I recently enjoyed an American comedy called Identity Thief, where a harmless-looking woman stole a businessman’s identity and lived the high life using his savings, while he struggled to prove to the authorities that he was who he said he was. While the film was very funny, the fact that it was seemingly so easy to steal someone’s identity was no laughing matter.
There has been a raft of regulatory reform around identity verification within the financial services sector following the global financial crisis, because after banks and financial institutions collapsed one after another, it became clear that none had a truly clear picture of the counterparties to their transactions.
Few people would argue with the intentions of anti-money laundering regulations, or the requirements for banks and financial institutions to know their clients. But while the objective of knowing who we are dealing with and being sure we should be dealing with them is laudable, it can have challenges in practise.
Under the Anti-Money Laundering and Countering Financing of Terrorism Act (AML/CFT Act) which came into effect on 30 June 2013, the obligations of financial services companies include implementing procedures to detect and mitigate the risk of money laundering (not a trivial undertaking), and verifying identification of all clients and conducting customer due diligence.
Not everyone wants to be ‘due diligenced’ and it can be galling to be asked for identification when you have dealt with a business for many years and are well known as a client. But under the new rules, being a known or a longstanding client is not sufficient – if you want to invest more money (your money!) you need to provide photo identification and have it verified by a suitably authorised person.
Ideally, we could all rely on one form of identification to be used every time ID is required. For American citizens, the social security number was long considered their national identification number, however it is not foolproof (as we learned in the movie) because it has no photograph, no physical description and no birth date.
There are moves here and overseas to establish central registers of ID-verified people, where various institutions share the information they have about clients to create a super database. Individuals who choose to be included in this database are allocated a unique number to use whenever identification verification is required. However, this is not necessarily the silver bullet because for such databases to be effective, information needs to be updated frequently, they need to take account of variations in names and spelling, and the idea of being included in a central database is unappealing to many for privacy reasons.
Someone recently described a central ID number as “a skeleton key, able to unlock a kingdom of untold riches for identify thieves.
It is the central piece of data needed to hijack our credit, steal our health insurance, use us as human shields and generally wreak havoc in our lives”.
Seems we have a way to go yet to find an acceptable and reliable way of knowing just who we are dealing with.