COVID-19 has placed digital ID back under the spotlight. Experts on a Refinitiv webinar discussed how the rapid shift towards non face-to-face and digital financial services, and COVID-19 guidance from the Financial Action Task Force (FATF) have the potential to act as a catalyst for an effective digital framework for the financial services sector.
- Senior figures in anti-money laundering and banking believe that the COVID-19 pandemic has changed the financial sector environment so there is now an increased need for an effective digital ID framework.
- On the Refinitiv webinar ‘Fighting the new financial crime risks of COVID-19 with technology’, experts discussed the advantages a new digital ID system for the financial sector could bring, as well as analyzing the fresh challenges on the horizon.
- Digital ID can provide customers with additional levels of protection that, if done correctly, can make it far more secure than its paper-based counterparts. However, customers can still be distrustful of technology and so they need to be in the driver’s seat when making the decision about any such move.
Senior anti-money laundering (AML), legal and banking figures have predicted that the turmoil created by COVID-19 could help usher in the development of an effective digital ID framework for the financial sector.
The rapid pivot towards non-face-to-face and digital financial services has triggered a new wave of interest in digital ID solutions. Regulators are also focusing on this issue in the wake of the Financial Action Task Force’s (FATF) recent guidance on COVID-19, money laundering and terrorism financing risks.
The international standard setter said it encouraged the use of digital ID and “other responsible innovative solutions” for identifying customers during onboarding and while conducting transactions.
The FATF said: “Non-face-to-face onboarding and transactions conducted using trustworthy digital ID are not necessarily high-risk and can be standard or even lower-risk.”
The guidance said digital ID offered a number of security benefits to customers, while also mitigating money laundering (ML) and terrorism financing (TF) risks.
It added: “The FATF calls on countries to explore using digital identity, as appropriate, to aid financial transactions while managing ML/TF risks during this crisis.”
COVID-19 and changing regulations
At the Refinitiv Webinar ‘Fighting the new financial crime risks of COVID-19 with technology’, experts discussed whether indeed COVID-19 could act as the “tipping point” for such fundamental change in financial sector regulation.
Urszula McCormack, partner at King & Wood Mallesons in Hong Kong, noted the heightened interest in digital ID due to the COVID-19 lockdown, adding that some effective digital ID frameworks were already in circulation, such as the World Bank’s ID4D guidelines.
“It’s been a very long process, moving towards this point. What we’ve seen is that COVID-19 has accelerated that process for many organizations,” she said.
Anti-money laundering (AML) and counter-terrorism financing (CTF) experts say there is a common misconception that traditional ID is safer than digital ID.
James Mirfin, Global Head of Financial Crime Propositions at Refinitiv said that many organizations were waiting for encouragement from regulators and bodies such as the FATF to push ahead with new approaches to ID verification.
He added: “As with any technology, particularly in regulated institutions, there are clearly challenges with pushing ahead. If you get digital ID right, there can be a huge efficiency play, so you can imagine some of the tensions that it creates within organizations.
“For a lot of established financial services players, they start to look at how they might deploy digital ID and how that integrates with legacy platforms and risk systems — and that’s not always straightforward.”
Move to digital ID “inevitable”
Milan Gigovic, Head of Financial Crime Intelligence at ANZ Bank in Melbourne said there was “no doubt” that the financial sector is moving towards a more digital landscape, and that this would create new “ID takeover threats” that can only be managed with an effective framework for digital ID.
He said: “We want to give customers the best experience, and we’re pushing them to online, and online verification, and to use the apps that are available and internet banking. So, there’s no doubt that we’re going down that path, as is everyone.
“It’s a real balancing act because you’ve got to think about customer friction. You want to enable them to have a seamless experience but also, on the back end, you want to ensure that you’ve got the right monitoring going on to pick up earlier on the escalating ID takeover threats.”
Gigovic added that the digital ID policy debate was being monitoring closely from an industry perspective.
Regulatory support, tech neutrality
There is a strong willingness among regulators to explore new approaches to technology.
Nathan Newman, National Manager for Regulatory Operations at the Australian Transaction Reports and Analysis Centre (AUSTRAC), said that regulators in risk-based jurisdictions were careful to avoid dictating the types of solutions that reporting entities use, adding that regulators should at the same time facilitate and support digital innovation.
“It’s not the role of the AML regulator to determine what you should or shouldn’t be doing in terms of investment in technology and digital versus paper-based verification. I don’t want anyone to think that AUSTRAC’s going to come out and mandate that,” Newman said.
“But, certainly for us, the way things are going, digital will overtake paper. We know that’s going to be the case, and this pandemic has hurried that along, perhaps more than would otherwise have been the case.”
The roll-out of digital ID would require a careful assessment of organizations’ privacy and data protection obligations, McCormack said. The development of digital ID banks may be creating a “honeypot” for bad actors.
“The more [data] you have, the more you need to protect, and the more of a honeypot you’re creating for other people to come and compromise,” she said.
How secure is digital ID?
At the same time, McCormack stressed that digital ID can be far more secure than legacy paper-based physical ID solutions. Often this involves the addition of a second layer of verification, such as voice ID, fingerprint recognition or other biometrics.
“We’re also seeing the ‘layering’ of additional security and functionality, such as checking for device IDs, and even things like location data. But when we look at this from a data protection standpoint, what we’re really doing is increasing the amount of data that is being stored and held by the institution and therefore the protective measures that need to go around that,” McCormack said.
In many markets, banks are waiting for a solution to be led by the government, Mirfin said, adding that it was likely that industry and consumers would need to lead the charge, based on the additional security and other consumer benefits that digital ID offers.
“I think in many markets, people have been waiting for that for some time. The good news is that the regulatory environment is receptive to the idea of firms using digital ID,” Mirfin said.
“Digital ID, if you get it right, uses a lot of data to protect individuals, institutions and accounts. You can do that in a privacy respecting way and a privacy-centric way. So, there are obstacles, but we’re moving in a very favorable direction.”
Banks, regulators and governments needed to make sure that customers are in the driver’s seat with these changes, McCormack said.
“There is still a degree of mistrust around those technologies and a need for disclosure and optionality,” she said. “There really needs to be an element of choice there for customers.”