About the Communique on Remote ID Verification by the Financial Crimes Investigation Board
The Ministry of Treasury and Finance has announced the GENERAL COMMUNIQUE OF the FINANCIAL CRIMES INVESTIGATION BOARD(NO:19) (“Communique”) related to remote ID verification methods. We, hereby present its articles that ensure the security of remote id verification systems to your attention.
General Principles of Remote ID verification could be summarized as follows:
- Information that is required in face-to-face ID verification is also required fully in remote ID verification. Identities and addresses are confirmed within the ID share system of the General Directorate of Population and Citizenship Affairs of Ministry of Interior Affairs.
- Sample sign is not included within compulsory information.
- Remote ID Verification is concluded before constant business relations are settled. Constant business relation is ensured by macroprudential measures decided by a risk-based approach.
- The information needed for identity verification and risk assessment could be delivered in digital forms via channels such as websites, internet branches, or mobile applications.
- All records taken throughout these procedures shall be retained in a way considered feasible to present when demanded by the authority.
Macroprudential measures could be summarized as follows:
- Risk assessment of the applicant,
- Aim and nature of business relation; sources of the funds and assets that belong to the customer, overall revenue, approximate amount, and volume of the monthly transaction are also collected beside identity information.
- In case the first process happens face-to-face after a business relation that has been settled by remote-id verification, the identification will be managed according to Anti-Money Laundering and Counter-Terrorism Financing Regulation Art. 6, and a sample sign will be obtained.
- Here are the measures to be applied proportionally against the risk that is detected as a result of a risk-based approach for financial institutions and particular businesses and professions not being financial institutions:
- Obtaining additional information about the client; retaining accurate and actual information about the real beneficiary
- Approval from the executive before engaging in business relations or before any process
- Appropriate and effective measures including limitation of amount and value of transaction
Remote identity verification systems, finally, are going to be applied safely from the date of the 1st of May 2021 by the interested sectors after these necessary secondary legislations have been adopted.
A few contents that may be of interest to you; GDPR Fine-About Failure To Conduct A DPIA For A Training App