In the UK, a wide range of business sectors must comply with strict Anti-Money Laundering (AML) regulations, including banks, building societies, payment firms, gambling businesses, lawyers, accountants and estate agents.
Failure to comply can result in large fines, imprisonment and the withdrawal of trading licences. Compliance with AML legislation is a must for all of these firms.
Spending on AML compliance is set to rise to £30 billion in 2023. Any new tool that reduces the cost, time and effort spent on AML compliance would be hugely beneficial for regulated firms. Innovative forms of verifying identity online can help regulated businesses comply with their AML requirements more easily and cost-effectively than today while delivering a more inclusive and convenient solution that enhances customer experience.
At the core of the AML requirements is ensuring proper Customer Due Diligence (CDD) when a new customer signs up with a regulated entity, such as a solicitor or accountant. We have made some progress from requiring a face-to-face check in a bank branch to being able to do this remotely online, but there is still friction in the process.
How this typically works today is that individuals are asked to prove their identity by filling in their name and address details on a web form and uploading a photo or scanned copy of their passport or driving licence.
These UK government documents are the primary source of identity authentication, while bank statements or utility bills are the secondary form of identity verification. The information in these documents is then checked against other data repositories like credit reference agencies and fraud databases to see if it matches. As part of these CDD checks, the individual is usually also asked to upload a selfi.e of themselves.
However, these current ‘first generation’ digital solutions do not deliver a great customer experience and cause considerable friction in the account setup process. They can be prone to error, and they are time-consuming.
‘Digital natives’ do not want to be troubled by analogue processes like this, even those that have been part-digitised through techniques like physical document scanning. Yet many regulated entities still rely on these clunky processes to comply with AML rules.
A second-generation, document-free, reusable digital identity solution is now available in the UK, leveraging the robust identity checks that banks have already done on their customers.
Taking just a few seconds, bank-verified digital identity is faster and easier for anyone using internet or mobile banking (88% of UK adults). It is already emerging as a valuable tool in the fight against fraud.
Bank-verified digital identity can be used to simplify customer identity authentication at the start of a new relationship, and strengthen it with ongoing monitoring. This strengthening comes from reusing a bank’s ‘Strong Customer Authentication’ (SCA) processes.
By leveraging the bank’s own ‘Know Your Customer’ (KYC) checked information, bank-verified digital identity enables better provenance of data and:
With bank-verified digital identity, all that an individual has to do is click on the digital identity solution button and consent to sharing the required personal details with the service they are onboarding onto.
This button leads to a list of bank logos that enhance trust by being known brands. On selecting the bank logo where the individual holds their chosen bank account, they are taken to their banking app and use their regular, secure banking credentials to authenticate themselves.
The customer’s data is transferred securely and in real-time to the new service provider to authenticate the individual’s identity, eliminating the need for manually keying personal data time after time when using different services. The same process can be used when regularly logging into a website, avoiding additional log-ins and passwords - increasing customer convenience and security.
In essence, a bank-verified digital identity solution provides confirmation of an individual’s identity based on their ability to have their bank authenticate their identity. Bank-verified digital identity is based on global open standards and certified to the UK Government’s digital identity framework and standards (‘GPG45’). The business receiving this identity confirmation then uses the evidence received to complete the additional steps in their Customer Due Diligence (Source of Wealth, Source of Funds, etc.).
Bank-verified digital identity checking is widely used in other countries such as Canada and the Nordics to reduce fraud and streamline customer onboarding successfully.
Bank-verified digital identity solution meets the guidance from the Government, regulator and industry bodies for identity checking for AML compliance:
For instance, JMLSG requirements are that the ID service does the following:
A bank-verified solution meets all of these requirements, and the JMLSG confirms in its guidance that digital identity can be used in CDD. This means that regulated entities can upgrade and modernise their AML compliance to a next-generation solution, saving time and money while ensuring a better user experience for their customers.
Banks enjoy a strong position of trust relative to other institutions since millions of us trust banks with our money. Banks are the most heavily regulated industry and must apply rigorous KYC and AML checks to verify the identity of their customers and ensure they are not criminals, terrorists or money launderers. Thanks to this comprehensive level of checking, banks are ideally placed to support a digital identity verification service.
Banks also operate under the constant threat of cybercrime and must maintain a higher cyber-security spend than any other sector to protect against hacking. Thus, they have a better track record than other industries in protecting their customers’ data. Digital identity verified by banks is a robust, secure tool to fight fraud and streamline customer onboarding.
More UK citizens can use their bank to verify their identity than using a physical document; UK Finance estimates that 88% of UK adults bank online. This approach levels the playing field and ensures more services are accessible to a broader range of individuals, promoting financial inclusion.
A key advantage of bank-verified digital identity is removing the friction of first-generation onboarding and log-in processes, ensuring an improved customer experience. Digital identity verification is superior to today’s widely used process of checking identity since uploading documents and taking selfies can be a slow and clunky experience prone to errors.
This can lead to consumers abandoning their attempts to access a particular product or service, resulting in a loss of revenue for the organisation. The proliferation of AI-created fake documents and photos makes filtering out synthetic identities increasingly challenging. Reusing bank security technology improves the security of the identity-checking process and makes it real-time.
Furthermore, bank-based digital identity significantly reduces costs by streamlining the verification process, automating checks, minimising the risk of fraud and identity theft, and reducing the risk of penalties for AML breaches. As a fully digital process, bank-verified digital identity can form part of a solution to automate the end-to-end AML process, which can include sanctions screening, as required by bodies such as the FATF, the US Department of the Treasury, HM Treasury, the EU and transaction monitoring, making a more complete solution for regulated firms.
Failure to comply with AML rules can have serious consequences. Penalties can include unlimited fines, reputational damage, licence revocation and prison sentences for executives deemed responsible. Furthermore, HMRC publishes details of every business which has not complied with the regulations (‘MLR 2017’), showing the business’ name and address, the regulations that have been breached, the amount fined, and whether the firm in question is appealing the penalty.
This causes significant reputational damage to any business failing to comply. To reduce the risk of these penalties and other severe consequences, regulated entities can now enable individuals to easily and securely use their bank-checked and bank-protected personal data to provide real-time digital identity verification.
So, the next time the person responsible for AML (a Money Laundering Reporting Officer (MLRO)) or other professional with related duties is thinking about their CDD and broader AML compliance processes, they should ask themselves whether there is a better way to fulfil these mission-critical requirements.
We argue that bank-verified digital identity is the answer – as it is ideally placed to simplify and strengthen AML compliance and is fully aligned with industry AML guidance.
Click here to download the full report as a PDF.