MAS issues circular on non-face-to-face customer due diligence measures for financial institutions
25 February 2022
On 8 February 2022, the Monetary Authority of Singapore (“MAS”) issued a circular on Non-face-to-face Customer Due Diligence Measures (“Circular”). The Circular sets out industry good practices observed by MAS and supervisory guidance on the measures to mitigate risks associated with the use of non-face-to-face (“NFTF”) technologies for customer due diligence (“CDD”).
Non-face-to-face customer due diligence measures
MAS notes that financial institutions (“FIs”) have utilised video-conferencing as a means to onboard customers instead of physical meetings. To mitigate the risks of fraud and impersonation, FIs should put in place appropriate controls during the video-conferencing process to verify the identity of the customer and the authenticity of the identification (“ID”) documents sighted via video-conferencing. In this regard, some FIs have required the use of control questions to be answered by the customer, or performed liveness checks. FIs should continue to raise staff vigilance and conduct training to enable detection of possible fraudulent or tampered ID documents.
MAS states that FIs should perform additional checks via a different channel as appropriate, especially for accounts with higher money laundering and terrorism financing (“ML/TF”) risks. MAS notes that some FIs conducted additional checks such as verifying the customer’s information against reliable and independent databases or performing a check sum digit test to identify data validation errors in the customer’s ID document.
Legal persons and legal arrangements
MAS states that CDD documents that cannot be verified against a registry or lack the requisite authenticity markers (such as a foreign certificate of incorporation) should not be verified purely via video-conferencing. FIs should institute additional measures to verify that the soft copies of documents are genuine, such as by obtaining an original certified true copy or requiring suitably qualified persons to use digital signatures or watermarks to certify the authenticity of the soft copies.
A few FIs have also started exploring the use of electronic signing (e-signing) techniques to facilitate the establishment and continuation of NFTF business relations, instead of obtaining wet ink signatures. In this regard, FIs should assess the robustness of processes in place to safeguard the authenticity of electronic documents and their admissibility in court.
Use of new technology solutions
Risk of impersonation
MAS notes that most solutions deployed by FIs surveyed included elements of biometrics technology, such as facial recognition. Liveness detection technology is also employed to verify if the FI is interfacing with an actual customer or a fake representation.
Risk of fraudulent or tampered documents
MAS notes the use by a number of FIs of in-house or third-party ID document authenticity verification tools to detect fraudulent or tampered ID documents. FIs should conduct an internal assessment of the effectiveness of the solutions in mitigating impersonation and fraud risks prior to implementing them. FIs should not solely rely on external quality assurance standards of the technology service providers to arrive at their conclusion, but should perform their own assessments. The FI’s assessment of technology solutions should be approved by board and senior management. On an ongoing basis, FIs should also monitor the robustness of their technology solutions to ensure that the solutions continue to remain effective in mitigating impersonation and fraud risks.
Enhancing internal controls
MAS notes that technology solutions used to improve onboarding efficiency and mitigate risks associated with NFTF onboarding are not immune to failures and can still be exploited by criminals. For example, optical character recognition technology may not be able to correctly recognise text or documents with physical labels. When verification by the new technology solution fails, corrective action is required. It is important for FIs to establish appropriate metrics to monitor the performance of the technology solutions employed and take timely intervention measures where there are issues observed.
MAS expects the board and senior management of FIs to maintain effective oversight of the management of ML/TF risks and anti-money laundering and countering the financing of terrorism controls. In particular, FIs should put in place effective mitigating controls to address the heightened impersonation and fraud risks where customers are onboarded remotely. FIs should also properly establish clear accountability for the effectiveness of NFTF CDD processes and technology solutions to manage these risks.
The Circular is available on the MAS website www.mas.gov.sg.