《Sumsub：2024“Non-Doc”（非文件）驗證合規及用例指南：適用性及運作機制詳解（英文版）（45頁）.pdf》由會員分享，可在線閱讀，更多相關《Sumsub：2024“Non-Doc”（非文件）驗證合規及用例指南：適用性及運作機制詳解（英文版）（45頁）.pdf（45頁珍藏版）》請在三個皮匠報告上搜索。

1、CPF039.242.524-09LivenessPassedNon-DocVerificationGuide to compliance and use cases02/45ContentsLiveness checkTurn your head slowly in a circle following the green indicator1.Introduction032.What is Non-Doc Verification?053.Ensuring compliance:Regulations by region073.1.APAC083.2.Europe153.3.LATAM20

2、3.4.Middle East&Africa233.5.North America274.Onboarding users via Non-Doc Verification304.1.How Sumsub helps meet regulatory requirements304.2.Non-Doc Verification methods and coverage325.Why switch to Non-Doc Verification in 2024416.Use cases for Non-Doc Verification43IntroductionIn todays evolving

3、 landscape,document-based verification methods have limitations,including fraud vulnerability and inconsistent standards.Companies are instead seeking streamlined onboarding solutions that result in a better user experience and higher pass rates.Document-free verification methods have therefore gain

4、ed popularity globally.Still,there may be hesitation towards document-free methods dueto a traditional reliance on document-based procedures.However,this is a matter of user habit,rather than a regulatory obstacle.In fact,AML legislation(FATF Recommendation 10)doesnot limit verification to document-

5、based methods,creating an openingfor non-documentary verification.The digitalization of the financial industry has spurred the adoption of document-free verification.For example,document-free procedures are now accepted for Customer Identification Programs(CIP)in the US financial sector,complying wi

6、th regulations outlined by the Bank Security Act(BSA).In the gaming industry,FinCEN has granted regulatory relief to casinos,allowing non-documentary identification verification.In certain African countries like South Africa,Kenya,and Nigeria,document-free verification methods prove invaluable in co

7、untering rampant document fraud and addressing the challenges posedby poor-quality documents and images.04/45IntroductionAs document-free verification gained global popularity,Sumsub developed its own Non-Doc Verification solution.To demonstrate the full compliance of the solution with global regula

8、tory standards,FINTRAIL,an independent financial crime consultancy,carried out an audit of the product offering.FINTRAILs findings conclude that Sumsubs Non-Documentary Identity Verification product meets compliance requirements across multiple jurisdictions.In this guide,youll learn about:?How Non-

9、Doc Verification works?Which countries consider document-free verificationto be compliant,and what are the results of the FINTRAIL audi?How to apply Non-Doc Verificatio?How document-based verification compares with non-documentary alternativesFINTRAILs summary of findings:FINTRAIL has conducted a re

10、gulatory-led audit of Sumsubs non-documentary identity verification product,and has reviewed local regulation and guidance in the markets where non-documentary identity verification is permissible to confirm the solutions deployed by Sumsub are compliant with local regulations and guidance.Sumsub ha

11、s demonstrated a thorough understanding of the regulatory requirements its clients must adhere to and a strong commitment to ensuring that its non-documentary identity verification product is both fit for purpose and fully compliant with regulations.What is Non-Doc Verification?Sumsubs Non-Doc Verif

12、ication solution enables verifying customer identities without requesting their IDs.This method is based on customer data verification through government databases and external data sources.Non-Doc Verification entails the following:1The user submits identity data(e.g.,ID number and dateof birth)or

13、logs into their bank account.In most cases,the user passes a Liveness check or a device authentication;2The collected data is automatically compared against oneor several secure external sources and enriched with information found there.The flow may vary slightly depending on the country06/45What is

14、 Non-Doc Verification?Non-Doc Verification flowStep 1The user enters their identity data,or logs into their online bank account and shares selected dataYour bankHello John Snow!Login to confirm your identityfor data sharing.LoginProvide your dataFill out the required fieldsto pass verificationEnter

15、your AADHAAR to receive a verification codeAADHAAR 1467-2357-4585Send verification codeStep 2When required,the user undergoes a Liveness checkand/or device authenticationLiveness checkTurn your head slowly in a circle following the green indicatorStep 3Your company getsa verification result anda com

16、plete user profile enriched from secure databasesApplicant profileFirst NameRudraLast NameVartaDate of Birth1992/08/07GenderMaleAddress 414,New Barakhamba Rd,110001,IndiaCPF StatusRegularCross-check selfie against databasePassedEnsuring compliance:Regulations by regionCertain countries have already

17、embraced document-free verification methods.These countries include:ArgentinaAustraliaBrazilCanadaColombiaCzechRepublicDenmarkGhanaHong KongIndiaIndonesiaMalaysiaMaltaNew ZealandNigeriaNorwayPhilippinesSouth AfricaSwedenUKUAEUSVietnamIf your companys legal entity is in one of the countries listed,No

18、n-Doc Verification can be considered a compliant approach.Were constantly expanding our research efforts and updating the rosterof countries where Non-Doc serves as a compliant verification method.If your country isnt listed below,please dont hesitate to contact theSumsub team for more information.A

