Non face-to-face identification and verification

You can use client identity verification software which allows you to undertake client checks remotely and securely, making it easier to maintain records for audit. The service provider should be a reliable, independent digital ID system with appropriate built-in information security protocols which will help mitigate fraud risks.

Alternatively, you can use free basic software products that enable video conferencing to assist with the identification and verification process. This is a more manual process and where firms request that personal or sensitive information supporting identity verification be sent by email or other electronic means, you should consider taking additional steps to mitigate security risks, including, where appropriate, encryption.

To undertake manual identification and verification, we suggest the following process:

1. Request that the client sends you a clear, legible colour image of their passport / ID document using a suitably secure means, such as encrypted email
2. Arrange to video call the client. During this call, ask the client to hold the passport / ID document to their face. By checking the digital copy along with capturing the image of the client with the passport / ID document, you should be satisfied that they are one and the same before proceeding
3. In addition to the passport / ID document, ask the client to provide you with a digital copy of their valid proof(s) of address
4. Ensure that you document the rationale for adopting your revised identification and verification measures in the client / matter level risk assessment and to risk grade the relationship accordingly
5. Policies, controls and procedures should be revised to take into account the new process

Should the client and / or matter in question raise additional red flags and present a higher risk of money laundering, the firm should ensure that they are satisfied that those risks are addressed before proceeding. This may include obtaining further verification of identity or undertaking other measures as stipulated under r.33 (5) of the Money Laundering Regulations 2017.

If you do not wish to adopt software and are unable to access videoconferencing, there is the option to use email and a third party to validate the necessary documents. It does rely on the third-party having access to their own filing systems. Where firms request personal or sensitive information be sent by email or other electronic means in support of ID&V/CDD, due consideration should be made to associated information security risks and requisite steps taken (including, where appropriate, encryption) to mitigate such risks.

1. Ask the prospective client to contact their accountant or another identifiable professional, such as another solicitor or a doctor, to enquire if they are willing to certify documentation on their behalf
2. The prospective client emails the documentation, for example, copies of valid proof(s) of address and passport to the certifier
3. The certifier reviews the details they hold on file for the prospective client to ensure that it is correct and matches up to new information provided
4. If correct, the certifier emails both the client and a contact at the firm from their professional email address confirming:
   • Their relationship to the client
   • How long they have known the client
   • That the details on the valid proof of address match the details they, in their professional capacity, hold on file
   • That the photograph in the valid passport bears a true likeness to the client
   • Their job title, full name, address and contact numbers if not included in their email signature
5. Conduct an online check to establish the identity of the certifier and their company / firm and retain a screenshot of the same for your records. Similarly, you can check online to see if the certifier is registered with the professional body they purport to be a member of.

If the certifier is using an Adobe pdf, they can use the ‘fill and sign function’ to certify that the copies they had sight of, mirror the details that they hold on file and include the information in the bullet points above.

You should amend your policies, controls and procedures accordingly to reflect the interim changes and to record the new procedure in their client / matter risk assessments.

Should the client and / or matter in question raise additional red flags and present a higher risk of money laundering, the firm should ensure that they are satisfied that those risks are addressed before proceeding. In higher risk situations, for example, further verification (including verification of source of funds/wealth) will likely be appropriate, along with other measures as stipulated under r.33 (5) of the Money Laundering Regulations 2017

It is important to note that the regulations have not been relaxed in the current situation. We hope our suggested procedure above is useful but solicitors should remember that if they cannot complete adequate due diligence they should not proceed with the transaction.

Please also see the latest Legal Sector Affinity Group (LSAG) Covid-19 Advisory Note for further UK legal sector-wide information.