Can subscriber controls prevent other firms from pulling CDD without consent?
Yes: the originating firm chooses per-party or per-transaction whether to make the CDD record available to a relying firm, and master-level reliance agreements are required.
Yes - sharing is opt-in. The originating firm (the one that performed the CDD) chooses per party, several parties or all parties within a transaction whether to make the CDD record available to a relying firm. No firm can pull another firm's CDD without explicit consent.
How the control works:
- Per-party granularity - if a transaction involves multiple individuals (e.g. buyer, seller, joint owners), the originating firm can share CDD for some but not others.
- Reliance agreements at the master level - a formal reliance arrangement must be in place between the firms before any sharing can occur. The platform enforces this at the system level.
- Notifications when CDD is shared - the originating firm receives notification when a verified CDD they performed is accessed by a relying firm under an active reliance agreement. The audit trail captures the access.
- Revocation supported - the originating firm can revoke a share if circumstances change (e.g. relationship with the relying firm ends, customer requests deletion).
This sharing-with-consent model protects all parties - the customer (their identity data isn't shared without authorisation), the originating firm (their CDD work isn't appropriated), and the relying firm (the access they have is documented and audit-defensible).
Related articles
- Does easyAML accept externally-provided VOI evidence (KYC done by another provider)?
- When does a real estate agent need to CDD a counterparty?
- What if someone else has done the CDD on my client?
- What ID verification methods does easyAML support?
- Can a firm rely on the buyer's conveyancer to do CDD on the purchaser?