Digital ID Assessment Instrument FINANCIAL SECTOR MODULE DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   A Objective of the Questionnaire This instrument aims to collect comparable data on the Customer Due Diligence (CDD) practices and identification documents used by the financial service providers. CDD as specified in FATF Recommendation 10 is based on four pillars, requiring: 1) identification and verification of customers, 2) identification and verification of beneficial owners, 3) understand- ing the nature and purpose of transactions, 4) monitoring the clients and their transactions on an ongoing basis. The adequate identification of a customer so as to allow access to, and use of, financial services is an integral part of that customer’s engagement with the financial sector and, one of the key facets of CDD. These requirements for account opening are typically specified in the legal or regulatory framework of a particular jurisdiction and often vary across jurisdictions. This assessment instrument seeks to instigate jurisdictions to consider the requirements for CDD in the financial sector, collate valuable country-level data on consumer identification, compliance requirements and practices that pertain to the financial sector, and support the ability for financial sector authorities to be able to benchmark identification requirements against peer economies.” This assessment instrument is INSTRUCTIONS used to analyze the usage and penetration of ID in the Financial Responsibility for this effort should be delegated to the relevant lead/department within your Sector and supplements the institution. Given the range of topics covered in this module, we understand that it may be ID Enabling Environment necessary to consult and coordinate with other government agencies but require that your assessment (IDEEA) by the institution serve as the primary respondent. WBG ID4D team If the same requirement applies to all the institutional categories in the question, kindly use the separate column provided to indicate that the requirement applies equally to all listed institutional categories. Please provide responses in the space given, feel free to use different font or font color to distinguish responses from questions. We would be happy to answer any questions you may have and provide guidance to the official you designate to coordinate responses to the module. You may also request a translated or Word version of the questionnaire. Please contact fmontes@ worldbank.org with any questions or requests for clarifications. DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   1 Acknowledgments This assessment tool has been prepared by Fredesvinda Montes and Sharmista Appaya (World Bank) and co-chairs of the Financial Inclusion Global Initiative (FIGI). The authors are grateful to Minita Varghese for her extensive support during the research and drafting and in reaching out to selected study countries. The authors also want to thank the following individuals for their valuable contributions: Masud Rana (Bangladesh Bank), Daniel Gerstein (Central Bank of Brazil), Oscar Rubio (Central Bank of Mexico) and Matei Dohotaru (World Bank). In addition, the authors are also thankful to Marc Hollanders (Bank for International Settlements), Vijay Mauree (International Telecommunication Union) Jamie Zimmerman, Christopher Calabia (Bill & Melinda Gates Foundation), Vyjayanti Desai (ID4D World Bank) and Harish Natarajan (World Bank) for their support in developing the questionnaire. This assessment tool was funded by the Bill & Melinda Gates Foundation under the FIGI program. DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   2 Acronyms AML Anti-Money Laundering API Application Programming Interface CDD Customer Due Diligence CFT Combating the Financing of Terrorism CTF Combating Terrorist Financing; an alternative acronym to CFT DFS Digital Financial Services FATF Financial Action Task Force FSP Financial Service Provider KYC Know Your Customer LEI Legal Entity Identifier LoU Local Operating Unit MFI Microfinance Institution NBEI Non-bank E-money Issuer ODTI Other Deposit Taking Institution OTP One-Time Password PEP Politically Exposed Person PIN Personal Identification Number PoC People’s of Concern SDD Simplified Due Diligence UNHCR United Nations High Commissioner for Refugees DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   3 A. BACKGROUND INFORMATION Please provide the following information on the agency responding (or coordinating responses) to this Survey A.1 Name of the agency: A.2 Person filling out the Survey (please include as many respondents as units involved in the response) 1 Name:   2 Position/title:   3 Respondents’ Unit 4 Email:   1 Name:   2 Position/title:   3 Respondents’ Unit 4 Email:   1 Name:   2 Position/title:   3 Respondents’ Unit 4 Email:   DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   4 B. FINANCIAL SECTOR LANDSCAPE To facilitate international comparison, the Survey groups financial institutions into fifteen (15) broad categories. In the table below, we ask you to classify institutions existing in your country into these fifteen (15) groups. We ask you to list the types of institutions that are supervised/regulated in your country and to place them into the appropriate category. Where there is some ambiguity as to which category an institution belongs, please use your best judgment to pick one category. To assist