Identity Policy
Last updated
Last updated
Organisations are required to identify and verify the entities relevant to each relationship, these will include the Customer, their Controlling Parties (including Beneficial Owners) and any Introducers. The extent of identification and verification is not prescribed by the regulator's guidance and is left to the "reasoned judgements" of each organisation.
The regulator's guidance also requires that the persons related to a relationship which has been assessed as "Higher Risk" should undergo ECDD and therefore more stringent identification and verification should take place.
Identity Policies give organisations somewhere to define which components of an entity's identity information should be identified and verified depending on the entity's context within the relationship.
An organisation has one Identity Policy form.
There are four sections of the Identity policy, each representing the one of the four types of entity within Proofdesk:
Natural Person Identity Policy
Legal Person Identity Policy
Legal Arrangement Identity Policy
Foundation Identity Policy
Each identity policy presents the organisation with the list of identity components that are relevant to the entity type. For instance, the Natural Person Identity Policy includes Date of Birth whereas the Legal Person Identity Policy includes Incorporation Date.
There are then four columns representing each context that an entity might be found in:
Beneficial Owner
Beside each identity component the organisation can state whether it needs to be identified or verified under CDD (Colour coded blue) and ECDD (Colour coded Red). Each identity component also has a corresponding justification.
"Following ML/FT risk assessments, whether at the point of an initial risk assessment or after a review, relevant persons must determine and adopt appropriate and effective risk sensitive procedures and controls which enable them to manage and mitigate their ML/FT risks. This means that heightened (or in the case of CDD, enhanced) measures should be taken to manage and mitigate situations in which the ML/FT risk is higher and Code concessions must not be applied. Less stringent measures may be applied in situations with lower ML/FT risk."
The Handbook 2023 Section 2.2.5
Also refer to The Handbook 2023 section 2.1 through 2.2