Remote identity verification is now a routine part of conveyancing, but what it involves, and what makes it compliant, is not always clear.
Here is how the process works, what it covers, and what firms need to get right.
How has conveyancing moved to remote identity verification?
For much of conveyancing’s recent history, identity verification meant a face-to-face meeting, with documents examined in person, copies certified, and records updated manually. The COVID-19 pandemic accelerated a shift that was already underway, and remote identity verification has since become standard practice in many firms.
When implemented correctly, remote verification is not a compromise on security. Modern technology, including biometric matching, NFC chip reading, and liveness detection, can produce a more reliable result than manual document review, while also creating a clear and auditable digital record. Where processes are poorly designed or inconsistently applied, however, the risk increases. Documents may be accepted without proper scrutiny, checks may be incomplete, and audit trails may be insufficient.
Understanding what remote verification involves is essential to applying it correctly.
What does a compliant remote identity verification process include?
A compliant remote identity verification process covers three core elements, all of which must be present to meet the requirements of the Money Laundering Regulations and, for firms seeking HMLR Safe Harbour protection, Practice Guide 81.
The first is document verification, which confirms that the identity document is genuine. For Safe Harbour purposes, this involves reading the NFC chip embedded in biometric passports, EU and EEA identity cards, and UK biometric residence permits. The chip contains cryptographically signed data from the issuing authority, and verifying this data provides a level of assurance that cannot be achieved through visual inspection alone.
The second is biometric matching, which confirms that the person presenting the document is the individual shown on it. This is typically achieved by comparing a live image captured via a smartphone against the image stored on the document’s chip. The comparison is carried out algorithmically and provides a more consistent result than a manual check.
The third is liveness detection, which confirms that the image being captured is genuinely live. It ensures that the individual is physically present and not attempting to use a photograph, mask, or recorded video to impersonate someone else. This is a critical safeguard against increasingly sophisticated spoofing attempts.
What identity documents can be used for remote verification?
Not all identity documents support full remote digital verification. For the process to function correctly, and particularly for NFC chip reading, the document must contain an embedded chip.
The documents that meet this requirement include biometric passports, EU and EEA identity cards with biometric capability, and UK biometric residence permits. These allow the system to carry out full cryptographic verification.
Other documents, such as driving licences or non-biometric passports, can support identity checks but cannot be verified using NFC technology. For firms aiming to meet the HMLR Safe Harbour standard, a chip-enabled document is required.
What does the remote ID process look like for clients?
From the client’s perspective, the process is typically straightforward. They receive a link or access a secure portal, scan their identity document using their smartphone, capture a short video or image, and complete any required prompts. The process usually takes only a few minutes.
Behind the scenes, however, multiple checks are carried out simultaneously. The system performs NFC verification, biometric comparison, and liveness detection, cross-checking the results and flagging any inconsistencies. The outcome should be a clear, auditable record of the checks completed, including the results and timestamps.
This audit trail is important. The SRA expects firms to be able to demonstrate that identity checks were carried out, when they were completed, and what the outcome was.
What risks do firms need to manage with remote verification?
Remote verification introduces specific risks where processes are not properly designed or applied. Common issues include accepting documents that do not support full digital verification without recognising the limitation, relying on systems that do not carry out all required elements, and treating a verification report as the end of the process without reviewing its content.
It is also important to understand the scope of remote verification. It confirms identity, meaning that the individual is who they claim to be. It does not replace other AML requirements, such as source of funds checks, PEP and sanctions screening, or ongoing monitoring. These obligations continue throughout the life of the matter.
Remote identity verification should be seen as one component of a wider AML framework rather than a standalone solution. When all three elements are applied correctly, document verification, biometric matching, and liveness detection, the process can provide a high level of assurance and a clear audit trail. However, its effectiveness depends on how it is implemented and reviewed in practice.
Firms that treat remote verification as a complete solution risk overlooking the broader obligations that sit alongside it, while those that embed it within a structured and consistent process are better placed to meet both regulatory expectations and client needs.
