New guidance for AML/CFT electronic identity verification
2 September 2021
In July 2021, the Reserve Bank of New Zealand (RBNZ), the Financial Markets Authority (FMA) and the Department of Internal Affairs (DIA) (the Supervisors) jointly published updated guidance to assist reporting entities under the Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) regime who use electronic identity verification (EIV) to conduct identity verification on their customers.
We set out the relevant background and some of the key changes to this EIV guidance in this article.
If you would like advice on the AML/CFT regime, identity verification or the changes to the EIV guidance, please contact a member of our financial services regulation team.
Identity Verification Code of Practice
The Amended Identity Verification Code of Practice 2013 (Code) sets out best practice for reporting entities conducting identity verification on the name and date of birth for customers that have been assessed as being low or medium risk.
The Code provides two ways to conduct identity verification - via documentary verification (Part 1 of the Code) or electronic verification (Part 3 of the Code).
The Supervisors have now published separate guidance on EIV to be read in conjunction with the Code.
Electronic Identity Verification
On 16 July 2021, the Supervisors published the Explanatory Note: Electronic Identity Verification Guideline (2021 Explanatory Note) which is to be read in conjunction with the Code. The 2021 Explanatory Note replaces the previous Explanatory Note published in 2017.
EIV is where a customer’s identity is verified remotely or non-face-to-face and has two key components - confirmation of identity information via an electronic source and matching the person being verified to the identity they are claiming.
An electronic source is the underlying database that holds authenticated core identity information against which an individual's identity can be verified.
The 2021 Explanatory Note:
- Includes additional content identifying commonly used electronic sources for identity verification in New Zealand
- Sets out the Supervisors’ expectations in relation to a review of a reporting entity’s EIV procedures, policies and controls
- Provides examples of the EIV practices of hypothetical reporting entities along with the Supervisors' comments on their compliance.
Reporting entities who use EIV to conduct identity verification on their customers should review their AML/CFT compliance programmes and ensure their policies, procedures and controls are compliant with the 2021 Explanatory Note. In particular, reporting entities that use EIV are required by the Code to clearly document their EIV procedures and how the relevant criteria within the Code are satisfied.
If you require assistance in reviewing or amending your AML/CFT compliance programme in light of the 2021 Explanatory Note please contact a member of our financial services regulation team.