The Financial Action Task Force (FATF) has issued technology-neutral guidelines on digital identity, aimed at helping governments and industry players to determine how digital ID systems can be used in the financial sector.
FATF is an inter-governmental body, which sets international standards to prevent global money laundering and terrorist financing. The guidelines it has published predominantly relate to how digital IDs should be used to carry out customer due diligence (CDD) in the financial services sector.
The guidance, dated March 2020, has been sparked by a marked growth in digital payments, amounting to 12.7% annually and also by the development of digital ID systems around the world. By 2022, an estimated 60% of world GDP will be digitalized and FATF sees digital ID as playing a significant role in verifying the identity of parties to financial transactions – and therefore reducing fraud.
The guidance identifies a set of separate recommendations for governments, regulated authorities and identity providers. These include
- Develop clear guidelines or regulations allowing the appropriate, risk-based use of reliable, independent digital ID systems.
- Adopt principles, performance, and/or outcomes-based criteria when establishing the required attributes, evidence and processes for proving official identity for the purposes of CDD
- Develop an integrated multi-stakeholder approach to understanding opportunities and risks relevant to digital ID and developing relevant regulations and guidance to mitigate the risks.
- Consider supporting the development and implementation of reliable, independent digital ID systems by auditing and certifying them against transparent digital ID assurance frameworks and technical standards,
Regulated entities should
- Understand the basic components of digital ID systems, particularly identity proofing and authentication.
- Take an informed risk-based approach to relying on digital ID systems for CDD.
- Consider whether digital ID systems with lower assurance levels may be sufficient for simplified due diligence For example, where permitted, adopting a tiered CDD approach that leverages digital ID systems with various assurance levels to support financial inclusion.
Digital ID providers should:
- Understand the AML/CFT requirements for CDD (particularly customer identification/verification and ongoing due diligence) and other related regulations, including requirements for regulated entities to keep CDD records.
- Seek assurance testing and certification by the government or an approved expert body.
- Where available, participate in public sector regulatory ‘sandboxes’ to assess the digital ID system’s assurance levels.
The guidance is non-binding but seeks to promote consensus approach among governments in how digital ID is developed and implemented for use in the financial sector.