Issuing a draft Guidance Paper last week, the Financial Action Task Force (FATF) urges financial institutions to ready themselves for the impending global expansion of digital identification systems.
FATF’s guidance paper sets out a risk-based approach to help governments, financial institutions and other relevant entities use digital ID systems to comply with AML/CFT requirements under its standards.
The paper states: “The rapid pace of innovation in the digital identity (ID) space has reached an inflection point. Digital ID standards, technology and processes, have evolved to a point where digital ID systems are, or could soon be, available at scale."
The paper notes that with digital payments growing at an estimated 12.7% annually and 70% of world GDP forecast to be digitised by 2022, understanding the role digital ID systems will play in this rapid expansion is imperative to realising AML/CFT efforts and strengthening CDD measures.
Financial institutions need to recognise the risks inherent in integrating large scale digital ID systems such as privacy, fraud, governance, identity theft, and data security.
While these risks “vary in relation to the components of the digital ID system, they can be more devastating than breaches associated with traditional ID systems due to the potential scale of the attacks.”
The FATF’s website lists four areas of focus with associated questions covering specific AML/TF risks arising through digital ID systems: the role of digital ID systems in ongoing due diligence; the role of digital ID systems in financial inclusion; and how the systems can raise issues pertaining to FATF record-keeping requirements.
Among several recommendations, the Task Force urges authorities to “adopt policies, regulations, and supervision and examination procedures that encourage regulated entities to develop an efficient, integrated approach to digital ID streaming applicable digital processes across all relevant efforts.”
The FATF is currently in the process of consulting private sector stakeholders and is also welcoming feedback and proposals from banks, virtual asset service providers, regulators and authorities until 29 November 2019.
The paper focuses on the application of Recommendation 10 (Customer Due Diligence) to the use of digital ID systems for identification/verification at on-boarding, ongoing due diligence, and Recommendation 17 (Third Party Reliance) for situations in which regulated entities provide digital ID systems to other regulated entities