Video identification for AML: when remote video meets customer due diligence requirements
A compliance officer opening an account remotely faces a deceptively simple question: will the video used to identify this client hold up if a supervisor asks for proof? The answer has shifted. Across the EU, institutions have moved most of their identification to remote channels, but the framework that governs video identification AML has matured. Remote video verification is no longer judged by whether a recording exists, but by whether it is reliable, verifiable, and tied to a point in time that nobody can dispute.
This is the complication. Many internal procedures still treat video identification as if filming the client holding an ID were enough. Under supervisory scrutiny, what matters is not that something was recorded, but that the recording can be shown to be authentic, intact, and traceable to a specific moment. Video identification remains a valid tool for customer due diligence, but only when it meets precise technical requirements and the recording is stored in a defensible way. As explored in our guide on certified digital evidence for KYC and customer due diligence, the critical point is not collecting the data, but certifying it the moment it is created.
This insight is part of our guide: Certified AML compliance: digital evidence for KYC and customer due diligence
When video identification is enough for customer due diligence
Video identification can replace physical presence only where the client's risk level allows it and the procedure follows recognised standards. AML rules across the EU are built on a risk-based approach: the higher the risk profile, the more rigorous the identification must be. Video identification is adequate for ordinary-risk clients, but it does not apply mechanically to every situation.
Synthetic identity fraud in Europe has grown sharply, rising 378% over the past year according to sector analyses of money laundering trends. A weak remote identification becomes the first point of attack, which is why the reliability threshold expected of video identification AML is far higher than that of an ordinary video call.
What the current framework requires
The operational reference is the EBA Guidelines of 22 November 2022 (EBA/GL/2022/15) on the use of remote customer onboarding solutions, effective across the EU since 2 October 2023. The guidelines ask for four things: reliable capture of the identity document, proof that the person is real and present (liveness), a match between the document and the person, and a complete, auditable record of every step, timestamped and stored securely for later verification.
The wider picture is consolidating with the AMLA Regulation (EU) 2024/1624, which enters into force progressively between 2025 and 2027 and centralises AML supervision. A remote identification procedure designed years ago risks falling out of compliance without changes. The eIDAS framework, in turn, provides the trust services that give remote evidence its qualified legal weight.
The cases where it is not enough
The risk-based approach sets clear limits. Video identification alone is not sufficient when the client is a politically exposed person (PEP), when the profile shows high-risk indicators, or when the transaction exceeds the thresholds that trigger enhanced due diligence. These cases call for additional measures: supplementary documentation, source-of-funds checks, and validation by qualified staff. Video identification stays one piece of the process, not the whole of it.
The minimum technical requirements of defensible video identification
Video identification that holds up under review is not measured by the length of the recording, but by verifiable technical elements. The EBA Guidelines describe these as reliability conditions of the solution: without them, the recording carries little weight in a dispute.
| Requirement | What it means in practice | Why it matters under review |
|---|---|---|
| Video quality | Resolution and lighting good enough to read the document and recognise the face | A blurry recording proves nothing about authenticity |
| Document front and back | Capture of both sides of the ID as distinct steps | Lets the firm assess validity and signs of tampering |
| Liveness | Proof the subject is real and present, not a photo or a deepfake | Guards against attacks using reused images |
| Face-to-document match | Comparison between the person recorded and the document photo | Ties the identity to the actual subject |
| Stored record | Video and steps saved with a timestamp, tamper-evident and retrievable | Delivers the ex-post verifiability the EBA requires |
The most overlooked requirement is the last one. Many solutions capture the document well and handle liveness, yet store the result in a way that leaves it open to later modification. A recording without a qualified timestamp and a guarantee of integrity at the source is exactly what a supervisor questions first.
Why a recorded video is not the same as a certified one
This is where a compliant process separates from one that only looks compliant. A recorded video is a file: it shows that a recording exists, but not that it is authentic, untampered, and placed at a certain moment. A certified video is a recording whose authenticity and integrity are guaranteed at the instant it is created. The distinction has concrete effects on evidential value.
In most jurisdictions, the strength of digital evidence depends on whether its integrity can be demonstrated. A plain recording can be challenged, and once its authenticity is contested it tends to lose probative force, depending on jurisdiction and case context. When the recording carries a technical guarantee of integrity and a timestamp that cannot easily be repudiated, a generic challenge becomes far harder to sustain. This is the logic of Digital Provenance applied to customer due diligence.
How TrueScreen fits into certified acquisition
TrueScreen works precisely on this point: it does not simply store a video, it acquires and certifies the recording with forensic methodology at the moment of acquisition. Each session is sealed by combining digital signature, a qualified timestamp, and an electronic seal issued by a qualified QTSP integrated into the platform, together with forensic metadata that fix the date, place, and context of the acquisition.
TrueScreen is not a QTSP: it integrates the seal of a qualified third-party trust service provider via API, giving video identification a guarantee of authenticity at the source and of immutability. The result is a defensible record in which video identification is not a plain stored video, but certified evidence with legal value, aligned with how trust services and the eIDAS framework underpin remote customer due diligence.
