Under 4.1.1 Policies and procedures relating to remote customer onboarding
d) the types of documents admissible to identify and verify customer: Will the process rely solely on primary documentation? What other documentation can be allowed? Would this vary by jurisdiction?
e) information and manner on which information needed to identify customer: How would this information be retrieved and updated? Real time as well as batch?
f) the level of human intervention required in the remote verification process: Is the aim to increase STP/reduce UIRs as much as possible?
Under 4.1.4 Ongoing monitoring of the remote customer onboarding solution
a) references “accuracy and adequacy of data collected during the remote customer onboarding process”: Potentially means that solution providers like Encompass will need to provide documentation as to how data is collected and validated.
Under 4.2.3 Identifying legal entities
30b) references information regarding beneficial owners in accordance with provision 4.12 of the EBA Risk Factor guidelines: Need to validate how BO information is collected and is consistent with non-remote customer onboarding methods
Under 4.4 Authenticity checks
41) references “financial sector operators should verify the identity……through a reliable and independent source of information such as public registers, where available”: What if no public register for that jurisdiction is available or that access is restricted? Can other commercial registers be referenced? What if there are inconsistencies between public and commercial registers?
Under 4.6.2 Outsourcing of CDD
General comment – while the outsourcing provider will attempt to reference external data sources as part of the contractor agreement, in instances where access to external data sources is not consistent or governed by different data privacy rules, what are the implications? Example where outsourcing provider is based in India vs EU