Table of Contents
At the beginning of summer 2024, Estonia has adopted the Crypto Asset Market Act to address gaps left by the European crypto asset market regulation for member states. While the act primarily targets matters related to crypto assets, it has also led to changes in other important financial sector laws.
One of these „hidden“ changes has eased one of the main requirements that many financial sector service providers have struggled with. Specifically, the opportunities for service providers to verify clients’ identities remotely has been significantly expanded.
Previous Requirements for Remote Client Identity Verification
All credit or financial institutions are required to verify the identity of a client if the client is from outside the European Economic Area, or if the transaction amount exceeds 15,000 euros for an individual and 25,000 euros for a legal entity.
Previously, remote client identity verification was only possible through software that met the requirements established by the European Union (eIDAS), which allowed the identity of the client to be verified with each document (such as Mobile-ID in Estonia).
Due to the differing software across EU member states for the official identification of ID cards issued in those states, it was practically impossible for financial sector service providers to meet this requirement. The software used by the service provider would have had to integrate all the various eIDAS compliant ID card verification softwares from all EU member states.
The situation was even more complicated for non-EU countries, where digital verification of ID cards may not always be possible. Thus, while remote identity verification for clients was theoretically possible for financial service providers operating in Estonia, it was practically very difficult, if not completely impossible.
Even if the customer could be identified by suitable means of identification, the current law required identification and verification of data in accordance with the regulation of the Minister of Finance, which, among other things, included a procedure for conducting a mandatory live interview.
New Freedom for Remote Client Identity Verification
With the law amendment, financial sector service providers are no longer required to use only the above-described software for identity verification. In the near future, service providers will be able to verify clients’ identities using any other freely chosen technological solution or interface that meets three requirements detailed below:
- Firstly, the means used for remote identity verification must ensure with sufficient certainty that the personal data and documents provided by the client are correct. Essentially, this means that the remote verification tool must allow for the identification that the client is personally participating in the identity verification without unauthorized third-party assistance – in practice, this means using primarily photo or video verification, where both the identification document and the client are visible.
- Secondly, the data (video, image, audio, etc.) collected by the means chosen by the service provider for identity verification must be of sufficient quality to actually verify the client’s identity. Additionally, the data identified during the identity check must be stored in equally high quality.
- Thirdly, the means chosen by the service provider for identity verification must not allow identity verification if the (internet) connection between the client and the identity verification software is interrupted. This means that if the service provider uses an automated technological solution for client identity verification, the program must automatically terminate the identity check if, for example, the quality of the client’s audio or video becomes so poor due to internet connection issues that it does not actually allow for verifying the client’s identity.
The new law replaces the reference to the regulation of the Minister of Finance with a reference to the instructions of the EU Banking Supervision. This essentially eliminates the outdated procedure and brings the current obligations closer to the generally recognized standards of the EU.
Considering these criteria, credit and financial service providers can now use both internally developed and already available specialized technological solutions on the market, such as Veriff or Sumsub, to verify clients’ identities.
The new regulation significantly expands the possibilities for service providers to verify clients’ identities, as it essentially allows for the use of any solutions that meet the above-described criteria. Among other things, this means that large service providers can develop in-house automated identity verification software.
In addition to the above, local companies should take into account future European Union legislation. Thus, the new anti-money laundering regulation will finally harmonize the anti-money laundering obligations of companies operating in the EU. This regulation ensures a uniform anti-money laundering framework across the EU.
