This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ripe-list@ripe.net/
[ripe-list] [ncc-announce] [news] Using Third Parties to Automate Our Due Diligence
- Previous message (by thread): [ripe-list] ASO AC Call for Nominations for Seat 10 on the ICANN Board of Directors
- Next message (by thread): [ripe-list] [ncc-announce] [news] Using Third Parties to Automate Our Due Diligence
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Erik Bais
ebais at a2b-internet.com
Thu Sep 16 14:36:56 CEST 2021
Hi Felipe, Thank you for the announcement. ( I cc: the RIPE list, as that will allow all RIPE community members to read the question and your reply. ) Could you provide insight in where those companies are located, which legal jurisdiction is used for the agreement with them and where the data is going to be stored that is send to them of the involved companies ? I assume that most of the parties involved the RIPE NCC are dealing with a Dutch entity .. but is that the case and is Dutch law applicable for the agreement between the RIPE NCC and them ? Especially as we are dealing with checking ID's .. the location where those are going to end-up .. is something that some of us might want to have that kind of info. Kind regards Erik Bais On 16/09/2021, 14:16, "ncc-announce on behalf of Felipe Victolla Silveira" <ncc-announce-bounces at ripe.net on behalf of fvictolla at ripe.net> wrote: Dear colleagues, We will soon begin working with third parties to fulfil our mandatory due diligence requirements in two key areas: sanctions screening and the validation of identification documents. To keep you informed, we have published an article on RIPE Labs that explains the relevant processes in more detail: https://labs.ripe.net/author/felipe_victolla_silveira/using-third-parties-to-automate-our-due-diligence/ You can find a summary of the key points below. -- Sanctions screening We need to perform sanctions checks whenever we receive a request to transfer, allocate or assign resources, or to open a new membership/LIR (this also includes End User requests). We need to check the company making the request, its director, the people on its board, and also any other companies or individuals with a share in that company. This adds up to a lot of checks requiring specialised skills and data, further complicated by the administrative and legal differences across our service region. Working with Altares Dun and Bradstreet and also Dow Jones, we will soon start to run automated checks against their databases to verify company information and to check if individuals, companies or any of their signatories are subject to sanctions. We will use the database run by Altares Dun and Bradstreet to quickly verify information about companies and individuals. Dow Jones maintains a list of all sanctioned entities around the world and we plan to run automated checks against this list. This collaboration will allow us to carry out our mandatory due diligence checks in a structured, complete and efficient way. For the vast majority of members, we expect that these checks will basically run in the background and not have any visible impact. We will only need to contact you if there is missing information in Altares Dun and Bradstreet’s database. In this case, we would let you know that they would like to contact you. This is voluntary, and there is no requirement to accept their call. -- Validation of identification documents Validating identification documents is a manual process that we want to automate. Until now, we have worked with fraud specialists to manually authenticate IDs that appear suspicious. We want to apply a uniform approach that verifies all ID information across the board. We will be working with iDenfy, a specialised provider in automated ID validation and remote identification services, to ensure a high standard of diligence and security across all ID documents that we process. Once this is ready, members will upload personal identification documents directly to the iDenfy system using a secure link that we send. In addition to maintaining a high level of security, iDenfy will ensure that this data is deleted within 14 days of being submitted. In line with GDPR, we remain the ‘data controller’. Work is currently underway to integrate our external request processes with iDenfy’s systems and we plan for this to go live on 23 September. Kind regards, Felipe Victolla Silveira Chief Operations Officer RIPE NCC
- Previous message (by thread): [ripe-list] ASO AC Call for Nominations for Seat 10 on the ICANN Board of Directors
- Next message (by thread): [ripe-list] [ncc-announce] [news] Using Third Parties to Automate Our Due Diligence
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]