The FCA's recent Dear CEO letter set out its approach to a number of issues affecting retail investors, in order to provide some guidance in this period of COVID-19 disruption.
One of these issues was around client identity verification in relation to which the FCA said that "firms have flexibility within our rules." Although it did not suggest that the rules had been relaxed - rather, it explicitly said that it still expected firms to comply with the Money Laundering Regulations 2017 - and referred to safeguards contained within the Money Laundering Regulations 2017 and the Joint Money Laundering Steering Group guidance in relation to remote client identification verification, it went on to list a number of ways that firms could verify identity while operating remotely. These include accepting scanned documentation by email, or asking clients to submit 'selfies'.
The letter has led to some criticism that such methods to verify identity are inherently insecure. In response, the FCA has said that the letter was not intended to represent a relaxation of the requirements or to suggest that one of the measures in isolation would be appropriate or sufficient.
Leaving aside whether the letter ought to have been clearer, it is right to stress the importance of firms managing the risks of remote identification and impersonation fraud and ensuring that, in line with the JMSLG guidance, the process of electronic verification meets an appropriate level of confirmation in order to satisfy the firm's legal obligation. That can plainly be more challenging when operating remotely; set against the imperative for firms to (as the Dear CEO letter states) “provide strong support and service to customers during this period”, the financial crime risks undoubtedly increase.
Now more than ever, firms should ensure that they refresh training around client identification verification and recognising suspicious activity, follow the guidance set out in the JMLSG guidance and document the steps they take so that if and when decisions come to be scrutinised in months and years to come, there is an audit trail to support the process followed.
"Checking new client identities remotely amid the coronavirus lockdown makes financial firms more vulnerable to attempted money laundering, and regulatory guidance to accept “selfies” and emailed documents amounts to “a fraudster’s charter”, according to compliance specialists."