Topic Anti-money laundering Circular 3/2017 (GW) - video identification procedures
- A. Identification of natural persons present via video identification procedures
- B. Requirements under anti-money laundering law for the execution of video identification
- I. Identification by trained employees
- II. Premises
- III. Consent
- IV. Technical and organisational requirements
- V. Identity documents permitted
- VI. Verification of the identity document
- VII. Verification of the person to be identified
- VIII. Termination of the video identification process
- IX. Transmission of a TAN
- X. Retention and recording
- XI. Data protection
Requirements for the use of video identification procedures (Reference: Circular 1/2014, item III of 5 March 2014)
This circular is intended for: credit institutions, financial services institutions, payment institutions, e-money institutions, enterprises and persons within the meaning of section 2 (1) no. 2c of the German Money Laundering Act (Geldwäschegesetz – GwG), asset management companies, branches of EU management companies and foreign AIF management companies, foreign AIF management companies for which the Federal Republic of Germany is a reference Member State and which are supervised by the German Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht – BaFin) pursuant to section 57 (1) sentence 3 of the German Investment Code (Kapitalanlagegesetzbuch – KAGB), insurance undertakings offering life insurance contracts or accident insurance contracts with premium refunds as well as financial holding companies and mixed financial holding companies in the Federal Republic of Germany
Reference: Circular 1/2014, item III of 5 March 2014
A. Identification of natural persons present via video identification procedures
The German Federal Ministry of Finance (Bundesministerium der Finanzen – BMF) maintains its interpretation regarding the scope of the enhanced customer due diligence in cases of non-face-to-face identification pursuant to section 6 (2) no. 2 of the GwG referenced in Circular 1/2014 of 5 March 2014. This procedure does not contravene the Fourth European Money Laundering Directive (Directive (EU) 2015/849), which no longer sees even cases of non-face-to-face identification as fundamentally constituting an increased risk.
The BMF's interpretation is that, in cases of video identification, regardless of the physical separation, sensory perception of the (natural) persons participating in the identification process is possible, since the person who is to be identified and the employee sit opposite one another "face to face" through the video transmission and communicate with one another.
Identification in these instances is therefore based on the general customer identification requirements for natural persons set out in section 3 (1) no. 1 in conjunction with section 4 (1) and (3) no. 1 and (4) no. 1 of the GwG.
Identification of legal persons or partnerships through video identification, on the other hand, is not possible. The video identification procedure can, however, be used in cases where the identity of a legal or appointed representative must be verified.
This circular replaces item III of Circular 1/2014 of 5 March 2014 regarding video identification. It adapts the procedure to current requirements in relation to security and practicability, thereby raising the level of security in particular.
The use of video identification procedures is therefore now based exclusively on this circular and the requirements stated below, which must be complied with cumulatively and in their entirety. On the basis of these requirements, the video identification procedure can be used by all entities obliged under the GwG and which are subject to my supervision.
The video identification procedure as described in this Circular is to be evaluated where a reason for such evaluation exists (e.g. knowledge of security incidents) but, in any event, at the latest three years after entry into force of the Circular. The procedure must be evaluated to check if the requirements for its execution under anti-money laundering law are still adequate in light of technological advances and experiences gained with the procedure or if further adjustments or additional requirements are necessary. The result of this evaluation is binding in relation to the procedure itself and in relation to any adaptation requirements that may arise.
B. Requirements under anti-money laundering law for the execution of video identification
I. Identification by trained employees
Video identification may only be carried out by appropriately trained employees of the obliged entity or of a third party to which the obliged entity outsourced the customer identification requirement pursuant to section 7 (2) of the GwG or which the obliged entity engaged pursuant to section 7 (1) of the GwG. Further delegation or sub-delegation or engaging of a third party by a third party within the meaning of section 7 (1) of the GwG is not permitted.
At the very least, the employees in question need to be familiar with the features of the documents permitted in the video identification procedure which can be verified by way of said video identification (including the applicable verification methods) together with the common counterfeiting possibilities, and to be familiar with relevant anti-money laundering and data protection regulations and the requirements set out in this Circular. Suitable documentation must be available on the accepted documents, their verifiable features and the corresponding training measures.
The aforementioned contents must be taught to the employees in a suitable manner before they take up their identification duties and afterwards at regular intervals, but at least once a year and as and when the need arises. Such a need may be justified, for example, if there is a change to the legal and/or supervisory or data protection requirements in place, in the event of a significant number of attempts at fraud, if the institution becomes aware of new potential for fraud or if there are other flaws in the procedure.
During the identification process, the employees must be situated in separate premises with restricted access.
At the beginning of the video identification, the person to be identified must give their explicit consent to the entire identification process as well as to photos or screenshots of them and their identity document being taken.
This consent must be explicitly logged/recorded.
IV. Technical and organisational requirements
When assigning identification cases to employees, mechanisms must be put in place to counteract a predictable assignment of cases and the associated possibility of manipulation.
Video identification must be performed in real-time and without interruption. The integrity and confidentiality of the audiovisual communication between the employee and the person to be identified must be adequately ensured; for this reason, only end-to-end encrypted video chats are permitted. The recommendations contained in Technical Guideline TR-02102 of the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik – BSI) must be complied with.
In addition, the image and sound quality of the communication must be sufficiently adequate to allow unrestricted identification beyond doubt on the basis of all examinations called for in this Circular. In particular, these include the examinations of the security features which have been categorised as being visually verifiable in white light as well as the examination carried out to check if the document has been damaged or manipulated. To evaluate the quality of the image transmission, suitable informative image elements such as guilloche structures and microlettering must be defined.
