Briefing Note: CDD – Acceptance of Scanned PDFs of Wet Ink Certified Documents

The revisions to Chapter 6 of the Handbook, clarify the GFSC’s expectations around the use of PDF and other electronic documentation in the customer verification process. These revised provisions place greater emphasis on obtaining certified copies and maintaining a clear and auditable record of the steps taken to verify their authenticity and reliability. This includes evidencing how documents have been assessed, validated and, where appropriate, corroborated using independent sources or systems.

Guernsey regulated firms need to ensure that their AML procedures clearly document the end-to-end verification process when relying on electronic documentation. This briefing outlines the practical implications of these changes and considers whether a document that has been wet ink certified, but provided only as a scanned PDF, can be accepted.

summary position

Acceptance of a scanned PDF of a wet ink certified document for CDD should not be automatic.

A firm must demonstrate that it has applied a robust, risk-based verification process. The revised Handbook expands the scope for electronic certification and the use of electronic verification systems; however, it does not permit firms to merely rely solely on a scanned certified document at face value.

Regulatory expectations

A firm’s core CDD obligations essentially remain unchanged. The revisions emphasise the quality and integrity of the verification process, rather than the format of the document itself.  Firms must:

• Apply a risk-based approach;
• Maintain documented and effective policies and procedures;
• Assess risk at both business and client levels; and
• Ensure reliance on certification is consistent with the firm’s CDD framework.

evidencing compliance

Firms must be able to demonstrate to the GFSC:

• How identity verification was conducted;
• What reliance was placed on certification; and
• That appropriate verification steps have been taken (either internally or via third parties).

Notably, reliance on a scanned PDF alone, without further checks, is unlikely to satisfy these requirements.

certification framework – accepted certification methods

The Handbook recognises three certification routes:

• Natural persons certifying hard copy documents;
• Natural persons electronically certifying documents (e.g. digital signatures); and
• Electronic systems providing equivalent assurance.

natural person certification – minimum requirements

Certification must be signed and dated and confirm that the certifier has:

• Seen the original documents;
• Met the individual; and
• Include sufficient information to:
  • Identify the certifier;
  • Assess their suitability; and
  • Enable contact if required.

Acceptable formats

• Wet ink certification; or
• Electronic certification (with a secure digital signature).

firms should

• Verify both the certifier and the certification process; and
• Exercise particular caution when relying on scanned copies of wet ink certified documents.

Electronic verification systems

Firms may rely on electronic verification systems used by regulated entities. These may potentially include:

• Biometric checks;
• Anti-impersonation controls (e.g. video verification);
• Real-time image capture;
• Document authenticity checks; and/or
• Geolocation data.

To rely on such systems, firms must assess the effectiveness of the system’s controls and be satisfied as to the reliability, independence and regulatory or professional standing of any provider involved.

Firms must also ensure the system provides sufficient assurance of the customer’s identity, that any documentation relied upon is reliable and genuine, and that it is obtained from an appropriate and independent source.

use of a notary

It should also be noted that notarisation is not specifically required by the GFSC for CDD purposes and is typically only necessary where documents are to be used in another jurisdiction.  However, in using a notary for CDD verification, the firm can demonstrate that they have a robust, independent risk‑based process.

practical takeaway

Before accepting such documents, firms should ensure:

• Additional verification steps are taken where necessary;
• The certifier and certification process are independently assessed; and
• The rationale for acceptance is clearly documented and evidenced.

Failure to do so may result in non-compliance with regulatory expectations.