Key points from the statement include:
➡️ AI-enabled CDD risk: Criminals are using AI to manipulate or create identity documents and deceive customer due diligence (CDD) checks;
➡️ Deepfake threat: Deepfakes can impersonate a real person’s appearance convincingly and deceive liveness detection tests;
➡️ Immediate threat: Threat actors are already using these techniques to bypass controls, confirming this as a current threat, not a theoretical one;
➡️ Remote verification risk: Firms should assess the heightened risk of relying on video calls to identify and verify clients; and
➡️ Technology controls: Firms should understand whether electronic due diligence protects them against deepfakes and explore software solutions to assist detection.
✅ Firms should review remote onboarding, electronic due diligence and identity verification controls (IDV) to ensure they address AI-enabled impersonation and document manipulation risks.