Digital On-Boarding, The New Era…
Digital connectivity has redefined all aspects of our lives and this applies to a very large extent to the financial sector. Financial service organizations can utilize the emerging technology as well as the changing regulatory landscape to digitize their products and services, not only to provide their clients with faster, 24/7 service, but also as a tool to fight against fraud and financial crime.
The legal and regulatory framework both at EU and local level now allows financial service organizations in Cyprus to offer their clients the option to on-board and commence a business relationship digitally, a much-needed development, given also the restrictions in movement caused by the COVID crisis.
The 5th EU AML Directive, issued in 2018, introduced the option to identify customers and verify their identity through the use of electronic identification means and relevant trust services, as set out in the eIDAS regulation, or any other electronic identification process regulated, recognised, approved or accepted by the relevant national authorities. This provision was recently transposed into the Cyprus AML Law issued in March 2021, however, the relevant Cyprus authority to provide assurance has yet to be named.
Local regulators are expected to issue guidelines to obliged entities to assist them in implementing the relevant provision in the Law, albeit CySEC already issued a consultation paper even before the relevant transposition in the Law took place.
Until such guidelines are issued, financial service organizations eager to introduce electronic identification processes may use guidance already issued by the FATF and the EU (Joint Opinion by the European Supervisory Authorities), in order to perform proper risk assessment of the adequacy of CDD measures and controls in place, where innovative solutions are used.
The regulatory framework issued by authorities in other EU countries could also be utilised. Bank of Greece, for example, issued a relevant framework whose provisions are pretty much in line with those in place in most EU Member States.
This framework allows two digital on boarding methods: (a) by video conference with a trained agent, or (b) an automated procedure via a dynamic selfie, subject to additional safeguard measures. Identification types that are acceptable are the ones included in the Public Register of Authentic Travel and Identity Documents Online (PRADO) and which bear: (a) photograph and signature of holder; (b) a machine-readable zone (MRZ); and (c) two additional advanced visual security features among those specified in PRADO. Most notably international passports incorporate such enhanced security features. Obliged entities should perform a thorough risk assessment of the process having regard to the Joint Opinion of the European Supervisory Authorities mentioned above, which should be approved by their BoD. Audits should be carried out both by internal and external auditors to verify the suitability, adequacy and reliability of the remote electronic identification process and the technological solution used.
Financial services organizations could greatly benefit from the use of digital on-boarding methods, and this applies to small firms as well who can purchase this service from larger organizations who have the capacity, the funds and the know-how to apply it.
With the necessary controls in place, such solutions offer fast, reliable digital identity verifications screening, transcend geographies, boost operational efficiency and remove the human factor error. They also optimize compliance models, improve risk mitigation and protect customers from identity fraud. Finally, less reliance can be placed on the chain of business associates on whom currently many financial service organizations in Cyprus depend on to on-board clients from abroad.
Bank of Cyprus is the first financial institution in the region to introduce this service to its clients.
By Niki Charilaou, Financial Crime & Sanctions Compliance Department, Bank of Cyprus
 Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market