If you are a compliance officer at a bank that is employing facial recognition software systems in your Customer Identification Program to verify identity, non-PEP status and correct legal name of new or prospective clients, do not be overly concerned by news regarding municipalities, or even states, passing statutes banning its use. Those laws are specifically directed to law enforcement and other government agencies who are using CCTV footage in mass surveillance programs, where the targeted individualS neither know of, or consent to, its use.
The use, by private industry, of facial recognition software, where the individuals involved give informed consent to its intended use, is outside the scope of the new legislation. Therefore, if you are deploying a facial recognition software platform to search social media, social networking sites, the Internet and image databases, to identify a new or prospective bank client, consent should be obtained.
It is humbly suggested that your counsel prepare a consent form, to be signed by new clients at account opening, or upon application, in which the client acknowledges that, in order to properly identify them, additional measures will be employed, including but not limited to facial recognition software, social media & social networking, Internet searches, database searches,and other resources. Consider this only broad guidelines, as your counsel may be aware of additional or alternative language that is more appropriate or relevant.
Compliance officers, at financial institutions, who are not currently using facial software programs searching social media, Internet and image database resources, to properly identify their customers, should seriously consider obtaining such a program, as the failure to effectively verify customer identity is generally considered compliance malpractice by regulators.