14 April 2020

Electronic verification for Guernsey firms in the face of isolation

In the last few weeks, we have received a number of urgent instructions as a result of the unprecedented impact of the coronavirus (COVID-19) situation.

These instructions range from:

  • heightened risks facing Guernsey directors that a company’s solvency may be brought into question and the risks that presents;
  • compliance with economic substance requirements during the ‘Lockdown’ period imposed by the States of Guernsey (the Lockdown) (as well as all neighbouring jurisdictions); and
  • Guernsey licensees’ anti-money laundering (AML) and counter financing of terrorism (CFT) obligations.

This briefing focuses on main issues that we are seeing.

Guernsey firms will be acutely aware of the recent changes to Guernsey regulatory framework as imposed by the new Handbook on Countering Financial Crime and Terrorist Financing (the Handbook) and the revised legislation (the new Schedule 3 to the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Law, 1999 (Schedule 3). Together, the Handbook and Schedule 3 inter alia, provide the framework for requirements that firms must meet when verifying customers and managing on-going relationships.

We are aware that prior to the Lockdown a number of firms in Guernsey continued to verify individuals on a face-to-face basis by meeting with the individuals in person. Alternatively, those firms were relying on copies of identification documents that had been certified by a trusted third party.

However, in light of the Lockdown, those firms may adapt their verification policies and procedures to ensure that the continuing AML/CFT obligations are being met.

Electronic verification

Chapter five of the Handbook allows a firm to utilise electronic verification to verify, in whole or in part, a customer’s identification and/or address. The firm must be satisfied as to the validity and veracity of the identification data used to verify the identity of a natural person. One such example of electronic verification is the use of video calls with the customer. By way of example, it is possible for the firm to conduct a video call with the customer during which still images of the customer alongside their identity and address documents will be taken.

Chapter six of the Handbook prescribes that when a firm adopts a system providing for the electronic verification of an individual, it must assess the veracity of the controls inherent within the system in order to determine whether the firm can place reliance on the results produced, or if additional steps are necessary to complement the existing controls.

As with AML and CFT generally, firms are not faced with prescribed rules as to how to satisfy themselves in respect of identification and verification of an individual, their source of funds or source of wealth. It is a matter for the business to address and adopt an approach having factored in the risk of a specific client and the relationship generally.

Whilst any advice in respect of customer due diligence will be firm-specific, in our opinion firms can rely on utilising video calls to verify customers that have been classified as low or medium risk relationships provided, they follow the steps below and any others that may be relevant to their business and/or the customer. What is immediately clear however is that firms must not adopt video verification where there are AML or CFT suspicions. The aforementioned steps that can mitigate risks are:

  • firms should ensure that the video calls are attached to numbers or email addresses linked to that specific customer;
  • firms should document the change in policy and minute that in acknowledgement of the change in landscape due to COVID-19 and the Lockdown, it has been necessary to change the approach for certain client relationships;
  • if the change in policy is temporary, firms should document how the verification process will be amended, and updated, once the Lockdown is concluded;
  • firms must be aware that it is possible an individual could be impersonating another natural person. That is unlikely if the resolution of the video call is good however to further mitigate against it, firms can use other tools, such as internet searches, to collaborate the verification of the identification of the customer; and
  • firms should keep records of which officer of the firm carried out the verification, the date and time of the video call and the address location of the individual.

Other considerations

In addition to the above, firms need to consider what effect, if any, a change in policy may have to other regulatory requirements. One such example is a firm’s privacy policy and the need to notify a customer if the firm is collecting imagery of the customer and retaining it for AML/CFT requirements. The privacy policy will also need to notify the customer if that data is to be shared with a wider group or third parties.

Summary

The Lockdown has not led to change in the AML/CFT requirements facing Guernsey firms. However, it has forced certain firms to utilise methods of verification that they may be unfamiliar with – electronic verification being one such example. To clarify, electronic verification has always been available to Guernsey firms, if appropriate for the individual relationship when considered against the firm’s risk analysis. However, it is vitally important that firms recognise the possible risks associated with electronic verification and take all steps to both meet the Guernsey AML/CFT requirements and mitigate against those specific risks.

Clearly what is normal practice and what risk-based approach is adopted during the Lockdown potentially leads to electronic verification being utilised is one thing. The interesting question will come when the Lockdown is over – will electronic verification continue to be adopted by firms as normal practice and how will the Commission view that?

Our people