Welcome to Onfido’s Policy Corner, your monthly regular briefing on key policy updates from the world of digital identity, AI, and data privacy. With a new government in the UK, the Swedish Presidency of the EU just around the corner, and the lame-duck Congressional session after the US midterm elections, we have a busy few weeks ahead as we end the year and begin 2023.
Scottish digital identity system. The Scottish Government launched a digital identity public engagement project to support the Scottish approach to service design which encourages society to actively take part in the definition, design and delivery of the digital identity service.
Online safety. The government has proposed changes to the Online Safety Bill to protect free speech and strengthen child protection. Some of the proposals are relevant for all in-scope services, while others only apply to the largest and most risky “category one” services. In particular, there are strengthened requirements for all in-scope services to protect children from content posing a “material risk of significant harm” including measures such as age verification or assurance methods.
EAB Remote Onboarding Guidelines. The European Banking Authority (EBA) has published its final Guidelines on the use of remote customer onboarding solutions. These Guidelines set out the steps EU financial institutions should take to ensure effective remote customer onboarding practices in line with AML laws.
Federal Reserve & Synthetic Identity Fraud. The Federal Reserve’s Synthetic Identity Fraud Mitigation Toolkit, part of their Payments Security strategic initiative, is designed to help American businesses understand how to identify and stay on top of synthetic identity fraud risks. They recently released Toolkit Module 9 - Fraud Mitigation Service Providers and Onfido is one of the providers listed. Read more about it in our blog here.
Crypto regulation on the horizon. US policymakers are showing renewed interest in crypto regulation and oversight, following the FTX meltdown. This includes taking a fresh look at previously proposed legislation to make sure it addresses current concerns about the market. Congressional action is unlikely before the end of the year due to Congressional calendar constraints and the need to take the time to get this right. Lots of discussion in Washington this week with hearings in the House and Senate — so watch this space.
COVID Benefits Fraud and APT41. The Secret Service recently announced hackers linked to the Chinese government were responsible for at least $20 million in stolen COVID benefits. The theft of taxpayer funds by APT41 is the first instance of pandemic fraud tied to foreign, state-sponsored cybercriminals that the U.S. government has acknowledged publicly. A NBC News report noted “[t]he primary purpose of APT41’s state-directed activity…is believed to be collecting personally identifying information and data about American citizens, institutions and businesses that can be used by China for espionage purposes.”
New State Policy Principles. The Better Identity Coalition (Onfido is a founding member) released its new state policy principles in advance of the 2023 legislative sessions. In the US, States have an incredibly important role to play in creating secure digital identity infrastructure that works for everyone, as they are responsible for driver’s licenses, birth certificates, and marriage licenses. You can read the report here.
DHS Tech Challenge for Remote Identity Validation. The Department of Homeland Security Science and Technology Directorate announced the launch of the new Remote Identity Validation Technology Demonstration (RIVTD). Over the course of 2023, DHS will challenge the industry to deliver secure, accurate, and easy-to-use remote identity validation technologies to combat identity fraud when users apply for government services, open bank accounts or verify social media accounts. The goal is to enable the industry to develop more secure, accurate, and easy-to-use technologies; objectively measure performance against realistic and sophisticated attacks; answer questions about the overall performance, risks, and fairness of these technologies for use in commercial or government applications; and inform efforts to standardize and certify technologies that are effective against sophisticated and rapidly evolving attacks.