In November 2021, the Austrian Financial Market Authority (FMA) has issued its long-awaited amendment to the Austrian Online Identification Regulation ("Online-Identifikationsverordnung"). Here is the most important information about it:
What does the current amendment to the Online IDV regulate?
This amendment allows financial services providers and service providers regarding crypto currencies that are subject to Austrian anti-money laundering and know-your-customer (KYC) requirements to employ entirely automated biometric procedures for remote online customer onboarding.(FMA) has issued its long-awaited amendment to the Austrian Online Identification Regulation. This amendment allows financial services providers and service providers regarding crypto currencies that are subject to Austrian anti-money laundering and know-your-customer (KYC) requirements to employ entirely automated biometric procedures for remote online customer onboarding.
Specifics and conditions of the new biometric identification method
Biometric identification means all methods for remote online customer onboarding where the entirety or parts of the customer onboarding is performed by automated electronic procedures without involvement of a staff member. This means that – contrary to the already possible video identification – it will no longer be necessary that a natural person is present during the onboarding procedure.
We expect that the new biometric identification procedure will make remote costumer onboarding and KYC verification much easier and speed up the entire process. Also, it should help reducing costs compared to the existing remote identification procedures. Other identification methods, in particular video identification, will of course continue to be permitted.
The use of biometric KYC procedures is subject to several conditions, such as the use of state of the art and regularly updated biometric procedures, adequate security measures and comprehensive documentation and recording of the onboarding process. The customer further must agree to the biometric KYC procedure in accordance with applicable data protection requirements.
Also, a so called “liveness-check” needs to be performed, which means that it must be detected if a fingerprint or face (or other biometrics) is real (from a live person present at the point of capture) or fake (from a spoof artifact or lifeless body part). Such liveness-check might be that the customer to be identified reads out a sequence of characters or words defined in the identification process, repeatedly scans a randomly selected area on the screen by moving his or her head or moves his or her head in different directions when prompted.
The introduction of NFC technology might cause difficulties
However, only photo IDs that are electronically signed by the issuing authority might be used for the biometric identification procedure. Financial services providers are obliged to verify the authenticity of the electronic signature and the integrity of the data. For this purpose, the electronic security chip (NFC chip) must be read out, for example via the NFC reader of a cell phone.
The practical problem with this is that many ID cards - especially foreign ones - are not yet equipped with such an NFC chip. In addition, not all smartphone types are technically capable of reading NFC chips. If the smartphone can technically read the NFC chip, a separate app usually must be installed for verification.
This requirement makes the onboarding process much more complex, since many onboarding programs are entirely web-based. The associated media disruption might have a negative effect on the customer experience and could lead to insufficient use of the biometric identification process.
The FMA has taken these concerns into account and has provided for a transitional period until December 31, 2022. Until then, the use of NFC technology can be dispensed and ID cards without electronic signatures are permitted, if these are visually checked and a copy kept.
The introduction of automated biometric KYC onboarding will certainly benefit the Austrian financial market. Automated remote customer onboarding is rapidly gaining importance on a global level, for both traditional financial services providers and FinTech companies. The new method will help with balancing the priorities of uncompromised user experience and compliance with applicable Austrian KYC and anti-money laundering requirements. However, as businesses still face significant compliance costs and sources of inefficiency and ineffectiveness in KYC onboarding, it can only be one important step towards transforming KYC operations from a significant compliance cost to a value-generating asset.
What can we do for you?
With our comprehensive know-how in the area of financial market law, we can competently support you in the legal design of remote identification procedures. We look forward to receiving your enquiry.