you with filling out this table, we provide examples of institution types that fall into certain categories. B.1 For each category, provide the type of the institutions that are supervised/regulated in your country. This classification will structure your responses throughout the survey and you will need to ensure your responses to the following questions should reflect the classification provided here For each category, provide the INSTITUTIONAL type of the institutions that are CATEGORY DEFINITIONS supervised/regulated in your country. Commercial A commercial bank is an institution licensed for taking deposits from the general Banks public and subject to supervision in the meaning of the Basel Core Principles for Effective Banking Supervision. A commercial bank is a bank that is (a) not subject by law or regulation to (i) a specified maximum size of loan or savings product or (ii) any limitation on type of client that may be served; and (b) not tasked by law or regulation with serving any particular industry [e.g., Commercial Banks, Universal Banks]. Non-Commercial A bank other than a commercial bank. In a given country this term may include rural   Banks banks, agricultural banks, postal banks, among other types of non-commercial banks. (It does not include cooperative banks or mutual banks, which are categorized as financial cooperatives for the purposes of this Survey.) [e.g., Government Agricultural Development Bank] Financial A member-owned and member-controlled financial institution governed by the Cooperatives “one member one vote” rule. Financial cooperatives often take deposits or similar repayable funds from, and make loans only to, members, although some also serve non-members. The term includes credit unions, caisses, cajas, cooperative banks, and savings and credit cooperatives [e.g., Credit Unions].  Other Deposit An institution authorized to collect deposits or savings that does not fit the Taking definition of commercial bank or financial cooperative. ODTIs include deposit- Institutions taking microfinance institutions, savings and loan associations, among other non- (ODTIs) bank deposit-taking institutions. [e.g., Municipal Savings and Loan Institutions] Microfinance A financial institution that provides microcredit targeting low-income and poor Institutions customers and does not collect deposits or savings [e.g. Institutions that provide (MFIs) group lending or individual lending on small amounts and short term]. continued DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   5 B.1, continued For each category, provide the INSTITUTIONAL type of the institutions that are CATEGORY DEFINITIONS supervised/regulated in your country. Non-bank An issuer of e-money that is not a bank. The relevant questions in the Survey E-money Issuer request respondents to indicate whether the non-bank entity is authorized to act as (NBEIs) an issuer of e-money. This doesn’t include mobile money [e.g., Government issued touch n Go card for transport]. Bank-based Includes banks that are licensed or permitted by the regulator to provide mobile mobile Money based financial transactions that can occur using mobile networks [e.g., Mobile phone based money transfer, deposit and/or financing service] . Nonbank-based Nonbank financial service provider that is licensed or permitted by the regulator to mobile money provide mobile based financial services. Note: If the regulatory framework for nonbank-based mobile money is the same as NBEIs, there is no need for separate responses for the remaining sections of the Survey. Insurance A financial institution that pools risk by collecting premiums from a large group of Providers people who want to protect themselves and/or their loved ones against a particular loss, such as a fire, car accident, illness, lawsuit, disability or death. This will also include insurance intermediaries (e.g., insurance agents, insurance brokerages) Money Business entity that providers money transfer services or payment instruments (does Transfer not include if transfer is sent via mobile money) [e.g., Moneygram, Western Union]. Companies Payment An entity providing services that enable funds to be deposited into an account and System withdrawn from an account; payment transactions (transfer of funds between, into, Provider or from accounts); issuance and/or acquisition of payment instruments that enable the user to transfer funds; and money remittances and other services central to the transfer of money [e.g., credit card, debit card, Paypal, etc.] Broker Dealers A financial intermediary between buyers and sellers to facilitate securities transactions.  Exchange A non-bank foreign exchange company also known as foreign exchange broker or Companies simply forex broker is a company that offers currency exchange and international payments to private individuals and companies. Cryptocurrency Any entity that allows customers to trade cryptocurrencies or digital currencies for Exchange (if any other assets (fiat money or other digital currencies). and only include if regulated) Postal Any public or private entity providing various types of postal services, including Operators mailing, delivery and financial services. DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   6 Please provide the total number of institutions under each category, as of January 2020. B.2  Please write N/A if not applicable to your country. TYPE OF INSTITUTIONS TOTAL NUMBER OF INSTITUTIONS Commercial Banks Other Banks Financial Cooperatives Other Deposit Taking Institutions (ODTIs) Microfinance Institutions (MFIs) Non-bank E-money Issuer (NBEIs) Bank-based Mobile Money Nonbank-based Mobile Money Insurance Providers Money Transfer Companies Payment System Providers Broker Dealers Exchange Companies Cryptocurrency Exchange (if any and only include if regulated) Postal Operators DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   7 LEGAL, REGULATORY AND SUPERVISORY APPROACHES TO CUSTOMER IDENTIFICATION C.  