Last week, the multi-government Financial Action Task Force (FATF) published guidance on digital payments and the use of IDs for customer due diligence (CDD). The draft report includes recommendations for anti-money laundering (AML), counter-terrorist financing (CTF), know your customer (KYC), and financial inclusion rules.
The FATF notes that digital payments are growing by 12.7% every year, with over 700 billion transactions predicted annually by 2020. Similarly, digital ID systems are evolving rapidly and often go hand in hand with regulated electronic payments. The group has now issued guidelines for authorities on combining the two.
“Digital ID standards, technology and processes, have evolved to a point where digital ID systems are, or could soon be, available at scale. Some of these relevant technologies include: a range of biometric technology; […] artificial intelligence/machine learning (e.g., for determining validity of government-issued ID); and distributed ledger technology (DLT),” the report reads.
Now that such IDs exist, they hold “great promise” for sectors including banking, health, and e-government. Digital ID systems could improve customer verification, support CDD, reduce costs, and aid transaction monitoring for anti-fraud efforts.
In many cases, claims the FATF, they could also promote financial inclusion. Indeed, InfoSys founder Nandan Nilekani explained last month how a digital ID system allowed millions of unbanked Indian citizens open an account.
However, a vital point of these guidelines is the potential risk that comes with digital identities. A system at scale must have robust cybersecurity protection. The FATF cites that 81% of data breaches happened because of weak or stolen passwords, so having a minimum length requirement is simply not enough. Especially with something which could be as important as a passport.
Other challenges include balancing data protection with AML and KYC laws, dealing with connectivity issues, and ensuring the accuracy of biometrics. Onboarding must be a reliable process (see above). Additionally, if many citizens do not have access to suitable devices, then an ID system may promote financial exclusion.
The FATF suggests that government agencies considering adopting ID systems should take a risk-based multi-stakeholder approach, involving standards bodies (such as the ISO), technical partners, and cybersecurity authorities.
In doing so, agencies can strengthen various aspects of CDD. There are the more apparent benefits, like being able to associate transactions with a government ID and more efficiently trace funds. But interestingly the FATF points out that digital IDs can reduce human error in places like banks.
For example, when somebody wants to open an account, a member of staff has to make a judgement call whether the given ID is actually that person. With a digital system, technologies like AI can make a better call and can repeatedly do so through a smartphone. AI is also not quite as vulnerable to bribery or blackmail.
The FATF previously reported on crypto-assets and money laundering ahead of a G20 finance meeting. Back then, the group noted that it was difficult to apply FATF standards to blockchain-based assets.