The evolving nature of financial crime and the increasing ease of doing business in a global landscape poses a challenge for companies striving to stay ahead of money laundering threats. AML ID verification is one powerful tool which can be used to mitigate risks by accurately unlocking and verifying customers identity.
By cross-checking customer information against multiple trusted data sources, AML verification not only helps detect potential criminal activity but also helps ensure regulatory compliance. In this article, we dive into the world of AML ID verification, explore Anti Money Laundering regulations, the role of verification in your compliance programme, and the different verification methods available.
Understanding AML verification regulations
A critical component of the AML/CFT Act detailed in section 16 provides instructions on the proper verification of customer identities, including beneficial owners and persons acting on behalf of a customer. Verification involves confirming information against documents, data or information obtained from a reliable and independent source.
In most circumstances the guidelines outline verification of identity to be carried out before you establish a business relationship with your customer, make a transaction, or provide them with services.
Guidelines were updated with the publication of the ‘Amended Identity Verification Code of Practice 2013’, and the ‘Identity Verification Code of Practice Explanatory Note 2017’. These outlined best practice for conducting identity verification on customers that are assessed as low to medium risk using:
- Documentary verification; and
- Electronic verification.
In addition, a separate guidance on electronic identity verification (EIV) was developed and published by regulators in 2021 – ‘Explanatory Note: Electronic Identity Verification Guideline’ which sought to clarify requirements for when electronic identity verification was used to confirm identity.
While the quantity of documentation may feel confusing, they all have an underlying theme – to comply with AML ID verification regulations and adopt a risk based approach. This involves assessing the risk level associated with individual customers and tailoring the verification process accordingly.
Higher-risk customers may require additional verification steps, and lower risk may meet requirements through EIV only. Whatever, the risk level is determined, ensure you clearly document procedures, show how you are fulfilling your obligations, and ensure relevant staff understand the processes they need to follow.
What are the requirements for AML verification?
As discussed above, the AML identity verification code of practice for New Zealand advises conducting identity verification using documentary verification and/or electronic verification. It also advises best practice for the certification of documents. This allows for non face-to-face documentary verification.
Below we outline the different types of documentation required for verification, what is required to certify documents, and how electronic identity verification, and biometrics can be used.
1. Document verification
To conduct documentary verification of a customer’s name and date of birth, one of the following three options is required:
Option 1
One of the following primary photographic ID’s:
- New Zealand Passport;
- New Zealand Firearms Licence; or
- International Passport.
Option 2
One of the following primary non-photographic ID:
- NZ full birth certificate;
- NZ certificate of citizenship.
In combination with a secondary form of photographic ID:
- NZ Driver’s Licence;
- Kiwi Access Card (18+ Card)
Option 3
NZ Driver’s Licence, in addition to one of the following:
- SuperGold Card;
- Bank card contains full name and signature, ensuring that the;
- Bank statement that contains full name and address issued within last 12 months;
- Statement issued by government agency within last 12 months that contains full name and address.
Where documents are provided in a language that is not understood by the person carrying out verification – English translation must be provided.
In all instances where documentary verification is being used, you should verify the identity of your customer:
- Face-to-face; or
- Obtain certified copies of documents.
2. Document certification
In New Zealand a trusted referee used for document certification must be at least 16 years of age and one of the following:
- Commonwealth representative
- Member of the police
- Justice of the peace
- Registered medical doctor
- Kaumātua
- Registered teacher
- Minister of religion
- Lawyer
- New Zealand Honorary consul
- Member of Parliament
- Chartered accountant
When certification occurs overseas, copies of international ID provided must be certified by a person authorised by law in that country to take statutory declarations or equivalent. For example, Notary Public, or Commissioner of Oath.
The trusted referee cannot be:
- Related to the customer; for example: parent, child, brother, sister, aunt, uncle or cousin
- The spouse or partner of the customer
- A person who lives at the same address as the customer
- A person involved in the transaction or business requiring the certification
When reviewing the identification documents presented consider the following:
- Are the IDs acceptable?
- Is the trusted referee eligible to make certification?
- Does the certification include the appropriate wording: “I certify that this is a true copy of the original, which I have sighted, and the photo represents a true likeness of the person presenting the document to me for certification.”
Note: for overseas certifications ‘likeness’ is not required.
- Has the trusted referee signed off with their name, occupation and the date of certification?
- Was the certification completed within the last 3 months preceding the presentation
3. Electronic identity verification
Electronic identity is a record kept in electronic form that contains authenticated core identity information about an individual.
