Checking new client identities remotely amid the coronavirus lockdown makes financial firms more vulnerable to attempted money laundering, and regulatory guidance to accept “selfies” and emailed documents amounts to “a fraudster’s charter”, according to compliance specialists.
With social distancing measures and travel restrictions preventing banks and wealth managers from meeting new customers and checking physical documents in person, the UK regulator last week told retail financial groups they could accept digital substitutes.
This included “scanned documentation sent by email, preferably as a PDF . . . ask clients to submit ‘selfies’ or videos . . . and analyse additional data to triangulate the evidence provided by the client, such as geolocation, IP addresses, verifiable phone numbers”, said Financial Conduct Authority boss Chris Woolard.
The FCA’s move led compliance specialists to caution that this would leave companies open to more risk.
“Some of things he has suggested are a money launderer’s or a fraudster’s charter,” said John Dobson, chief executive of SmartSearch, which provides anti-money laundering technology. “Scanned documents by email or PDF — money launderers and fraudsters are experts at doctoring and amending these.”
The Financial Times is making key coronavirus coverage free to read to help everyone stay informed. Find the latest here.
SmartSearch has estimated that half of the 60,000 regulated firms it contacted last year still rely on manual identity checks. They will now have to adopt alternative methods for verifying new customers and have been advised they can “be more flexible” by the FCA.
“This is bad advice,” said John Erik Setsaas, vice-president at ID services provider Signicat. “Sending documents and selfies by email is inherently insecure — anything you wouldn’t be happy to put on the back of a postcard shouldn’t be sent by email.” He added that selfie ID was a misnomer because interactive “liveness checks” were also essential to ensure a stolen photo was not being used.
An FCA spokesperson said its suggestions were merely “additional steps”, which were already successfully used by some firms and lay within the flexibility permitted by current regulations. “The letter is not intended to represent a relaxation of requirements or to suggest that taking one of the measures in isolation would be appropriate or sufficient verification,” the person said.
“It is very clear that new solutions must be compliant and achieve the standards required under the money laundering regulations,” said Steve Smith, corporate crime and investigations partner at law firm Eversheds Sutherland.
Smaller firms may be more vulnerable because they have less tech knowhow, said SmartSearch’s Mr Dobson. “Triangulating telephone numbers? Our average client would not have a clue how to do that.” He said the FCA should have emphasised use of electronic ID platforms and databases, as recommended in the fifth EU money laundering directive.
Jane Jee, a former lawyer who now runs compliance services firm Kompli Global, agreed challenger banks may be more at risk as larger lenders have better information sources.
Overall, lawyers said the rush to do business during the pandemic was having a negative effect on independent data verification. “Businesses making snap decisions on very limited data and information is a real problem,” said Ian Hargreaves, partner at law firm Covington & Burling.
Get alerts on Money laundering when a new story is published