Digital IDs and EU Identity Wallets

The face of change or just another puzzle piece

Sole Source or Puzzle Piece

Ai conversation about this blog

Click the button to stop the audio

00:00

Digital IDs_ One Piece of the Compliance Puzzle.wav
00:00

📲Digital Wallets will they be the single solution?

The introduction of the new digital government wallet in the UK is likely to streamline certain aspects of legal client onboarding, particularly concerning identity verification, but it will primarily be just one part of the broader puzzle for law firms in fulfilling their responsibilities under money laundering regulations, especially in assessing client risks for money laundering, proliferation financing, terrorist financing, and sanction designation.

Here's a breakdown of its likely impact:

💥Likely Impact?

💡Potential for Easier Identity Verification (KYC):

The UK's new smartphone app aims to simplify interactions with government services and will allow UK citizens to carry digital versions of driving licenses and veteran cards, with digital passports planned for the future

Digital IDs, which are secure mobile applications storing multiple verified credentials, offer greater convenience and control over personal data for individuals, potentially replacing the need for physical documents

This could make everyday tasks like proving identity easier

For law firms, digital IDs present an opportunity to streamline processes related to Know Your Customer (KYC) identity verification and other compliance processes

Regulated industries are legally required to verify customer identities under anti-money laundering (AML) regulations

The use of digital wallets could allow for automatic verification of credentials, potentially reducing the need for manual review of physical documents during client onboarding

Digital ID wallets enable users to selectively share specific data required for a particular context or transaction, which could simplify compliance by ensuring only necessary information is provided

The technology will include security features built into modern smartphones, such as facial recognition check

Electronic identification and verification (EID&V) tools, which digital wallets fall under, are increasingly viewed as being as robust as traditional verification methods and can improve efficiency in customer identification and verification at onboarding

They can be applied consistently and support ongoing due diligence

The EU Digital ID Wallet, an ambitious initiative, aims to provide a single platform for digital identities, supporting cross-border recognition and secure authentication with multi-factor authentication and liveness tests

The UK's plans for digital driving licenses are part of a wider strategy for national digital ID systems

⚠️Limitations and Ongoing Responsibilities (Broader Risk Assessment):

Despite the conveniences, digital ID wallets come with potential security downsides, including vulnerability to hacking, cybercriminals stealing data, or unauthorized access if security settings are weak

Deepfake technology is also an emerging threat to digital ID systems, contributing to identity theft

While robust security measures like multi-factor authentication, end-to-end encryption, and liveness detection are crucial for remote verification, these measures alone cannot fully protect against sophisticated fraudsters and money launderers.

Therefore, to adequately protect against fraud and meet comprehensive compliance requirements—including assessing risks for money laundering, proliferation financing, terrorist financing, and sanction designation—additional measures are necessary beyond just identity verification through the digital wallet

These include:

Cross-check verification with third parties AI-powered anomaly detection systems

Real-time monitoring through pKYC (perpetual KYC) frameworks

Analytics tools Law firms must still conduct practice-wide risk assessments (PWRAs) to identify and assess all ML and TF risks, including client types, geographic areas, products, services, and transactions

They must also undertake client and matter level risk assessments

Digital tools, while helpful for screening against sanctions, PEP (Politically Exposed Person) and adverse media watchlists are not a guaranteed solution to AML/TF issues or a guarantee of compliance

The ultimate responsibility remains with the legal practice and practitioner

Law firms must ensure that the level of comfort derived from any electronic verification system is adequate to mitigate the risks of ML/TF or fraud documented in their PWRA

This often requires corroborating electronic verification with other Client Due Diligence (CDD) material

Certain sectors may still require sight of original documentation

Our prospective clients and regulated firms and industries may faced with the increased repetition of ID checking, from prospective clients presenting their ID wallet, to a regulated firm/ industry requesting their own e-verification checks and they may still require physical proof, because some elements of the data do not go far enough, or are required by other agencies such as mortgage providers.

In an increasing tech world, some people may be left behind, or subject to old or limited tech phones that restrict their access to services

The sanctions regime is one of strict liability, meaning a risk-based approach will not necessarily protect a firm if it breaches the regime unintentionally.

The reports state that there isn't an immediate intention to have immigration status data, thus there probably no intention of having designation status included in the wallet, even if it did there would still be requirement to monitor, and this would not be possible with a single sight of a Digital Wallet.

Firms must carry out thorough due diligence checks to identify designated persons (sanctioned individuals, entities, etc.)

This includes considering beneficial owners and individuals with control over entities, as designated persons may seek to hide or misrepresent their identity

Digital screening tools can help, but it's generally not enough to take a client's identity at their word

Firms must also be vigilant for red flags indicating attempted circumvention of sanctions or money laundering, such as unusual transactions, resistance to controls, or complex corporate structures

The definition of "control" for sanctions purposes is subtly different from "beneficial ownership" in money laundering regulations, requiring distinct considerations

Law firms must conduct ongoing monitoring of business relationships to ensure transactions are consistent with client knowledge and risk profiles, and to keep CDD documents up to date

Source of Funds (SoF) and Source of Wealth (SoW) checks are fundamental elements of CDD, especially in enhanced due diligence situations, and go beyond just knowing where funds were transferred from

🤔Reality on the ground may look different

While the new digital government wallet offers significant advantages in the efficiency of initial identity verification for legal client onboarding, it serves as on important component rather than a complete solution.

Law firms will still need to implement comprehensive risk assessment frameworks, conduct ongoing monitoring, verify complex ownership structures, assess sources of funds and wealth, and remain vigilant for red flags to fully comply with their responsibilities under money laundering, proliferation financing, terrorist financing, and sanctions regulations

The Government has signalled a desire to reduce the burden of anti-money laundering implementation, we will have to keep a watchful eye.