What is Safe Harbour and why is it important for law firms?

Digital ID verification continues to be adopted by law firms at pace when onboarding new clients.  Building on the session we hosted with GBG, we're now breaking down what you need to know about Safe Harbour and the Digital Identity Standard. If you missed The Onboarding Summit, you can catch up on-demand now.

Digital ID verification is becoming more widely used as technology makes services more accessible for both businesses and consumers. A more secure and reliable method of verifying a person’s identity, law firms are actively engaging with onboarding solutions incorporating digital ID verification to streamline gathering new client information. 

Compliance remains a top priority for law firms, which is why it’s essential to understand the requirements set out to protect both firms and consumers when ensuring a person is who they claim to be. By implementing the right systems, tools, and processes, law firms can benefit from the peace of mind that they’re compliant with their customer due diligence. 

In this article, we look at what the requirements are for firms to meet Safe Harbour, the benefits of operating within the standard, and how InfoTrack can support law firms with this process. 

What is Safe Harbour? 

Within Practice Guide 81, Safe Harbour is a new standard set out by the government in relation to Digital Identity verification. HM Land Registry launched the first Digital Identity Standard on 12 March 2021. This standard sets out a step-by-step list of requirements for conveyancers’ use of digital services required to verify a client’s identity securely online. 

Conveyancers can choose whether they want to operate under this standard, however, it offers a ‘Safe Harbour’ for conveyancers who meet the requirements. This means HMLR would not seek recourse against conveyancers who comply with the standard in the event their client was not who they claimed to be. 

What are the requirements of Safe Harbour? 

There are four requirements that must be met to achieve Safe Harbour. Stipulated by the government within the Digital Identity Standard, these are: 

Requirement 1 - Obtain evidence to verify the person you are representing is who they claim to be.  

This must be checked by interrogating cryptographic security features from the provided evidence. Acceptable forms of evidence for this requirement include: 

• Biometric passports that meet the International Civil Aviation Organisation (ICAO) specifications for e-passports
• Identity cards from an EU or EEA (European Economic Area) country that follow the Council Regulation (EC) No 2252/2004 standards and contain biometric information 
• A UK biometric residence permit

Requirement 2 - Check the evidence is genuine and current. 

Once you are satisfied the first requirement has been met, you then need to confirm the evidence hasn’t been forged and is still valid. This can be managed by using an identity check provider to verify the evidence. This requires a check using Near Field Communication (NFC) in addition to the following: 

• Check the digital signature is correct for the organisation that issued the evidence
• Check the signing key belongs to the organisation and has not been revoked
• Extract the biometric information needed for requirement 3‍

Requirement 3 - Match the evidence to the identity. 

Once you’ve completed the steps for requirements 1 and 2, you need to match the evidence provided to the person you are representing. This can be achieved by using an identity check provider to cross-reference the biometric information captured through a liveness check to ensure it matches the biometric information provided by the chip (NFC) in requirement 2. 

For this requirement your chosen identity provider must: 

• Use photographs or videos that are conducted within a ‘liveness check’.
• Identify when someone is attempting to use a presentation attack (known as an anti-spoofing check).
• Biometric information must be captured under controlled conditions that do not reduce the accuracy of the type of biometric check being used. Several factors can impact the success rate for face biometrics such as light or noise.
• Use a biometric algorithm that’s been proven to be effective against a recognised benchmark, such as the National Institute of Standard and Technology’s (NIST’s) face recognition vendor test guidance.
• Have a false match (where the system has incorrectly identified the individual) of a maximum rate of 0.01%.
• Have a maximum non-false match rate (where the system has incorrectly rejected the individual) of 1%.‍

Requirement 4 - Obtain evidence to ensure the transferer or, borrower or lessor is the same person or entity as the owner. 

Two types of evidence are required by HMLR to connect the individual to the property. 

At present, there are 13 different types of evidence that link the individual to the property including; utility bills, bank or building society statements dated within the last 3 months, local authority council tax bills for the current financial year, or original mortgage statements from a recognised lender for the last full year. You can find the full list of accepted documents for this requirement here. 

How does eCOS from InfoTrack support law firms to be Safe Harbour-compliant? 

As outlined above, one of the requirements to meet Safe Harbour is using NFC chip verification to obtain and validate biometric data. The eCOS app meets all requirements including the NFC chip reader for compatible devices so law firms can use the VOI+ service. 

To ensure your digital ID verification process is Safe Harbour-compliant, the eCOS app supports your process by meeting the four requirements  

• Obtain evidence – the eCOS app enables biometric ID verification by interrogating cryptographic security features of suitable evidence when completing the verification checks. This includes an electronically held photo of the identity so biometric facial recognition checks can be completed.
• Check the evidence – Once you’ve completed the ID check, the eCOS app verifies the document is not counterfeit by scanning the RFID-chipped document using NFC technology.
• Match the evidence – A liveness check is completed to match the document photo with the person presenting the information.
• Obtain evidence to ensure the transferor, borrower, or lessor is the same person or entity as the owner – The app lets you collect two address documents to connect the individual with the matched ID to the property.

What is VOI? 

Our Verification of Identity (VOI) solution can give your firm the assurance that you are Safe Harbour compliant by helping you meet all of HMLR’s Digital Identity Standard requirements. To be Safe Harbour compliant when using VOI, it is essential to use the eCOS app which enables NFC data extraction, as well as conducting the identity check and allowing clients to upload their proof of ownership documents. In addition to VOI, we also offer a ‘one-click’ AML solution that includes ongoing monitoring of PEPs and sanctions.

Digital ID verification with eCOS  

Digital onboarding continues to gain traction in the legal industry, especially with the growth of firms' adoption of digital ID verification. eCOS provides you with access to a completely digital onboarding service, including in-built digital Verification of Identity, Source of Funds checks, e-signatures, and onboarding questionnaires, in addition to property information forms including licensed Law Society TA forms.  

Your firm can impress clients from the first interaction with eCOS which is accessible as a fully branded web solution and mobile app that reduces client onboarding from two weeks to two days. Our integration with GBG provides access to industry-leading digital ID verification technology that helps your firm mitigate risk and adhere to your customer due diligence requirements.  

Our client, Hannah Solicitors, has onboarded over 1,000 clients digitally with eCOS, saving them hundreds of hours. Since implementing eCOS, they’ve improved the client experience by maximising speed, security, and efficiency. Download the case study now to find out how eCOS could help your firms onboard better digitally too.