Ee bah gum – eVerification of eID

Verification of identity is like driving: we all think we know how to do it well, and probably better than other people, but if we were to take our driving test again (and especially the scary written test that the young people have to do now), we might find that we’re not quite as faultless as we had thought.  And one of the issues that is causing us to rethink the basics of VoI is the advent of electronic ID.

An MLRO in Jersey emailed me last week for a little discussion about eID.  In Jersey, great emphasis is placed on photographic ID – and the whole point of that is that you meet the person to whom it belongs, otherwise (duh!) it could be anyone.  (That said, my own passport photo could be almost anyone except me – and actually looks most like Kim Jong-un’s grumpy older sister.)  Moreover, Jersey requires that for standard and higher risk clients, their place of birth is verified – so you can’t use eID as no system captures that information.  This means that, for Jersey businesses, remote verification (including eID) is out except in very low risk situations.  And yet, who among us has not rolled his eyes at the folly of accepting utility bills as proof of address – knowing that a four-year old could mock one up on Photoshop?  That said, the same four-year old, in between episodes of “In the Night Garden”, could probably set up a believable-looking eID verification website.  (This is why I don’t have children – I fear their capabilities.)

A while ago, the Law Society of England and Wales announced that it had chosen two “preferred eVerifiers” to recommend to its members.  I was very surprised, as I didn’t think that supervisory bodies generally recommended commercial suppliers – or at least that is what they had always told me.  Hmmmmm….  So presumably it is now acceptable for lawyers supervised by the Law Soc to do eID checks instead of paper ones.

So what do you think?  We can probably all accept that eID would be a time-saver for everyone.  But is it good enough to achieve what we (and the regulators) need: the verification, to be best of our professional ability, of a client’s identity?  Could it be used in isolation, instead of paper documents?  Or should the two be used together, to corroborate each other?

This entry was posted in Due diligence, Money laundering and tagged , , , , , , , . Bookmark the permalink.

2 Responses to Ee bah gum – eVerification of eID

  1. Hi Susan I think that electronic identification is probably acceptable in isolation, for entities and individuals assessed as ‘low’ risk, but for ‘medium’ and ‘high’ risk individuals and entities, it should be supplemented by an original photographic ID and utility bill. However, there is always a need to re-assess clients/customers subsequent to their original take-on (ongoing customer due diligence). What if an existing client/customer who had been assessed as ‘low’ risk is subsequently changed to ‘medium’ or ‘high’ and there is a need to obtain photo ID and a utility bill and it can’t be obtained, because the client is non-cooperative? What happens then? Perhaps it is safer in the long run to get the paper ID at the beginning and us eID as a back up? Whats does everyone else think?

  2. Hello John
    Many thanks for your insightful comment. This is indeed part of a wider concern: what happens if a client moves into an elevated risk category, but refuses to supply EDD at that point (or is merely snippy about it)? Law firms also face this dilemma, if they take on non-regulated business and then the client asks to do regulated business, but can’t understand why extra due diligence is now required.
    Any other views?
    Best wishes from Susan

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.