REVIEW ON THE DRAFT COMMUNIQUE ON REMOTE IDENTIFICATION METHODS TO BE USED BY BANKS 15 October 2020

Banking Regulatory and Supervisory Authority (“BRSA”) has presented the Draft of the Communique On Remote Identification Methods To Be Used By Banks (“Draft”)  to determine the remote identification methods that can be used by banks to gain new customers and to verify customer identity. The effective date of the draft is January 1, 2021.The Draft was prepared in accordance with Article 76 of the Banking Law no.5411 (“Banking Law”) and Article 43 of the Regulation on Banking Law and the Regulation On Information Systems and Electronic Banking Services of Banks (“Regulation”) on September 21, 2020 for the public.

What does the draft bring with it?

The first paragraph of Article 4 of the Draft, which regulates the general principles of remote identification, determines the method of remote identification, customer representative and person; It refers to online video calls and communication with each other without the need to be physically in the same environment. 

Again, according to the draft, banks have an obligation to document the process and test the effectiveness of the process and put the results in writing before the remote identification processes and systems are implemented. 

According to Article 6 explaining the principles regarding the remote identification process, a form will be taken with the person's application before the process starts, a risk assessment will be made about the person within the scope of the data received, and at the same time, the person's express consent will be recorded at the beginning of the process. It will be ensured that the audio-visual integrity and confidentiality between the customer representative and the person are at an adequate level, real-time and uninterrupted, and the video call will be carried out with secure end-to-end communication. 

The identification process is regulated in Article 7 of the Draft. According to this, during the identification process, identity documents must be visually distinguishable under white light and the minimum element must be with “…rainbow print, optical variable ink, hidden image, hologram and micro-writing security elements, photograph and wet signature ...".The customer representative will ensure that “the identity document is fully covered with the visuals taken, cut and enlarged from the person's movements, all security elements visually distinguishable under white light and that there is no artificiality indicating the alteration in the transition points between the parts on the identity document.” Verification will be provided regarding the validity and authenticity of the data and information contained in the identity document submitted by complying with the minimum requirements described in paragraph 7. 

Another issue regulated is the verification of the person to be identified. According to the 8th article of the Draft, a concrete verification is provided by using techniques to detect the vitality of the person during remote identification, biometric comparison of the person's face and the photograph in the identity document and making sure that the photograph and personal information in the identity document match with the person. In addition to this verification, the verification process continues in this process by creating an adequate opinion on the accuracy of this information on the person with the help of psychological inquiries and observations. 
 

Weak light conditions, low image quality or transmission, and cancellation of the identification process in cases where it is not possible to make visual verification and / or verbal communication with the person as specified in the Draft are explained within the scope of Article 9 of the Draft. It is stated that the process will be canceled not only in these cases but also in case of any other inconsistency or uncertainty in the process. At the same time, in case of suspicion of the validity of the documents submitted by the person during the remote identification or the situations such as forgery etc., the identification process will be terminated again. 

The remote identification process will be terminated when the SMS transmitted according to the Article 10 of the Draft is sent back by person as online from the application interface and the verification code is successfully approved. 

Storage of data is also protected in the Draft. According to Article 11 that regulates this, the entire remote identification process will be recorded and stored. 

The liability clause is stipulated in article 12. It is the bank's responsibility to ensure that the solutions used for remote identification are used in a way that minimizes the risk of misidentification the person and in case of objection in transactions that cause liability to individuals or third parties. 

As a conclusion, following the entry into force of this Draft, the transactions described above, as well as the Regulation, will be a part of daily banking transactions. With COVID-19 and developing technology revealing the need to bring innovations to banking applications, customers can benefit from banking services without going to the bank.