3 December 2020
The Monetary Authority of Singapore ("MAS") is consulting on a proposed Notice which would require in-scope financial institutions to use specific types of information for non-face-to-face identity verification. The MAS has noted a rise in impersonation scam cases, and the proposed Notice seeks to address risks arising from the theft and misuse of an individual's personal particulars.
Scope
The Notice would apply to a broad scope of entities ("relevant entities") regulated by the MAS, including banks, merchant banks, insurance brokers, capital markets services licensees, registered fund management companies, and payment services providers licensed under the Payment Services Act.
Identity verification requirements
Under the Notice, relevant entities would be required to use at least one of the following types of information during non-face-to-face verification of an individual's identity:
-
Something that only the individual knows (e.g. a password or personal identification number);
-
Something that only the individual has (e.g. a token, one-time password, or SingPass mobile application);
-
Something that uniquely identifies the individual (e.g. biometric information); or
-
Information such as account transaction information or an application identification number.
Personal particulars such as the individual's name, NRIC number, address, and date of birth are not permitted to be used as the sole means of identity verification. Further guidance on compliance with the proposed Notice is set out in Annex B of the consultation paper.
The consultation closes on 9 December 2020.
For further information, please contact:
Peiying Chua Heikes, Linklaters
peiying.chua@linklaters.com