Still having trouble understanding the rules around Electronic Identity Verification (EIV)?

Still having trouble understanding the rules around Electronic Identity Verification (EIV)?

24 AUG 2021

The Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) Act 2009 sector supervisors, the Department of Internal Affairs (DIA), Financial Markets Authority (FMA) and the Reserve Bank of New Zealand (RBNZ) have jointly published a new explanatory guideline note for Part 3 (EIV) of the Amended Identity Verification Code of Practice (Code).

Still having trouble understanding the rules around Electronic Identity Verification (EIV)?

This guideline replaces the previous Part 3 published in 2017 and provides reporting entities with more detail of how and when EIV should be used.

In summary, the new updated guideline includes additional content about some commonly used electronic sources in New Zealand and sets out the supervisors’ expectations when they are reviewing or inspecting a reporting entities EIV AML/CFT procedures, policies, and controls. 

The guidance provides more detail that will assist reporting entities by clarifying the following areas that were previously confusing to some. These are:

  • More definition around what electronic identity verification under the Code is.
  • How, incorporating biometric information* or information which provides a level of confidence equal to biometric information enables an individual’s identity to be electronically verified using a single independent source.
  • A detailed note that explains the requirement that reporting entities must use two reliable and independent matching sources when their EIV process does not use biometric information.
  • Written examples of how you could document your EIV procedures in your AML/CFT programme.

The new guideline also includes examples of accepted practices as well as a specific section that gives their view on EIV for high-risk customers, as the Code is only applicable for customers that are assessed by reporting entities as low to medium risk.  

There is also specific information in this update that is relevant to reporting entities who use the ‘first credit’ linking mechanism to confirm the person dealt with online matches the identity they are claiming. The information lists the registered banks in New Zealand that can be relied upon if this method is used. Note that if a particular bank is not listed, and your customer is sending funds from that bank, then a different method should be used.  

As with the previously released versions, this update of the Code retains standard information about what EIV is and is not.

It is important to note that you must take supervisor guidance, such as their guidance updates, into account in your AML/CFT programme (see section 57(2) of the Anti-Money Laundering and Countering the Financing of Terrorism Act 2009).

The link to the supervisor’s new guideline is available here.

*Biometric information confirms the identity of a person by comparing human characteristics e.g., photo or fingerprint to a stored version.