ABA reconfirms backing of ID verification bill; others want more time to comply

  • FST Media
  • 30 October 2023
Digital identity legislation

While the Australian Banking Association (ABA) has reconfirmed its backing of the Federal Government’s Identity Verification Services 2023 bills, industry submitters have also called for more time to allow regulated entities to implement the changes, arguing the 12-month conformance period is far too short.

Representing the ABA, chief of policy Chris Taylor and Chris Whittingham, Westpac’s general manager, financial crime & fraud prevention, told the senate legislation committee that it backed the government’s proposed legislation with no amendments.

“This is all about having a war against scammers,” Whittingham said during the hearing. “Scammers are constantly changing their modus operandi… and this bill closes the loop.”

The ABA, as part of its submission to the enquiry, said it overwhelmingly endorses the objective of bills, which includes the Identity Verification Services Bill 2023 and Identity Verification Services [Consequential Amendments] Bill 2023.

In its submission, the peak body said the bills “will contribute to a significant uplift in the ability of government and industry sector organisations to appropriately identify individuals participating in key economic transactions while protecting the privacy of Australians.”

It added: “Secure and efficient identity verification is critical to enabling banks to minimise the risk of identity fraud and theft, protect individuals from scams and reduce cybersecurity risks.”

The bills effectively amend the Australian Passports Act 2005 to enable automated disclosures of personal information from the Document Verification Service (DVS) and Face Verification Service (FVS).

The DVS, used extensively by financial services businesses to support compliant obligations, is designed to confirm whether biographic information on an individual’s identity document matches the original record. The FVS targets the biometric end, comparing an individual’s photo against the image used on their identity documents.

The legislation proposes authorising one-to-one matching of identity through these ID verification services – for example, by matching the date of birth on a document with one held by the government.

The bill would also tap the national driver’s licence facial recognition system, enabling the FVS to conduct one-to-one matching against State and Territory identification documents, such as driver’s licences.

This legislative change, the ABA charged, would support higher standards for identity verification while reducing cybersecurity risk.

The Government notes that the DVS last year was used more than 140 million times by around 2,700 government and industry sector organisations. Approximately 2.6 million FVS transactions were also made over the 2022-23 financial year.

12 months to conform not enough

In its submission to the government, credit reporting agency Equifax (which notes its longstanding role in assisting the Government in help improve access to the DVS) contended that, while it mostly supports the bills, the 12 months conformance period for industry participants to meet minimum security standards, privacy obligations and reporting requirements was far too short.

Section 9 of the ID verification bill details – as part of their ‘participation agreement’ – a range of obligations for participants in the scheme, encompassing complaints, corrections, consents and data breaches.

As the new legislation effectively formalises a range of requirements for existing users of the DVS, failure to meet the stipulation of this participation agreement would see a user lose access to the DVS.

Equifax argued that without access to the DVS, financial services business will not be able to meet their anti-money laundering and counterterrorism financing (AML/CTF) obligations.

“This hard deadline could have consequences for the finance sector, which is reliant on the DVS to meet their AML CTF obligations,” Equifax argued.

The credit reporting company argued that while the impact of compliance on regulated entities “remains unclear… the deadline to be compliant is fixed”.

As a result, the company noted the difficulty for regulated businesses “to determine what new costs may be incurred” and “capital expenditure that is therefore required” to meet these legislative requirements.

“We recommend the Committee supports a longer transition period.”

The bill currently states that rules determined by the relevant Minister could see the imposition of “a fee for requests for identity verification services or in connection to the making of electronic communications to and from identity verification facilities”.

Equifax said: “The DVS has been part of business processes for a decade and while it may be desirable to embed it within a legislative framework, a compliance date of 12 months is insufficient time for compliance.”

The company notes that in its capacity as a credit reporting agency, effectively ‘a gateway service provider’, it serves as a key intermediary between the wider financial services sector and government to help meet AML/CTF compliance obligations.

 

Share This Post
Related News
Bank Guarantee
AMP partners to deliver end-to-end digital bank guarantees
profit
ZipCo records ‘largest ever’ quarterly earnings upswing
Remittance payments
Paytech Monoova enables instant cross-border payments
nz unbanked
Westpac NZ pilots basic bank account to address unbanked gap
AI accountant
Accountants want more AI, but big skills gap is hampering adoption: CAW

This site uses cookies. Find out more about cookies and how you can refuse them.

I Accept