CySEC's Digital Onboarding Revolution: A Deep Dive into Policy Statement CP-02-2020

By Angelina Alyabyeva, Lawyer *

Introduction

The intersection of technology and financial regulation has given rise to a new era of customer onboarding. Policy Statement CP-02-2020, issued by the Cyprus Securities and Exchange Commission (CySEC), represents a pivotal moment in this evolution. This policy framework seeks to balance the imperative for innovation with the enduring need for robust anti-money laundering (AML) safeguards. This article delves into the core elements of CP-02-2020, examining its implications for the financial industry and the challenges that lie ahead.

The Regulatory Landscape: A Catalyst for Change

The financial services industry has undergone a profound transformation, driven by technological advancements and evolving customer expectations. The COVID-19 pandemic accelerated the shift towards digital channels, necessitating a corresponding adaptation of regulatory frameworks. The European Union (EU) has played a pivotal role in shaping this landscape, with directives such as the Fourth Anti-Money Laundering Directive (AMLD4) and the Fifth Anti-Money Laundering Directive (AMLD5) introducing stringent requirements for customer due diligence (CDD) and risk assessment.

Within this context, CySEC's CP-02-2020 emerges as a significant regulatory response. By embracing technological innovation while maintaining a strong focus on AML compliance, the policy seeks to strike a delicate balance between facilitating business growth and safeguarding the financial system.

The Core Components of CP-02-2020

CP-02-2020 introduces a multifaceted approach to customer onboarding, encompassing the following key elements:

1. Remote Customer Onboarding (RCO)

The policy explicitly endorses RCO, allowing financial institutions to verify customer identities remotely. This shift is in line with broader industry trends and aims to enhance efficiency and customer experience. However, the policy emphasizes the importance of a risk-based approach, requiring institutions to conduct thorough assessments before implementing RCO solutions.

2. Expanded Definition of Identification Documents

A notable feature of CP-02-2020 is the broadened definition of identification documents. This expansion beyond passports offers greater flexibility for financial institutions in accommodating diverse customer profiles while maintaining the necessary level of due diligence.

3. Address Verification

The policy retains the requirement for address verification but provides flexibility in the methods for collecting address documents. This aligns with the overall objective of streamlining the onboarding process while preserving essential AML controls.

The Mechanics of Remote Verification

CP-02-2020 outlines a detailed framework for remote customer verification, focusing on the following key elements:

• Dynamic Selfie and Video Call Verification: The policy mandates the use of dynamic selfies and video calls as essential components of the customer identification process. These methods enable real-time verification of the customer's identity, reducing the risk of identity fraud.
• Liveness Detection: To further enhance security, the policy requires the implementation of liveness detection techniques. These techniques, such as eye movement, head rotation, or facial recognition, confirm that a live person is present during the verification process.
• Document Verification: The policy emphasizes the importance of verifying the authenticity and integrity of identification documents. Thisincludeschecking for documenttampering, forgery, and inconsistencies.
• Data Quality: The policy mandates that photos and videos captured during the verification process must be of high quality to ensure accurate identification and prevent disputes.
• Additional Security Measures: The policy encourages the use of additional security measures, such as unique code verification or behavioral biometrics, to strengthen the overall verification process.

Implications for Anti-Money Laundering Compliance

The prevention of money laundering and terrorist financing remains a paramount concern for financial institutions. CP-02-2020 introduces several measures to strengthen AML compliance in the context of RCO, including enhanced customer due diligence, risk assessment, and ongoing monitoring. However, the effectiveness of these measures will depend on their practical implementation.

Financial institutions must develop robust AML frameworks that incorporate the specific risks associated with RCO. This includes implementing effective customer risk assessment procedures, conducting ongoing monitoring, and training staff to identify suspicious activity. Additionally, collaboration with law enforcement and financial intelligence units is essential for sharing information and combating financial crime.

Challenges and Opportunities

While CP-02-2020 offers a promising framework for RCO, financial institutions face a number of challenges. These include:

• Technology Adoption: Implementing the necessary technology and systems for remote verification can be costly and time-consuming.
• Data Protection and Privacy: Handling sensitive customer data, including biometric information, requires robust data protection measures to comply with relevant regulations.
• Operational Efficiency: Balancing the need for enhanced security with the desire for a streamlined customer experience is a complex challenge.
• Regulatory Compliance: Staying abreast of evolving AML regulations and adapting to new requirements can be burdensome for financial institutions.

Despite these challenges, CP-02-2020 also presents significant opportunities. By embracing RCO, financial institutions can improve customer satisfaction, enhance operational efficiency, and expand their customer base. Moreover, the policy's focus on technological innovation encourages the development of new and innovative solutions.

Conclusion

CySEC's Policy Statement CP-02-2020 represents a significant step forward in the regulation of customer onboarding. By striking a balance between innovation and compliance, the policy provides a framework for financial institutions to adapt to the evolving digital landscape while mitigating risks. However, successful implementation requires careful planning, investment in technology, and a strong commitment to AML compliance. As the regulatory environment continues to evolve, financial institutions must remain agile and adaptable to ensure ongoing compliance and business success.

*Angelina Alyabyeva is Legal Associate, CySEC, AML Officer, LLB (Hons), LLM, Commercial Mediator KEBE, law firm: Symeon Pogosian LLC

___________

Cyprus Securities and Exchange Commission, 'PS-01-2024: Policy Statement on the enhancement of the non-face-to-face customer onboarding process with electronic methods' (2024) https://www.cysec.gov.cy/CMSPages/GetFile.aspx?guid=ef97233d-bc18-4bb4-932a-dac7a0517460 accessed 8 August 2024.