Non-Face-to-Face Identity Verification
The Monetary Authority of Singapore (“MAS”) on 10 November 2020, introduced a new consultation paper on the types of information required for non-face-to-face verification of an individual’s identity. In light of increase in global cyber attacks such as data theft, scams and phishing incidences, Singapore has seen its fair share of incidents of breach in personal data of individuals. Increasingly, individuals’ data that have been stolen are used to impersonate an individual and perform unauthorised financial transactions through non-face-to-face channels. MAS proposes to issue a Notice on Identity Verification to strengthen the level of authentication controls to be implemented by financial institutions when conducting non-face-to-face business.
Under the proposed non-face-to-face identification verification Notice, it will be mandatory for financial institutions to use at least one of the following types of information for non-face-to-face verification:
- Something that only the individual knows, such as passwords or personal identification number (“Pin”)
- Something that only the individual has, such as a cryptographic identification device or token;
- Something that uniquely identifies the individual, based on the individual’s biometrics or behaviour;
- Information such as account transaction information or application identification number
The non-face-to-face identity verification Notice, financial institutions will be prohibited from replying on common personal information such as NRIC number, residential address, and date of birth as the sole means of identity verification as these information could be easily obtained and manipulated by scammers.
The proposed non-face-to-face Identification Notice is a step further to protect customer data, increase consumer confidence in Singapore’ financial system and assist to reduce further fraud from taking place.
Any third parties appointed to act on behalf of financial institutions to conduct identification and verification process including non-face-to-face verification process, must adhere to the proposed Notice.
MAS proposes the effective date of the non-face-to-face verification Notice to take into effect 6 months after it has been issued. It is not certain if 6 months will be a sufficient period of time for financial institutions, especially those dealing with retail customers, to implement and roll out the necessary measures. It is anticipated that several changes may need to be done to technology solutions that are currently used by financial institutions to aid them in the identification and verification process. It is recommended that financial institutions reach out to their technology service providers and other third party service providers who are assisting with the customer identification and verification process and understand if their current processes and systems in place will be adequate to meet the new requirements.
How can Argus (now Waystone Compliance) Assist?
We, at Argus Global (now Waystone Compliance), are a team of consultants who specialize in regulatory compliance for financial institutions. We assist to do the following:
- Implement policies and procedures on Customer Due Diligence Process including customer onboarding and risk assessment
- Assist to conduct AML Screening and customer risk assessment
- Assist to conduct gap analysis on current Customer Due Diligence policies and procedures against MAS requirements and intended requirements
- Assist to provide ongoing compliance advisory support to ensure adherence to compliance requirements in Singapore
Please reach out to us for an initial discussion at [email protected].
Follow us on LinkedIn for more updates.