The JMLSG publishes guidance to the financial services industry as to how the UK Money Laundering Regulations should be interpreted and implemented within industry regulated firms. The guidance is approved by HM Treasury and the Financial Conduct Authority before publication.
The UK Money Laundering Regulations are based on four EU Money Laundering Directives. A 5th Directive has been approved by the European Commission and will be implemented in member states by the end of 2019. Not withstanding Brexit, the UK has confirmed it will adopt the 5th Directive into UK law.
The 5th Directive (MLD5) recognises the existence of digital identity schemes (often referred to as eID) as an acceptable means of customer identification for use within a customer onboarding journey.
The purpose of this project is to explore the variances between the current guidance on industry good practice during the Customer Due Diligence (CDD) identity verification procedures (as set out in Chapter 5 of the Guidance) when compared to the guidance set out for IDPs within the Verify scheme (source GPG45) and to publish a discussion paper that sets out views on how these two discrete approaches could become interoperable.
Separately, a Peer Review Group will be established comprising interested parties (eg DCMS, FCA, TISA, t-scheme) to consider and comment on the findings of the project at draft stage and inform the project team for consideration prior to the publication of the white paper.
The project will test the following hypotheses:
The UK government’s Good Practice Guide 45 Identity Proofing and Verification of an Individual, and the Joint Money Laundering Steering Group (JMLSG) Guidance Notes could be adapted or modified to allow a digital identity, created within a scheme that is using GPG45, to be used within a financial services organisation’s customer onboarding journey, in such a way as to meet the identity verification guidance set out for CDD in the finance industry.
NOTE. GOV.UK Verify is the only digital identity scheme that has adopted GPG45 to date. Operational contractual obligations exist, over and above the good practice guide, that should also be considered and separately identified within the scope of this project.