OJK WEBINAR:

DIGITAL IDENTITY AND E-

KYC:
THE SINGAPORE
EXPERIENCE
 BACKGROUND
 Historically – Face-to-Face KYC was the
default mandatory
 Impetus for Digital KYC

 Advent of FinTech platforms – and clients

could be offshore
 Traditional financial institutions go digital
(digital banking, InsureTech, online brokers,
robo-advisors)
 Advent of price-efficient RegTech

 Effectiveness against fraud mitigation

MYINFO AND DIGITAL KYC
MYINFO - BACKGROUND
 End 2017 – MyInfo was opened up to
financial sector
 Jan 2018 – MAS Circular on Use of
MyInfo for Digital KYC:
 MyInfo regarded as reliable and
independent source for purposes
of verifying customer’s name,
unique identification number, date
of birth, nationality and residential
address
 Where MyInfo is used, MAS will
not require FIs to obtain additional
identification documents
MYINFO FEATURES
SINGPASS – THE KEY TO MYINFO
SINGPASS FUNCTIONALITIES
SINGPASS FUNCTIONALITIES
SINGPASS FUNCTIONALITIES
DATA
CATALOGUE –
PERSONAL INFO
DATA
CATALOGUE -
FINANCE
DATA CATALOGUE –
EMPLOYMENT &
EDUCATION
USER CONSENT
DIGITAL SIGNATURE WITH
SINGPASS

 Empowers businesses and customers

when digitally signing agreements.
 Uses signing certificates issued by the
National Certification Authority.
 Upon accreditation, signatures made
using the Sign with Singpass will be
regarded as secure electronic
signatures under Singapore's Electronic
Transactions Act.
 The digital signature is
cryptographically linked to the signer
DIGITAL
SIGNING
PARTNERS
IDENTIFACE
GUIDANCE ON SINGPASS USAGE
GUIDANCE ON SINGPASS USAGE
  Solutions deployed include biometrics technology
(e.g. facial recognition - where digital algorithms are
used to match the face in ID documents against live
videos or selfie photos)
OTHER FORMS OF
 Liveness detection technology uses algorithms to
DIGITAL KYC analyse data collected from biometric sensors to
verify if the FI is interfacing with an actual customer
or a fake representation (such deepfake video
frames )
  Use of video-conferencing - engaging the individuals and
sighting ID documents over video call.

REGULATORY  To mitigate fraud and impersonation risks:

 Controls to be put in to verify identity of customer and
GUIDANCE ON authenticity of the ID documents
 Use of control questions to be answered by the customer
OTHER FORMS OF or performed liveness checks (to mitigate against use of
pre-recorded videos)
DIGITAL KYC  FIs to raise staff vigilance and conduct training on
possible fraudulent or tampered ID documents (e.g. to
specifically look out for authentication markers on the ID
documents)
  Use of video-conferencing alone may not always be
sufficiently adequate to detect and mitigate fraud and
impersonation risks.
REGULATORY  FIs should perform additional checks especially for
GUIDANCE ON higher risk accounts
 Some FIs have supplemented the videoconferencing
DIGITAL KYC: approach with additional checks, such as:
MAS AMLD 01/22  Verifying the customer’s information against reliable
(8 FEB 2022) and independent databases
 Performing a check sum digit test to identify data
validation errors in the customer’s ID document
  FIs can use publicly available sources or databases
(company registries and annual reports) to KYC legal
persons (eg. companies, businesses, partnerships etc)
 CDD documents that cannot be verified against a registry
REGULATORY or lack the requisite authenticity markers (such as a foreign
certificate of incorporation) should not be verified via
GUIDANCE ON video-conferencing.

LEGAL PERSONS  FIs can adopt additional measures to verify that the soft
copies of documents are genuine, e.g. original certified
true copy or requiring suitably qualified persons to use
digital signatures or watermarks to certify the authenticity
of the soft copies.
  Use of in-house or third-party ID document authenticity verification
tools to detect fraudulent or tampered ID documents (e.g. capturing
unique security features embedded in the customer’s ID document
and verifying them against databases through the use of APIs)
 Data validation (e.g. whether algorithmically-validatable elements of
document numbers in Machine Readable Zone ’MRZ’ of ID document
RISK OF are accurate)
 Data consistency (e.g. whether data represented in multiple places on
FRAUDULENT/TEMPERED the ID document - MRZ lines and Optical Character Recognition-
extracted text on the ID document are consistent).
DOCUMENTS
 Checks are also performed in addition to checks against police
records, to ascertain if the ID document has been stolen, lost or
compromised.
 FIs to conduct internal assessment if Tech is fit for purpose, to be
approved by Board/senior management. FIs to monitor effectiveness
on ongoing basis.
  RegTech can fail (e.g. For OCR technology may not
recognise text on low quality images or documents with
physical labels).

ENHANCING  Corrective Actions:

 Requiring customers to make initial deposit into an

INTERNAL account with the FI from funds held by the customer
CONTROLS in a bank account
 Performing a call-back to customer using a
telephone number that can be independently
verified.
  Prior to implementing RegTech solution, Fito conduct internal
assessment of effectiveness of RegTech solution in mitigating
impersonation and fraud risks.
 FI’s assessment should be approved by Board and Senior
Management.
 Some non-exhaustive areas that FIs include:
ASSESSMENT OF  Understand functionalities of the technology solution;
REGTECH SOLUTIONS
 Evaluate effectiveness in risk mitigation – including testing
functionalities and assessing reliability of underlying
databases used;
 Evaluate residual risks and put in place appropriate risk
mitigation measures.
 Independent assessment after 12 months