One of our most popular questions since the outbreak of the coronavirus has been “what can we do if we can’t get certified client identification documents?”.
This is a bit of a tricky one to explain so, firstly, let’s go back to basics and remember what it is we are trying to achieve. One purpose of Client Due Diligence (CDD) is to know that the person you are acting for is the person they say they are, and anyone who has been on our AML training session will know that it is also so that the Police have a door to knock on and a picture to circulate to identify them (if it turns out a client is a “baddie”). Basically, you want to know that your client is a real person and you can track them down if you need to.
As well as for AML purposes many firms also use the CDD process to satisfy other requirements in risk management:
1. Residential conveyancing - where there is a mortgage the Conveyancer is required by the UK Finance Mortgage Lenders' Handbook (s.3.5 & 3.6) to request evidence of identity and a copy of the documentation should be taken and kept on the file. The Conveyancer must also use the documents to compare the signature with the signature on the mortgage deed.
2. Fraud – This includes high risk matters where the person could benefit if they impersonated someone else. Mortgage fraud is a really good example of this, situations such as Dreamvar (you can read our blog on Dreamvar here).
Traditionally firms have gone through the passport and utility bill route. The client would visit the office with their identification documents (ID) and a Solicitor would check them and take a copy. In doing this they have identified and verified their client is who they say they are. Where the client wasn’t in a position to visit the office and would therefore be a non-face to face client, the firm would simply request certified copies of the documents or request the original documents in post.
In the current circumstances, it is going to be difficult to get certified ID from clients. We would seriously advise against having original documents sent in the post as there are a number of potential risks; the documents could get lost in transit or criminals could get hold of the documents and this could lead to a claim against the firm. Even more so during this period of home working, distributing post is going to be a difficult task (this is something to discuss another time!).
Regulation 33 (6)(b)(iii) of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) states that Enhanced Due Diligence (EDD) is required in situations where the client is non-face-to-face. However, The Money Laundering and Terrorist Financing (Amendment) Regulations 2019 (MLR 2019) states that Electronic Verification (EV) can be used for CDD if the “process is secure from fraud and misuse and capable of providing an appropriate level of assurance that the person claiming a particular identity is in fact the person with that identity.”
Many firms already use EV to assist them with their CDD. An EV check will:
Check data – This will check that the person actually exists. This is normally done by way of credit check or checking the electoral role. However, it cannot confirm the person who has instructed you is who they say they are, it can only provide confirmation that a person, with the information you have been given, exists.
Authenticate a document - This is done by checking the Machine-Readable Zone (MRZ code) on the document. This provides an algorithm check of the MRZ code and provides authentication. It is important to remember a documentation verification check is not verifying the identity of the person, it is verifying the document.
Therefore, if the client is non-face-to-face, this type of EV on its own, is not likely going to be sufficient as it is unlikely to provide an “appropriate level of assurance that the person claiming a particular identity is in fact the person with that identity”.
So, what can you do?
If you have access to EV, you should be able to meet the requirement that you have an “appropriate level of assurance that the person claiming a particular identity is in fact the person with that identity” if you take the follow steps:
You will need a copy of the client’s ID, something that only that person should have, such as a passport or driving licence.
You then need to verify that the ID does in fact belong to the person instructing you, this could be achieved by way of a Skype call or by asking them to take a picture of themselves holding up their ID.
Finally, carry out the EV to authenticate the document and provide the additional data check to verify that the person does in fact exist.
If you do not have access to EV, you will need to take a risk-based approach. You might get copies of the information and make sure before completion you have certified copies or that you have seen the originals. It is unlikely many transactions are going to complete at this time so you should have time to do that. Make sure you make diary reminders to do that.
If you are going to change your Policy in respect of this, add a note or an Addendum Policy to confirm the change of Policy, stating whether it is a permanent or temporary change. It is also worth specifying which types of work you will not allow it for.
If you would like more information on electronic verification and how it works, take a look at Shazias blog which provides some useful information https://www.tealcompliance.com/single-post/2020/02/02/The-benefits-of-Electronic-Verification.
If you require any further guidance, please contact us. We are currently offering our Ask Teal service to law firms for free for the rest of March. To book in just drop us an email at email@example.com