Key changes to the Code of Practice 2013 include:
Part 1: Documentary Identity Verification
- Adjustment to the national identity card information to recognise some countries don’t use signatures but may use other biometric measures
Part 2: Document Certification
- Inclusion of international certification requirements
- Clarification that a trusted referee cannot be a person involved in the actual business/financial transaction requiring the certification
Part 3: Electronic Identity Verification
- Inclusion of a description of electronic identity and the subsequent verification
- Inclusion of the ability to rely on a single independent electronic source of verification when that source establishes a high level of confidence
- Removal of reference to address as identity verification. NB. This does not detract from the use of address as a key element of customer due diligence.
Complying with a code of practice is not mandatory, although it constitutes a safe harbour. If a reporting entity fully complies with the Code it is deemed to be compliant with the relevant parts of the AML/CFT Act. If a reporting entity opts out of the Code, it must inform its supervisor and must adopt practices that are equally effective, otherwise it risks non-compliance.