FOR FINANCIAL SERVICES Please specify what authorities (if any) are in charge of: i) issuing the following types of regulation for financial institu- C.1  tions, and ii) supervising or monitoring compliance with such regulation. Please include name of the agency e.g. Central Bank, Data Protection Commissioner, Banking Supervisory authority etc COMMERCIAL BANKS NON-COMMERCIAL BANKS FINANCIAL COOPERATIVES Issues Issues Issues   regulation/ regulation/ regulation/ by laws Supervises by laws Supervises by laws Supervises 1 Financial integrity (AML/CFT)             2 Payment Systems Provision of Credit/ 3 overindebtedness 4 Data protection and privacy             5 Cyber security ODTIs MFIs NBEIs Issues Issues Issues   regulation/ regulation/ regulation/ by laws Supervises by laws Supervises by laws Supervises 1 Financial integrity (AML/CFT)             2 Payment Systems Provision of Credit/ 3 overindebtedness 4 Data protection and privacy             5 Cyber security continued DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   8 C.1, continued NONBANK BASED MONEY TRANSFER BANK BASED MOBILE MONEY MOBILE MONEY INSURANCE PROVIDERS COMPANIES Issues Issues Issues Issues   regulation/ regulation/ regulation/ regulation/ by laws Supervises by laws Supervises by laws Supervises by laws Supervises 1 Financial integrity (AML/CFT)             2 Payment Systems Provision of Credit/ 3 overindebtedness 4 Data protection and privacy             5 Cyber security PAYMENT SYSTEM PROVIDERS BROKER DEALERS EXCHANGE COMPANIES VIRTUAL CURRENCY Issues Issues Issues Issues   regulation/ regulation/ regulation/ regulation/ by laws Supervises by laws Supervises by laws Supervises by laws Supervises 1 Financial integrity (AML/CFT)             2 Payment Systems Provision of Credit/ 3 overindebtedness 4 Data protection and privacy             5 Cyber security POSTAL OPERATORS Issues   regulation/ by laws Supervises 1 Financial integrity (AML/CFT)     2 Payment Systems Provision of Credit/ 3 overindebtedness 4 Data protection and privacy     5 Cyber security DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   9 Are the documents, records or digital credentials that can be used for identification and/or verification of individuals C.2  for financial transactions, explicitly specified in your regulatory framework? Documents for Identification specified in the regulatory framework If Yes Indicate the name of the regulation and link if available 1 Yes 2 No Does your country adhere to any international or regional guidelines related to identification and/or verification of C.3  individuals for financial transactions (e.g. FATF Style Regional Bodies)? If Yes, please describe the rule and include link if available Yes No If C2=No, on what basis do reporting institutions determine documents, records or digital credentials to be collected C.4  for identification and/or verification of individuals for financial transactions? If C2=Yes, at which regulatory level has it been specified? C.5  Please specify: Documents to establish identity proof LEGAL ENTITIES INDIVIDUALS 1 By Law 2 By regulation 3 By Directive/Circular or similar administrative documents C.6 Does your country have a threshold for the following: Please specify amount and the types of entities covered International wire transfers (refer to FATF Recommendation 16) Other occasional transactions (refer to FATF Recommendation 10) DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   10 According to your current regulatory framework, which of the following information must be submitted for an individual C.7  for the transactions described in the columns below: Please mark all that apply International Exchange Exchange Checking/ International wire transfers transaction transaction savings Opening a wire transfers above below above Account mobile money Credit Card/ Domestic wire below threshold threshold threshold threshold opening account Loan transfers (refer to C6) (refer to C6) (refer to C6) (refer to C6) YES/NO YES/NO YES/NO YES/NO YES/NO YES/NO YES/NO YES/NO Select one: Select one: Select one: Select one: Select one: Select one: Select one: Select one: Declaration Declaration Declaration Declaration Declaration Declaration Declaration Declaration based/Proof based/Proof based/Proof based/Proof based/Proof based/Proof based/Proof based/Proof required required required required required required required required 1 Name 2 Date of birth 3 Place of birth 4 Details of immediate related parties (e.g., parents, spouse, children) 5 Nationality and/or Legal Status 6 Biometrics 7 Current address 8 Home state address 9 Employment 10 Income 11 Tax ID 12 National ID number or similar issued by central government authority 13 National ID number or similar issued by local government authority 14 PEP (self-declaration) 15 Mobile number linked to the account. 