FCA relaxes rules to allow 'selfie' verification

The Financial Conduct Authority (FCA) has said it is prepared to relax rules on financial services firms accepting customer phone photo 'selfies' to check their identity, as one of several measures to ease the burden during Coronavirus lockdown.

In a public letter to the industry, the regulator's interim chief executive Christopher Woolard said that it has received hundreds of requests from firms and trade associations for adaptions to its rules, adding that some were “opportunistic” and the FCA will reflect on future guidance.

"As we have already made clear, we expect firms to provide strong support and service to customers during this period," read the statement. "Firms should be clear and transparent and provide support as consumers and small businesses face challenges at this time. We also expect firms to manage their financial resilience and actively manage their liquidity."

Restrictions on non-essential travel have affected many firms' ability to make compulsory anti-money laundering checks, so Woolard said the watchdog would be flexible.

The existing regulations and Joint Money Laundering Steering Group guidance already provide for client identify verification to be carried out remotely and give indications of appropriate safeguards and additional checks which firms can use to assist with verification. For example, firms can:

• accept scanned documentation sent by e-mail, preferably as a PDF;
• seek third party verification of identity to corroborate that provided by the client, such as from its lawyer or accountant;
• ask clients to submit ‘selfies’ or videos;
• place reliance on due diligence carried out by others, such as the client’s primary bank account provider, where appropriate agreements are in place to provide access to data;
• use commercial providers who triangulate data sources to verify documentation provided;
• gather and analyse additional data to triangulate the evidence provided by the client, such as geolocation, IP addresses, verifiable phone numbers;
• verify phone numbers, e-mails and/or physical addresses by sending codes to the client’s address to validate access to accounts; and
• seek additional verification once restrictions on movement are lifted for the relevant client group.

Elsewhere, there's also been a relaxation of rules that portfolio management services must inform customers each time their holdings drop by 10 per cent or more in value since their last statement.

Firms had raised concerns about the impact on consumers, as well as the operational burden of this during a highly volatile market, so the FCA said that until the start of October, it will not take enforcement action if a firm has issued at least one notification within the current reporting period, and where firms later provide general updates on websites or social media.

Chris Finney, partner at law firm Fox Williams, said that while it's good to see the FCA taking a flexible approach, especially in these uncertain times, firms will need to be cautious before taking advantage of the identity opportunity.

"Firms must still identify, and verify the identity, of their customers, they also need to protect themselves and their customers against scams," he stated. "A selfie might help, if it’s combined with a range of other things, but a scan of a document which seems to show the customer’s name and address, and a photograph of someone who may (or may not) be the same person, will almost never be enough, on its own.

"Even in a crisis, the normal rules still apply; and when the crisis has passed, litigation and regulatory sanctions can just as easily still follow; in fact, some regulators have 'form' in this area, so best be wary.”

    Share Story:

Recent Stories

The Rise of Instant Payments
Instant payments are creating new business opportunities for banks by providing more touchpoints than ever. With these evolutions underway, Featurespace brought leading industry experts together to discuss how they are protecting customers from fraudsters in real time, utilizing innovative and disruptive solutions to reduce fraud. Click here to find out more.

Offloading Cyber Risk in the Cloud
As cyber attacks and data breaches are in the news on an increasingly regular basis - with regulatory penalties and customer trust on the line for financial services firms - it has never been more crucial to be compliant in the cloud.

This video, with Akamai’s EMEA director of security technology and strategy Richard Meeus, will help explain what your company can be doing to make sure it’s not embroiled in the next big fine or front-page scandal.