19、PAC08/45Ensuring compliance:Regulations by regionAustraliaRegulatory bodiesAustralian Transaction Reports and Analysis Centre(AUSTRAC)Laws?Anti-Money Laundering and CounterTerrorism Financing Act 2006(the AML/CTF Act)and its related regulations?Anti-Money Laundering and CounterTerrorism Financing Ru

20、les Instrument 2007(No.1)(the AML/CTF Rules)Legal opinionAustralian AML/CTF Rules specify the minimum KYC information required for customer identification,including full name,date of birth,and residential address.Verification can be done through reliable and independent documentation,electronic data

21、,or a combination of both.The approach used depends on the customers risk profile.For medium-or lower-risk cases,an electronic-based approach with reliable and independent data from at least two separate data sources is acceptable.Non-Doc Verification is an acceptable methodfor different risk cases,

22、where data shouldbe reliable,secure,up-to-date,and authentic.More details09/45Ensuring compliance:Regulations by regionHong KongRegulatory bodies?The Hong Kong Monetary Authority(HKMA)regulates the banking industr?The Securities and Futures Commission(SFC)oversees the securities and futures markets,

23、including virtual asset service providersLaws?Anti-Money Laundering and Counter-Terrorist Financing Ordinance(“AMLO”),Cap.615?HKMA Guideline on Anti-Money Laundering and Counter-Financing of Terrorism For Authorized Institutions(Revised in May,2023)(the“AML Guideline”)?Guideline on Anti-Money Launde

24、ring and Counter-Financing of Terrorism(For Licensed Corporations and SFC-licensed Virtual Asset Service Providers)(the SFC Guideline)Legal conclusionHong Kong laws allow for flexibilityin verification methods,permitting the usageof non-documentary sources for verification purposes.Verification requ

25、irements for both HKMA-and SFC-supervised institutions currently providetwo specific options:1)identity documents or2)“iAM Smart”digital IDs operated by the Hong Kong government.Any use of alternative digital ID systems necessitates approval from relevant authorities.More detailsIndia10/45Ensuring c

26、ompliance:Regulations by regionRegulatory bodiesIndia has several financial regulatory bodies that oversee and regulate different sectors of the financial system,including the Reserve Bankof India(RBI)Laws?The Prevention of Money Laundering Act,2002(PMLA)?Prevention of Money-Laundering(Maintenance o

27、f Records)Rules,2005 issued thereunder(PML Rules)?Master Direction Know Your Customer(KYC)Direction of Reserve Bank of IndiaLegal opinionThe PMLA and the PML Rules explicitly allowe-KYC based on the customers Aadhaar number or other identifiers.More detailsIndonesiaRegulatory bodiesIndonesian Financ

28、ial Services Authority(Otoritas Jasa Keuangan,OJK),Bank IndonesiaLawsRegulation(POJK)No.8 of 2023(OJK Regulation)on the Implementation of Anti-Money Laundering(AML),Counter-Terrorist Financing(CFT),and Counter-Proliferation Financing of Weapons of Mass Destruction(CPF)Program in the Financial Servic

29、es Sector11/45Ensuring compliance:Regulations by regionLegal opinionAccording to OJK Regulation Art.21(2),identity verification of prospective customers can be done through face-to-face meetings,electronic face-to-face meetings,or non-face-to-face electronic methods.The latter option allows for the

30、use of the entitys own software,third-party software,or population databases with multiple authenticity factors.In reference to non-document verification,it is safe to assume that Indonesia allows electronic KYC via national identity databases when it comes to local citizens(see,e.g.,thee-KTP system

31、).However,further checks are likely to be required to obtain all of the necessary customer data.More detailsMalaysiaRegulatory bodiesBank Negara Malaysia(BNM)Laws?Anti-Money Laundering,Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001(AMLA)?BNM Anti-Money Laundering,Countering Fi

32、nancing of Terrorism and Targeted Financial Sanctions for Financial Institutions(AML/CFT and TFS for FIs)?Anti-Money Laundering,Countering Financing of Terrorism and Targeted Financial Sanctions for Designated Non-Financial Businesses and Professions(DNFBPs)&Non-Bank Financial Institutions(NBFIs)(AM

33、L/CFT and TFS for DNFBPs and NBFIs)12/45Ensuring compliance:Regulations by regionLaws?Guidance on Verification of Individual Customers for Customer Due DiligenceLegal opinionVarious customer verification methods are permitted under the AMLA,including the useof independent sources.BNM policies priori

34、tize collecting crucial data but not necessarily copies of identity documents.The BNM also highlights non-documentary methods and external sources,including the National Registration Department or Immigration Department of Malaysia,for remote identity checks.Financial institutions and regulated enti

35、ties supervised by the BNM can opt fornon-documentary methods,such as electronic databases,to verify customer identities if they are secure and reliable.Additional measures,like questionnaires,may be necessary to gather missing customer information not covered bythe data source.More detailsNew Zeala

36、ndRegulatory bodies?Financial Markets Authority(FMA?Reserve Bank of New Zealand(RBNZ?Department of Internal Affairs(DIA)Laws?Amended Identity Verification Codeof Practice of New Zealand(2013)?Anti-Money Laundering and Countering Financing of Terrorism Act 200913/45Ensuring compliance:Regulations by

