FATF launches consultation on draft Guidance on digital identity has been saved
FATF launches consultation on draft Guidance on digital identity
6 November 2019
Regulatory News Alert
Context and objectives
The growth in digital financial transactions requires a better understanding of how individuals are being identified and verified in the world of digital financial services. Digital identity (ID) technologies are evolving rapidly, giving rise to a variety of digital ID systems. This Guidance is intended to assist governments, regulated entities and other relevant stakeholders determine how digital ID systems can be used to conduct certain elements of customer due diligence (CDD) under FATF Recommendation 10.
The Guidelines provide main FATF requirements for customer identification and verification and ongoing due diligence based on the risk-based approach that relies on a set of open source, consensus-driven assurance frameworks and technical standards for digital ID systems (referred to as ‘digital ID assurance frameworks and standards’) that have been developed in several jurisdictions. In this context, the Guidance primarily refers to the US National Institute of Standards and Technology (NIST) digital ID assurance framework and standards (NIST Digital ID Guidelines) and the EU’s e-IDAS regulation. The recommended approach is technology neutral (i.e., it does not prefer any particular types of digital ID systems). There are two elements of this approach:
- Understanding of the assurance levels of the digital ID system’s technology main components (including its architecture and governance) to determine its reliability/independence; and
- Making a broader, risk-based determination of whether, given its assurance levels, the particular digital ID system provides an appropriate level of reliability and independence in light of the potential ML, TF, fraud, and other illicit financing risks at stake.
Risks and benefits of ID systems
The Guidance explores some of the benefits of digital ID systems, as well as the risks they pose. Identity proofing and authenticating individuals over an open communications network (the Internet) creates risks specific to digital ID systems – particularly in relation to cyberattacks and potential large-scale identity theft. On the other hand, digital ID systems that mitigate these risks in accordance with digital ID assurance frameworks and standards hold great promise for strengthening CDD and AML/CFT controls, increasing financial inclusion, improving customer experience, and reducing costs for regulated entities.
Many ways in which the use of digital ID systems for CDD can support financial inclusion have been highlighted. Hence, digital ID systems may enable governments to take a more flexible and forward-leaning approach in establishing the required attributes, identity evidence and processes for proving official identity – including for the purposes of conducting customer identification and verification at on boarding in ways that facilitate financial inclusion objectives.
Furthermore, the digital ID assurance frameworks provide some flexibility in the process that can be used to identity proof and authenticate individuals, which can be tailored to meet financial inclusion objectives.
Lastly, supervisors and regulated entities, in taking a risk-based approach to CDD can support financial inclusion, including via the use of digital ID systems, in line with the approach in the 2017 FATF supplement on CDD and financial inclusion.
The FATF is consulting private sector stakeholders before finalising the guidance and will make further amendments at its February 2020 meetings.
How can Deloitte help?
In this rapidly evolving regulatory landscape, Deloitte can help you stay ahead of the game with our Kaleidoscope Regulatory Watch services, which monitors and analyzes upcoming changes.
Deloitte’s AML/CTF advisory specialists and dedicated services will also help you design and implement your renewed business strategy in light of the future evolution of the AML/CFT framework.
Key Deloitte AML services:
- AML/KYC remediation plan
- AML/CTF training
- AML/CTF policy, procedure, and process design or review
- DKYC: externalizing KYC processes
Regulatory Watch Kaleidoscope service