Many industries are seeing a significant increase in the use of digital services. Of course, this has been ongoing for some time, but the COVID-19 pandemic has expedited it.
With more digital services comes an increased risk of fraudulent activity
As customer onboarding and verification become automated, there are new challenges with which we must deal. Regulation has been devised to address such matters through the control and use of technical solutions and the checks and processes which currently exist.
IDnow has developed solutions that offer state-of-the-art video-based and biometric onboarding. These have been designed to meet regulations in Europe and the Middle East. They continue to do so as regulations expand and tighten, particularly as our industry evolves and becomes more engrained as a standard part of the AML/KYC process.
The UAE is one of the furthest ahead countries in the Middle East. It has technology, AML, and electronic signature regulation in place. The country has also adopted full use of national identities. IDnow’s AutoIdent product is ready to meet UAE regulations and help financial institutions realize the security and user-experience benefits of automated verification. (See also our article: UAE accelerates use for automated identity verification)
Growth of Identity Verification and regulation
Video and automated onboarding has increased in recent years, along with controlling regulations. Of course, there is a need to ensure secure processes, both in identity matching and in the wider area of safeguarding against fraud and money-laundering activity.
Europe and the UK have been leading developers of identity regulation. The first AML laws (the EU Anti-Money Laundering Directives) were released in 1991, following Financial Action Task Force (FATF) guidance. Germany – traditionally a highly regulated market – later moved to allow video-based identity verification. Many other countries have since done the same. Being more deregulated in this area, the UK is one of the most supportive.
This use and approval of video-based verification have quickly expanded to further automated and biometric verification. Many EU countries now permit some form of electronic identification/verification, and the trend is well set for expansion.
IDnow’s verification solutions have been developed alongside this growth. They aim to fully support new and evolving technology while also meeting the latest regulations. Many of such regulations throughout the Eurozone have been promulgated with the input of IDnow and our relationships with national and international contacts.
VideoIdent was launched in 2014, largely to meet German regulators’ requirements for video-based identity verification. As regulations and technology evolved, AutoIdent was launched as a single solution offering greater user experience, faster conversion rates, and added security against fraud.
AutoIdent takes VideoIdent further and offers fully-automated biometric identity verification with video or agent fallback. As a fully automated or hybrid solution, AutoIdent encompasses current and the most recent developments in digital identity verification.
The regulatory trend to allow biometric solutions that rely on automation and Artificial Intelligence (AI) to onboard customers is evolving across Europe, Asia, and now the Middle East.
For technical regulation, the UAE follows joint guidelines issued by The UAE Central Bank, Securities and Commodities Authority, the Dubai Financial Services Authority (DFSA) of the Dubai International Financial Centre (DIFC), and the Financial Services Regulatory Authority (FSRA) of Abu Dhabi Global Market (ADGM). They have jointly issued “Guidelines for Financial Institutions adopting Enabling Technologies.“
These regulations apply to all financial institutions that are licensed and supervised under UAE law. In terms of identity verification, these are advanced and far-reaching regulations – going further than many European countries as of early 2022. They permit video onboarding as well as fully automated biometric solutions. The use of NFC technology for reading national identity cards is also permitted.
In addition to these technical regulations, anti-money laundering laws cover monitoring and screening requirements. The primary law in the UAE is ”Federal Decree-Law No. (20) of 2018 On Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organisations.” These AML regulations have been designed to follow international FATF guidance, much like the European AMLD regulations.
The use of electronic signatures is regulated under two separate laws. Federal Law No. 1 of 2006 (eCommerce Law) applies countrywide in the UAE, while Dubai International Financial Centre (DIFC) has introduced separate legislation under the DIFC Electronic Transactions Law of 2017. These are more open than EU laws, however, and they do not define specific Qualified Electronic Signature standards.
Just as AutoIdent meets European regulations and is used with several financial institutions, it also complies with UAE regulations. The following are some of the main areas to consider.
Use of AutoIdent to meet UAE regulations for automated Identity Verification
UAE regulations permit the use of automated and biometric identity verification. Under the UAE joint regulations, an automated solution should carry out the following steps:
- ID Proofing Check (to check the identity document is valid and genuine)
- Similarity Check (to match the person and the identity document)
- Liveness Check (to ensure the person is physically present)
IDnow’s AutoIdent solution is designed to support these steps. Full automated identity verification is also supported by manual verification as a backup. If the AI is unsure of a case (or country regulations require a hybrid approach), manual video-based verification is available to ensure the completion of the process.
Supporting NFC technology
The UAE is a leader in the region with its Emirates ID national identity card. This is compulsory for citizens and uses NFC technology.
AutoIdent has the functionality to read biometric data from NFC chips, developed to meet ICAO 9303 standard. NFC is currently used to read German identity cards, but can work with any chips using global standards – such as the Emirates ID.
Meeting AML regulations
AutoIdent has been developed for compliance alongside EU AMLD regulations, and it fully meets the requirements of the latest 4AMLD, 5AMLD, and 6AMLD updates. These regulations have evolved to respond to criminal behaviour changes and increasing sophistication of methods used.
UAE AML regulations, despite being first released later than EU regulations, incorporate many of the main advances seen in AMLD. This includes key areas such as Politically Exposed Persons (PEP) and checking sanction lists.
Under AML regulations (AML-CFT Decision 4.2(b), 7.2, 15, 22, 25), enhanced due diligence must be carried out for PEPs and customers associated with high-risk countries. AutoIdent offers this functionality through add-on modules to the single platform. It handles fully compliant AML Screening & Monitoring. This includes checking Politically Exposed Person (PEP) and Sanction Lists.
Use of Qualified Electronic Signatures
The use of QES is relatively new in the UAE, but is permitted in many areas. Crucially, the UAE’s laws allow the use of electronic signatures and state that a contract may not be deemed invalid or unenforceable solely because it is in electronic format. However, acceptance and legal basis are more open than under European regulations.
Electronic Signatures can only be used in some areas. Traditional paper signatures are currently still required for transactions involving immoveable property, negotiable instruments, civil documents, and other processes that require a notary public.
AutoIdent fully supports eIDAS regulations for the use of Qualified Electronic Signatures (QES). Neither the UAE E-Commerce Law nor the DIFC law prescribes specific technical criteria for acceptable signatures, and as such, QES would not be automatically deemed acceptable. Working to the highest QES standards with a reputable provider is the best way forward, though. With limited use to date, the area is somewhat untested.
Digital identity proofing in UAE
Moving to more automation in the future
Many countries are rapidly moving toward greater use of automated identity verification and electronic signatures. In Europe, Germany, Austria, Spain, and the UK all permit this process, and more are moving this way. The UAE is a leader in the Middle East, but other countries will likely follow.
Recently, in August 2021, Abu Dhabi Islamic Bank reported that it had successfully implemented automated customer onboarding. This uses facial recognition techniques combined with reading NFC data from a customer’s Emirates ID card and passport.
IDnow firmly believes that the industry is moving to document and biometric-centered identity verification – in the Middle East and elsewhere. There is growing evidence that automatic techniques are more secure than manual ones in many areas (especially facial recognition). The FATF now supports this, and many more regulators are likely to follow its guidance.
For a more in-depth look at AutoIdent, how it has evolved, and how it offers a well-thought-out balance between security and user experience, take a look at IDnow’s recent webinar.
Head of Regulatory Affairs at IDnow
Connect with Rayissa on LinkedIn