Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Remote identity verification for foreign nationals: what changes for IAM teams?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9079
Topic starter  

TL;DR: Turkey’s updated MASAK communiqué allows remote identity verification for foreign nationals using NFC-enabled passports, video checks, address verification and enhanced monitoring, while also bringing crypto-asset service providers into scope for certain remote onboarding provisions, according to SumSub’s June compliance digest. The change widens digital onboarding access, but it also hardens the identity assurance burden on institutions that must govern high-risk remote relationships.

NHIMG editorial — based on content published by SumSub: Compliance Digest for June 2026

By the numbers:

Questions worth separating out

Q: How should organisations govern remote onboarding when regulators allow digital identity verification?

A: Organisations should treat remote onboarding as an evidence and lifecycle control, not just a front-end convenience.

Q: Why do remote identity checks increase compliance pressure for financial institutions?

A: Remote checks increase pressure because they widen access while raising the burden of proof.

Q: What breaks when high-risk customers are onboarded remotely without lifecycle monitoring?

A: What breaks is the link between initial verification and later accountability.

Practitioner guidance

  • Map remote onboarding evidence to a named control owner Document who approves NFC passport checks, live video verification, address verification, and technical data review, then preserve those artefacts in an audit-ready record set.
  • Tie high-risk onboarding to lifecycle monitoring rules Ensure customers classified as high risk at onboarding automatically inherit enhanced monitoring, event-driven review triggers, and escalation paths in case management.
  • Reconcile policy, workflow, and system logic Update AML and identity procedures so that remote onboarding rules, system validations, and analyst review steps all reflect the same risk model and evidence standard.

What's in the full analysis

SumSub's full compliance digest covers the operational detail this post intentionally leaves for the source:

  • Country-by-country regulatory summaries that show how AML and identity rules shifted across June 2026.
  • The specific legal text and effective dates behind each change, useful when updating internal policies.
  • Implementation notes for regulated firms that need to translate the digest into control updates and workflow changes.
  • Coverage of adjacent AML topics beyond identity verification, including monitoring and reporting obligations.

👉 Read SumSub’s June compliance digest on remote identity verification and AML updates →

Remote identity verification for foreign nationals: what changes for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8508
 

Remote onboarding is an evidence-governance problem, not just a customer-experience improvement. The Turkey update expands digital access, but it also makes proof standards explicit: NFC passport validation, video verification, address checks, and technical telemetry all become part of the trust record. That record has to survive regulatory review, internal escalation, and customer lifecycle change. Institutions that treat remote onboarding as a front-end convenience will miss the governance burden it creates.

A few things that frame the scale:

  • 92% of organisations expose NHIs to third parties, raising concerns about supply chain security, according to Ultimate Guide to NHIs.
  • That same research found that only 5.7% of organisations have full visibility into their service accounts, which means most identity programmes cannot confidently trace who or what is actually active.

A question worth separating out:

Q: Who should own remote onboarding controls across IAM and compliance teams?

A: Ownership should be shared, but accountability must be explicit. IAM or identity teams usually own the proofing workflow, compliance owns the risk model, and operations or case management owns monitoring execution. The control fails when these functions work from different records or different thresholds.

👉 Read our full editorial: Remote identity verification for foreign nationals raises IAM governance stakes



   
ReplyQuote
Share: