Amendments to the remote customer identification legislation

03.08.2020

Legal Update No 780

Bryan Cave Leighton Paisner (Russia) LLP (formerly Goltsblat BLP in Russia) advises that a number of draft laws amending Federal Law No. 126-FZ “On Communications” (the “Communications Law”), Federal Law No. 115-FZ “On Combating Legalisation of Criminally Derived Proceeds (Money-laundering) and Financing of Terrorism” (the “AML/CTF Law”), as well as some other bills are in progress. The amendments affect remote identification of customers of organisations transacting in financial and other assets, primarily credit institutions and communications providers. Welcome to our overview of the proposed amendments. 

Individuals to enter their personal data directly into the Unified Biometric System

Draft Law No. 946734-7 “On Amendments to Federal Law ‘On Information, Information Technology and Information Protection’”

The bill offers individuals a way to enter their biometric data directly into the Unified Biometric System. The Unified Biometric System operator will provide software that can run on technical devices (mobile and smart phones, tablets and PCs) intended for biometric data processing.

State agencies, banks and other organisations are only allowed to use the Unified Biometric System involving biometric personal data in the cases specified by the Russian Government following consultations with the Russian Central Bank and based on an agreement concluded with the Unified Biometric System operator.

Currently, information is entered into the Unified Biometric System by authorised banks. Data entry requires the individual to be present. The bill was submitted to the Russian State Duma on 22 April 2020 and entered in the State Duma’s tentative programme for the 2020 autumn session (November).

Individuals and sole traders to enter into contracts with communications providers remotely, via the Internet

Draft Law No. 943910-7 “On Amendments to Article 44 of the Federal Law ‘On Communications’”

The bill provides individual and sole trader subscribers with the option of contracting with communications providers remotely, via the Internet, using personal biometric data processing IT or the Unified Biometric System. The System will be devised and run in compliance with Federal Law No. 149-FZ dated 27.07.2006 “On Information, Information Technology and Information Security”. Processing of a subscriber’s personal biometric data is subject to them giving written consent.  

Currently, an individual may conclude a written contract with a communications provider at its own or its official representative’s office or via the Internet using an enhanced qualified electronic signature or a simple electronic signature, provided that the simple electronic signature key is issued to an individual whose identity has been established offline. 

The bill was submitted to the Russian State Duma on 16 April 2020 and included in the State Duma’s tentative programme for the 2020 spring session (July). On 20 May, the bill was passed to the Council of the State Duma for consideration.

The Russian Ministry of Communications Draft Law “On Amendments to Articles 2, 44 and 45 of the Federal Law ‘On Communications’” (Bill ID on regulations.gov.ru: 02/04/04-20/00101362)

The draft law allows communications providers to conclude online communications service contracts via the Unified Identification and Authentication System (UIAS) and the Unified Biometric System (UBS). Subscriber information is verified by the communications provider using a cross-departmental electronic communications system. 

The subscriber’s consent to personal biometric data processing, which is required for entering into a contract, will be validated by a simple electronic key in compliance with the simple electronic signature rules established by the Russian Government for state and municipal services. However, communications services will only be rendered to the subscriber so identified if their authentic information has been entered in the communications service provider’s databases under communications services rules.  

The bill requires the UIAS account to include the subscriber number allocated to the individual in the communications service contract and envisages the individual’s right to enter the International Mobile Equipment Identifier (IMEI) in the UIAS account.  

The draft law also allows corporate mobile communications to be used strictly subject the an individual or corporate subscriber having a validated user account with the UIAS specifying their mobile phone number.

The bill is under consideration by the Russian Government.

According to the regulatory impact assessment by the Russian Ministry for Economic Development, the draft contains provisions introducing or entailing excessive administrative and other limitations and responsibilities for businesses and other entities or resulting in unreasonable costs for them or budget expenses at all levels of the Russian budgetary system. Particularly, the Ministry has refused to support the more complicated procedure for concluding communications service contracts via the Internet. The draft retains the option of entering into communications service contracts using an enhanced qualified electronic signature while offering a more sophisticated second option: along with a validated UIAS account, a contract with a simple electronic signature will also require UBS-based identification of individual subscribers. Furthermore, the proposed sophisticated mechanism for subscribing to mobile telephone communications services may have an adverse effect on the corporate communications services market segment. 

