How Can We Trust And Regulate Digital ID Systems?

Fintech is a term that continues to worry financial crime regulators and supervisory and enforcement authorities. The risk of financial and cybercrime, as well as privacy-breach threats that Fintech is exposed to, is the cause of apprehension. So, can Fintech be on the other side of a route to mitigate financial crimes? The answer is yes.

Our lives are fast heading towards near-complete digitalization—the number of digital transactions across the world is growing almost 13% a year and an estimated 60% of global GDP will be digitized by 2022. The threat of financial crimes, obviously, is also going up simultaneously.

Fintech now is perceived to be a solution to fight and mitigate many instances of financial crimes. In March this year, the Financial Action Taskforce (FATF) issued guidelines, while remaining technology-neutral, on digital identity and its importance in mitigating financial crimes. The guidelines include instructions on asserting and confirming identities in electronic databases, digital credentials, and digital application program interfaces (APIs) and biometrics.

The guidelines apply to government authorities and regulated entities—financial institutions, virtual asset service providers and designated non-financial businesses and professions. They are also relevant to digital ID service providers who deliver services to regulated entities (for FATF purposes).

Though digital ID systems offer a lot of benefits, there are some serious risks associated with them as well. Some of the main benefits include improving the trustworthiness, security, privacy and convenience of identifying natural persons, facilitating customer identification and verification at the on-boarding process and providing ongoing due diligence of transactions, and enabling transaction monitoring to detect and report suspicious deals.

As for the risks, digital ID systems are vulnerable to cybersecurity, financial crimes, privacy, and data protection hazards. Highlighting these, the FATF recommended a risk-based approach to implementing digital ID systems for customer identification and verification. The process is divided into two phases. Phase 1, identify the assurance levels of the digital ID system’s reliability and independence based on its technology, architecture, and governance. And phase 2, make a risk-based determination of whether the digital ID system is appropriately reliable, independent in light of the potential money laundering, terrorist financing, fraud, and other illicit financing risks.

The UAE Pass app is the first national digital identity and signature solution, which enables users to identify themselves to government service providers in all the emirates through a smartphone-based authentication process. It also enables users to sign documents digitally with a high level of security. It eliminates the need to physically visit customer service centres and submit paper documents.

The app was soft-launched in 2018 but announced in May 2020. The decision to mandate the pass was made by the Strategic Affairs Council. Its roll out was driven by Smart Dubai, the government office charged with collaborating with the private sector and the academia to drive technological innovation and the smart city agenda. The UAE’s Central Bank adopted the initiative in September 2019, allowing all customers to accelerate the process of opening accounts remotely.

On the anti-financial crimes level and with the FATF digital ID guidance, the UAE’s top regulatory authorities such as the Central Bank, Ministry of Economy, Ministry of Justice, Securities and Commodities Authority, Insurance Authority, Abu Dhabi Global Markets and Dubai Financial Services Authority have asked local businesses to leverage the latest Fintech solutions to counter the money laundering menace and other types of illicit financial activities, and use appropriate technology and fintech software to ensure that they are following applicable anti-money laundering (AML) guidelines. They have also stipulated that companies must also take appropriate measures to prevent other illegal activities such as financing of terrorism.

With several countries now adopting or planning to roll out this system, the question that only time will answer is to what extent are benefits of these systems preserved versus the risks they are exposed to?

Indeed, digital Identity helps a lot in conducting due diligence of customers, and if the steps mentioned in the FATF guidelines are followed on an ongoing basis, the system can initiate a huge transformation, especially in tackling money laundering and terror financing activities.