Supervisors of the Anti-Money Laundering and Countering Financing of Terrorism Act (AML/CFT Act) have published a guideline which replaces the Amended Identity Verification Code of Practice – Explanatory Note (the Code) issued in December 2017.

The guideline provides further clarification to reporting entities on how they can use biometrics as a single source in the Electronic Identity Verification (EIV) process.

It is still possible to use two independent matching sources, but there is a new caveat.

Complying with EIV under the Code

To achieve EIV compliance, two components must be satisfied:

  • Confirmation of identity information via an electronic source(s); and
  • Matching the person you are dealing with remotely to the identity that they are claiming, i.e. – are they the same person.

There are now two ways this can be done:

1. Using a single independent source – Biometric Identity Verification

illion’s Optical Character Recognition (OCR) system links with illion greenID to quickly validate a driving licence and/or passport with an applicant’s biometric image, as shown below.

2. Using two reliable and independent matching sources (but with a new caveat)

The guideline states that these two electronic sources must be:

  • Reliable, and
  • Independent, and
  • Match each other.

These sources are split into primary:

  • DIA (Passport)
  • NZTA (Driving License)

And secondary:

  • Credit Bureaus
  • Companies Office
  • Land Registry (LINZ)
  • Vehicle registration (NZTA)

It is now a requirement that a primary matching source is used. illion supports this and provides validation against all of these data sources.

Finally, the new caveat:
Where two matching reliable and independent electronic sources are used, a reporting entity must still have regard to whether the electronic sources include a mechanism to determine if the customer can be linked to the claimed identity (whether biometrically or otherwise). None of the electronic sources listed … above incorporate such a mechanism.

One of the options provided in the guideline is:
Require the first credit into the customer’s account or facility to be received from an account/facility held at a New Zealand registered bank in the customer’s name that cannot be altered or changed.

Preventing fraud exposure while providing a seamless customer experience

illion can protect your business from identity theft, customer, invoice and supplier fraud whether you use single-source or two-source ID verification in your process.

Our streamlined ID, credit card and bank account verification systems can retrieve data from the 25 New Zealand registered banks, enabling you to achieve compliance with the Code while still providing a fast and seamless customer experience.