The Russian Ministry for Economic Development Draft Law “On Amendments to Individual Legislative Acts of the Russian Federation for Facilitating Online Liaison between Individuals and Organisations” (Bill ID on regulations.gov.ru: 04/13/06-20/00102996, 17 June 2020 г.)

The bill allows communications providers to enter into online service contracts using, alongside the UBS, other personal biometric data processing technology to identify a customer.  

Furthermore, the bill is to amend Federal Law No. 323-FZ “On Fundamental Healthcare Principles in the Russian Federation”, particularly with regard to additional measures for identifying and authenticating participants in telemedicine services such as biometric data, enhanced electronic signatures, information of mobile telephone communications operators and other methods established by the Russian Government.

Link to the draft document is available on https://regulation.gov.ru/projects#npa=102996.

Telephone subscribers to “own” their mobile numbers

Draft Law No. 978343-7 “On Amendment to Article 45 of Federal Law ‘On Communications’” 

The bill provides the option for a subscriber to retain and dispose of their dedicated subscriber number, particularly, to transfer it to a third party for a fee or for free by giving notice to the mobile phone operator. 

A mobile phone user may disable the service at any time by contacting the mobile phone operator. If the optional service is enabled but the subscriber fails to pay for the mobile phone services rendered during a six-month period, the mobile phone operator is entitled to cancel the optional service.

Unless the optional service is enabled, the standard provisions of a communications service contract apply.

The bill was submitted to the State Duma on 25 June 2020. 

Trial identification and authentication of social network, goods (services) information aggregator and job search engine users

The Russian Ministry for Communications has come up with an experiment for identifying and authenticating social network, goods (services) information aggregator and job search engine users. The experiment involves authorisation via the Unified Identification and Authentication System (UIAS) employed by the public services portal. 

The participants in this experiment include relevant federal executive bodies (Russian Ministry for Communications, Russian Ministry for Economic Development, Russian Ministry for Industry and Trade, Russian Federal Security Agency, etc.) and social network, aggregator and information search engine users.

The experiment is to cover registration and authorisation on social networks, conclusion of real estate contracts, sale and purchase agreements, work and service contracts, property leases and contracts for sale and purchase of vehicles, and performance of legally significant acts for employment purposes, as well as any other legally significant acts.

The public consultations on the bill continue until 22 July 2020.

The draft Resolution of the Russian Government is available here

Unified subscriber and user verification system to be set up for network carriers

Draft Law No. 514780-7 “On Amendments to the Federal Law ‘On Combating Legalisation of Criminally Derived Proceeds (Money Laundering) and Financing of Terrorism’ and Other Legislative Acts of the Russian Federation’”

The draft law provides for building a unified system to verify information about individual subscribers and corporate users of communications services. The system is intended for use by the Bank of Russia, credit institutions, payment system operators, payment infrastructure service providers, non-credit financial institutions engaging in activities stipulated in Bank of Russian regulatory acts, and other agencies and organisations specified in a federal law or selected by the Russian Government by agreement with the Bank of Russia. So the list of system users remains open.  

System users will be able to obtain information corroborating that the subscriber number, surname, name, patronymic (if applicable) and the identification document series and number provided by an individual (legal entity) to the subscriber verification system user are compliant with the subscription agreement information, whose accuracy is to be confirmed by the mobile telephone communications operator. System users may require such information when providing or undertaking to provide services to clients.

Yet, it is still unclear how the proposed unified information system would correlate with the database on subscribers of communications operators, which is stipulated in Article 53 of the Law on Communications. The bill also amends the Laws “On Combating Legalisation of Criminally Derived Proceeds (Money Laundering) and Financing of Terrorism” and “On Microfinance Activities and Microfinance Institutions”. In particular, remote customer identification information may now only be forwarded to a client if their information has been verified through the Unified Information System for Subscriber Data Verification. Similarly, the subscriber information will be subject to verification each time a creditor sends messages via a mobile communications network to recover overdue debt. 

The draft law was passed at the first reading on 5 March 2019.

Contact details

For all issues related to publications, news and press releases, please contact:

Ksenia Soboleva

Head of PR and Communications

Subscription

If you would like to receive our legal alerts and updates highlighting current legal issues relevant to your areas of interest and providing expert commentary by our lawyers, please click on "Sign Up" and fill out the form.