Regulated businesses across the UK economy – from financial services to gambling, and from art dealers to estate agents – must comply with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (Money Laundering Regulations).
Some firms already use digital journeys to onboard customers. Others have told us they want clearer direction on when, and how, digital identity checks can be used to meet Money Laundering Regulations requirements.
Following a public consultation on the Money Laundering Regulations in 2024, HM Treasury committed to publish joint guidance with the Department for Science, Innovation and Technology (DSIT) on using digital verification services (“DVS”).
That joint guidance is now available and sets out how the UK digital verification services trust framework (“trust framework”) interacts with the Money Laundering Regulations.
This post summarises what the guidance means in practice.
What the guidance is forThe guidance has been created to help organisations covered by the Money Laundering Regulations understand:
what a digital identity is and how it can be used what the trust framework is, and what it means to be certified against the trust framework how certified and registered DVS can support due diligence that businesses covered by the Money Laundering Regulations need to do on their customers what responsibilities regulated entities keep when they use DVS. This new guidance is official Government guidance for the purposes of compliance with the Money Laundering Regulations Digital identity and the trust framework: what we meanA digital identity is a digital representation of a person acting as an individual, or as a representative of an organisation.
It allows someone to prove who they are in interactions and transactions without presenting physical documents.
Digital identities are created using DVS. They can be used online or in-person, typically via a smartphone or computer.
The trust framework sets out clear rules and standards for the provision of DVS across the UK for those DVS wishing to become certified and registered. It draws on existing standards and good practice and is designed to support – not supersede – other sectors’ specific legislation.
DVS can be independently certified against the trust framework and apply to appear on the DVS register.
Being certified and registered provides confidence that a service is:
a reliable and independent source of information (independent of the person being verified) providing an appropriate level of anti-impersonation assuranceWe have published guidance about digital identities and the trust framework. Find further details about the trust framework.
What this means for Money Laundering Regulations complianceUnder the Money Laundering Regulations, regulated entities must have policies, controls and procedures to mitigate the risks of money laundering and terrorist financing.
This includes customer due diligence (CDD) measures to verify identity and understand the purpose behind transactions.
Using certified and registered DVS under Regulation 28 of the Money Laundering RegulationsThe guidance explains that DVS which are certified against the trust framework and on the DVS Register, can be treated as a reliable and independent source of information, with appropriate anti-impersonation assurance.
Specifically, for individuals, entities are able to fulfil their obligations under Regulation 28 of the Money Laundering Regulations by verifying a customer’s identity using certified and registered DVS.
Regulated entities may also use certified and registered DVS to support verification of company directors.
DVS which are not certified and are therefore not on the DVS register cannot reliably be deemed suitable for identity verification in compliance with the Money Laundering Regulations.
What firms still need to doUsing digital identity can support identity verification, but it does not remove wider Money Laundering Regulations responsibilities.
Regulated entities should:
continue to assess customer risk and apply enhanced due diligence where appropriate not assume digital identity covers all aspects of CDD (for example, understanding the purpose and intended nature of a business relationship or transaction) remember they remain ultimately liable for applying CDD measures appropriately, even when using third-party services ensure record keeping requirements can be met, in line with Regulation 40 of the Money Laundering Regulations What’s nextAlongside this work, the government expect to consult on a national Digital ID issued directly by government.
Where necessary, we will work with sector guidance bodies to ensure that specific guidance encourages the appropriate use of digital identity for CDD measures.
Widespread use of digital identity could bring significant benefits – estimated at £701 million per year for the UK economy – but those benefits depend on trust. The trust framework and the DVS Register are designed to provide that foundation, while supporting regulated firms to meet their obligations under the Money Laundering Regulations.
seen at 14:30, 26 February in Enabling digital identity.