The Monetary Authority of Singapore (MAS) proposes to require banks, insurers and other financial institutions (FIs) to strengthen their processes for verifying the identity of their customers in non-face-to-face situations. MAS set out its proposed Notice on Identity Verification (Notice) in its Consultation Paper published on 10 November 2020 and invites the public to comment until 9 December 2020.
The Notice requires FIs to use at least one of the following types of information when verifying an individual’s identity through non-face-to-face channels such as phone or online banking before undertaking any transaction or request from the individual:
Information that only the individual knows
Information that only the individual has
Information that uniquely identifies the individual, based on the individual’s biometrics or behaviour
Information that is only known between the individual and the FI
The requirements will prohibit FIs from relying on common personal information such as NRIC numbers, residential address and date of birth as the sole means of identity verification.
The Notice reiterates the need for FIs to comply with the “Guidelines on Risk Management Practices – Technology Risk” when information is used to verify the identity of an individual for non-face-to-face contact. Therefore, information used to verify the identity of an individual should be securely obtained, processed, transmitted and stored to prevent unauthorised access. FIs are also required to obtain such information through online platforms and shall not ask individuals to disclose their login credentials through phone calls, emails or SMS messages.
FIs must take reasonable care to ensure that third parties they appoint to act on their behalf comply with the requirements of the Notice as if the third parties are FIs.
The Notice seeks to address the risks arising from the increasing number of cyber attacks such as data theft, scams and phishing. FIs should assess whether their identity verification procedures meet the requirements under the Notice and strengthen the level of authentication controls if applicable.
OrionW regularly advises FinTech clients on payment services regulation and licensing matters. For more information about the Notice on Identity Verification, or if you have questions about this article, please contact us at firstname.lastname@example.org.
Disclaimer: This article is for general information only and does not constitute legal advice.