Log in to mySRA Contact us
  2. News
  3. News releases and statements
  4. New guidance on using digital ID for money laundering checks

News

New guidance on using digital ID for money laundering checks

Updated 16 April 2026

The government has released new guidance on the use of digital ID verification. This aims to build trust in reliable digital verification services and streamline due diligence collection. Most importantly, firms can check the reliability of digital ID by checking the digital verification services (DVS) register.

The guidance has been created to help organisations covered by the Money Laundering [etc.] Regulations 2017 (MLR 2017) understand:

  • what a digital identity is and how it can be used
  • what the trust framework is, and what it means to be certified against the trust framework
  • how certified and registered DVS can support due diligence that businesses covered by the MLR 2017 need to do on their customers
  • what responsibilities regulated entities keep when they use DVS. This new guidance is official Government guidance for the purposes of compliance with the Money Laundering Regulations.

Some firms already use digital journeys to onboard customers. Consider whether digital ID services would help your firm and clients, and bear in mind regulation 19(4)(c) when adopting new technologies and ways of working.

The Department of Science, Innovation and Technology has confirmed that:

  • The use of DVS providers certified and registered on the DVS Register for customer due diligence purposes under the MLR 2017 guidance is separate and distinct from HM Land Registry's safe harbour standard. Firms may need to satisfy both standards depending on the context.
  • This means that a provider advertising as 'safe harbour compliant' does not automatically mean they are on the DVS Register – always check.

If your provider is not on the DVS Register, you should check with them whether they:

  • may appear under a different company name or back-office function
  • have applied for registration, as it can take some time for applications to be processed and approved.

The requirements of the MLR 2017 apply to digital ID as they do to other forms of identification and verification. Firms remain ultimately responsible for applying client due diligence, even when using third party services. For example, firms using a DVS must:

  • still assess client risk and apply a corresponding level of due diligence 
  • not assume digital identity covers all aspects of CDD (for example, understanding the purpose and intended nature of a business relationship or transaction)
  • meet record-keeping requirements under Regulation 40 MLR 2017.

Resources

Top