The Scope of Online Identity Verification from a Technological and Regulatory Perspective


  1. Scope and Industry Requirements
  2. Types of Online Verification Methods
  3. Face Recognition vs. Face Comparison Technology
  4. Global Identity Verification Regulations and Standards
  5. Similarities With Other Products (CIP, CDD, EDD)
  6. Identity Verification – Red-flag Checks
  7. FATF Guidelines on ‘Non-Face-to-Face Onboarding


Scope and Industry Requirements

Identity Verification to fight financial crime and limit fraud – As part of AML/CFT regulations, Online Identity Verification has evolved significantly over time. Whether healthcare, travel, insurance, fintech, or cryptocurrency, today’s industries would require identity verification services to verify their businesses and customers.

With remote culture on the rise, the global RegTech industry is racing to bring well-designed Identity Verification software to the know-your-customer (KYC) and know-your-business (KYB) market niches. When we speak of substantiating an identity, the initial impression is that of biometric verification for face recognition. Biometric face recognition techniques run checks to ascertain a person is indeed the person he claims to be. The idea is to confirm the government-issued IDs to distinguish the real from the fraud. From the commercial point of view, whether it’s insurance, lending, or account opening in banks or other payment institutions, the faster the remote onboarding process, the higher the client acquisition and retention rates.


Types of Online Verification Methods

After Biometric face recognition, the next comes the document ID proof that banks, fintech, and government agencies use to evidence crucial agreements, asset papers, financial statements,

DocuSign, etc. Other more commonly used identity verifications are –

  1. Users sign up to their accounts, and answer security questions (Knowledge-based authentication or KBA);
  2. Users validate tokens (Two-factor-authentication aka 2FA);
  3. The Credit Bureau-Based Authentication (CBA), wherein the information is pulled from the identity data stored with the credit bureaus; people with no credit history, new immigrants, etc. are excluded;
  4. The Database ID method uses online and offline databases to identify and assess individual risks, but this method cannot prevent identity theft owing to the proliferation of fake identities.

Scope of Online Identity Verification from a Technological and Regulatory Perspective

Face Recognition vs. Face Comparison Technology

It’s important not to confuse Facial Recognition with Facial Comparison technology. Facial Recognition technology ensures that a real-time image has no match rate with the crime datasets; this is an important aspect of AML/KYC compliance standards. Liveness detection is an integral part of real-time facial recognition to decipher falsified records, masks, pictures, etc. Advanced real-time face recognition systems with inbuilt cameras and slick user interfaces are in vogue. But, even such technologies with AI/ML algorithms need to corroborate their level of accuracy.

Face Comparison, on the other hand, determines the biometrics of a real-time face in conjunction with the pre-verified government IDs of the person.


Global Identity Verification Regulations and Standards

There are various regulations revolving around individual and business Identity Verification. Each nation sets its standards, and member nations follow common international standards for international cooperation on AML-CFT measures. Some of the dominant Identity Verification standards are as follows –

eIDAS — Adopted on 23rd July 2014, eIDAS is a revolutionary guideline for digital identification and electronic signature in Europe. It brings the ease of doing business within the EU; eIDAS stands for electronic IDentification, Authentication, and Trust Services. It homogenizes digital identification across Europe to help businesses acquire customers remotely. The rule also brings the concept of remote video identification to meet eIDAS compliances. The EU is eventually shaping up as a ‘Digital Single Market’ after integrating Anti-Money Laundering (AML) with the eIDAS regulations.

5AMLD – The 5th European Directive on Money Laundering 2015 was set up to address the EU’s AML-CFT legal and technical compliance issues.
The 5th AMLD on AML and KYC compliance aims at digital finances, cryptocurrencies, prepaid cards, wallets, and gambling services. Video-based identification and biometric authentication for face-to-face recognition are much emphasized here. To bring more transparency in fighting ML-TF, the 5AMLD –

  • talks about accurate Identity Verification data protection of natural and legal persons,
  • mandates precise customer beneficial ownership records by the obligated firms,
  • puts crypto exchanges and crypto wallets under the ambit of financial institutions, asking them to follow similar AML-CFT norms. The directive gives FIUs the right to retrieve KYC documents of the crypto users from the exchanges and wallet providers,
  • calls for enhanced due diligence measures for trade with high-risk countries, failing which the requisite institutes are subject to risk penalties,
  • needs compulsory KYC checks for prepaid cards crossing €150 for physical and €50 for remote payments,
  • advises its members to maintain a clear PEP enlisted individuals, offices, and international organizations.

EU’s 6AMLD 2020 focuses more on penalizing the ML-TF accomplices; the regulation has widened its scope to include cybercriminal and environmental offenders and money-laundering conniving legal entities.

The USA Bank Secrecy Act (BSA) and PATRIOT Act – In the U.S., the Financial Crimes Enforcement Network (FinCEN) is mostly responsible for implementing BSA and PATRIOT Act regulations on identity verifications and due diligence. The FinCEN collects and monitors data from over 27,000 financial institutions. FinCEN also regulates the KYC, KYB, and KYT standards for customer onboarding and monitoring in banks and other obligated financial institutions.

