GFSC GUIDANCE - Can video calling be used to verify the identity of individuals? 6th April 2020

The Commission has received a number of enquiries from firms whose staff are working from home and are unable to verify individuals on a face-to-face basis through physical meetings or where the individual has been unable to provide to the firm a certified copy of their identification data.

Rule 5.27 of the Handbook permits a firm to use electronic verification to verify, in whole or in part, the mandatory data points required by Rule 5.8.  Rule 5.11 requires a firm to be satisfied as to the validity and veracity of the identification data used to verify the identity of a natural person.

This FAQ provides guidance on how a firm can comply with Rules 5.8 and 5.11 when verifying the identity of an individual through a video call on a smartphone, webcam or similar device.

A video call could be carried out in circumstances where the individual cannot arrange for certification of their identity documents but can or has provided the firm with an uncertified copy; or where the individual cannot provide the identity documents to the firm physically or copies thereof in paper or electronic form.

When making use of such means, compliance with these rules would be achieved by the firm observing the following practices: -

1. The video call allows the firm and the individual to make both visual and verbal contact simultaneously. The call is of a sufficiently good quality to enable clear verbal communication and to allow the firm to clearly see the face of the individual and identity data and security features in the identity document.
2. The individual has with them their original identity document during the call and not a copy.
3. The firm can ascertain that the image in the identification document reflects that of the individual.
4. During the call, the firm is able to review the individual’s identity data in the original identification document produced by the individual to verify the individual is who he/she purports to be.
5. Checks are made on the authenticity of the document during the call by reviewing the security features in the original identification document.  This can also be automated if the software being used for the video call itself (for example where it is through an appropriate app) has the capability to carry out authentication checks or by using separate software solutions such as those that check the algorithms used to generate passport numbers.
6. The firm keeps the following records to ensure that accurate and complete customer due diligence information is held to meet the requirements of paragraph 14 of Schedule 3: -
   • that there is a record on the relevant customer file explaining how the individual’s identity was verified and by which officer of the firm. The record also includes the date and time of the video call and the address location of the individual. This could in part be satisfied by way of good quality screenshots of the individual and the identity document during the video call, and
   • an electronic copy of the identification document is retained. Where the only record of the identification document will be via the video call, good quality screenshots of the identification document (all relevant pages or sides) are recorded which include the photographic evidence of identity as well as all the identity information on the identification document clearly visible and legible from the screenshots.

The firm should apply a risk-based approach when considering the use of a video call to verify the identity of an individual.

Regardless of the verification method employed, the firm must be satisfied as to the validity and veracity of the identification data used to verify the identity of an individual and its evidential value should be based on the assessed risk of the business relationship or occasional transaction.

The video identification process should only be used in cases where there are no money laundering (“ML”) or financing of terrorism (“FT”) suspicions, or doubts about the veracity or adequacy of previously obtained data. In circumstances where the business relationship or occasional transaction has been assessed as high risk, the firm should be applying other due diligence measures to verify additional aspects of the customer’s identity in accordance with paragraph 5(3)(a)(v)(A) of Schedule 3.

Under paragraph 11 of Schedule 3 a firm is required to periodically review the identification data it holds on a business relationship to ensure that it is accurate and remains relevant. The Commission would expect these reviews to include a determination that verification of an individual via video remains appropriate and relevant in light of the activity over the business relationship and the risks associated with that relationship.

READ HERE https://www.gfsc.gg/news/article/can-video-calling-be-used-verify-identity-individuals