16 Other, please explain:             DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   11 C.8 Are there any additional requirements if an applicant is (a) female, (b) a minor? FEMALE IF YES DESCRIBE MINOR IF YES DESCRIBE 1 Yes 2 No C.9 If yes, please describe: FEMALE MINOR INFORMATION REQUIRED YES/NO YES/NO 1 Marriage certificate 2 Birth certificate 3 Standard documentation for financial transactions as above, required for father of applicant 4 Standard documentation for financial transactions as above required for mother of applicant 5 Standard documentation for financial transactions as above required for husband of applicant DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   12 Which of the following documents, records and digital credentials are accepted as proof information required for vari- C.10  ous financial transactions as indicated in question C7, according to the current regulatory framework to conduct custom- er due diligence? Please provide percentage of the population has access/covered by each ID type? Please also indicate strength of anti-fraud features for each ID type on a scale of strong/medium/low. If the Please mark all that apply. What percentage of the Strength of population is covered by anti-fraud this type of ID and please features   ACCEPT AS PROOF OF ID provide data source? of the ID type Individuals People’s of Legal Entities Yes/No/Allowed Concern (PoC) Yes/No/Allowed only in case of Yes/No/Allowed only in only in case of Strong/ low risk case of low risk low risk Medium/Low 1 National ID     2 Voter ID     3 Passport 4 Driver’s license 5 Tax ID ID issued to receive government transfers/ subsidies (e.g., social welfare     6 or assistance card) ID issued specifically for the financial sector (e.g., PAN Card, BankID, Bank 7 Verification Number (BVN) ID issued by functional ID registries (e.g., UNHCR 8 registry) 9 Birth certificate 10 Residence permit Photo ID issued by 11 educational institution     Employee ID issued by 12 public sector Employee ID issued by 13 private sector continued DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   13 C.10, continued What percentage of the Strength of population is covered by anti-fraud this type of ID and please features   ACCEPT AS PROOF OF ID provide data source? of the ID type Individuals People’s of Legal Entities Yes/No/Allowed Concern (PoC) Yes/No/Allowed only in case of Yes/No/Allowed only in only in case of Strong/ low risk case of low risk low risk Medium/Low Letter from local 14 authority Confirmation letter from 15 a suitable referee as determined by the state Verified mobile enabled ID 16 credentials (e.g., SIM Card) Other photo ID, please 17     specify: Other ID, please specify: 18     Are there simplifications or exemptions to the documentation requirements for certain types of individuals C.11  (e.g., low income) or financial products/services (e.g., small-value, low-risk transactions or basic accounts)? MONEY TRANSFER BROKER DEALERS PAYMENT SYSTEM Applies equally to (e.g., Moneygram, MOBILE MONEY COOPERATIVES Western Union) all institutional OTHER BANKS COMMERCIAL OPERATORS categories and does COMPANIES COMPANIES INSURANCE PROVIDERS PROVIDERS EXCHANGE CURRENCY FINANCIAL   not vary by institutional VIRTUAL POSTAL category (if this applies, BANKS ODTIs NBEIs no need to fill the MFIs other columns) 1 Yes             If yes, 1.1 please specify 2 No             3 NA             DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   14 C.12 Does your country have a tiered CDD framework? 1 Yes 2 No If C12 = Yes, what are the different tiers and the CDD requirements for each tier? Please indicate the tiers that are C.13  part of a Simplified CDD PRODUCTS AND SERVICES OFFERED IN LABEL OF THE TIER THRESHOLD OF THE TIER CDD REQUIREMENTS FOR THE TIER EACH TIER C.14 If you have a tiered approach, please indicate on what basis the tiers are determined, BY WHICH AGENCY PLEASE EXPLAIN METHODOLOGY Based on qualitative analysis Based on quantitative analysis Based on both qualitative and quantitative analysis Does the regulatory framework in your country allow for any other type of simplification to CDD that is not based on C.15  the tiered approach described above? SDD APPLIES? IF YES INDICATE THE TYPES OF INSTITUTIONS IF YES INDICATE THE REGULATORY FRAMEWORK Yes No DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   15 Which of the following institutional categories have access to data from the national ID system in your country? C.16  MONEY TRANSFER BROKER DEALERS PAYMENT SYSTEM Applies equally to (e.g., Moneygram, MOBILE MONEY COOPERATIVES Western Union) OTHER BANKS all institutional COMMERCIAL OPERATORS COMPANIES COMPANIES categories and does INSURANCE PROVIDERS PROVIDERS EXCHANGE CURRENCY FINANCIAL   not vary by institutional VIRTUAL POSTAL BANKS category (if this applies, ODTIs NBEIs MFIs no need to fill the other columns) 1 Yes             2 No             3 NA             DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   16 According to current regulatory framework, after establishing a business relationship with a financial service provider, C.17  which of the following must be submitted for authentication of identity for an individual customer to carry out financial transactions through their account at the following? Please mark all that apply COMMERCIAL MONEY TRANSFER EXCHANGE POSTAL   BANKS NBEIs MOBILE MONEY COMPANIES COMPANIES OPERATORS YES/NO/NA YES/NO/NA YES/NO/NA YES/NO/NA YES/NO/NA YES/NO/NA Online Physical Online Physical Online Physical Online Physical Online Physical Online Physical 1 National ID card           Other government 2           recognized ID card 3 Other ID card           4 Business ID Number on the 5           ID card 6 Fingerprint           7 Iris scan Other biometric 8           information 9 PIN 10 Personal details           11 Password 12 OTP 13 Token 14 Digital signature Security 15           questions Other, specify: 16           DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   17 D. IDENTIFICATION FOR LEGAL ENTITIES D.1 Does your country require a unique ID for all registered businesses? 