The acceptability of an emailed copy of a driver's license depends entirely on the financial institution's risk-based approach, as defined in its internal policies and procedures. While a driver's license is a valid form of formal identification, receiving it via a standard, unsecure email raises concerns about the document's authenticity and the security of the client's personal data. An institution's policy, guided by jurisdictional regulations and the client's risk profile, will dictate whether this is acceptable, and if so, what additional verification steps (e.g., non-documentary checks, video confirmation, use of a secure portal) are required to form a reasonable belief that they know the customer's true identity.

A. Yes: This is incorrect because it is too absolute. An unverified copy from an insecure channel may not meet the institution's standards for verification, especially for higher-risk clients.

B. No: This is also incorrect as it is too rigid. Many institutions, particularly in a digital environment, may accept a scanned copy as a preliminary step for low-risk clients, provided it is followed by other corroborating verification measures.

---

1. Financial Action Task Force (FATF). (2023). International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation – The FATF Recommendations. FATF.

Reference: Interpretive Note to Recommendation 10 (Customer Due Diligence), Paragraphs 13-16.

Content: This section details the requirements for verifying customer identity. It emphasizes using "reliable, independent source documents, data or information" and allows for a risk-based approach. It does not prescribe a specific method, meaning the acceptability of an emailed copy is contingent on the FI's ability to manage the associated risks and satisfy itself of the customer's identity.

2. U.S. Department of the Treasury, Financial Crimes Enforcement Network (FinCEN). (2003). Final Rule: Customer Identification Programs for Banks, Savings Associations, Credit Unions, and Certain Non-Federally Regulated Banks. 31 C.F.R. § 1020.220.

Reference: Section 1020.220(a)(2)(ii)(A)-(B).

Content: The U.S. Bank Secrecy Act's Customer Identification Program (CIP) rule requires FIs to form a "reasonable belief" of a customer's identity. It allows for both documentary (e.g., driver's license) and non-documentary methods. The rule's flexibility supports a risk-based policy where an emailed copy might be one component of a larger verification process, but not necessarily sufficient on its own.

3. The Wolfsberg Group. (2019). The Wolfsberg Group Statement on Digital Identity.

Reference: Page 2, Section "Risk Mitigation".

Content: The statement acknowledges the use of digital copies of government-issued ID but highlights the inherent risks, such as "theft, forgery, and alteration." It stresses that Financial Institutions must implement controls to mitigate these risks, confirming that the acceptability of a digital copy is conditional on the strength of the surrounding verification framework.