Following its guidance applying the travel rule to Virtual Asset Services Providers (VASPs), the awesomely named Financial Action Task Force (FATF) has released draft guidance intended to help governments, financial institutions and other relevant entities apply a risk-based approach to the use of digital ID systems can be used for customer due diligence (CDD). FATF is seeking submissions on the draft guidance primarily from banks, virtual asset service providers, regulated entities, and public authorities.
The 77-page draft guidance details many issues related to digital ID systems, including their reliability and independence, and how they might be used in performing customer due diligence.
FATF notes that with digital payments growing by 12.7% every year, and digital ID systems evolving rapidly and usually going hand in hand with regulated electronic payments, further guidance is necessary as digital ID increases in importance.
FATF elaborates in the guidance, saying that:
The rapid pace of innovation in the digital identity (ID) space has reached an inflection point. Digital ID standards, technology and processes, have evolved to a point where digital ID systems are, or could soon be, available at scale. Some of these relevant technologies include: ... digital device identifiers and related information...; high-definition scanners; high-resolution video transmission (allowing for remote identification and verification and proof of “liveness”); artificial intelligence/machine learning...; and distributed ledger technology (DLT).
The draft guidance suggests that regulatory authorities will need to develop clear guidelines or regulations allowing the appropriate, risk-based use of reliable, independent digital ID systems by entities regulated for AML/CTF purposes.
The guidance also suggests that while digital ID systems are likely to become a more important tool for VASPS and other regulated institutions to combat ML/TF risks, these entities must “take an informed risk-based approach to relying on digital ID systems for Customer Due Diligence".
Appendix B of the draft guidance includes various international examples of public digital ID projects. No Australian projects are mentioned, despite the recent launch of the NSW Digital Driver Licence by Service NSW, which was developed in conjunction with Secure Logic using DLT.
The FATF is taking submissions on the draft guidance until 29 November 2019 (18:00 UTC). Submissions should be made to FATF.Publicconsultation@fatf-gafi.org with the subject-line “Comments of [author] on the draft Digital ID Guidance”.