1 Yes 2 No D.2 Which agency provides the unique ID number for all registered businesses? If yes, please provide type of the unique ID YES/NO If yes, please provide name of the agency: (e.g., tax ID number, company registration number, etc.) 1 Government agency 2 Private agency 3 LEI LoU 4 Other DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   18 According to your current regulatory framework, which of the following information must be submitted for legal entities D.3  for the transactions described in the columns below: Please mark all that apply Exchange Opening a International International Exchange transaction mobile Domestic wire transfers wire transfers transaction above Account money Credit Card/ wire below threshold above threshold below threshold threshold opening account Loan transfers (refer to C6) (refer to C6) (refer to C6) (refer to C6)   YES/NO YES/NO YES/NO YES/NO YES/NO YES/NO YES/NO YES/NO Select one: Select one: Select one: Select one: Select one: Select one: Select one: Select one: Declaration Declaration Declaration Declaration Declaration Declaration Declaration Declaration based/Proof based/Proof based/Proof based/Proof based/Proof based/Proof based/Proof based/Proof required required required required required required required required 1 Name Date of creation of 2 the legal entity 3 Place of creation 4 Name of shareholders 5 Type of Legal entity 6 Location 7 Current address 8 Home state address 9 Business description 10 Billing Information 11 Tax ID Companies Registry 12 ID number Other, please explain: 13             DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   19 According to current regulatory framework, after establishing a business relationship with a financial service provider, D.4  which of the following must be submitted for authentication of identity for a legal entity customer to carry out financial transactions through their account at the following? Please mark all that apply COMMERCIAL MONEY TRANSFER EXCHANGE POSTAL   BANKS NBEIs MOBILE MONEY COMPANIES COMPANIES OPERATORS YES/NO/NA YES/NO/NA YES/NO/NA YES/NO/NA YES/NO/NA YES/NO/NA Online Physical Online Physical Online Physical Online Physical Online Physical Online Physical 1 National ID card           Other government 2           recognized ID card 3 Other ID card           4 Business ID Number on the 5           ID card 6 Fingerprint           7 Iris scan Other biometric 8           information 9 PIN 10 Personal details           11 Password 12 OTP 13 Token 14 Digital signature Security 15           questions Other, specify: 16           DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   20 E. NON-COMPLIANCE What are the sanctions for financial service providers who fail to comply with the identification requirements laid out E.1  by law or regulation? If yes, please specify Number of times sanction has been YES/NO (e.g., max amount of fine, max amount of time/term) applied from 2012–2017 1 Administrative fine 2 Criminal fine 3 Suspension of license 4 Revocation of license 5 Imprisonment DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   21 F. ELECTRONIC PAYMENTS Please indicate whether submission of the following information is mandated by law/regulation or simply practiced to F.1  authenticate customer identity when an electronic payment is made at a physical merchant? Please mark all that apply CREDIT CARD DEBIT CARD MOBILE WALLET Mandated = 1 Mandated = 1 Mandated = 1 Common Practice Common Practice Common Practice (not mandated) = 2 (not mandated) = 2 (not mandated) = 2 No = 3 No = 3 No = 3 Chip Non-chip Chip Non-chip 1 PIN 2 Signature National ID card or similar issued by central 3 government authority ID card or similar issued by local government 4 authority 5 Other non-government ID card 6 Fingerprint 7 Iris scan 8 Photo selfie for face recognition 9 Other biometric information 10 Mobile number 11 Address zip code 12 One-time password/passcode Other, specify: 13 DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   22 Please indicate whether submission of the following information is mandated by law/regulation or simply practiced to F.2  authenticate customer identity when an electronic payment is made at an online merchant? Please mark all that apply CREDIT CARD DEBIT CARD MOBILE WALLET Mandated = 1 Mandated = 1 Mandated = 1 Common Practice Common Practice Common Practice (not mandated) = 2 (not mandated) = 2 (not mandated) = 2 No = 3 No = 3 No = 3 Chip Non-chip Chip Non-chip 1 Card number 2 Card verification number 3 Number on ID card 4 Photo selfie for face recognition 5 Mobile number 6 Address zip code 7 One-time password/passcode 8 Other, specify: 9 Other biometric information 10 Mobile number 11 Address zip code 12 One-time password/passcode 13 Other, specify: Are there simplifications or exemptions to the information required to authenticate customer identity for F.3  electronic payments below a certain transaction value? 