With the enactment of the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 the New Zealand government made it clear it was serious about meeting the obligations developed by the Financial Actions Task Force. FATF is an inter-governmental body whose purpose is the global development and promotion of national and international policies to combat money laundering and terrorist financing.
The result is that businesses now have much greater obligations to verify the identity of their customers. The New Zealand government has recognized the potential for the new regime to impact an organisation’s ability to do business efficiently and, as a result, has made some genuine concessions that go towards helping organisations manage their compliance costs. In fact electronic verification (EV) has the ability to not only reduce inefficiencies in current identity verification processes, but also to improve the customer experience.
EV has a number of advantages that make it a workable and efficient solution for organisations:
- it is a highly cost-effective way of complying with the identity verification requirements;
- it is a reliable method of identifying irregular details and suspicious customers;
- it removes human error;
- it separates customer-facing staff from the due diligence process; and
- it minimises the inconvenience to customers, particularly versus producing paper identification documents.
The Amended Identity Verification Code of Practice 2013, together with the Identity Information Confirmation Bill and the Electronic Identity Verification Bill, set out “Safe Harbour” procedures for meeting the requirements of the AML/CFT Act.
The Safe Harbour provisions for EV require an organisation to:
a) verify a customer’s name from either:
a. a single independent electronic source that is able to verify an individual’s identity to a high level of confidence; or
b. at least two independent and reliable matching electronic sources.
b) verify the customer’s date of birth from at least one reliable and independent electronic source.
However, it is important to note that it is still up to the organisation to determine which types of electronic sources will be considered reliable. In assessing reliability the Code requires an organisation to have regard to:
- the method of collection;
- whether the source has the ability to link a customer to the claimed identity;
- whether the source is maintained by a government body; and
- whether the information has been additionally verified.
Accordingly it is vital that when an organisation selects an EV provider it will be able to choose from a variety of sources in order to meet this requirement. Different organisations will typically have different risk thresholds depending on their business, and whilst a particular data source might be acceptable to one organisation it may not be suitable to another.
Potential data source include data related to:
- Births, Deaths & Marriages
- Driver’s licence
- Vehicle registration
- Credit Bureau
- Electoral roll
- National identity cards such as the 18+ Card
- Property ownership
- Utilities (eg water, electricity)
- Companies Office records
With the large number of potential sources, the likelihood of new sources becoming available in future and the necessity of maintaining sources that may change (as data providers modernise and improve their offerings), it is clear that the sensible option for organisations who wish to implement EV is to select a third-party provider. The Code specifically contemplates this; there is a statement in the Code that nothing prevents an organisation from obtaining multi-source verification from a single provider.
When selecting an EV provider and platform, an organisation should carefully consider factors such as:
- the platform’s range of data sources;
- the platform’s ease of integration;
- the ability to select which data sources a customer can verify against;
- transparency into the methodologies used by a platform giving the organisation complete comfort with the process and a verifiable approach for the organisation’s own reporting obligations;
- the platform’s level of security and accessibility;
- the ability to brand the platform to the organisation’s brand;
- the ability to perform verification directly via API as well as via a hosted service; and
- whether the platform will scale to support the inclusion of new data sources as they become available.
The last point will be crucial to organisations as both regulators and the private sector evolve and approve additional data sources to be accessed. For instance, the electoral roll is not currently available but would be an excellent data source. It is critical that when a new data source becomes available it will be possible for an organisation to use the new data source without having to undergo further internal development to their IT systems. A flexible and scalable platform will mean that an organisation will have the highest possible success rate for EV at any particular time.
Verifi’s Cloudcheck platform has been developed specifically with these factors in mind. Most importantly, Cloudcheck allows an organisation to select from a ‘menu’ of data sources that will then be presented to a potential customer when performing EV.
Cloudcheck can be used as a stand alone application, or can be integrated into an organisation’s application process with minimal development, either using a hosted and branded EV page, or directly via the platform’s API. In addition, the platform will be continually improved, with new data sources added as they become available, without the need for the organisation to undergo any further development work. New data sources will simply be added to the organisation’s menu, allowing for a one-off integration exercise for the organisation after which it will be able to remain on the forefront of EV.
Anti-Money Laundering and Countering Financing of Terrorism Act 2009
Parliamentary Counsel Office
Amended Identity Verification Code of Practice 2013
Financial Markets Authority (PDF)
Territorial scope of the AML and CFT Act 2009
Financial Markets Authority (PDF)