The Financial Action Task Force (FATF), comprising of 37 member jurisdictions and 2 regional organisations, representing most major financial centres in all parts of the globe – has issued its draft guidance on digital identity (digital ID) for public consultation. The global organisation is developing guidance to clarify how digital ID systems can be used for customer due diligence (CDD). The paper intends to help governments, financial institutions and other relevant entities apply a risk-based approach to the use of digital ID for CDD.
“The recommendations potentially have a massive impact. It binds VASPs to existing KYC and AML rules. The ‘Travel Rule’ may also require VASPs to include details in crypto transactions, such as accurate originator and beneficiary information on transfers and related messages. Technology is not the issue, most VASPs already have a solution that works on major chains. What is unfortunate is that regulators push centralized control solutions for decentralized technology, stated Daniel Haudenschild, CEO of SIBEX.
“It is also interesting to note that the recommendation was put into effect as one of the last motions of the previous FATF presidency, the United States. Many have criticized that the steps were a move to slow down crypto adoption to allow US financial services to catch up. Shortly after the resolution, the presidency of the FATF has switched, this time to China. Though it is seldom that a recommendation is reversed, it is to be seen how the recommendations will be implemented,” added Haudenschild.
The guidance is intended to “…address emerging security and transparency issues as the process of financial transactions become more digital.” It's targeted toward governments, regulated entities and other stakeholders with the stupendous mission of enforcing anti-money laundering (AML) and counter financing terrorism (CFT) regulations.
The guidance does hone in on the fact that distributed ledger technology (DLT) can be used to promote growth within digital ID networks, while also outlining the crucial role that digital identity plays in payment systems which could, for example, be leveraged to identify stakeholders in crypto transactions.
The FATF’s guidance notes that regulated institutions, such as cryptocurrency exchanges (which they call Virtual Asset Service Providers aka ‘VASPs’) appear to “…take an informed risk-based approach to rely on digital ID systems for Customer Due Diligence.”
Richard Williams, Information Security Manager at Solve.Care, commented:
“FATF’s official guidance on digital identity demonstrates the growing acceptance of digital payments. It also shows a realization that the use of digital payments will only increase exponentially and that processes need to be systemized. From our perspective, the security offered by blockchain technology exemplifies the digital ID assurance frameworks and standards that FATF outlines. Blockchain-based digital payments and the systems surrounding them provide the reliability and immutability, while significantly reducing the costs and the risk of fraud, among other benefits, that FATF recommends.”
Dave Hodgson, Director and Co-Founder of NEM Ventures, commented:
“The FATF guidelines are well intended, however in my view, they are similar to their earlier guidance in that they risk placing burdens on those companies and investors who are already largely abiding by the law. AML approaches that focus on verifying identity on exchanges are excluding the large volume of value transfer that doesn't involve regulated institutions, such as DEXs or P2P transactions. Identity solutions that already exist in the space, such as Sphere, Shyft and Geens, are gaining significant traction with exchanges who largely have AML processes in place. The FATF's approach is akin to central banking regulations, which ignores the fact that a large number of nefarious payments happen in physical FIAT outside institutions' control and line of sight. While this guidance is a beneficial step for mainstream credibility and the overall mass adoption of crypto, it is unlikely to meet the objectives that FATF is trying to address.”
Corentin Denoeud, CEO and Co-founder of Blockchain Studio, commented:
“The appearance of regulation and guidance around decentralized finance will help blockchain technology no end in its transition to becoming mainstream. Guidance such as this will provide much-needed assurance for companies and push them to use the technology.”
“Many large companies around the world are conscious of blockchain’s potential and benefits for DeFi, but struggle with the security compliance and finance control barriers raised by the technology.”
“Blockchain is immutable and allows the tracing of financial operations but doesn’t allow the tracing of the real person or entity behind a transaction. The more we work on Digital Identity and links between real identity and digital identity, the more DeFi will be usable. This has to be addressed by focusing on security and standards.”
“It is interesting to see that regulation will foster the creation of technology standards and ID standards going forward.”
Thankfully, the FATF is further asking private sector stakeholders before finalising the guidance and say they welcome more views from relevant parties on the areas of focus below, in addition to specific proposals to the text of the guidance. They primarily seek views from banks, virtual asset service providers and other regulated entities, but also welcome views from authorities. While submitting your response, please indicate the name of your organisation, the nature of your business (financial institution or designated non-financial business and profession, digital ID service provider, certification or assurance body, industry group, others), and your contact details. You may insert any specific drafting proposals directly in the attached text of the draft guidance in tracked changes. The contact information you provide will be used for the purpose of this public consultation only. The FATF will not share this information with third parties without your consent.
Areas of focus
- Are there any specific money laundering / terrorist financing risks, that arise from the use of digital identity systems for CDD, other than those already mentioned in Section IV of the guidance?
If so, how can they be addressed and by whom? Are there specific opportunities for combatting money laundering / terrorist financing that are not already mentioned in the guidance?
- What is the role of digital ID systems in ongoing due diligence or transaction monitoring?
a. What information do you capture under authentication at onboarding and during authorisation for account access? Who captures this data?
b. Is the authentication data you capture relevant to ongoing anti-money laundering and counter-terrorist financing due diligence and/or transaction monitoring? If yes, how?
- How can digital ID systems support financial inclusion?
a. How can digital ID systems with different assurance levels for identity proofing/enrolment and/or authentication be used to implement tiered CDD, allowing clients a range of account functionalities depending on the extent of CDD performed, and particularly in situations of lower risk? Please provide any practical examples.
b. Have you adopted lower assurance levels for identity proofing to support financial inclusion? What additional measures do you apply to mitigate risks? Please provide any practical examples.
c. How can progressive CDD via digital ID systems aid financial inclusion (i.e. establishing greater confidence in a customer’s identity over time)?
- Does the use of digital ID systems for CDD raise distinct issues for implementing the FATF record-keeping requirements?
a. What records do you keep when you use digital ID systems for CDD?
b. What are the challenges in meeting record-keeping requirements when you use digital ID systems for CDD?
c. If you keep different records when using digital ID systems for onboarding, does this impact other anti-money laundering and counter-terrorist financing measures (for example ongoing due diligence or transaction monitoring)?
Please provide your response to FATF.Publicconsultation@fatf-gafi.org with subject line “Comments of [author] on the draft Digital ID Guidance”, by 29 November 2019 (18:00 UTC).
The Financial Action Task Force (FATF) is an inter-governmental body established in 1989 by the Ministers of its Member jurisdictions. The objectives of the FATF are to set standards and promote effective implementation of legal, regulatory and operational measures for combating money laundering, terrorist financing and other related threats to the integrity of the international financial system. The FATF is, therefore, a “policy-making body” which works to generate the necessary political will to bring about national legislative and regulatory reforms in these areas.
Also published on Medium.