Effective January 1, 2024, the LSO (Law Society of Ontario) will implement new guidelines that will reshape the landscape of virtual verification of client identity. This article intends to provide a comprehensive understanding of these transformative changes and offers a guide to assist you in making an informed choice when partnering with a vendor for your organization's needs. To set the foundation, it's essential to frame the conversation of virtual verification of client identity within the broader sphere of client identity verification procedures.
Overview of Client Identity Verification Methods
The LSO's By-Law 7.1 delineates four pivotal methodologies for licensees to verify the identity of their clients:
1. In-person Verification: For licensees opting for in-person verification using a government-issued photo ID, they must rigorously examine the ID, ensuring it stands up to the benchmarks of authenticity, retains its validity, and remains current.
2. Virtual Verification Techniques:
(a) Credit File Method: Licensees can dive into an individual’s credit file that is situated within Canadian boundaries. This file should not only have been in existence for a minimum of three years but should also resonate with the name, birth date, and address the individual shares.
(b) Dual Process Method: Here, the licensee can solidify the identity by tapping into two distinct sources of information:
(i) A reliable source projecting the individual's name alongside their residential address
(ii) Another trustworthy source revealing the individual's name paired with their date of birth
(iii) Or, any information that verifies the individual's name and confirms their affiliation with a financial institution, be it a deposit account, credit card, or other forms of loan accounts.
(c) Agent-based Verification: Licensees aren't confined to personal verification; they can expand their scope by bringing an agent onboard. However, this necessitates a written accord between the licensee and the agent. The licensee must be convinced beyond doubt that the agent has met all the verification prerequisites and the procured data is both valid and up-to-date.
(d) Authentication-Driven Virtual Verification: This involves leveraging state-of-the-art technological solutions for identity by authenticating the identity documents of the client.
This article is focused on selecting a vendor for your authentication-driven virtual verification process.
Backstory: The Journey to Current Virtual Verification Protocols
The initial wave of virtual verification, which did not demand authentication of identity documents, found its roots in the LSO’s rapid response to COVID-19.
Licensees bear the responsibility of not merely knowing their client on a surface level but delving deep into understanding the financial intricacies intertwined with their professional dealings. With grave concerns like money laundering, mortgage scams, and identity deception, especially exacerbated during the pandemic, it's incumbent upon these licensees to manage risks in their practice and to remain on high alert.
The evolution to a more stringent authentication protocol in the realm of virtual verification is emblematic of the current provincial health and safety measures. This not only underscores the three alternative techniques available for client identity verification in absentia but also aligns with By-Law 7.1's directives that calls to ensure the authenticity, validity, and currency of all verification documents.
In light of the regulations effective January 1, 2024, licensees employing video conferencing or other virtual communication platforms for identity verification will be bound by the mandate to authenticate the government-issued photo identification document. A mere visual inspection of the individual and their identification via virtual mediums will no longer be sufficient.
Stepwise Guide to Virtual Verification of Client Identity
Step 1: Authentication of the ID document
In order to ensure authenticity, that is, that the document is genuine and untampered, the LSO mandates, the following:
- Obtaining from the individual a digital scan of their ID using the camera embedded in their smartphone or any electronic device they have access to.
- Using technology to evaluate the scanned ID document against:
- Recognizable traits of genuine IDs such as size, texture, character placement, elevated lettering, established formats, and design schemes.
- Established security components like holograms, barcodes, magnetic stripes, watermarks, and inbuilt electronic microchips.
- Distinctive markers and symbols, for instance, logos.
Step 2: Post-authentication validation & record-keeping
Once the ID document has been authenticated, the licensees need to do one of the following:
- Doubly confirm validity: This is done by juxtaposing the visual representation of the individual during a virtual meet with the photo and name inscribed on the authenticated ID document; or
- Biometric validation: Individuals are prompted to take a new photo with their electronic device. Advanced biometric technologies, such as facial recognition, are then used to compare this image to the one on the ID. Simultaneously, the names on the ID and those provided by the individual are compared.
Upholding the integrity of the verification process requires meticulous record-keeping. Licensees should record key information such as the applicable date, the chosen verification strategy, the steps diligently followed throughout the process, and the efforts taken to establish the authenticity, validity, and currency of the photo ID.
Vendor Selection Criteria
The LSO does not endorse specific vendors but requires their technology to properly evaluate ID characteristics and security features as outlined in Step 1. When choosing a vendor, consider:
- Financials: Dive deep into the cost structures, encompassing subscription charges, initial investments, and yearly commitments.
- Implementation: Assess the vendor's setup process. Some may require complex integrations, others are more plug-and-play.
- User Experience: The tools should be user-friendly for both staff and clients.
- Security: Prioritize strong data protection and data residency.
- Biometrics: See if the vendor provides advanced biometric verification methods, ensuring both ID and holder authenticity.
- Record-keeping: Choose vendors with thorough audit trails, capturing all necessary metadata.
- Integrations: If needed, check how well the vendor's tools integrate with existing systems like conveyancing and eSignatures.