A library of snippets
xxx
“It will be based on the DP-3T concept of EPFL and will leverage the new Google and Apple Contact Tracing APIs as soon as they are available,” Pascal Strupler, Director-General of the Swiss Federal Office of Public Health, is quoted as saying in a press release.
From Contact tracing app could be launched in Switzerland within weeks – SWI swissinfo.ch:
xxx
The Financial Action Task Force (FATF) is the global inter-governmental money laundering and terrorist financing (ML/TF) watchdog that sets “recommendations” for some 200 jurisdictions. It recently published its new “Guidance on Digital ID” (6th March 2020), specifically to encourage governments and financial institutions to use the FATF’s risk-based approach to “encourage use of digital customer onboarding” and to take advantage of “simplified due diligence” to tackle the challenges of COVD-19 whilst remaining alert to “new and emerging” risks. Don’t let the 100+ pages and the bureaucratic language put you off: this is actually pretty interesting stuff.
What was particularly interesting about the new guidelines is that, in common with the EU’s Fifth Anti-Money Laundering Directive (AMLV), they recognise that there is role of digital onboarding beyond convenience or necessity. Paragraph 87 of the document says very clearly that given the advances in the technology and standards in the digital ID world that “non-face-to-face customer-identification and transactions that rely on reliable, independent digital ID systems with appropriate risk mitigation measures in place, may present a standard level of risk, and may even be lower-risk (my emphasis) where higher assurance levels (eg, NIST IAL2) are implemented and/or appropriate ML/TF risk control measures are in place.
Of course, digital and “face-to-face” are not alternatives. The use of digital onboarding to support and enhance face-to-face interactions to also going to accelerate. Here’s an example from Canada. In March 2020, Royal Bank of Canada (RBC) introduced an enhancement to its mobile application to allow customers to verify their identities when opening a new account in branches. The app can use the contactless interfaces in mobile phones to read the chips in electronic passports to speed things along. Why bother? Well, RBC say that when a customer verifies their identity this way, there details are immediately flashed to the computer screen of the RBC employee helping them, so giving “a stronger connection between the branch and the app” and cutting the account opening time by more than two-thirds.
(This general trend towards convergence to a mobile app and a consistent digital experience whether interacting in person or remotely is part of the transition to contact-free commerce.)
For the technically-minded digital ID community, the meat is in Recommendation 10a. This is about digital identity in the context of the identification and verification of natural persons for the purposes of CDD. The FATF talk about the key components of a digital ID system — which map to the domains in the Three Domain Identity (3DID) model that I use as shown in the picture above.
Since the FATF made the new recommendations, regulators around the world have issued their own statements supporting such action including the UK’s FCA, Hong Kong’s HKMA and the US FinCEN as James Mirfin of Refinitiv pointed out. In the UK, for example, the Financial Conduct Authority (FCA) issued a letter noting that while organisations have to meet their obligations under the relevant regulations (in this case, the UK’s Money Laundering Regulations 2017), they can be flexible. Now, some of this flexibility is a little old school (allow people send send scanned documents as PDFs by e-mail instead of producing original documents, for example, is what I label “digitised identity”) but some of it is, I think, a considered and sound response to the new environment. The FCA will accept “third-party verification” (where a lawyer or accountant corroborates data) and, in a step towards the federated digital identity of the future (the “financial services passport” that I have been going on about for years), organisations can rely on CDD performed by other organisations (the example given is the obvious one of customer’s primary bank account provider) and on commercial providers who “triangulate” data sources to verify documentation.
The recommendations themselves contain some other interesting provisions. The core of the approach recommended is this: if you are provided with a government-approved digital identity (eg, eIDAS in Europe) then accept it, if you are provided with a non-government approved digital identity then you must either undertake an “assurance test” or have a third-party do it for you. However, the level of assurance can be varied so the in areas where there are lower risks, lower assurance digital identity verification is acceptable (I’m a tech guy, so I suspect that only a lawyer can interpret what “acceptable” means here). Furthermore, where there are risks of financial exclusion, organisations can be more flexible (by, for example, using the third-party verification as per the FCA letter). This could be critical in many jurisdictions where government stimulus payments to both individuals ad businesses can be held up, subverted or even diverted because of the lack of digital identities.
