Bank Negara Malaysia (‘BNM’) is seeking written feedback on the exposure draft of a policy document, Electronic Know-Your-Customer (e-KYC) (‘Proposed Policy Document’), issued on 16 December 2019.
The Proposed Policy Document will apply to each of the following entities (‘Financial Institution’) which proposes to implement electronic Know-Your-Customer (‘e-KYC’) solutions for on-boarding of customers who are individuals –
- licensed bank;
- licensed investment bank;
- licensed Islamic bank;
- licensed life insurer;
- licensed family takaful operator;
- prescribed development financial institution;
- licensed money-changing operator;
- licensed remittance service provider; and
- approved non-bank issuer of designated payment instruments and designated Islamic payment instruments.
Among the requirements set out in the Proposed Policy Document are the following –
- A requirement for a Financial Institution to obtain its board approval before implementing e-KYC for each type of financial product;
- The board is to set and ensure the effective implementation of appropriate policies and procedures to address any risks associated with the implementation of e-KYC (including operational, information technology and money laundering and terrorism financing risks);
- The requirement to adopt an appropriate combination of authentication factors to verify the identity of a customer being on-boarded;
- Where artificial intelligence, machine learning and other forms of predictive algorithms are used to verify a customer’s identity, a Financial Institution must ensure that the e-KYC solution is capable of accurately distinguishing between genuine and non-genuine cases of customer on-boarding; for this purpose, BNM has proposed a formula to be applied to determine False Acceptance Rates (FAR) and provided considerations and parameters to be observed by a Financial Institution in Appendix 1 of the Proposed Policy Document;
- Additional procedures are set out in Appendix 2 of the Proposed Policy Document for on-boarding of customers for current account and savings account due to the higher risks that may arise from inaccurate identification of such customers;
- To monitor the effectiveness and accuracy of e-KYC solutions that use artificial intelligence, machine learning and other forms of predictive algorithms, a Financial Institution that uses such solutions is required to submit half-yearly records to BNM in the template set out in Appendix 3 of the Proposed Policy Document;
- A licensed person under the Financial Services Act 2013 or the Islamic Financial Services Act 2013 (i.e. a licensed bank, licensed investment bank, licensed insurer, licensed Islamic bank, licensed international Islamic bank, licensed takaful operator, licensed international takaful operator) and a prescribed development financial institution under the Development Financial Institutions Act 2002 may proceed to implement e-KYC upon submission to BNM of the documents set out in Appendix 4 of the Proposed Policy Document and utilise e-KYC after 14 working days from receipt by the relevant departments of BNM of the complete submission of the information listed in Appendix 4 (“file-and-use” system).
- A Financial Institution other than a licensed person or a prescribed development financial institution is required to obtain the written approval of BNM before implementing e-KYC.
The deadline for submission of feedback to BNM is 17 February 2020.