37、regionLaws?AML/CFT Programme Guideline-Updated October 2022?Enhanced Customer Due Diligence Guideline-October 2022Legal opinionNew Zealand allows matching identity data against independent external sources.For electronic verification of a customers name and date of birth,the Code requires using inde

38、pendent and reliable sources,like theRealMe biometric database or others.While specific sources are not mandated,reporting entities are advised to refer to the Confirmation Service of the Department of Internal Affairs(DIA),New Zealand Transport Agency(NZTA),or other common national electronic sourc

39、es,such as credit bureaus,Land Registry(LINZ),etc.More detailsPhilippinesRegulatory bodies?The Bangko Sentral ng Pilipinas(BSP)(or the Philippine Central Bank?Securities and Exchange Commission(SEC?Anti-Money Laundering Council(AMLC)Laws?The Republic Act n 9160(the Anti-Money Laundering Act of 2001?

40、2016 Revised Implementing Rules and Regulations(RIRR?Circular No.1170 issued by the Bangko Sentral ng Pilipinas(“BSP”)14/45Ensuring compliance:Regulations by regionLegal opinionIn the Philippines,Non-Doc Verificationis possible using solutions with access to PhilSys.In other cases,the document-based

41、 approach remains prevalent.However,as the scope of potentially acceptable documents is defined broadly for low-risk customers,it may be allowed to obtain reportsor other excerpts from trustworthy external data sources instead of conventional IDs.More detailsLegal opinionUnder Article 12 of the AML

42、Act,legal entities have flexibility in conducting CDD.They can use two methods:1)verifying customer information through documents or 2)utilizing informationin national databases through competent state agencies and organizations.This allows for a non-documentary approachto KYC if national identity d

43、atabases are used.However,additional measures,like questionnaires,may be required to ensure comprehensive customer information is obtained.More detailsVietnamRegulatory bodiesState Bank of Vietnam(SBV)LawsVietnams 2022 Law on Anti-Money Laundering(“AML Law”)15/45Ensuring compliance:Regulations by re

44、gionEuropeCzechRepublicRegulatory bodiesFAU-Financial Intelligence Unit CzechNational BankLaws?Act No.253/2008 Coll.on selected measures against legitimisation of proceeds of crime and financing of terrorism(“AML Act”)?Regulation(EU)No 910/2014 of the European Parliament and of the Council on electr

45、onic identification and trust services for electronic transactions in the internal market(“eIDAS Regulation”)Legal conclusionSection 8a of Act No.253/2008 allows non-documentary electronic identification compliant with the eIDAS Regulation or other legal acts.The Czech Republic recognizes electronic

46、 ID schemes with a high assurance level,suchas the national eID card and mojeID service operated by CZ.NIC association.These allow users to authenticate in various private sector and public administration services by creatinga digital identity.More details16/45Ensuring compliance:Regulations by regi

47、onDenmarkRegulatory bodies?The Financial Supervisory Authority(Finanstilsynet?The Danish Financial Intelligence Unit is also known as HvidvasksekretariatetLaws?Consolidation Act on Measures to Prevent Money Laundering and Terrorism Financing(the Anti-Money Laundering Act)(“AML Act”)?2020 Guide to th

48、e AML Act by the FinanstilsynetLegal opinionRegulated entities can use different electronic methods for customer identity verification under Section 11 of the AML Act,with governmental recognition as a crucial factor.The 2020 AMLAct Guide mentions an option to get identity information from non-docum

49、ent sources suchas the CPR or Danish Tax Agency.Non-Doc KYC solutions can be used as longas they mitigate risks and gain approval from authorities.Denmark has a national eID named MitID(replacing NemID).It can be used as a standalone solution for identity verification at both substantial and high as

50、surance levels,except when enhanced due diligence(EDD)is required.More details17/45Ensuring compliance:Regulations by regionMaltaRegulatory bodies?Malta Financial Services Authority(MFSA?The Financial Intelligence Analysis UnitLawsThe Implementing Procedures of 2011 to the Prevention of Money Launde

51、ring and Fundingof Terrorism Regulations(PMLFTR)Legal opinionThe PMLFTR distinguishes non-documentaryand documentary KYC approaches.Non-documentary verification allows customer identities to be verified remotely through commercial electronic databases.More detailsNorwayRegulatory bodies?Financial Su

52、pervisory Authority(The Finanstilsynet?kokrim(Norwegian Financial Intelligence Unit-FIU)Laws?2018 Act relating to Measures to Combat Money Laundering and Terrorist Financing(“AML Act”)?2018 Regulations relating to Measures to Combat Money Laundering and Terrorist Financing by the Ministry of Finance

53、 detailing its requirements(“AML Regulations”)?2019 Circular“Guide to the Anti-Money Laundering Act”18/45Ensuring compliance:Regulations by regionLegal opinionIn Norway,non-documentary verification can be conveniently carried out using eIDs mechanisms.They should be compliant with the eIDAS Regulati

54、on and relevant national laws approved for non-face-to-face KYC processes.Norway recognizes Buypass ID and BankIDfor electronic identification.More detailsSwedenRegulatory bodiesFinancial Supervisory Authority(The FinansinspektionenSwedish Financial Supervisory Authority)Laws?Money Laundering and Te

55、rrorist Financing(Prevention)Act(“AML Act”)?Act on Penalties for Money Laundering Offences?Finansinspektionens regulations regarding measures against money laundering and terrorist financing FFFS 2017:11(“FI Regulations”)Legal opinionNon-documentary KYC solutions can be usedif they adhere to eIDAS R

56、egulation standardsor equivalent secure procedures.Swedens recognized electronic ID schemes like BankID,Freja eID,and EFOS provide reliable options.BankID is arguably the most feasible and most commonly used option,although it is only available to individuals with a Swedish personal identity number.

