This provides a suggested best practice for all reporting entities conducting name and date of birth identity verification on customers (that are natural persons) they have assessed to be low to medium risk.
Complying with a code of practice is not mandatory, although it constitutes a safe harbour. If a reporting entity fully complies with the code it is deemed to be compliant with the relevant parts of the Act. If a reporting entity opts out of the code, it must inform its supervisor and must adopt practices that are equally effective, otherwise, it risks non-compliance.
This 2017 version has been expanded to include more explanation of supervisor expectations about Part 3 of the Code of Practice, electronic verification.