23
REGIONAL FRAMEWORK ON ELECTRONIC KNOW YOUR CUSTOMER (E-KYC) AND ELECTRONIC IDENTITY (E-ID) FOR ECAPI
ANNEX 2: ANALYSIS FRAMEWORK The analysis framework was used to capture the status of policies, infrastructure, and supporting ecosystem on e-ID and e-KYC of AFI member countries in the EECA region. The country-wise status shown above is largely based on the responses received for the analysis framework. The analysis framework captures information on three broad categories: policy, infrastructure, and ecosystem.
1.2 DATA PROTECTION 1. What are the guidelines, directives, or laws that exist on the processing of personal data of individuals? a. Is consent mandatorily required for processing data b. Are there any special provisions for children and vulnerable groups? c. Privacy by design principles imposed on data fiduciaries? (Limitations on collection of personal data, the period for which data can be retained) d. Conditions under which governments and private entities can access this data?
SECTION 1: POLICY
e. Classification of sensitive data
1.1 ELECTRONIC IDENTITY (E-ID)
2. Are there protections in place to limit access to the digital trail of personally identifiable information?
I. What are the laws and policies around the national identity program (electronic Identity/ hard copy)? What are the details in the law or policy around: a. Is it mandatory for everyone to enroll in the identity program? If yes, at what age? b. What is the eligibility to get the identity document? c. Is it necessary to collect the biometric information of an individual to enroll them into the national identity program, and if so, what biometric information does it capture? (fingerprints, iris, etc.)? d. Does the law mention what Personal Identifiable Information (PII) and demographic data may be collected?
1.3 KYC AND AML-CFT 3. Do banking companies, financial institutions, and intermediaries face any challenges related to complying with KYC requirements and AML-CFT regulations? 4. Does the country allow tiered or risk-based KYC? What are the levels and tiers for KYC of individuals? 5. Which companies are mainly involved in providing e-KYC and AML-CFT verification services? What is the process followed? Who authorizes these entities?
e. What are the guidelines to make corrections, amendments, or deletion of inaccurate information in the identity card?
SECTION 2: INFRASTRUCTURE READINESS
f. Are there any update procedures for those whose biometrics are subject to change due to age or profession?
6. How much is the coverage of the national identity/ most common functional ID?
II. Which bodies of authority regulate Identity, digital ID, and collection of biometric data, and data protection? What are their key roles and responsibilities? III. Which of the major government and private institutions have access to the identity database? IV. What are the policies to access national identity information? Do third parties/ intermediaries have the authority to access the identity database for authentication purposes?
2.1 FOUNDATIONAL OR FUNCTIONAL IDENTITY
a. What is the process for onboarding? Are there any direct costs involved for the citizens to onboard to the identity system? What are the costs for obtaining a birth and death registration? b. What is the process for onboarding typically excluded groups, such as vulnerable groups, refugees, and forcibly displaced people? Any special measures to provide online and offline registration service to the last mile in the remote and rural areas? c. For access to which services/ benefits (pensions, social assistance transfers, etc.) is the national identity card/number mandatory?
