MAS issues a circular on non-face-to-face customer due diligence measures
This CDD circular sets out industry best practices to be observed by financial institutions in relation to non-face-to-face CDD measures and the mitigating controls to be adopted by financial institutions when using technology solutions. The CDD circular elaborates on the measures to be adopted by financial institutions to help mitigate impersonation and fraud risks.
Non-face-to-face customer onboarding has become standard for many financial institutions particularly since the start of the COVID-19 pandemic. In light of social distancing measures implemented during the pandemic and with more employees working from home, financial institutions have been forced to adopt technology solutions to assist with non-face-to-face CDD within permitted regulatory parameters. The adoption of technology to conduct non-face-to-face CDD brings with it specific operational challenges and security threats.
Some key takeaways from the circular are set out below:
- Financial institutions are using video-conferencing as means to verify the identity of customers when conducting non-face-to-face CDD. To mitigate the risk of fraud and impersonation risks, additional checks such as use of control questions and liveness checks should be implemented.
- For accounts that pose higher ML/TF risks, additional CDD measures should be taken, such as verifying customer information against reliable and independent databases.
- When verifying corporate documents sent via soft-copy, obtaining original certified true copies is advised, or using notary public, lawyers or certified public accountants to use digital signatures or watermarks to certify authenticity.
- For e-signed documents, assess the robustness of processes in place to safeguard the authenticity of electronic documents and their admissibility in court.
- Regularly review technology solutions to ensure continued effectiveness in conducting non-face-to-face CDD.
- Financial institutions should not rely on external quality assurance standards of the technology solution providers but conduct their own due diligence and assessment on the effectiveness of the solutions in mitigating impersonation and fraud risks.
- Ensure all due diligence and assessment of technology solution providers are approved by board of directors.
- Implement appropriate metrics to monitor the performance of technology solutions employed and take timely intervention if necessary.
- Ensure that board of directors and senior management maintain effective oversight on management of ML/TF risks and AML/CFT controls.
- Establish clear accountability for the effectiveness of the non-face-to-face process and technology solutions.
The circular is applicable to all financial institutions and should be read in conjunction with the relevant AML/CFT Notices and Guidelines in relation to CDD measures for non-face-to-face business relations as well as MAS’ circular of 8 January 2018 on the use of Myinfo and CDD measures for NFTF business relations.