57、More details19/45Ensuring compliance:Regulations by regionUKRegulatory bodies?Financial Conduct Authority(FCA?Prudential Regulation Authority(PRA?JMLSG(The join Money Laundering Steering Group)Laws?Money Laundering,Terrorist Financing and Transfer of Funds(Information On the Payer)Regulations 2017(M

58、LR)?Guidance by the Joint Money Laundering Steering Group(JMLSG)?Financial Conduct Authority(FCA)Handbook-SYSC 6.3?National Risk Assessment(NRA)?The Proceeds of Crime Act 2002(POCA)Legal opinionThe current Guidance by the Joint Money Laundering Steering Group(JMLSG),whichis widely regarded to establ

59、ish industry standards for compliance with AML/CFT requirements,confirms that non-documentary checks(in particular,those involving external databases)are permissible as a primary KYC measure.So,according to UK AML regulations,document-free verification solutions can be used if they have additional s

60、ecurity measures in place.These measures should confirm a users claimed identity through independent external data sources.More details20/45Ensuring compliance:Regulations by regionLATAMArgentinaRegulatory bodiesThe Banco Central de la Repblica Argentina,or BCRA(Central Bank of Argentina)LawsResoluc

61、in 30-E/2017Legal opinionAccording to Resolucin 30-E/2017,regulated entities can use alternative,non-face-to-face methods that can include rigorous biometric techniques or technological methods of equal strength,such as video conferencing or usingan online certificate issued by the RENAPER(National

62、Registry of Persons/Registro Nacional de las Personas).The Argentinian government has set up the Digital Identity System(SID)to safely verify national identity documents,ensuring facial image matching and validating informationwith the RENAPER database for added security.Its possible for an Argentin

63、ian customer to use their digital ID(including by accessing theirID data through the Digital Identity System)as an equivalent to a standard documentcopy for verification.More details21/45Ensuring compliance:Regulations by regionBrazilRegulatory bodies?The Banco Central do Brasil(BCB?Council for Fina

64、ncial Activities Contro?CVM-Brazilian Securities and Exchange CommissionLaws?Law N 9.613,commonly knownas the“Anti-Money Laundering Law”?CVM Instruo 61?BACEN/DC Circular No.3978 OF 01/23/2020?Circular No.3978Legal opinionArticle 10 of Brazils Anti-Money Laundering Law requires regulated entities to

65、identify and maintain up-to-date client registers accordingto regulatory agency norms.Regulator-specific norms are generally supportive of digital KYC methods,allowing entities to choose reliable external sources.The Securities and Exchange Commission permits alternative registration systems,includi

66、ng electronic means,that confirm customer identification precisely.The Central Bank requires banks and financial institutionsto adopt identification procedures that verify and validate customer information,comparing it with public and private databases when necessary.However,non-documentary KYC may

67、only apply to local residents,as individuals without a CPF taxpayer identification number must providean ID copy for onboarding.More details22/45Ensuring compliance:Regulations by regionColombiaRegulatory bodiesFinancial Superintendent of Colombia(Superintendencia Financiera de Colombiaor SFC)Laws?L

68、aw n.1121 of 2006 Establishing Regulations for the Prevention,Detection,Investigation and Punishment of the Financing of Terrorism?External Circular 100-000005 by the Superintendencia Financiera de Colombia(SFC)?2023 GAFILAT ReportLegal opinionIn Colombia,document-free verificationis generally accep

69、table under local AML regulations,as the regulations do not imposeany particular limitations on remote identity verification means.Meanwhile,E-KYC projects based on the national digital ID are actively being developedin Colombia.This includes the National Registry Office,which is conducting pilots o

70、f biometric authentication with several banks.Other businesses are being encouraged to follow suit.Therefore,in the absence of any explicit prohibition,it can be argued that document-free verification methods are generally acceptable under the local AML regulations.More details23/45Ensuring complian

71、ce:Regulations by regionMiddle East and AfricaGhanaRegulatory bodiesFinancial Intelligence Centre,Bank of Ghana,and Securities and Exchange Commission of GhanaLaws2018 Anti-Money Laundering/Combatingthe Financing of Terrorism&the Proliferationof Weapons of Mass Destruction GuidelineLegal opinionIn G

72、hana,regulated entities must collect customer information,including legal names,dates of birth,and addresses.Verificationcan be done through official documents,communication,certification,or othersuitable means.Electronic database checks can be usedin addition to or instead of documentary evidence.H

