Non-Face-to-Face Customer Due Diligence Measures
The Cayman Monetary Regulatory Authority International (“the Authority”) has recently (August 2023) updated its Guidance Notes on the Prevention and Detection of Money Laundering, Terrorist Financing, and Proliferation Financing in the Cayman Islands (“Guidance Notes”) to include provisions for electronic Know Your Customer (e-KYC) processes and remote customer due diligence (CDD). This Supervisory Circular provides an overview of these amendments and highlights key updates to the Guidance Notes.
Background
The Authority has received numerous inquiries from financial service providers (FSPs) regarding the permissibility of technological solutions for remote or virtual onboarding and ongoing CDD. The Cmrai AML/CFT/CPF supervisory framework allows for such solutions, but they must align with the Authority’s risk-based approach to customer due diligence and identity verification.
Under Section 12(1)(a) of the Anti-Money Laundering Regulations, 2023, and Section 4 A 3 (1) of the Guidance Notes, customer identity verification must be conducted using ‘reliable, independent source documents, data, or information.’ Although the Authority maintains a technology-neutral regulatory approach, these updates to the Guidance Notes specifically address the use of remote/virtual onboarding and non-face-to-face verification processes.
Key Changes to the Guidance Notes
The main changes introduced in the updated Guidance Notes include, but are not limited to, the following:
Definitions
- Remote onboarding refers to establishing new business relationships using technology and non-face-to-face methods where the customer is not physically present (Section 3 B 7).
- E-KYC refers to the electronic process of verifying a customer’s identity (Section 3 D 13).
- Video conferencing is defined as a live audio and visual communication method between remote parties, but it is not considered a face-to-face interaction (Section 3 D 15).
- Non-face-to-face business relationships refer to business relationships or transactions established where the customer is not physically present (Section 4 D 18(2)).
Risk Assessment
- FSPs must assess the money laundering and terrorist financing risks (ML/TF) related to remote onboarding and ongoing monitoring (Section 3 B 7 2(d)).
- Customer identification and verification methods must be aligned with the FSP’s risk assessment. Decisions to use e-KYC and digital ID technologies should be based on assessed risks, considering tiered CDD approaches when applicable (Section 3 C 7).
- For higher-risk customers, products, or jurisdictions, FSPs must apply additional verification measures (Section 3 C 8).
- FSPs may choose to revert to face-to-face interactions or review original certified documents when higher risks are identified (Section 3 C 8).
- FSPs must conduct formal risk assessments of any new e-KYC or digital ID technology being used (Section 3 D 13-17).
Policies and Procedures
- FSPs must implement robust, documented policies and procedures to manage the use of digital ID technology for CDD. These should include:
- A tiered CDD approach that incorporates various levels of technology-based assurance.
- Policies for secure electronic collection and retention of records.
- Processes for enabling authorities to access underlying identity information for verification purposes.
- Anti-fraud and cybersecurity measures to support e-KYC and digital ID authentication efforts.
- Back-up plans in case of technological failures.
- Risk indicators that prompt additional verification procedures or a return to face-to-face onboarding.
- Ongoing reviews of the effectiveness of systems and processes.
Customer Due Diligence (CDD) for Legal Persons and Arrangements
- FSPs may use publicly available sources, such as company registries, to verify the identity of corporate legal persons (Section 4 A 16(d)).
Video Conferencing and "Selfie Documents"
- Video conferencing can be used to onboard customers who are corporate legal persons or legal arrangements (e.g., trusts) to verify key individuals such as directors, ultimate beneficial owners, or trustees (Section 4 A 17).
- If official documents presented during video conferencing cannot be verified due to unavailability of public sources, alternative measures, such as certified true copies, may be required (Section 4 A 18).
- "Selfie documents" should clearly display the customer holding the identity document, and a scanned copy of the document should also be provided for verification (Section 4 B 19).
Simplified Due Diligence
In cases of low ML/TF risk, FSPs may consider lower assurance levels of e-KYC and digital ID systems to be sufficient for simplified due diligence (Section 5 A 6).
Record Keeping
FSPs must ensure that records obtained through digital ID systems and e-KYC procedures are readily accessible and can be made available to competent authorities upon request (Section 8 A 3).
The Authority encourages the responsible use of remote onboarding and e-KYC technologies by FSPs to mitigate ML/TF/PF risks. However, FSPs must carefully assess the risks associated with such technologies and ensure that these risks are effectively managed. In some cases, based on their risk assessments, FSPs may decide that remote onboarding is not suitable for their business model.
For further inquiries, please email: [email protected]