If you are a financial institution or professional who must comply with the Anti-Money Laundering and Countering Financing of Terrorism Act 2009, this article is for you.
Just before Christmas we drew your attention to the new AML/CFT identity verification code of practice explanatory note released by the statutory supervisors (Explanatory Note). We confirmed we would give you our further views on the Explanatory Note in the new year.
Electronic verification is a two-step process
We were pleased to see the Supervisors expressly confirm that electronic identity verification is in fact a two-step process.
- Step One involves confirmation of identity information from one or two independent and/or reliable source(s), which is well understood.
- Step Two involves matching the customer you are dealing with to the identity claimed (i.e. are they the same person?)
Electronic verification using a single independent source
The Explanatory Note is forward looking, as it anticipates that in time you will be able to complete both steps using a single electronic source that is able to verify an individual’s identity with a high level of confidence.
The type of source contemplated would incorporate biometric measures or something similar, which links your customer to the information provided. Think fingerprint and iris scanning or facial recognition. We are seeing rapid developments in biometric technology, but as far as we are aware it is not commonly used in New Zealand… yet!
Electronic verification using two reliable/independent sources
Until there are advances in the biometrics technology, you will need to verify a customer's identity using at least two reliable and independent electronic sources that match. In this instance the high level of confidence threshold does not have to be met.
You need to be aware that this method of verification will only satisfy step one. You will need to take additional measures to satisfy step two. The Explanatory Note provides examples of some additional measures:
- Require the first credit into the customer's account to be received from another New Zealand bank account. We have issues with this because the actual transfer may be part of a ML transaction,
- Send a letter containing a unique identifier number to a customer's address that has been verified by a reliable and independent source, and requiring the customer to return the number before the customer account is operational,
- Call the customer on a number that has been verified by a reliable and independent source before the customer account is operational, and
- Use robust security questions based on reliable and independent information obtained about a person's social or financial footprint.
The DIA’s options do have limitations in terms of time efficiencies, and costs associated with improving systems. They also raise further questions as to how you can be satisfied the source of the phone number or financial footprint information is reliable. We also note a video is not an electronic source, but it would be worth exploring whether real time video conference or skype combined with reliable and independent information would satisfy both steps. This area, particularly the linking/matching component, does require further discussion within your business, and we would be happy to assist you with that process. Particularly given we, as lawyers, are also in the midst of the AML/CFT journey and will face the same questions.
Also a reminder that if in doubt, you can still resort to asking your customer for a copy of photographic identification certified by a trusted referee who has faced the customer. Remember the trusted referee does not have to be a solicitor or justice of the peace. They can be a teacher, accountant, doctor or minister.
If you need help with your AML/CFT compliance issues, we are happy to assist. Contact Nic on 09 489 0715 / email@example.com or Sarah on 09 489 0734 / firstname.lastname@example.org.