73、owever,reliability should be ensured by checking multiple sources or assessing the validity of information.Examples of suitable sources include the Electoral Register,account databases,and public records.Under Ghana legislation,although it is necessary to obtain an ID for identification purposes,ver

74、ification may be carried out via electronic sources,provided that such sources are trustworthy and the regulated entityis convinced it knows the true identityof the applicant.More details24/45Ensuring compliance:Regulations by regionNigeriaRegulatory bodiesCentral Bank of Nigeria(CBN,Nigerian Financ

75、ial Unit Economic,and Financial Crimes Commission)Laws?2022 Money Laundering(Prevention and Prohibition)Act(“AML Act”)?Central Bank of Nigeria Customers Due Diligence Regulations 2023(the“CDD Regulations”)?2022 Central Bank of Nigeria(Anti-Money Laundering,Combatting the Financingof Terrorism and Co

76、untering Proliferation Financing of Weapons of Mass Destructionin Financial Institutions)Regulations(the AML Regulations)?2023 CBN Circular PSM/DIR/PUB/CIR/001/053Legal opinionKYC requirements in Nigeria have a tiered approach based on risk and account value.A recent CBN circular made it mandatory f

77、orall Tier 1(lowest value)accounts to have a BVN(Bank Verification Number)and/or NIN(National Identification Number).BVN and NIN data canbe electronically retrieved from the respective databases for customer onboarding.Banks and other financial institutions are generally encouraged(and,in certain ca

78、ses,obliged)to refer to external official databases while onboarding Nigerian citizens and residents.However,in some instances,these checks may have to be supplemented with obtaining supporting documentation from the customer depending on their account Level(risk profile).More details25/45Ensuring c

79、ompliance:Regulations by regionSouth AfricaRegulatory bodies?Financial Intelligence Centre of South Afric?Financial Sector Conduct AuthorityLaws2017 Guidance Note 7 on the Implementationof Various Aspects of the Financial Intelligence Centre Act,2001Legal opinionAccording to South African law,regula

80、ted institutions have the flexibility to choose the type of information collected and means of verification to establish client identities.Both documents and electronic data from reliable and independent third-party sources are permitted.The guidance emphasizes the collection of full name,date of bi

81、rth,and a unique identifying number from a government source.The principles of e-verification include conducting a risk assessment of data sources,using reliable and independent third-party sources,utilizing original sources whenever possible,and avoiding manipulated or tampered data sources.Example

82、s of acceptable data sources are provided,including records from government departments and commissions.Under South African AML legislation,electronic sources may be relied on for KYC measuresso long as they are sufficiently robust,meetthe criteria,and contain information that canbe securely linked

83、to the customers real identity.More details26/45Ensuring compliance:Regulations by regionUAERegulatory bodies?UAE Central Bank(CBUAE?Some free zones have their own regulators such as the Abu Dhabi Global Market(ADGM)and the Dubai Financial Services AuthorityLaws?Federal Decree-Law No.(20)of 2018On A

84、nti-Money Laundering and Combating the Financing of Terrorism and Financingof Illegal Organisations(the AML-CFT Lawor Law)and implementing regulations?Cabinet Decision No.(10)of 2019 Concerning the Implementing Regulation of Decree Law No.(20)of 2018 On Anti-Money Laundering and Combating the Financ

85、ing of Terrorismand Illegal Organisations(the“AML-CFT Decision”or“Cabinet Decision”)?Anti-Money Laundering and Combatingthe Financing of Terrorism and Illegal Organisations Guidelines for Financial Institutions(the“AML Guidelines”)?Guidance for Licensed Financial Institutions(LFIs)on Digital Identif

86、ication for Customer Due DiligenceLegal opinionWhile usage of digital identification systemsis in principle permitted for KYC purposes,it does not negate the overall document-based approach adopted by UAE financial regulators and,in particular,the requirement to obtain a copyof the customers identit

87、y document underthe AML-CFT Decision.27/45Ensuring compliance:Regulations by regionLegal opinionAccordingly,digital ID systems may be reliedon as a standalone solution when they allow access to all of the required customer data,including that related to the identity document.Alternatively,they may b

88、e used for supplementary checks(which are sometimes mandatory,as in the case of UAE ID).More detailsNorth AmericaCanadaRegulatory bodiesFinancial Transactions and Reports Analysis Centre of Canada(FINTRAC)Laws?The guidance on“Methods to verify the identity of persons and entities”?Proceeds of Crime(

89、Money Laundering)and Terrorist Financing Act(S.C.2000,c.17)?Canadas AML and Anti-Terrorist Financing Regime Strategy 2023Legal opinionThe guidance on KYC recognizes five methods,two of which do not require reference to the customers identity document:?The credit file method verifies the customers id

90、entity based on information in their Canadian credit file,matching their name,address,and date of birth.?The dual process method verifiesthe customers name,address,date of birth,and/or financial account using two different reliable sources.28/45Ensuring compliance:Regulations by regionLegal opinionT

91、he guidance defines reliable sourcesas well-known and reputable entities,suchas government levels,Crown corporations,financial institutions,or utility providers.Social media is not considered an acceptable source for identity verification.More detailsUSARegulatory bodies?Financial Crimes Enforcement