None of us who have predicted that digital identity will be central to the new economy would have wanted it this way, it goes without saying. But as I wrote on Medium in “COVID, Cryptography and Certificates”, the fact of the matter is that the response to the current pandemic, and the preparation for the next one, will bring digital identity to the top of the strategic agenda for individuals, businesses and governments alike. Let’s make sure that we (the identity industry) respond with cost-effective and efficient solutions that deliver both privacy and security to the benefit of all stakeholders.
xxx
Current AML/KYC rules are neither effectively preventing nor capturing crime. Instead they risk making financial institutions so overly cautious that they only serve to exacerbate the problem of the un- or under-banked and create barriers for honest customers.
From Digital Identity: a nut that remains to be cracked – FinTECHTalents:
xxx
xxx
That opacity has made the art market particularly attractive to plutocrats, oligarchs and others who might want to hide their wealth away from prying eyes.
From In search of Inigo Philbrick, the disappearing art dealer | British GQ:
xxx
xxx
In multiple instances, victims alleged, Philbrick had sold artworks to more than one person or sold fractions of paintings – 50 per cent here, ten per cent there – that together amounted to more than 100 per cent. He had allegedly taken out nearly $20m in loans on paintings he didn’t actually own – and, in some cases, even absconded with both the paintings and the client’s money.
From In search of Inigo Philbrick, the disappearing art dealer | British GQ:
xxx
Xiangmin Liu of the People’s Republic of China assumed the position of President of the FATF on 1 July 2019. He succeeded Marshall Billingslea of the United States.
Mr. Liu currently serves as Director-General of the Legal Department at the People’s Bank of China
With people around the world facing confinement or strict social distancing measures, in-person banking and access to other financial services is difficult, and unnecessarily exposes people to the risk of infection. Use of digital/contactless payments and digital onboarding reduce the risk of spreading the virus. As such, the use of financial technology (Fintech) provides significant opportunities to manage some of the issues presented by COVID-19. In line with the FATF Standards, the FATF encourages the use of technology, including Fintech, Regtech and Suptech to the fullest extent possible. The FATF recently released Guidance on Digital ID, which highlights the benefits of trustworthy digital identity for improving the security, privacy and convenience of identifying people remotely for both onboarding and conducting transactions while also mitigating ML/TF risks. The FATF calls on countries to explore using digital identity, as appropriate, to aid financial transactions while managing ML/TF risks during this crisis.
When financial institutions or other businesses identify lower ML/TF risks, the FATF Standards allow them to take simplified due diligence measures, which may help them adapt to the current situation. The FATF encourages countries and financial service providers to explore the appropriate use of simplified measures to facilitate the delivery of government benefits in response to the pandemic.
xxx
xxx
Due Diligence of Digital ID Systems: Regulated entities should undertake sufficient levels of due diligence when determining whether to use Digital ID to conduct CDD. Considerations include: (i) whether the Digital ID has been authorised for CDD, and (ii) whether the assurance levels of the Digital ID are known to the organisation.
The Draft Guidance also suggests that for the purposes of simplifying AML/CFT due diligence requirements, organisations should utilise Digital ID systems with lower assurance levels, where risks are low. The consultation on the Guidance, which was open to private sector stakeholders, closed for responses on 29 November 2019. The FATF will now look towards finalising the guidance, with any further amendments being incorporated during meetings occurring in February 2020.From FATF consultation draft guidance on digital identity – Lexology:
xxx
xxx
YouTube also awarded a “verification badge” to a hacked channel displaying a photo of Garlinghouse as its profile picture, falsely indicating to viewers that the account was legitimate
From Ripple sues YouTube over cryptocurrency scams – Reuters:
xxx
xxx
France is asking Apple Inc. to remove a technical obstacle that it says is delaying a government contact-tracing application designed to contain the coronavirus spread.
Apple’s operating system prevents contact-tracing apps using its Bluetooth technology from running constantly in the background if that data is going to be moved off of the device, a limit designed to protect users’ privacy. That limitation is standing in the way of the type of app that France wants to build, Digital Minister Cedric O said.
From France Says Apple Bluetooth Policy Is Blocking Virus Tracker – Bloomberg:
xxx
xxx
Internal tests of the digital currency are being conducted in four large cities around China—Shenzhen, Suzhou, Chengdu and Xiong’an, a satellite city of Beijing—to improve the currency’s functionality, the digital currency research institute under the People’s Bank of China confirmed Monday, in response to a request for comment.
xxx
xxx
Facebook Pay allows users across the company’s various platforms, including WhatsApp and Instagram, to make payments without exiting the app. Bank Indonesia assistant governor Filianingsih Hendarta, who heads payment system policy, told Reuters that three local firms had approached the regulator to ask about tentative approval for a payments partnership with Facebook.
xxx
Snippings