette@deloitte.lu

Alice Lehnert
Director – Advisory & Consulting
Tel : +352 45145 2605
alehnert@deloitte.lu

 

Regulatory Watch Kaleidoscope service

Simon Ramos
Partner – IM Advisory & Consulting
Leader
Regulatory Watch services co-Leader
Tel : +352 45145 2702
siramos@deloitte.lu

Jean-Philippe Peters
Partner – Risk Advisory
Regulatory Watch services co-Leader
Tel : +352 45145 2276
jppeters@deloitte.lu

Benoit Sauvage
Director – Regulatory Watch services coordinator
Tel : +352 45145 4220
bsauvage@deloitte.lu

Marijana Vuksic
Manager – Strategy, Regulatory & Corporate Finance
Tel : +352 45145 2311
mvuksic@deloitte.lu

Did you find this useful?