FCA ID&V checks “a fraudster's charter”?

New guidance on anti-money laundering compliance expectations in response to the COVID-19 pandemic could leave retail financial firms in the UK open to fraud and illicit funds, the Financial Times reported Thursday.

Citing social distancing measures and travel restrictions, the UK’s Financial Conduct Authority (FCA) told the businesses last week that

• they could accept digital substitutes for the physical documentation usually required from new customers as part of the firms’ onboarding compliance checks.

FCA letter

On 31 March 2020, the Financial Conduct Authority (FCA) published a “Dear CEO” Letter (the Letter https://www.fca.org.uk/publication/correspondence/dear-ceo-letter-coronavirus-update-firms-providing-services-retail-investors.pdf  ) to all authorised firms providing financial services to retail investors about measures the FCA is taking as a result of coronavirus (COVID-19).

In the Letter, the FCA states that it expects firms to provide strong support and service to customers during this period of disruption. Firms should also manage their financial resilience and report to the FCA immediately if they believe they will be in difficulty.

In order to support firms in the current environment, the FCA announced the following changes and clarifications in the Letter.

Client Identity Verification – alternative means of verification

During this period, the FCA expects firms to continue to comply with their obligations to verify client identity as required under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs 2017).

The regulator acknowledges however that restrictions on non-essential travel may impact firms’ abilities to use traditional methods to verify a customer’s identity. The FCA does state that remote means of verifying identity are permitted under the MLRs 2017 and these should be used at this time. Examples of such remote client identification include:

• accepting scanned documentation sent by e-mail, preferably as a PDF;
• seeking third party verification of identity to corroborate that provided by the client, such as from its lawyer or accountant; and
• asking clients to submit ‘selfies’ or videos.

Experts

But compliance experts told the FT that the authority’s guidance could serve as invitation to financial crooks.

• “Some of things [FCA chief Chris Woolard] has suggested are a money launderer’s or a fraudster’s charter,”
• “Scanned documents by email or PDF — money launderers and fraudsters are experts at doctoring and amending these.” John Dobson, chief executive of SmartSearch, told the FT.

The FCA’s guidance amounts to “bad advice,” John Erik Setsaas, vice-president at ID services provider Signicat, told the newspaper.

• “Sending documents and selfies by email is inherently insecure —
• anything you wouldn’t be happy to put on the back of a postcard shouldn’t be sent by email,”
• the use of seflie photos would be ineffective without interactive “liveness checks.”

An FCA spokesperson cited by the FT said the agency’s suggestions were merely “additional steps” already used by some financial firms.

• “The letter is not intended to represent a relaxation of requirements or to suggest that taking one of the measures in isolation would be appropriate or sufficient verification,” the person said, according to the report.

Source https://www.ft.com/content/a12f4c23-d485-436b-9690-41b117c95ac0 / https://www.fca.org.uk/publication/correspondence/dear-ceo-letter-coronavirus-update-firms-providing-services-retail-investors.pdf