Taking a “selfie” – it’s not just for social media. As innovation and technology continue to change the financial services regulatory landscape, Canada’s financial intelligence unit is allowing reporting entities to rely on an individual’s “selfie” (subject to the following commentary) to satisfy the reporting entity’s client identification requirements under Canada’s anti-money laundering and anti-terrorist financing regime.
The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has recently updated its guidance, Methods to verify the identity of an individual and confirm the existence of a corporation or an entity other than a corporation (the Guidance), subsequent to the amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) which we previously reported on in our e-lert “Amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act.”
Prior to the amendments, reporting entities were restricted in using only original documents for certain identification methods, requiring in person verification. The amendments change the requirement from an original document to an “authentic” document, now allowing reporting entities to verify identities by electronic means (i.e., the individual does not have to be physically present) in addition to in person verification.
The methods a reporting entity may use to verify the identity of an individual, as amended, are (1) the government-issued photo identification method where the information must be authentic, valid and current, (2) the credit file method where the information must be valid and current, and (3) the dual-process method where the information must be valid and current and derived from different sources.
Identification When Individual is not Physically Present (Government-issued Photo Identification)
The Guidance provides that, under the government-issued photo identification method, if the individual is not physically present:
- the authenticity must be determined by using technology capable of assessing the document’s authenticity. For example, asking the individual to scan the government-issued photo identification using their mobile phone’s camera or other electronic device and then the use of a technology by the reporting entity to compare the features on the identification document against known characteristics (e.g., size, format, design), security features (e.g., barcodes, watermarks), or markers (e.g., logos, symbols); and
- the reporting entity must still determine if the individual matches the name and photo in the government-issued photo identification by, for example:
- a live video chat session where the reporting entity compares the features of the live video image to the name and photo on the government-issued photo identification or by asking the individual; or
- asking the individual to take a “selfie” using their electronic device and the reporting entity subsequently using an application to apply facial recognition technology to compare the features of the “selfie” to the photo on the government-issued photo identification. The reporting entity would also have to compare the name on the government-issued photo identification against the name provided to the reporting entity by the individual. While the use of a “selfie” is permitted in this manner, the Guidance is clear that social media of any kind is not an acceptable source of information to verify an individual’s identity.
Notably, FINTRAC has gone further in the Guidance than the requirements of the PCMLTFA. FINTRAC is requiring reporting entities to use “software or some form of technology” to authenticate. It is not enough to rely on the use of technology by way of live video chats, scans, “selfies” or other similar technological means. As such, this is an additional obligation for reporting entities to satisfy in the authentication process.
Credit File Method and Dual-Process Method
The Guidance provides additional insight on the amendments to the credit file and dual-process methods, which amendments require credit file information to be derived from different sources, additional requirements for the dual-process method, and allow reporting entities to rely on electronic images of documents. Specifically, as set out in the Guidance, reporting entities can rely on fax, photocopy, scan or electronic images of the information required under the dual-process method. The Guidance also provides examples of the type of information that can be used under the dual-process method, which information includes statements, letters, certificates, forms or other sources.
Variations or Discrepancies in Information
The Guidance provides helpful clarity regarding addressing variations or discrepancies in information provided by an individual as against the information the reporting entity has obtained from an approved source. For example, where there is a discrepancy between the credit file information and the information that the individual has provided, the Guidance addresses discrepancies such as typos, dates of birth and multiple addressees.
Update to Policies and Procedures
Reporting entities are required to update their policies and procedures, as necessary, to comply with the requirements provided in the Guidance, which requirements include having policies and procedures in place that describe the processes followed to authenticate government-issued photo identification (whether in person or not), how the reporting entity confirms that government-issued photo identification is valid and current, and that describe the steps used to verify the name and photograph are those of the individual. The policies and procedures must also describe the processes used in the credit file method to verify identity, how the reporting entity will ensure the information is valid and current, and the steps the reporting entity will take if the information is not valid and current.