Verifi

AML & Phase 2

The recently passed Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) Amendment Bill will usher in “Phase 2” of New Zealand’s AML/CFT laws.

Phase 2 will bring a number of industries into the AML/CFT regime during a phased implementation period:

  • Lawyers and Conveyancers — 1 July 2018 
  • Accountants — 1 October 2018
  • Real estate agents — 1 January 2019
  • High-value goods dealers — 1 August 2019
  • NZ Racing Board — 1 August 2019

Cloudcheck can be customised to suit each industry’s specific needs in a cost-effective manner, in order to make the transition to the AML/CFT regime as simple and painless as possible for businesses.

The push for electronic verification

With the enactment of the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 the New Zealand government made it clear it was serious about meeting the obligations developed by the Financial Actions Task Force. FATF is an inter-governmental body whose purpose is the global development and promotion of national and international policies to combat money laundering and terrorist financing.

The result is that businesses now have much greater obligations to verify the identity of their customers. The New Zealand government has recognized the potential for the new regime to impact an organisation’s ability to do business efficiently and, as a result, has made some genuine concessions that go towards helping organisations manage their compliance costs. In fact electronic verification (EV) has the ability to not only reduce inefficiencies in current identity verification processes, but also to improve the customer experience.

EV has a number of advantages that make it a workable and efficient solution for organisations:

  • it is a highly cost-effective way of complying with the identity verification requirements;
  • it is a reliable method of identifying irregular details and suspicious customers;
  • it removes human error;
  • it separates customer-facing staff from the due diligence process; and
  • it minimises the inconvenience to customers, particularly versus producing paper identification documents.

The Identity Verification Code of Practice 2011, together with the Identity Information Confirmation Bill and the Electronic Identity Verification Bill, set out “Safe Harbour” procedures for meeting the requirements of the AML/CFT Act.

The Safe Harbour provisions for EV require an organisation to:

  • verify a customer’s name from at least two reliable and independent electronic sources;
  • verify the customer’s date of birth from at least one reliable and independent electronic source; and
  • verify the customer’s address from at least one reliable and independent source.

However, it is important to note that it is still up to the organisation to determine which types of electronic sources will be considered reliable. In assessing reliability the Code requires an organisation to have regard to:

  • accuracy;
  • security;
  • privacy;
  • the method of collection;
  • whether the source has the ability to link a customer to the claimed identity;
  • whether the source is maintained by a government body; and
  • whether the information has been additionally verified.

Accordingly it is vital that when an organisation selects an EV provider it will be able to choose from a variety of sources in order to meet this requirement. Different organisations will typically have different risk thresholds depending on their business, and whilst a particular data source might be acceptable to one organisation it may not be suitable to another.

Potential data source include data related to:

  • Passports
  • Births, Deaths & Marriages
  • Driver’s licence
  • Vehicle registration
  • Electoral roll
  • Citizenship
  • National identity cards such as the 18+ Card
  • Property ownership
  • Utilities (eg water, electricity)
  • Companies Office records

With the large number of potential sources, the likelihood of new sources becoming available in future and the necessity of maintaining sources that may change (as data providers modernise and improve their offerings), it is clear that the sensible option for organisations who wish to implement EV is to select a third-party provider. The Code specifically contemplates this; there is a statement in the Code that nothing prevents an organisation from obtaining multi-source verification from a single provider.

When selecting an EV provider and platform, an organisation should carefully consider factors such as:

  • the platform’s range of data sources;
  • the platform’s ease of integration;
  • the ability to select which data sources a customer can verify against;
  • transparency into the methodologies used by a platform giving the organisation complete comfort with the process and a verifiable approach for the organisation’s own reporting obligations;
  • the platform’s level of security and accessibility;
  • the ability to brand the platform to the organisation’s brand;
  • the ability to perform verification directly via API as well as via a hosted service; and
  • whether the platform will scale to support the inclusion of new data sources as they become available.

The last point will be crucial to organisations as both regulators and the private sector evolve and approve additional data sources to be accessed. For instance, the electoral roll is not currently available but would be an excellent data source. It is critical that when a new data source becomes available it will be possible for an organisation to use the new data source without having to undergo further internal development to their IT systems. A flexible and scalable platform will mean that an organisation will have the highest possible success rate for EV at any particular time.

Verifi’s Cloudcheck platform has been developed specifically with these factors in mind. Most importantly, Cloudcheck allows an organisation to select from a ‘menu’ of data sources that will then be presented to a potential customer when performing EV.

Cloudcheck can be integrated into an organisation’s application process with minimal development, either using a hosted and branded EV page, or directly via the platform’s API. In addition, the platform will be continually improved, with new data sources added as they become available, without the need for the organisation to undergo any further development work. New data sources will simply be added to the organisation’s menu, allowing for a one-off integration exercise for the organisation after which it will be able to remain on the forefront of EV.