92、 Network(FinCEN?U.S.Securities and Exchange Commissio?Internal Revenue ServiceLaws?31 CFR 1020.220?Guidance FIN-2018-G001 of April 3,2018?Bank Secrecy Act 1970Legal opinionSimilar to the UKs AML regime,the US Bank Secrecy Act(BSA)broadly outlines customerdue diligence requirements.The specific means

93、of identity verification are not prescribed,but both documentary and non-documentary methods are acceptable.Non-documentary methods can include contacting the customer,comparing information from various sources,checking references,and obtaining financial statements.29/45Ensuring compliance:Regulatio

94、ns by regionLegal opinionThe Financial Crimes Enforcement Network(FinCEN)confirms this approach and statesthat non-documentary verification can be used,such as comparing information provided by the customer with other sources.However,additional KYC mechanisms must be implementedto connect the custom

95、er with their identity.In general,US AML regulations allownon-documentary KYC methods in principle.However,the obliged entity must be assuredit knows the true identity of its customer,for which additional KYC mechanisms aimedat connecting the user and the identityin question must be implemented.More

96、 detailsRecord keeping and auditingUnder AML regulations,records of all data collected during the KYC process must be retained for a specific period.The exact data to be collected and the methods of verification vary by jurisdiction.If regulations allow non-documentary KYC methods,the reporting enti

97、ty may not be required to store a physical copy of the customers ID.However,auditors may review whether a particular data source was checked for a specific individual on a certain date.They might also request a copy of the results from the database and a copy of the applicants data that was used to

98、perform the check.Onboarding usersvia Non-Doc VerificationIn order to meet consumer demand for automation,speed,and minimal involvement,Sumsub offers Non-Doc Verification.As a relatively new method,Non-Doc Verification has associated restrictionsbut over time,it has become a compliant practice.This

99、means that,with proper implementation and adherenceto regulatory requirements,it is possible to ensure that Non-Doc Verification meets the necessary standards.How Sumsub helps meet regulatory requirementsNon-Doc Verification ensures:1The identity presented by the applicant truly existsby confirming

100、it against trusted databases2The applicant has submitted their own applicant databy performing additional checks such as livenessProvide your dataFill out the required fieldsto pass verificationYou can find your CPF on your ID card,driver license or residence permitCPF039.242.524-09Submit data31/45O

101、nboarding users via Non-Doc VerificationFintrails audit confirmed that Sumsubs solutions are compliant with local regulations.FINTRAIL has conducted a regulatory-led audit of Sumsubs Non-Documentary Identity Verification product,and has confirmed at the time of review in Argentina,Brazil,Denmark,Ind

102、ia,Indonesia,Nigeria,Norway,South Africa,Sweden,the UK and the US non-documentary identity verification is permissible and the solution deployed by Sumsub is compliant with local regulation and guidance.When implementing Non-Doc Verification,Sumsub achieves compliance in a few ways:1Using a data sou

103、rce containing a highly robust identity attribute(biometry)that can be compared against the data provided by the applicant.For instance,Sumsub takes this approach with theNational Identity Management Commission Database in Nigeria.Nigeria applicants pass Liveness and submit their surnameand BVN(bank

104、 verification number).Then,the database confirms whether the provided BVN is valid and returns personal data associated with it,including photos thatcan be matched against the Liveness results.2Comparing sensitive user data provided with an extra step(device authentication)to reaffirm that the true

105、ownerof the data is submitting their details for verification.For example,in the UK,the user logs into their online bank account and agrees to share selected data points.Successful verification will take place if the device theyre logging in from can be verified and matched with the owner of the dat

106、a.Sumsubs Non-Do Verification is currently available for users from Argentina,Bangladesh,Brazil,India,Indonesia,Kenya,the Netherlands,Nigeria,Denmark,South Africa,the UK,and the USA,with Norway,Canada,Czechia,the Philippines,Australia,Ghana,and Ivory Coast coming soon90%of the user population is cov

107、ered on averagein these countriesNon-Doc Verification by Sumsub:CoverageUKCzechia*NorwayUSA*Canada*Coming soonNigeriaKenyaSouth AfricaGhana*Ivory Coast*Denmark*Australia*Philippines*BrazilArgentinaIndiaIndonesiaBangladeshNetherlands32/45Onboarding users via Non-Doc Verification33/45Onboarding users

108、via Non-Doc VerificationNon-Doc Verification uses two primary methods:1.Identity data+LivenessStep 1The user provides their identity data and passes a quick Liveness check*Liveness checkTurn your head slowly in a circle following the green indicatorProvide your dataFill out the required fieldsto pas

109、s verificationYou can find your CPF on your ID card,driver license or residence permitCPF039.242.524-09Submit dataStep 2We automatically pull all the required data from government databases(full name,date of birth,address,selfie,and more)Applicant profileFirst NameNatalieLast NameColinsDate of Birth

110、1989/11/22GenderWomanAddress Rua Guaranta 363,So PauloCPF StatusRegularCross-check selfie against databasePassedThis method is currently used for Argentina,Bangladesh,Brazil,Ghana,India,Indonesia,Kenya,Nigeria,and South Africa.*In order to meet compliance regulations,some countries will also require

