Strengthening AML/CTF Framework with Effective Client Due Diligence and Measurable Metrics

Client Due Diligence (CDD) is the cornerstone of robust customer identification programs, forming a critical layer in the Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) framework. By ensuring compliance with regulatory requirements and safeguarding the integrity of financial systems, CDD acts as the first line of defence against illicit activities. But what constitutes an individual’s identity, and how can it be reliably verified?

 The Joint Money Laundering Steering Group (JMLSG) outlines several key aspects that define an individual’s identity: to prove he is who he says he is:

1.       Name (Which may change)

2.       Date of Birth

3.       Nationality (Which may Change)

4.       Address (Which may change)

However, identifying a person goes beyond collecting these details. Under UK MLR 2017 Regulation 28, institutions must verify the gathered information through independent and reliable sources. This highlights the importance of maintaining a high standard for evidence used in identity verification.

This information can be verified against paper documents or via information issued by a reliable source independent of the customer.

Acceptable Documents

Verification documents must be both current and authoritative:

Proof of Name:

Current signed passport

EEA member state identity card

Current UK driving license

Proof of Address:

Utility bill (issued within the last three months)

Current council tax bill

Recent bank or building society statement

Mortgage statement issued for the last full year

Independent Verification Sources

Credit Reference Agencies: Provide insights into credit history and banking relationships.

Government Databases: e.g., Driver and Vehicle Licensing Agency (DVLA).

Electoral Roll: Useful for address verification.

Utility Companies: Validate current residence through recent billing records.

For remote onboarding, electronic identity verification (EIDV) often employs the 2+2 Match Criterion—where two criteria (e.g., Name, Address OR DOB) must match across two independent datasets such as credit files and electoral rolls. Although this method is effective, regulators encourage its integration with advanced biometric validation for enhanced security. However, educating customers is vital for maintaining security and compliance. Financial institutions should:

• Inform Customers: About the importance of providing accurate information and the risks of identity fraud.

• Provide Guidelines: On how to protect their identities, such as safeguarding personal documents and being cautious with sharing information online.

• Raise Awareness: About common fraud schemes and how to recognize potential threats.

• Offer Support: Through customer service channels to assist with any verification issues or concerns.

Biometric validation adds another layer of security by verifying physical presence during onboarding. Using advanced algorithms, institutions can match uploaded photographs with liveness tests, such as:

Facial feature recognition (matching ID photo with a live selfie/video).

Analysis of motion, skin texture, light reflection, and 3D depth via specific user actions.

The advanced algorithm extracts facial features and other details from the ID photo and the facial recognition technology the compares the Photo ID with the selfie/video, matching facial landmarks to ensure they belong to same person. It also, analyses motion, skin texture, light reflection and 3d depth etc by the specific actions user is asked to perform during liveness testing to confirm the presence of a live person.

However, with the rise of Generative AI (GenAI), such methods must evolve. As FINCEN has recently flagged, deepfake media can now bypass traditional controls, posing a significant threat to financial security. In this ever-changing landscape it is difficult to strike a balance between the customers need for convenience of remote banking and security. With the recent PSR of compulsory reimbursement, greater reliance and responsibilities are being placed with the financial institutions to keep their customers financial wellbeing safe.  

To counter these challenges, institutions must adopt additional measures, including:

Geotagging: Validating the physical location of a biometric test against the registered address.

Bot and Emulator Detection: Identifying non-human behavior during verification.

User Behavior Analysis: Leveraging patterns in user interaction to identify anomalies.

One thing becomes clear current mechanisms we rely for verification like selfie checks or liveness detection are not only a must but would need to continue to evolve with additional controls. Systems would not be able to work in SILOS A unified approach—where systems communicate and data from various sources is interpreted collectively—is vital for enhancing the AML/CTF framework’s resilience. what are your views or suggestions for combating emerging threats like GenAI-enabled fraud to enhance customer safety