Digital ID guidance leaves mortgage firms seeking clarity

New government guidance endorsing digital identity verification services for regulated sectors has raised questions for mortgage firms after failing to specify the verification standard businesses should apply.

The Digital Verification Services (DVS) Trust Framework 1.0, published this week by HM Treasury and the Department for Science, Innovation and Technology, confirms that only certified digital verification providers can be relied upon to meet customer due diligence obligations under the Money Laundering Regulations (MLRs).

Under the framework, compliant providers must be certified under the UK Digital Identity and Attributes Trust Framework and listed on the government’s Digital Verification Services register. Certified services will display a new “UK CertifID” trust mark designed to signal their status to firms selecting identity verification tools.

However, the guidance does not specify the “Level of Confidence” firms should apply when verifying customers’ identities.

The framework defines four verification levels under Good Practice Guide 45 (GPG45) – Low, Medium, High and Very High – but leaves it to firms to determine which level satisfies regulatory expectations, creating potential uncertainty for lenders, brokers and conveyancers seeking to ensure compliance.

GREATER CLARITY NEEDED

Neil Williams (main picture, inset), chief technology officer at Credas, said the framework marked an important step forward for digital identity verification but warned that greater clarity is still needed for firms operating under anti-money laundering rules.

He added: “The Trust Framework and guidance represent a significant step forward in the adoption of secure and trusted methods of digital identification that protects not only property professionals but their clients as well.

“But as AI-generated fraud becomes more sophisticated, we need greater specificity. The framework now introduces strict biometric testing standards to combat these threats, but without clarity on required Levels of Confidence, firms lack clear direction on what ‘compliant’ actually means in practice.”

Credas said firms selecting identity verification providers should ensure the service is certified under the government framework and displays the new “UK CertifID” trust mark.