Trust and Compliance: TrustCloud VideoID in line with new EBA guidelines

European Banking Authority’s (EBA) guidelines for remote onboarding of new customers came into effect on Monday, October 2. These guidelines harmonize different previous regulations within the European Union and refer to the obligations and assurances that video identification providers must supply. 

I

n its assisted mode, TrustCloud’s VideoID complies with these guidelines, positioning the company as a privileged trust service, qualified for financial institutions. Selecting a provider with guarantees is of vital importance as entities still retain full responsibility for the processes and data management in video identifications. 

The text aims to ensure that remote onboarding procedures are secure and compliant with anti-money laundering and counter-terrorism finance regulations. It also focuses on enabling companies to choose the best solution to assist with the onboarding of new clients and be aware of the risks involved. To achieve this, the guidelines are structured around the following blocks: 

Internal Policies and Procedures 

This part requires a detailed description of the digital onboarding solution that will be used, including its features and operation. The situations in which this solution will be applied is determined by specifying which steps are automated and which require human intervention. Additionally, controls must be established to ensure that the first onboarding transaction is initiated only after Customer Due Diligence (CDD) measures have been applied. Lastly, it is essential to develop ongoing training programs to familiarize employees with the solution’s operation and the necessary tools to address potential risks. 

Identification and onboarding solution analysis 

The chosen solution must undergo rigorous controls before being implemented, this will ensure its strength and reliability. Regular reviews should be conducted in cases of deficiencies, fraud attempts, increased exposure to risks, or regulatory changes. Supervision should include quality tests, alerts, regular reports, and manual reviews. Financial institutions are obliged to demonstrate to the competent authorities the assessments conducted, and the results obtained. 

Collection of Information: maximum compliance 

This section addresses all issues related to the information collected from the customer. The entity must ensure that photographs, videos, or sound files are in a readable format and of sufficient quality for accurate identification, and the process will be interrupted in the event of any minimal error, technical problem, or poor connection. The validity of all documentation must be reviewed, and the control systems to be applied when accepting reproductions of an original document should be specified. It is also necessary to determine which data is captured automatically, which the customer must provide manually, and which is obtained from other sources. To comply with legal requirements, it is necessary to retain and timestamp the documents and information gathered during the process, keeping them for a period of 5 years after the termination of the customer relationship. As we can observe, the guidelines leave no room for improvisation. 

Customer Identity Verification 

One of the most delicate points refers to matching the collected parameters. For example, the biometric information collected must match the photo on the ID card. When using an assisted mode with an agent, the agent must be knowledgeable of all regulations regarding Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT). 

Outsourcing: trusted provider 

This point obligates entities to define which part of the service is performed directly by the bank or fintech and which relies on an external provider. Furthermore, specific guidelines will apply when outsourcing occurs. 

Technological and Security Risks 

Businesses cannot evade their obligations regarding the detection and management of risks, even in cases where they rely on external providers. Transparent communication protocols and cryptographic algorithms must be applied throughout the procedure to protect the integrity, confidentiality, and authenticity of the data. 

The guidelines cover video identification procedures, which as mentioned, can be outsourced to specialized and fully compliant providers such as TrustCloud VideoID. They, however, must adhere to certain precepts. These include verifying the authenticity of identity documents, ensuring they are not tampered with or counterfeited. These providers must have professionals trained in fraud detection to guarantee the accuracy of the collected data. Additionally, it is necessary to use secure optical character recognition (OCR) algorithms and machine-readable zone (MRZ) reading to ensure proper extraction of information from documents. If the video identification system includes facial recognition or biometrics, it is essential that it meets the necessary technical guarantees and, of course, to protect users’ privacy, complies with the regulations established in the General Data Protection Regulation (GDPR). Security risk management must always be considered, ensuring the integrity and protection of sensitive user information. 

The banking sector has a great opportunity to evolve in an increasingly digitalized world and improve its reputation, especially if it relies on intelligent solutions that build trust and ensure the highest level of compliance, such as VideoID.