ECC0014

Written evidence submitted by Onfido

About Onfido

Onfido is a global remote identity verification provider that works with 1,600 organisations worldwide, including many of the world’s biggest FinTech and financial services companies. We are a global company and a UK success story, employing close to 400 people across offices in London, the EU, US and Asia.

Our mission is to provide reliable security at scale, unlocking efficiencies across the economy and protecting individuals and businesses from the consequences of fraud, identity theft, and economic crime.

Onfido has a robust two-factor system, using artificial intelligence-powered algorithms to match a person’s face (using a selfie or selfie video) to their official ID document (a photo of their passport or driving license). This anchors the digital identity to the ‘real’ ID. It is universal, cross-border, and user-friendly. The algorithm is trained to detect fraudulent activity on both the document and selfie and its processes are constantly evolving. Its hybrid methodology of using AI and humans is more accurate than humans alone, reducing errors from c.15% to 1%.

We would greatly appreciate the opportunity to discuss the issues below further with the Committee.

Overview

This response will focus on those issues most relevant to Onfido and the impact of digital identity, namely:

In the midst of significant economic upheaval and transformation, it is crucial that the Government raises the bar for remote identity verification by embracing novel technologies and digital identity solutions in order to protect against economic crime and defend the UK’s competitive advantage in financial services.

Context

COVID-19 has accelerated the digital transformation of the global economy, bringing numerous opportunities and challenges. The way we interact with services has changed, with many of us working, learning, shopping, exercising, and living ‘remotely’. The benefits of this are clear: increased efficiencies and productivity; improved access to services; and a focus on digitally-led consumer-centric solutions.

However, the risks are also clear. UK Finance saw impersonation scams increase by 84% in H1 2020, compared to the same period last year.[i] And a report from KPMG said: “The financial services industry is at risk from heightened levels of fraud, including cyber fraud, as criminals attempt to exploit the COVID-19 pandemic.”[ii] This is coupled with the risk of companies de-prioritising efforts to defend against money laundering due to operational challenges.[iii] As set out by the Financial Action Task Force (FATF):[iv]

As the world is focusing on responding to the COVID-19 pandemic, it is impacting on the ability of government and the private sector to implement anti-money laundering and counter terrorist financing (AML/CFT) obligations in areas including supervision, regulation and policy reform, suspicious transaction reporting and international cooperation. This could lead to emerging risks and vulnerabilities.”

Within this context and rapidly changing environment, innovative and robust solutions to protect against economic crime are needed. A reliance on old methods of verifying identity and conducting KYC/AML checks – such as the insecure sharing of documents and reliance on Credit Reference Agencies (CRAs) - leaves the financial system open to further exploitation.

Opportunity

Overview

Digital identity is the foundational layer of a modern economy and a robust financial services system, enabling the move away from outdated and insecure business processes and the avoidance of unnecessary in-person interactions.

Remotely verifying that customers are who they claim to be as part of the onboarding process is Onfido’s core service, and it is essential for UK FinTech and Financial Services companies, which require the ability to onboard users at scale quickly and securely whilst meeting their regulatory requirements. This directly fuels economic growth and international competitiveness, as well as bolstering defences against fraud and economic crime.

The benefits of digital identity

The FATF recognises several advantages in the use of digital identity within AML frameworks, including: improving the reliability, security and convenience of regulatory processes; simplifying onboarding and monitoring; minimising human error; expediting the onboarding process; and enabling behaviours to be more accurately scrutinised.[v]

The Open Identity Exchange (OIX) similarly estimates that the Operational and Fraud savings “directly related to identity developments” amounted to £10 billion, with direct savings of £1.5 billion from addressing inefficient KYC processes, and up to £8.5 billion in savings from mitigating identity fraud.[vi]

The need for a global regulatory framework

Remote onboarding of customers must become the norm, rather than the exception, and a functioning global Digital Market must keep the door open to benefits of new RegTech technologies, standards and processes. But economic crime is by definition a global phenomenon. The UK should promote its risk-based approach to digital identity technologies both internally and the global stage, helping to develop a global regulatory framework that is proportionate, robust and user-friendly. A future framework should not be overly prescriptive and should allow for the development of novel robust technologies. The international legal framework should provide for mutual recognition of processes, with countries required to accept solutions that are considered safe in others to ensure continuity for consumers and businesses alike, while operating across borders.

The work of Companies House

Onfido supports the ambition of Companies House to become a digital organisation as set out in its 2020-25 strategy.[vii] A truly digital service would make use of modern and robust digital identity solutions. Following discussions with Companies House, it is evident that legislative barriers exist to the uptake of digital identity. This is set out in the Requirements for Proper Delivery as part of the Companies Act 2006,[viii]. We urge the Committee to encourage the Government to adjust this legislation at the soonest available opportunity, in line with the Government’s commitment to “update existing laws on identity checking to enable digital identity to be used in the greatest number of circumstances.”[ix]

Call to action

The digital identity landscape faces one core shortcoming: backward-looking identity policy regulations that preserve outdated and insecure identity verification methods, including the sole use of databases and physical address verification through CRAs. There is a need to recognise and promote novel digital identity solutions, and raise the bar in its application so as to reduce instances of fraud and economic crime.

As such, Onfido calls on policy makers to:

  1. Maintain momentum to develop a standardised, certifiable, and holistic digital identity system in the UK.
  2. Remove regulatory barriers to adoption and encourage its uptake by demonstrating a clear commitment in this inquiry, the ongoing Payments Landscape Review and Independent Strategic Review of FinTech, the upcoming Future of Financial Services Consultation, and Financial Services Bill.
  3. End the reliance on insecure identity verification methods within financial services, including through the physical verification of documents and the disproportionate reliance on Credit Reference Agencies (CRAs).

 

November 2020

 


[i] UK Finance: Impersonation scams almost double in first half of 2020 as criminals exploit Covid-19 to target victims.

[ii] KPMG: COVID-19 Insights – Emerging Risks.

[iii] Financial Conduct Authority (FCA): Financial crime systems and controls during coronavirus situation.

[iv] Financial Action Task Force (FATF): COVID-19-related Money Laundering and Terrorist Financing Risks and Policy Responses.

[v] Financial Action Task Force (FATF): Guidance on Digital Identity.

[vi] Open Identity Exchange (OIX): Digital Identity in the UK – The cost of doing nothing.

[vii] Companies House: Strategy 2020 to 2025.

[viii] Legislation: Companies Act 2006.

[ix] Cabinet Office and DCMS: Digital Identity – Call for Evidence Response.