The digitisation of processes is a core issue for the Swiss financial industry. To create and elaborate the necessary regulatory framework, in December 2015 FINMA issued a draft circular governing the video and online identification of clients. In our first blog at the beginning of February we presented the draft FINMA circular on video and online identification.
Broadly speaking, the authors of the opinions support the goals of the video and online identification circular and welcome the possibility of digital identification. At the same time, however, they also voiced constructive criticism and came up with various suggestions for improving the draft circular.
Various opinions pointed out that in some areas the benchmark has been set higher for digital identification than for the conventional onboarding process based on inperson identification or identification by post. This is not the first time from a legal and regulatory point of view that more stringent requirements have been imposed on digital procedures. The explanation lies in the risks and potential damage, which are different for conventional processes. The risk of systematic errors is generally greater for electronic processes than for conventional channels.
However, a particular area called into question by the authors of opinions is that of additional requirements, for example the requirement under the identification process that money be transferred from another account or bank. The authors fear that additional stipulations like this could complicate the process unnecessarily and thus make it more difficult to establish video and online identification.
Another aspect of the draft circular that has received criticism is that the way the requirements are formulated is not sufficiently technology neutral. Although FINMA stressed technology neutrality in presenting the new circular, this promise does not seem to have been completely met, given the identification documents required from contracting parties of financial intermediaries. For example, according to the draft circular, only official identification documents bearing optical security features may be used. This might mean that the circular would fail to cover future technological developments in identification documents. Technology neutrality is also lacking in terms of the procedure to be used by financial intermediaries. For instance, the draft rules require the issuance of a TAN1 number, meaning that any potentially better identification processes or more secure procedures that may emerge in the future are not permitted.
However, so far the published opinions show no signs of rejecting video and online identification per se as an alternative to in-person or postal identification. The basic procedure (video, photo, questions) is also not called into question.
We believe there will be further challenges when it comes to implementing the rules in accordance with the draft circular, challenges that were hardly touched on in the course of the consultation. For example, financial intermediaries will have to assure adequate video, sound and image quality, and archived documentary proof will have to give sufficient information on compliance with the relevant due diligence requirements. Added to this, questions are bound to be raised when it comes to implementing the rules on questions and ‘behavioural and psychological observations’ expected from financial intermediaries during identification to recognise false statements and suspicious behaviour.
Regardless of the concrete requirements formulated in this circular, financial intermediaries subject to FINMA supervision (such as banks, securities dealers and insurance companies) wishing to implement a solution of this sort will have to comply with the following in addition to the relevant anti-money-laundering requirements:
- Secure archiving and documentation requirements
Under the terms of the Anti-Money Laundering Ordinance, companies have to gather documents relevant to that same ordinance and make transactions traceable. The related documents must be archived in a secure and constantly accessible location in Switzerland. In the case of electronic storage, these documents have to be stored in accordance with the relevant provisions of the ordinance on the maintenance and preservation of business records (GeBüV) and migrated if necessary.
- Data privacy
Clients of financial intermediaries must be given transparent information on the personal data gathered on them, and their permission must be obtained for video and voice recordings. Financial intermediaries also have to make sure that data processing is proportionate, and that only the most necessary data are gathered.
- Data security
Systems and data must be secure and protected from unauthorised access and manipulation. These measures are in the financial intermediary’s own interest, but are also required by GeBüV and under data privacy law.
It’s hard to tell at the moment how far FINMA will respond in the final circular to the feedback submitted during the consultation phase. But we expect the demands for technology neutrality to play a key role. Publication of the final circular is still planned for March 2016. We’ll be keeping you up to speed on developments.