Technologies to verify client identity

The SFC issued a circular on 24 October 2016 after considering proposals from the industry to apply the latest financial technologies to account opening in non-face-to-face situations.

This circular is a further development of the SFC circular issued on 12 May 2015 after the SFC discovered unsatisfactory client identity verification during recent supervisory reviews. Unsatisfactory practices include:

• relying on images / video transmitted remotely by mobile phone or internet to carry out certification of the signing of the client agreement and verification of ID documents (Certification Process)
• licensed firms appointing unregulated affiliates to conduct the Certification Process

The requirements on account opening are set out in paragraph 5.1 of the SFC’s Code of Conduct.  The first practice above is not one of the acceptable approaches stipulated by the Code of Conduct. The second is strongly discouraged by the SFC because such affiliates may not possess the necessary knowledge and experience to conduct the Certification Process in accordance with the Code of Conduct. The SFC has reminded licensed firms in the recent circular that the SFC will closely review and follow up on any potential non-compliance and take appropriate regulatory action.

In the past few months, the SFC has considered whether facial recognition technology and checking overseas national identity databases through service providers can be applied to account opening in non-face-to-face situations and concluded that they are not acceptable.  The SFC has studied the practices of overseas regulators in this area and found that they have generally taken a cautious approach. 

Facial recognition (or fingerprint and sound recognition) systems may be considered to verify the client identity when authorising transactions of existing clients but not during new client onboarding. Databases are of limited assistance because some jurisdictions do not allow access due to privacy issues and where access is allowed, an assessment of the reliability and competency of the service provider would be required.

The SFC reminds licensed firms that they should carry out the Certification Process in accordance with 5.1 of the Code of Conduct (see Guidance in the Appendix to the recent circular). The SFC also reminds licensed firms of their customer due diligence obligations to prevent and detect money laundering. There are increased risks where the client is not physically present for identification purposes and additional measures should be adopted (see 4.12 of the SFC Guideline on Anti-Money Laundering and Counter-Terrorist Financing).

The SFC has also reminded firms that they can utilise the Mainland recognised certifiers whose electronic signature certificates have obtained mutual recognition status (see the relevant measure proposed by Supplement V to the Mainland and Hong Kong CEPA signed on 29 July 2008) to assist them to verify Mainland clients’ identities. Currently there are three recognised Mainland certifiers (see the list available in Simplified Chinese only). Licensed firms taking on new clients online can consider making use of the electronic signature certification service by these Mainland certifiers in order to verify the identity of the clients.