On 1 June 2020, the Joint Money Laundering Steering Group (JMLSG) published its revised guidance for what is expected of regulated financial services entities in relation to the prevention of money laundering and terrorist financing. The new guidance recognises the central role that digital identity and robust biometric technologies can play in ensuring regulated entities meet their anti-money laundering (AML) and counter terrorist financing (CTF) obligations.
What is the JMLSG?
The JMLSG is a private sector organisation that produces guidance to help the financial services sector meet its legal obligations in relation to AML and CTF. Its guidance isn’t legally binding but it receives ministerial sign off from the Treasury, so it’s certainly a persuasive set of documents.
The JMLSG might come from the private sector but it isn’t a lobbying organisation. This means that its guidance can be trusted to balance the competing needs of customer protection, market competition and regulatory certainty.
What’s so good about the revised guidance?
The revised guidance builds on the EU 5th Anti-money Laundering Directive (5AMLD), which was transposed by the UK government in The Money Laundering and Terrorist Financing (Amendment) Regulations 2019.
It acknowledges that customer due diligence (CDD) methods are changing. Previously, an individual would have had to have been met in person and show their physical documents to gain access to a financial service or product.
As technology has developed, financial institutions became able to rely on the triangulation of data from vast electronic datasets to check that the person before them was really who they claimed to be. Now, it’s possible to rely on smaller amounts of higher quality data held by digital identity platforms to perform CDD.
The revised guidance explicitly recognises that digital identity platforms can be relied upon as long as they’re secure from fraud and misuse and they provide an appropriate level of assurance that the customer is who they say they are.
At several points, the revised guidance talks about the use of “primary identity documents”, like a passport, combined with the use of biometric data to perform CDD. Additionally, it notes that where a primary identity document is checked using cryptography, it can be relied on as the sole source of CDD information by the digital identity platform.
It also discusses the importance of preventing people from pretending to be the prospective customer, or ‘mitigation of impersonation risk’, which it identifies as being carried out by the use of biometric data, in addition to other methods.
Yoti for CDD requirements
That’s exactly how Yoti works. Yoti allows users to securely store and share personal information obtained from a government-issued identity document, like a passport. Users with a chipped document are cryptographically verified using the NFC capability in their mobile device.
We make sure the customer is a real person and their face matches their ID document through a combination of biometric recognition technology and powerful anti-spoofing methods. This guarantees a high level of assurance that the customer’s identity exists in the real world.
The revised JMLSG guidance recognises the advances in – and advantages of – digital identification combined with robust biometric technologies. Financial institutions should feel reassured that they can use digital identity platforms, such as Yoti, to meet their CDD obligations in a robust way.