In the wake of surging global terrorist attacks, the 2020 U.S. Anti-Money Laundering Act (AMLA) calls for beneficial-ownership verifications as an integral part of the customer due diligence for individual and business identity authentication across the United States.

In the U.S., the Office of Foreign Assets and Control (OFAC) defines individual, trade, and political sanctions to protect the nation against AML-CFT threats. In addition, regarding cryptocurrencies, the U.S. financial authorities, FinCEN, and OFAC root for FATF’s Travel Rule on VASPs and crypto exchanges for tracking and verifying anonymous and cross-border crypto transactions.


Similarities With Other Products (CIP, CDD, EDD)

Know Your Customer (KYC) in the US PATRIOT Act encapsulates the following –

Customer Identification Program (CIP) – Verifies customers using a government-issued ID document; also known as Know Your Customer (KYC).

Customer Due Diligence (CDD) – Assesses customer risk levels for protection against terrorists and law offenders.

Enhanced Due Diligence (EDD) – Detects customer suspicious behavior and deeply analyzes high-risk customer activities.

Continuous Monitoring – Ongoing monitoring of customer activities and finding out suspicious patterns in activity or transactions.


Identity Verification – Red-flag Checks

There are various provisions to verify false, stolen, high-risk business and individual identities. Potential red flag investigations under relevant individual/country sanctions, PEP, and adverse media listings —

Sanctions List

There are national and global sanction governing bodies like OFAC in the US, Financial Conduct Authority in the UK, FATF greylist and blacklists, plus EU Directive’s AMLD. Additionally, there are trade, economic, political, individual, organizational, and community sanctions at all levels. Sanction lists run-check the identity to assess the identified risks and possible ML-FT threats, including potential arm proliferation, terrorism financing, or drug trafficking rackets.

PEP List

Political Exposed Person (PEP) lists include powerful individuals, close associates, and family members; moreover, influential offices and organizations also fall under the PEPs ambit. It’s essential for financial and other obligated institutions to countercheck any possible
money laundering red flag with PEP list screening. Any financial crime, large-scale bribery, or corruption rows could be averted with effective PEP checks. PEPs are subject to enhanced due diligence because of their high-level allegiances toward the political and corporate world.

Adverse Media

Adverse media search plays an effective role in flagging high-risk customers. The research involves finding negative media records and crime data of individuals or organizations. For example, there are adverse media tools to unearth financial fraud, violence, narcotics, e-crime, law misconduct, trafficking, sexual misconduct, civil crime, and other legal offense records. These records could be electronic media, newspaper articles, renowned blogs, government publications, etc.


FATF Guidelines on ‘Non-Face-to-Face Onboarding

FATF recommends sophisticated biometric and document verification technology for digital customer onboarding. In addition, in its ‘Guidance on Digital Identity, FATF propagates the importance of individual online verification for safer digital financial transactions.

FATF Recommendation 10th on Customer Due Diligence (CDD) is the foundation of this guideline. Digital Identity Verification is vulnerable to security breaches, and FATF advises financial institutions to opt for a risk-based, sufficiently reliable approach while confirming online identity. FATF doesn’t rule out third-party reliance on regulated entities for secure onboarding of customers. The benefits of FATF’s Guidance on Digital Identity.

  • It promotes no-contact account opening in times of global pandemic, thus controlling physical human interactions at banks and other institutional branches.
  • It sponsors financial inclusion opportunities for the world’s unbanked and underbanked.
  • It empowers the concept of a secure digital customer journey with an end-to-end digital
  • As part of Digital ID Verification, the guideline roots for techniques like credentials authentication, auditable electronic signatures, eco-sign, etc., for improved customer experiences while maintaining security and regulatory compliances.

One digital identity concept for all financial products and services prospectively results in 90 percent onboarding cost reduction for financial institutions and other obligated entities.

Tony Raval
Tony Raval

Tony Raval brings more than 15 years of leadership in data technology as the Founder and CEO of IDMERIT, headquartered in Carlsbad, California. He leads an executive team including top data tech veterans to execute on his passion of creating a global data universe generating true and trusted intelligence. IDMERIT’s competitive success has come from the company’s ability to perform cross-border transactions, for which Tony and his team have developed a meticulous process and progressive technology. The company was launched as the result of a highly effective engagement with a leading global financial institution, whereby the company was uniquely able to triangulate multiple elements to create a comprehensive, and yet, frictionless experience. Tony has provided data intelligence to companies such as Google, SalesForce, and HP as well as clients across financial, government and other sectors seeking a superior partner in compliance and mitigating risk. He holds a Master’s Degree in computer engineering and data sciences, is an active member of the Entrepreneurs Organization San Diego and dedicated mentor to new entrepreneurs in EO’s Accelerator Program, enjoys meditation and running, and he and his wife Sonal recently celebrated their three-year-old son's birthday.

Get Notified about Industry Updates