111、 a device authentication(OTP)stepCountryDatabase nameUser input dataOutput dataArgentinaCertified by FINTRAIL?National Registryof Persons(Registro Nacional de la Persona-RENAPER?Federal Administrationof Public Revenues(Administracion Federal De Ingresos Publicos AFIP)?DNI numbe?Gende?Selfie?Full nam

112、?Date of birt?DNI numbe?Addres?Nationalit?Gende?Selfie(Match/No Match?Phon?Emai?CUIL or CUIT*CUIL(Unified Labor Identification Code)*CUIT(Tax Identification Number)Bangladesh?Information and Communication Technology(ICT)Division?Document numbe?Date of birt?Selfie?Full nam?Date of birth-Match/No Matc

113、?NID number-Match/No Matc?Selfie-Match/No Match and Match ScoreBrazilCertified by FINTRAIL?National Registerof Qualified Drivers(Registro Nacional de Condutores Habilitados-RENACH)?National Population Register(Cadastro de Pessoas Fsicas-CPF)?CPF numbe?Selfie?Full nam?Mothers nam?Fathers name(optiona

114、l?Date of birt?Gende?CPF statu?Country of birt?Selfie(Match/No Match?Selfie(Match Score)DenmarkCertified by FINTRAILDanish MitID?User I?CPR numbe?Device authentication?First nam?Last nam?CPR numbe?CPR(Match/No Match?Countr?Date of birth34/45Onboarding users via Non-Doc VerificationCountryDatabase na

115、meUser input dataOutput dataGhana*Coming soonNational Identity Authority(NIA)?Personal identity number(PIN?Selfie?First nam?Last nam?Other nam?Gende?Date of birt?Nationalit?Issue date?Expiry dat?Phon?Addres?Selfi?Selfie(Match/No Match)IndiaCertified by FINTRAILUnique Identification Authority of Indi

116、a(UIDAI)?Aadhaar numbe?Authentication code(OTP?Selfie?Full nam?Addres?Date of birt?Phone numbe?Email?Selfi?Selfie-Match Score?*Depending on the data availability in UIDAIIndonesiaCertified by FINTRAILDirectorate of Population and Civil Registration(Direktorat Jenderal Kependudukan Dan Pencatatan Sip

117、il-DUKCAPIL)?NIK numbe?Full nam?Phon?Email?NIK number-Match/No Matc?Full name-Match/No Matc?Date of birt?Gende?Addres?Selfie-Match/No MatchKenyaIntegrated Population Registration Database System(IPRS)?National ID number?Selfie O?Passport numbe?Selfie?Countr?Document typ?Document Numbe?First nam?Midd

118、le name(optional?Last nam?Gende?Date of birth35/45Onboarding users via Non-Doc VerificationCountryDatabase nameUser input dataOutput dataKenya?Issue dat?Valid unti?Selfi?Selfie-Match/No Matc?Address(for Passports only)NigeriaCertified by FINTRAIL?Nigeria Inter-Bank Settlement System(NIBSS?National I

119、dentity Management Commission(NIMC?Federal Road Safety Corps(FRSC?National Identity Management Commission(NIMC)?BVN numbe?Selfi?NIN numbe?Selfi?Driving License Numbe?Selfie image?Countr?First nam?Middle name(optional,for BVN?Last nam?Gende?Phone number(for BVN,NIN?Date of birt?Address(optional,for B

120、VN?Document expiry date(for driving license)?Selfi?Selfie-Match/No MatchSouth AfricaCertified by FINTRAILDepartment of Home Affairs Database(DHA)?ID numbe?Selfie?First nam?Last nam?Gende?Date of birt?Issue date?Citizenship statu?Selfi?Selfie(Match/No Match)36/45Onboarding users via Non-Doc Verificat

121、ion2.Bank credentials+device authenticationThis method is currently used in the UK and the Netherlands,enabling customer identity verification through all the most commonly used banks.Step 1The user selects their bankand is redirected to the bankto log in.Choose your bankSelect a personal bank accou

122、nt unless otherwise statedSearchYour BankStep 2The user logs into their bank account and consents to sharethe required data.The usersdevice is also authenticated.Your bankChoose your accountPlease select and confirm the account(s)you want to share with Company LtdCard*1234Savings Account*4561Checkin

123、g Account*1456By selecting your account,you are agreeing to share your data for the purpose of identity verificationI agreeStep 3Sumsub retrieves the verified data,confirms user identity,and enriches the user profile with the most up-to-date information.Applicant profileFirst NameJohnLast NameSnowDa

124、te of Birth1996/01/02GenderMaleAddress 84 Richmond Road,London,NW71 4GICPF StatusRegularCross-check selfie against databasePassed37/45Onboarding users via Non-Doc VerificationUKNetherlands38/45Onboarding users via Non-Doc VerificationSystem nameBank coverageUser input dataOutput dataOneIDCertified b

125、y FINTRAIL?Barclay?Bank of Scotlan?Chas?First Direc?Halifa?HSB?Lloyd?MBN?Monz?Nationwid?NatWes?RB?Santande?Starlin?TS?Ulste?Virgin Money?Online banking credentials(e.g.,Account ID,Password,Security Question?Device authentication?Full nam?Date of birt?Addres?Phone number?Email*The data is obtainedby

