In an era driven by rapid digitalization, the traditional approaches of face-to-face meetings and physical document validation are becoming less popular among companies to verify a customer’s identity.
Nowadays, electronic ID control is the method of choice.
However, this has led to increased vulnerability to identity fraud due to the wealth of information available on social media and data aggregation platforms, as well as the increasing frequency of cyberattacks targeting unsecured systems.
In this article, we explore how you can strengthen your practice’s anti-money laundering (AML) processes using a dedicated framework to help you stay prepared against identity threats.
Here’s what we cover:
Identity fraud in the digital age
Digitalization of processes has undoubtedly accelerated the efficiency of AML processes across accounting practices.
However, it is important for you as an accountant or accountant to recognize that with these benefits come new risks and vulnerabilities.
Identity fraud, in particular, is more prevalent in the digital age.
One notable example is the use of artificial intelligence (AI), which is paving the way for deepfakes — sophisticated synthetic media that digitally alter appearance to convincingly replace one person’s likeness with another.
While electronic methods of verifying a customer’s identity are useful, you should be cautious and consider whether the processes you have in place are robust enough to truly authenticate the identity.
Carrying out controls to combat money laundering
When it comes to attracting a new client to your practice, anti-money laundering regulators and professional associations expect you to be confident that you are dealing with someone who is genuine and who they say they are.
If you do this improperly, you could face fines, reputational damage, and even a lawsuit.
The strategies you use to authenticate customers can vary depending on the nature of your interaction — whether in-person or virtual — and the length of your relationship.
Each customer brings a unique context. And while it’s tempting to stick to a routine, it’s important to recognize that there is no one size fits all.
Need help making sure you’ve covered all the bases when vetting clients in your practice?
A framework created by us at Sage supports you in this.
What is the Core Identity Framework?
The Core Identity Framework is a method we developed to help you ensure that you have truly verified your customers’ identities.
It includes the following:
- Verification of residency: Can I prove that they live where they say they live? This confirms the correctness of the address you provided.
- Authenticate documents: Have I seen a valid and original (authentic) copy of the ID document? Ensuring the authenticity and validity of the ID provided.
- Verify identity: Is the person I am dealing with the person on this identification document? This is intended to ensure a complete match between the person and the information in the ID document presented.
- Evidence documentation: Did I document all of this as evidence? Document any evidence you have so that you can present it during a practice safety visit if requested.
Our investigation into how AML is managed in practice GoProposal has revealed a trend whereby many of our accountants and bookkeepers are currently only addressing two or three of these four pillars.
By consistently adhering to the Core Identity Framework, you can build trust in your customer verification processes.
What to look for in an identity verification provider
When it comes to verifying customers, the landscape of identity verification solutions offers a range of options, each covering different levels of verification.
The choice that best suits your needs depends on a close examination of your existing processes.
Here’s how to navigate these alternatives depending on your circumstances:
- Personal Interactions: If you are attending in-person meetings for identity verification, a simpler electronic verification may be sufficient. However, ensuring documentation and safe storage of identity credentials is still a must.
- Virtual work settings: The transition to a virtual work environment brings with it a shift towards more comprehensive electronic verification strategies. The lack of physical interactions highlights the importance of ensuring that any checks you conduct electronically are robust.
Using the Core Identity Framework in your verification process
Identity verification providers offer a number of different types of verification. Therefore, it is important to tie your decisions to the Core Identity Framework when deciding what works best with your processes.
If your chosen provider only addresses two or three core elements, it is imperative to address the remaining component in your AML processes independently.
For example, many companies choose to implement document verification, which involves capturing, storing and validating their customers’ identity documents and addresses.
This would score three out of four on the Core Identity Framework.
Even after completing this check, companies still need to confirm that the face matches the document presented, either through an in-person meeting or an online verification method.
You should always contact your practice assurance body for advice on whether online meetings are considered acceptable.
Another common practice in the industry is to perform a basic verification and background scan using a customer’s name, address and document number.
Although this confirms the authenticity of the document and the legitimacy of the customer address, it is not enough.
In this scenario, a valid copy of the documentation has not been retained nor has the organization confirmed a facial match to the submitted document and associated document number, resulting in a score of two out of four on the Core Identity Framework.
Clearly there is still room for improvement to achieve a more robust verification process.
The examples above show how the Core Identity Framework can serve as a guide to ensure that the approach you choose includes all important elements.
Final thoughts
Regardless of which level of electronic verification you choose, it is important to ensure that all four basic verification areas are covered.
The ability to achieve four out of four points within the Core Verification Framework depends on the specific processes and measures your practice implements for identity verification.
If you can only achieve two or three within the framework, consider how you may need to adapt your processes to achieve all four.
Refer to your own identity verification practices and assess whether your current processes align with the four criteria outlined in the Core Verification Framework.
Identify any gaps or areas for improvement and make adjustments accordingly. It is an ongoing process and the goal is to continually improve and adapt your procedures to ensure a thorough and secure identity verification system.