1 Yes 2 No If YES, go to F.4 If NO, go to SECTION G Please describe the simplifications or exemptions to information requirements when electronic payments are below a F.4  certain transaction value. DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   23 G. VERIFICATION PROCESS FOR FINANCIAL SERVICES G.1 What are some of the reference systems to which financial service providers have access to, for verification purposes? MONEY TRANSFER BROKER DEALERS PAYMENT SYSTEM NONBANK BASED Applies equally to MOBILE MONEY MOBILE MONEY COOPERATIVES all institutional OTHER BANKS COMMERCIAL BANK BASED OPERATORS categories and does COMPANIES COMPANIES INSURANCE PROVIDERS PROVIDERS EXCHANGE CURRENCY FINANCIAL   not vary by institutional VIRTUAL POSTAL category (if this applies, BANKS ODTIs NBEIs no need to fill the MFIs other columns) 1 National ID system             2 Credit reporting system 3 Tax system             4 Business registry             5 Civil/population registry 6 Voter registry 7 Social security system 8 Pension system 9 Healthcare system 10 Judicial system Officially recognized private 11 ID systems 12 Internal migration registry 13 Refugee/stateless registries 14 Other, please describe: DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   24 How can financial service providers access the data held by the reference systems indicated above? G.2  YES/NO/NA Access has a cost for the financial institution? 1 Website 2 Hardwired links 3 APIs 4 Other, please specify: What is the basic verification requirement according to the regulatory framework in your country for individuals? G.3  Please mark all that apply. YES/NO/NA 1 Based on a primary ID document   2 Asking for secondary ID document(s) Online verification of ID information against public database 3 (please specify)   4 Online verification of ID information against private database (please specify) 5 Off-line verification of ID information through offline card-reader terminals   6 Reference from a trusted third-party (please specify) G.4 Is there a fee for financial service providers to access data stored by the agency maintaining the ID system? 1 Yes 2 No If there is a cost, please provide information on when financial service providers have to pay a fee and the fee amount? G.5  Please provide fee information in local currency YES/NO  If yes, please specify amount 1 Periodic payments 2 One-time payment   3 Per-enquiry   DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   25 H. DATA STORAGE H.1 Please describe the document retention process that financial service providers undertake, after the verification process Time period to delete data (e.g. Only for as long the business relationship exists) Less than five years AFTER the business relationship has ended TYPE OF INFORMATION RECORDED More than five years AFTER the business relationship has ended) 1 Scan verification information and maintain electronically 2 Keep electronic copies of the verification checks Record reference details on identity or transaction 3 documents Keep photocopies of all identification documents 4 presented for verification purposes I. CONSUMER PROTECTION Does your country have explicit laws and regulations on how the ID system’s database interoperates with the financial I.1  sector for verification and authentication purposes? RESPONSE Please indicate name of regulation and year issued 1 Yes 2 No According to current law or regulation, please select the applicable mechanisms in place to obtain informed consent I.2  from individuals on the use of their data for verification and authentication purposes? YES/NO/NA 1 Written consent taken during account opening Written information on data use provided during account opening and implied 2 consent with signing of account opening form 3 Verbal consent taken during account opening 4 No mechanisms in place to obtain informed consent DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   26 Are there any provisions in the existing laws and regulations that prohibit or restrict financial institutions from I.3  discriminating against certain segments such as women, indigenous populations, or based on faith, political affiliation? TYPE OF POPULATION YES NO Women Peoples of Concern Minorities Are there clear and transparent procedures to correct records and adjudicate or address grievances in case of I.4  data errors, or violation of consent, rights or data privacy? YES NO Clear rules and procedures to correct data errors Clear rules to store data Clear rules on data portability Is biometric data considered sensitive data or special category of data If YES, go to I.6 If NO, skip to SECTION J I.5 What is the redress mechanism when consent, rights or data privacy has been violated? Describe all relevant Financial institution is required to address 1 grievance claim within a set time-period Claims can be submitted to the agency 2 that oversees the ID system Claims can be submitted to the Financial 3 Regulator or Financial Ombudsman 4 Approach legal court Other, specify: 5 DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   27 J. MONITORING FOR AML/CFT PURPOSES What are the measures that financial service providers have in place to monitor for unusual and other HIGHER RISK J.1  transactions? COMMERCIAL MONEY TRANSFER