Strategy, Legal & Operations

How the Core Identity Framework can help to combat identity fraud

Learn about a framework that can help you strengthen anti-money laundering processes at your practice, so you can tackle identity threats.

In an era propelled by rapid digitalisation, the traditional approaches of in-person meetings and physical document validation are progressively less popular among businesses to verify a client’s identity.

Nowadays, electronic ID checks tend to be the method of choice.

However, this has introduced heightened vulnerabilities to identity fraud, via the abundance of information available on social media and data aggregation platforms, and the growing frequency of cyber-attacks targeting unsecured systems.

In this article, we look at how you can strengthen your anti-money laundering (AML) processes at your practice with the help of a special framework, so you can stay resilient against identity threats.

Here’s what we cover:

Identity fraud in the digital age

The digitalisation of processes has undeniably accelerated the efficiency of AML processes across accountancy practices.

However it’s crucial for you, as an accountant or bookkeeper, to recognise that along with these advantages come new risks and vulnerabilities.

Specifically, identity fraud has become more pronounced in the digital era.

A notable example is the use of artificial intelligence (AI) paving the way for deepfakes—sophisticated synthetic media that digitally alters appearances to convincingly replace one person’s likeness with another.

While electronic methods are useful for verifying a client’s identity, you should take care and consider whether the processes you have in place are robust enough to truly authenticate identity.

Anti-money laundering checks to carry out

When it comes to taking on a new client at your practice, money laundering regulators and professional bodies expect you to be certain that you’re dealing with somebody genuine and they are who they say they are.

A failure to do this properly means you could face fine, reputational damage and even end up being taken to court.

The strategies you employ to authenticate clients may vary based on the nature of your interaction—whether it’s in person or virtual—and the duration of your client relationship.

Each client brings a unique context to the table. And while it’s tempting to stick to a routine, it’s essential to recognise that one size doesn’t fit all.

Need help to ensure you’ve covered all bases when it comes to dealing with client verification at your practice?

A framework we’ve created at Sage will support you to do just that.

What is the Core Identity Framework?

The Core Identity Framework is a method we devised that you use to assure yourself that you’ve truly verified the identity of your clients.

Core Identity Framework
The Core Identity Framework: A method for ensuring effective client verification

It covers the following:

  • Verifying residence: Can I prove they live where they say they live? This is to confirm the accuracy of their provided address.
  • Authenticating documents: Have I seen a valid and original (authentic) copy of the identity document? Assuring the authenticity and validity of the provided identification.
  • Validating identity: Is the person I’m dealing with the person on that identity document? This is to establish a seamless match between the individual and the details stated on the identification document presented.
  • Documenting evidence: Have I documented all of this as evidence? Documenting all the evidence you have so you can provide it on request at a practice assurance visit.

Our exploration of how AML is managed in practice at GoProposal has unveiled a trend whereby many of our accountants and bookkeepers currently address just two or three of these four pillars.

By consistently adhering to the Core Identity Framework, you can establish confidence in your client verification processes.

What to look for in an identity verification vendor

When it comes to verifying clients, the landscape of identity verification solutions offers a range of options, each catering to distinct verification levels.

The choice that best aligns with your needs hinges upon a close examination of your existing processes.

Here’s how to navigate these alternatives based on your circumstances:

  1. Face-to-face interactions: If you engage in in-person meetings for identity verification, a more basic electronic check might suffice. But ensuring documentation and secure storage of identity evidence is still a must.
  2. Virtual work settings: Moving to a virtual work environment brings a shift towards more comprehensive electronic verification strategies. The absence of physical interactions underscores the importance of ensuring any checks you’re doing electronically are robust.

Using the Core Identity Framework in your verification process

Identity verification vendors offer a range of different types of checks, so anchoring your decisions with the Core Identity Framework when deciding what’s going to work best with your processes is important.

Should your chosen vendor address only two or three core elements, it’s imperative to independently address the remaining component in your AML processes.

For example, many businesses choose to implement document verifications that encompass collection, storage, and validation of clients’ identity documents and addresses.

This would achieve three out of four on the Core Identity Framework.

Even after completing this check, businesses still need to confirm a face match with the presented document, either through an in-person meeting or an online verification method.

You should always refer to your practice assurance body for advice on whether online meetings are deemed to be acceptable.

Another common industry practice involves conducting a basic check and background scan using a client’s name, address and document number.

While this validates the authenticity of the document and the legitimacy of the clients address, it falls short.

In this scenario, neither a valid copy of the documentation has been retained nor has the business confirmed a face match to the presented document and associated document number, resulting in a score of two out of four on the Core Identity Framework.

Clearly, there’s still room for improvement in achieving a more robust verification process.

The examples above demonstrate how the Core Identity Framework can serve as the guiding beacon to guarantee your chosen approach encapsulates all vital elements.

Final thoughts

Regardless of the level of electronic check you choose, it’s important to ensure that all four fundamental verification areas are covered.

The ability to score four out of four within the Core Verification Framework depends on the specific processes and measures implemented by your practice for identity verification.

If you can only hit two or three within the framework, then investigate how you might need to adjust your processes to tick off all four.

Refer to your own identity verification practices and assess whether your current processes align with the four criteria outlined in the Core Verification Framework.

Identify any gaps or areas for improvement, and make adjustments accordingly. It’s an ongoing process, and the goal is to continually enhance and adapt your procedures to ensure a thorough and secure identity verification system.

Everything you need to know about anti-money laundering

Get your free guide, which covers anti-money laundering measures that are required for all accountancy and bookkeeping practices.

Download your free e-book
man in office

Subscribe to the Sage Advice newsletter

Join more than 500,000 UK readers and get the best business admin strategies and tactics, as well as actionable advice to help your company thrive, in your inbox every month.