Guidance on Expired Passports as Identification for Customer Due Diligence

Page 1 of 2 Guidance on Expired Passports as Identification for Customer Due Diligence Background The AML/CFT supervisors have become aware of the need for clear guidance on the use of expired passports as part of Customer Due Diligence procedures and how it relates to the Amended Identity Verification Code of Practice 2013 (‘the code’). Status under the Amended Identity Verification Code of Practice 2013 In the code, Part 1, Section 1 currently refers to a passport as an example of primary photographic identification. The Passports Act 1992 (Section 2) defines a passport as follows: “passport means a document that is issued by or on behalf of the Government of any country, and that purports to establish the identity and nationality of the holder; but does not include such a document that has expired or that has been cancelled.” The AML/CFT supervisors consider this to mean a valid passport at the time a business relationship is established, and thus an expired passport does not meet the required standard for Part 1, Section 1 of the code. However, Part 1, Section 4 of the code requires reporting entities to have an exception handling procedure in place for circumstances when a customer demonstrates they are unable to comply with the prescribed identification requirements outlined in the code. The AML/CFT supervisors consider that an expired passport may still be acceptable via an exception handling procedure. When the code is fully complied with it operates as a ‘safe harbour’. If a reporting entity opts out of the code it does not receive the benefit of the safe harbour. In these circumstances, the reporting entity must comply with the relevant statutory obligation by some other equally effective means. In order for this to be a defence to any act or omission by the reporting entity, the reporting entity must have provided written notification to its AML/CFT supervisor that it has opted out of compliance with the code and intends to satisfy its obligations by some other equally effective means. The AML/CFT supervisors do not consider that accepting an expired passport on anything other than an exceptions basis would meet the threshold of ‘equally effective means’ as detailed above. Opting out of the code in order to accept an expired passport as name and date of birth identity verification as part of the ‘normal course of business’ (and therefore outside of an exceptions handling procedure), would not be considered equally effective by the AML/CFT supervisors.

Page 2 of 2 Guidance The AML/CFT supervisors have determined that using an expired passport to verify a person’s name and date of birth may only be part of an exceptions handling procedure, and not in the ‘normal course of business.’ The AML/CFT supervisors do not consider there to be a ‘maximum’ timeframe of expiry that a reporting entity may accept as part of an exceptions handling procedure. Reporting entities should take a risk-based approach based upon the factors present at the time the passport is presented. A risk-based approach should be documented as part of a reporting entity’s AML/CFT programme, and based upon risks identified in their risk assessment. Questions that may help determine risk could include: • How can the passport’s validity be determined? Can the relevant issuing authority (i.e. DIA) confirm whether expired passports were genuinely issued? • How long has the passport been expired for? Could the photograph still be relied upon to be a valid likeness of the individual presenting when considering the time elapsed since it was taken? • Why does the individual presenting the expired passport not have access to another form of valid ID (i.e. a Driver’s License)? • Can the individual presenting the expired passport provide other supporting forms of identification? • Can the individual presenting the expired passport support their identification in another way? • Does the individual have any prior history with the reporting entity, or are they seeking to begin a new business relationship? • What is the impact upon not accepting the expired passport in terms of financial inclusion? • What is the risk level of the transaction or activity the individual is seeking to engage in? The responsibility of the reporting entity for accepting an expired passport as a form of identification does not change. Reporting entities must ensure they are satisfied that any identification they accept is reliable and accurate. This guidance will also be of assistance to reporting entities who have opted out of the code generally and seek to comply with their statutory obligations by equally effective means, as the supervisors would still expect reporting entities to have appropriate exception handling processes in place for accepting expired passports.