Verify the customer’s name from either:
- A single independent electronic source that is able to verify an individual’s identity to a high level of confidence;
- At least two independent and reliable matching electronic sources.
Verify the customer’s date of birth from:
- At least one reliable and independent electronic source.
Identification documents may include passport, driver’s license or other official government issued documents. If you only have a few clients, manual checks may be feasible but if you have more than a handful, access to an AML ID verification tool can save you time and help ensure both speed and accuracy.
4. Biometrics
If you have not met your customer face-to-face, or seen their sighted original ID, conduct a biometric check.
A biometric check will help you find a link between the presenter of an identity document and the photo on the identity document. You may need the help of an AML outsourcing company with the right software to do this.
At tic company we simply provide your customer with a link which prompts them to take pictures of their face and identification document via their device’s camera. This data is then automatically extracted through optical character recognition (OCR) software and the images matched for liveness and likeness. Multiple checks are carried out and all records are securely stored and made immediately available.
Navigating AML verification requirements can be complex, however embracing the correct verification process will not only help ensure you comply with AML regulations but also help protect your business, and show you are committed to the fight against financial crime and terrorist financing.
AML ID verification best practices
Alongside the requirements for establishing AML identity verification, help ensure your effectiveness and accuracy by following five key best practices:
- Adopt a risk-based approach: AML identity verification is more than just ticking a box. As with all your AML processes take a risk based approach to verification, base it on your individual business and the risk level associated with each customer.
- Leverage technology: embrace technologies like tic company’s AML online portal to automate and improve the verification process. Smart and secure technologies can analyse data quickly and verify identities alongside automatic politically exposed person (PEP) and sanction screening checks.
- Use trusted data sources: ensure that data used for EIV is maintained by a government agency or pursuant to legislation, such as passport databases, Centrix, Dow Jones watchlist, Equifax, LINZ, Companies Offices, or a drivers license database.
- Train your employees: ensure your employees receive regular training on your compliance procedures and verification processes. And remember to document what training has occurred.
- Stay up to date with AML regulations: regularly review any changes to regulations and the impact it may have on your compliance programme. The introduction of the AML Identity Verification Code of Practice together with updates to Customer Due Diligence guidance exemplifies how regulatory expectations continue to evolve, requiring organisations to adapt their customer due diligence and risk assessment processes.
Best practice may not always be easy to follow but getting the right groundwork in place will make it easier in the long run, and help protect against the risk of warnings or fines from the regulators.
In 2022 an investment services company received a formal warning from the Financial Market Authority (FMA) for among other things, identity verification breaches. Director of Supervision, James Greig stated the company:
‘…..failed to complete identity verification of customers and beneficial owners, in accordance with the Amended Identity Verification Code of Practice’.
This resulted in remediation and a requirement to develop and implement an effective process to complete identity verification at the time of onboarding, provide training to employees on the process, and complete adequate customer identity verification on all existing customers and beneficial owners.
A reminder that AML identity verification is important and the way it is carried out must comply with the latest regulations.
Summary
Navigating the challenges of AML ID verification requires a blend of technology and human expertise. Using the right software for verification can be critical in saving time, ensuring accuracy and creating cost savings. However, this should sit alongside a comprehensive compliance programme that addresses the nuances of your business, the services you provide your clients, and risks faced.
As AML compliance specialists we provide both advanced technology and hands-on expertise. If you need some help with your compliance programme or would like a demonstration of the power of our verification technology, call us on 09 369 6867 or book a demo.
Resources
Amended Identity Verification Code of Practice Explanatory Note 2013
Identity Verification Code of Practice Explanatory Note 2017 (Replaced Explanatory Note 2013 – updated to include clarification regarding requirement to link person to claimed identity through additional methods)
Explanatory Note: Electronic Identity Verification Guideline 2021 (Replaced Explanatory Note 2017 – includes additional content regarding documenting electronic identification verification procedures, supervisor expectations and examples of EIV solutions)
Beneficial Ownership Guideline – April 2024 Guidance in conducting customer due diligence on beneficial owner(s). Updated following new 2024 regulations.
Customer Due Diligence: Trusts Guideline – May 2024 Guidance in conducting customer due diligence on Trusts. Updated following new 2024 regulations.
Customer Due Diligence: Companies Guideline – April 2024 Guidance in conducting customer due diligence on Companies. Updated following new 2024 regulations.
Customer Due Diligence: Limited Partnerships – April 2024 Guidance in conducting customer due diligence on Limited Partnerships. Updated following new 2024 regulations.