EXCHANGE POSTAL BANKS MOBILE MONEY NBEIs COMPANIES COMPANIES OPERATORS In house Vendor In house Vendor In house Vendor In house Vendor In house Vendor In house Vendor Yes/No Yes/No Yes/No Yes/No Yes/No/ Yes/No/ Yes/No Yes/No Yes/No/ Yes/No Yes/No/ Yes/No/ Manual/simple scanning 1 of transactions Electronic scanning of 2 transactions based on set parameters Electronic scanning of 3 transactions based on artificial intelligence Other, specify: 4 What are the measures that financial service providers have in place to monitor people and entities in terrorist lists based on J.2  UN Security Council resolutions and other national agencies? COMMERCIAL MONEY TRANSFER EXCHANGE POSTAL BANKS MOBILE MONEY NBEIs COMPANIES COMPANIES OPERATORS In house Vendor In house Vendor In house Vendor In house Vendor In house Vendor In house Vendor Yes/No Yes/No Yes/No Yes/No Yes/No/ Yes/No/ Yes/No Yes/No Yes/No/ Yes/No Yes/No/ Yes/No/ Manual/simple scanning 1 of transactions Electronic scanning of 2 transactions based on set parameters Electronic scanning of 3 transactions based on artificial intelligence Other, specify: 4 DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   28 J.3 What are the measures that financial service providers have in place to monitor Politically Exposed Persons (PEP)? COMMERCIAL MONEY TRANSFER EXCHANGE POSTAL BANKS MOBILE MONEY NBEIs COMPANIES COMPANIES OPERATORS In house Vendor In house Vendor In house Vendor In house Vendor In house Vendor In house Vendor YES/NO YES/NO YES/NO YES/NO YES/NO/ YES/NO/ YES/NO YES/NO YES/NO/ YES/NO YES/NO/ YES/NO/ Manual/simple 1 scanning of transactions Electronic scanning of 2 transactions based on set parameters Electronic scanning of 3 transactions based on artificial intelligence Other, specify: 4 K. E-KYC SOLUTIONS K.1 Does your country have a KYC registry? Please fill in where applicable The KYC registry includes Persons of Concern KYC registry only KYC registry only KYC registry only for (individuals with refugee, stateless status and for individuals for legal entities both legal and individuals migrant status) YES/NO YES/NO YES/NO YES/NO Name of the public institution managing the KYC registry: Name of the private institution(s) managing the KYC registry: DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   29 K.2 If yes, please provide information on the following, FEATURES OF THE KYC REGISTRY YES NO 1 The KYC Registry is established by the Financial Regulatory Authority 2 The KYC Registry is mandatory for all regulated entities 3 The KYC Registry allows the participation of non-regulated entities 4 The KYC Registry includes a list of mandatory data attributes 4.1 If 4 yes, indicate the mandatory attributes 5 The KYC registry collects biometric data from the customers 6 The KYC registry verifies information against the national ID database 7 Access to the KYC registry involves costs K.3 Participants to the KYC registry? Please mark all that apply COVERS COVERS LEGAL MANDATORY DATA INCENTIVES TO USE THE REGISTRY (YES) PARTICIPANTS INDIVIDUALS (YES) ENTITIES (YES) SUBMISSION (YES) (e.g. lower requirements for operational risk, less frequent reviews) Commercial Banks     Other Banks     Financial Cooperatives     ODTIs     MFIs NBEIs Mobile Money Insurance Providers Money Transfer Companies Broker Dealers Exchange Companies Virtual Currency Postal Operators Commercial Banks Other Banks DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   30 K.4 Type of data collected in the registry DATA FROM THE ACCOUNT OWNER INDIVIDUALS LEGAL ENTITIES (YES) ID number (indicate type of ID)     Mobile Phone Number     SIM registration card     Name and last name     Date of birth Address Location Bank ID number Type of account OTHER TYPE OF DATA FROM THE ACCOUNT Destination of funds on wire transfers Address of wire destination account Location of wire destination account Monthly withdrawals Amount average Number of monthly transactions Details on beneficial owners Reason for the transaction DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   31 K.5 Usage of the KYC registry? Used for account Used for face Used for account access/ Used for account opening existing to face account Used for remote monitoring transactions/ Participants opening new clients clients opening account opening other (please describe) Commercial Banks     Other Banks     Financial Cooperatives     ODTIs     MFIs NBEIs Mobile Money Insurance Providers Money Transfer Companies Broker Dealers Exchange Companies Virtual Currency Postal Operators Commercial Banks Other Banks DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   32 L. DIGITAL ID SOLUTIONS OR E-KYC SOLUTIONS KYC SOLUTIONS OR DIGITAL ID USED IN THE FINANCIAL SECTOR YES NO Are there Digital ID (s) available in the country Is Digital ID broadly used by financial institutions? Is the Digital ID operated by the Public Sector? Is the Digital ID operated by the private sector? Is the Digital ID offered through a federated model? Are there more than one Digital ID used by financial institutions? Are international technical standards adopted by each system? Does the e-KYC solution allow client authentication? Is there a data governance framework in place that supports required levels of assurance for ID proofing? Is the authentication based on more than one factor? Are any of the factors used in the KYC solution mostly based on something you know? (i.e. passwords, passphrase, PIN, challenge