FATF announced a public consultation on FATF draft guidance on digital identity. The draft guidance is to be found here (MS Word file).
The draft guidance shows that FATF has high expectations of biometric solutions. In the paragraph on the key components of a digital ID system FATF describes the phases of collection, validation, de-duplication, verification and authenticator or credential issuance and delivery. Under de-duplication and verification biometrics play an important role.
The areas of focus are described as follows:
1. Are there any specific money laundering / terrorist financing risks, that arise from the use of digital identity systems for CDD, other than those already mentioned in Section IV of the guidance?
If so, how can they be addressed and by whom? Are there specific opportunities for combatting money laundering / terrorist financing that are not already mentioned in the guidance?
2. What is the role of digital ID systems in ongoing due diligence or transaction monitoring?
a. What information do you capture under authentication at on-boarding and during authorisation for account access? Who captures this data?
b. Is the authentication data you capture relevant to ongoing anti-money laundering and counter terrorist financing due diligence and/or transaction monitoring? If yes, how?
3. How can digital ID systems support financial inclusion?
a. How can digital ID systems with different assurance levels for identity proofing/enrolment and/or authentication be used to implement tiered CDD, allowing clients a range of account functionalities depending on the extent of CDD performed, and particularly in situations of lower risk? Please provide any practical examples.
b. Have you adopted lower assurance levels for identity proofing to support financial inclusion? What additional measures do you apply to mitigate risks? Please provide any practical examples.
c. How can progressive CDD via digital ID systems aid financial inclusion (i.e. establishing greater confidence in a customer’s identity over time)?
4. Does the use of digital ID systems for CDD raise distinct issues for implementing the FATF record-keeping requirements?
a. What records do you keep when you use digital ID systems for CDD?
b. What are the challenges in meeting record-keeping requirements when you use digital ID systems for CDD?
c. If you keep different records when using digital ID systems for on-boarding, does this impact other anti-money laundering and counter-terrorist financing measures (for example ongoing due diligence or transaction monitoring)?