126、the banking institution(75-80%of the time)System nameBank coverageUser input dataOutput dataiDIN?ABN AMR?ASN Ban?bun?IN?Raboban?RegioBan?SNS?Full nam?Online banking credential?Device authentication?BIN(Bank Identification Number)?Initials of first nam?Last name?Addres?Date of birth?Gende?Email?Phone

127、 numberIdentity,address,and age verification specificsEach country has unique requirements for which identity attributes(for example,name,ID number,address,etc.)must be collected.By the same token,different databases will return different attributes.In order to ensure that the data outputs match reg

128、ulatory requirements,there may be instances where the retrieval of missing data through documents or alternative sources is necessary.During the first step of the Non-Doc Verification process,users may be asked to submit additional data to support all required checks.Additional data the user may be

129、asked to submit*Full nameEmail addressPhone numberGenderDoBDevice authentication(OTP)*Depending on the country39/45Onboarding users via Non-Doc VerificationBelow is a table showing the different user verification types that can be carried out using Non-Doc Verification by country.CountryIdentityAddr

130、essAgeArgentinaBrazilBangladeshCanada*Coming soonDenmarkGhana*Coming soonIndiaIndonesiaIvory Coast*Coming soonKenyaNigeriaNetherlandsNorwaySouth AfricaUKUSA40/45Onboarding users via Non-Doc VerificationWhy switch to Non-Docin 2024Document-based verificationNon-Doc Verification?Verify phone number or

131、 email?Enter identity data or log into bank account?Upload document(s)-e.g passport,ID card,utility bills,etc?Liveness and/or device authentication?Re-upload documents if the quality/format is inadmissible?Pass LivenessAverage verification time:30 secAverage verification time:4.5 secPass rate growth

132、:+35%This verification method reduces verification steps,bringing verification down from 30 seconds to4.5secondsFaster,and more convenient user onboarding leads to on average+35%higher pass rates42/45Why switch to Non-Doc in 2024Key benefits of Non-Doc Verification:1Compliance with local regulations

133、Non-Doc Verification serves as a reliable alternative to document-based verification in countries where it is permitted.This approach,confirmed by an independent FINTRAIL audit for many countries,offers a win-win solution that balances efficiency and compliance.2Fast scaling across the worldSumsubs

134、Non-Doc Verification enables access to countrieswith 2B+potential customers.Non-Doc Verification also enables95%population coverage in each country.3Easier access to emerging marketsEmerging markets often face challenges with physical documents,including differing standards,bad photo quality,and mor

135、e.Non-Doc Verification addresses this by leveraging alternative methods,such as database checks and biometrics,to verify identities.4Improved user experience and adjustment to local verification habitsNon-Doc Verification is more convenient for users,as theycan easily type in their document number i

136、nstead of going through the hassle of finding and uploading a physical document.In some countries where digital ID systems are well-developed,people prefer using document numbers for verification instead of physical documents.5Protection against multiple identity fraud typesNon-Doc Verification elim

137、inates document-related fraud by cutting ID checks out of process.Additionally,it serves as a robust defense against synthetic fraud,where fraudulent identities are created using stolen or falsified information.This is achieved through rigorous cross-checking of user data against secure databases co

138、ntaining authentic and up-to-date information.6Improved team productivityNon-Doc Verification reduces human error and lengthy checks.It also enables the extraction and immediate updating of reliable data in user profiles,simplifying case management.Sumsubs clients have therefore demonstrated a 53%re

139、duction in processing time.Use cases for Non-Doc VerificationWhere local AML regulations permit Non-Doc Verification,the product can be relied upon as a full user onboarding solution for all regulated industries,including banking,crypto,iGaming,fintech,etc.Complete user onboardingTo improve user exp

140、erience,pass rates,and data accuracy during the user identification and onboarding process,Non-Doc Verification can be an optimal solution.Step 1Your bankHello John Snow!Login to confirm your identityfor data sharing.LoginProvide your dataFill out the required fieldsto pass verificationYou can obtai

141、n your BVN from your bankBVN 12345678911Submit DataStep 2Liveness checkTurn your head slowly in a circle following the green indicatorStep 3Your profile has been verifiedPowered byResultApplicant profileFirst NameJamilaLast NameIbrahimDate of Birth1993/08/03GenderFemaleAddress Izuchukwu Nwoye.8,My S

142、treet,Ilassan.Phone number+234-01-234-5678Cross-check selfie against databasePassedWhats included:Short,simple stepsUp-to-date,pre-verifieduser dataNear-instant verification44/45Use cases for Non-Doc VerificationPre-and post-KYC screeningUse Non-Doc Verificationfor proactive fraud preventionby verif

143、ying user data and identifying high-risk users before or after KYC.It stops synthetic documents and ensures user data is always genuine and up-to-date.Other use cases:Continuous monitoringPeriodically implement Non-Doc Verification to guarantee that users are safe and that their info is up-to-date.BoostverificationspeedandpassrateswhilestayingcompliantTake a tour of our Non-Doc ID Verification-Sum and Substance Ltd.(UK),2024.All rights reserved.Company number