response) If Digital ID is not broadly used indicate the main cause a) Lack of access b) Cost c) Not reliable (i.e. does not meet the levels of assurance required for the risk scenario) d) It is not recognized by the legal and regulatory framework for financial sector e) Not sufficient knowledge about the system Are there KYC solutions available in the market? Key feature of the KYC solution is offered in the form of software to meet compliance requirements? The KYC solution uses additional complimentary data from other sources? The KYC solution includes data from all potential new customers? The KYC solution is offered to a specific type of customers? (i.e. credit customers through credit bureaus or alike) The KYC solution is offered to all financial services providers DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   33 GLOSSARY API: a set of functions and procedures allowing the creation of applications that access the features or data of an operating system, application, or other service. Commercial bank: a bank that is (a) not subject by law or regulation to (i) a specified maximum size of loan or savings product or (ii) any limitation on type of client that may be served; and (b) not tasked by law or regulation with serving any particular industry. Consumer protection: federal and state statutes governing sales and credit practices involving consumer goods. Customer due diligence (CDD): comprises the facts about a customer that should enable an organization to assess the extent to which the customer exposes tit to a range of risks. These risks include money laundering and terrorist financing. Deposit account: deposit account held with banks and other authorized deposit-taking financial institutions that can be used for making and receiving payments. Such accounts are known in some countries as current accounts, chequing accounts or other similar terms. Digital ID Systems: Digital Id systems are those that that provide identity proofing and enrollment, binding (credentials with identity proofed individual) and authentication (is the person who claims to be) digitally and have the capabilities to store information associated with such processes in electronic form. e-KYC solution: Electronic and online based know your customer (KYC) processes including digitization of records, verification of documents and attributes and authentication of a person. E-money: monetary value represented by a claim on the issuers which is stored on an electronic device such as a chip card or a hard drive in personal computers or servers or other devices such as mobile phones and issued upon receipt of funds in an amount not less in value than the monetary value received and accepted as a means of payment by undertakings other than the issuer. Financial consumer protection legal and regulatory framework: a set of legislative and regulatory instruments governing financial services providers practices with respect to their dealings with consumers. Financial cooperative: a member-owned and member-controlled financial institution governed by the “one member one vote” rule. Financial cooperatives often take deposits or similar repayable funds from, and make loans only to, members, although some also serve non-members. The term includes credit unions, building societies, caisses, cajas, cooperative banks, mutual banks, and savings and credit cooperatives. Insurance: is a contract, represented by a policy, in which an individual or entity receives financial protection or reimbursement against losses from an insurance company. The company pools clients’ risks to make payments more affordable for the insured. DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   34 Microcredit: small-scale credit typically provided to self-employed or informally employed poor and low- income individuals and microenterprises. Other common features of microcredit include a lending methodology characterized by familiarity with the borrower, lack of collateral, expectation of a follow-on loan upon successful repayment, and very small loan amounts (although the size of microcredit varies from country to country). Microfinance institution (MFI): a financial institution that does not take deposits and provides microcredit targeting low-income and poor customers. Mobile wallet: A mobile wallet is a virtual wallet that stores payment card information on a mobile device. Non-bank E-money Issuer (NBEI): an issuer of e-money that is not a bank. The relevant questions in the Survey request respondents to indicate whether the non-bank entity is authorized to act as an issuer of e-money. Other bank: a bank other than a commercial bank. In a given country this term may include rural banks, agricultural banks, postal banks, among other types of non-commercial banks. (It does not include cooperative banks or mutual banks, which are categorized as financial cooperatives for the purposes of this Survey.) Other deposit-taking institution (ODTI): an institution authorized to collect deposits or savings that does not fit the definition of bank or financial cooperative. ODTIs include deposit-taking microfinance institutions, savings and loan associations, among other non-bank deposit-taking institutions. Postal Operator: Any public or private entity providing various types of postal services, including mailing, delivery and financial services. DIGITAL ID ASSESSMENT INSTRUMENT: FINANCIAL SECTOR MODULE   35