During the video transmission process, the respective employee must create photos/screenshots which clearly show the person to be identified as well as the front and reverse of the identity document used by this person for identification purposes and the information held on this document.
V. Identity documents permitted
Only identity documents with security features that are sufficiently forgery-proof, clearly identifiable and therefore verifiable both visually in white light and using the available image transmission technology (see list under B.VI) as well as which have a machine-readable zone may be used during the video identification process as proof of identity pursuant to anti-money laundering regulations.
VI. Verification of the identity document
In order to ascertain the identity of the person to be identified on the basis of the permitted identification document, the employee must first of all ensure that the document used as proof of identity contains the optical security features visually identifiable in white light that a document of this kind typically has.
Depending on the type of document, the optical security features include:
• Kinematic structures
• Tilted laser images
• Window (e.g. personalised)
• Security thread (personalised)
• Optically variable ink
• Guilloche structures
A match is to be assumed if the verification criteria of at least three of the security features randomly selected from different categories in the above list for the purposes of identification and possessed by the identity document are met.
The employee must also ensure that the document used as proof of identity possesses the other formal features visually identifiable in white light and accessible for the purposes of inspection (including layout, number, size and spacing of characters, as well as typography) that a document of this kind typically possesses.
Through suitable IT programmes, it must be ensured that optical security features visually identifiable in white light in the course of video identification match in form and content the individual features found on the identity document (e.g. by comparing the primary and secondary photos such as Identigram, tilted laser image, etc.) or that they match references from an identity document database.
As an alternative to making use of IT support, a similar comparison must be made possible by stills selected by the employee (if possible from serial recording or recorded video sequences) and introduced as a compulsory part of the identification process.
Furthermore, the employee must always verify that the identity document used is undamaged, has not been manipulated and, in particular, that it does not have a photo affixed to it.
During visual identification, the person to be identified must tilt his or her document horizontally or vertically in front of the camera and carry out any additional movements as instructed by the employee.
The structure of the interview with the person to be identified must be varied at least in terms of the sequence and/or type of questions asked by the employee.
Any substitution/manipulation of parts or elements of the identity document must be countered by suitable measures. To this end, the person to be identified must be asked, for example, to place a finger over security-relevant parts of the identity document (variable and determined at random by the system) and move one hand across their face.
Using stills from these movements that are cut out and enlarged, the employee must verify that the identity document, along with all the security features visually identifiable in white light, is completely covered at the right point and that no artefacts indicating manipulation are evident at the transition points.
A verification of the validity and plausibility of the data and information contained on the identity document must be performed as part of the video identification procedure.
Amongst other things, this includes a check of whether the date of issue and the date of expiry of the identity document match each other. In particular, the date of issue must not be in the future.
In addition, the period of validity of the identity document presented must not contravene the norms for identity documents of this kind.
Another necessary element of the identification process is the automated calculation of the check digits in the machine-readable zone and the cross-check of information provided there with the information visible on the identity document. Furthermore, the orthography of the digits, the authority code and the typefaces used must be examined to ensure that they are correct.
The person to be identified has to, moreover, share the full serial number of their identity document during the video transmission.
VII. Verification of the person to be identified
The employee must be satisfied that the photograph and personal description on the identity document used match the person to be identified. Photograph, issue date and date of birth must also be consistent.
Through psychological questioning and observations made during the identification procedure, the employee must satisfy themselves regarding the plausibility of the information contained on the identity document, the information provided by the person to be identified during the interview as well as the stated intention of this person. Questions may also be asked, for example, with regard to the age of the person in order to validate the identity document photograph as well as the date and place of birth stated on the identity document. The reason for the identification must be confirmed by the person to be identified, not least so that the person is aware why such an identification procedure is necessary. The employees must be trained so that they can determine beyond doubt that the person to be identified is purchasing the respective product from the provider in question of their own volition (risk posed by phishing, social engineering, behaviour when under pressure by another person, etc.).
The employee must also verify that all of the details on the person to be identified provided on the identity document match those known to the obliged entity and available to the employee (where applicable).
VIII. Termination of the video identification process
If the visual verification described above is not possible – e.g. due to poor light conditions or poor image quality or transmission – and/or if verbal communication with the person to be identified is not possible, the identification process must be aborted. The same applies in case of any other discrepancy or uncertainty.
In such cases, identification by means of one of the other procedures permitted under the GwG may be performed.
IX. Transmission of a TAN
During the video transmission, the person to be identified must directly enter online a sequence of numbers (TAN) which is valid only for this purpose, centrally generated and delivered to this person (by email or SMS) by the employee, and must return the TAN to the employee electronically. Once the person to be identified has entered the TAN, subject to successful confirmation of this TAN in the system, the identification procedure is completed.
X. Retention and recording
The entire video identification process in all its individual steps must be recorded and retained by the obliged entity or a third party to which the obliged entity delegated the identification procedure pursuant to section 7 (2) of the GwG or which the obliged entity engaged pursuant to section 7 (1) of the GwG in a verifiable manner for the purposes of internal and external audit and for BaFin. The documentation requirement therefore calls for both a visual and sound recording and retention of the complete procedure, which the above-mentioned consent provided by the person to be identified must make reference to. The records must show not only that the general requirements for identification under anti-money laundering law are fulfilled, but also that the minimum requirements for video identification set out in this Circular are met.
The records must be retained for five years pursuant to section 8 (3) of the GwG
XI. Data protection
I would like to expressly point out that the aforementioned supervisory requirements apply notwithstanding any other requirements that must be observed pursuant to sections 7 and 8 of the GwG and without prejudice to the data protection requirements that must be observed in parallel.
This Circular shall enter into force on 15 June 2017.
I hereby rescind Circular 4/2016 of 10 June 2016, which had initially only been suspended.