November 2024
On 16 August 2024, the Board of the Agency of the Republic
of Kazakhstan for Regulation and Development of the Financial
Market approved the Rules for Biometric Identification by Banks,
Organizations Providing Certain Types of Banking Services, and
Microfinance Organizations (the “Rules”) by Resolution No. 56.
The Rules, among other matters, address issues related to the biometric identification process, the procedure for verifying image authenticity, and the formation of an electronic document based on the results of the verification.
It is important to note that the Rules exclude biometric identification processes performed by banks, entities providing certain banking services, and microfinance
organizations through their own hardware devices.
The provisions of the Rules come into effect on 23 October 2024, except for paragraphs 7, 9, 10, 13, and 14, which
come into effect on 1 January 2025.
It is important to note that the Rules exclude biometric identification processes performed by banks, entities providing certain banking services, and microfinance
organizations through their own hardware devices.
The provisions of the Rules come into effect on 23 October 2024, except for paragraphs 7, 9, 10, 13, and 14, which
come into effect on 1 January 2025.
The Rules have been developed in accordance with the requirements of paragraph 5-5 of Article 34 of Kazakhstan’s Law on Banks and Banking Activities in the Republic of Kazakhstan and paragraph 3-5 of Article 3 of Kazakhstan’s Law of on Microfinance Activities, which prohibit entering into a bank loan agreement with an individual via the Internet without completing their biometric identification.
The identifiable person is an individual who undergoes the biometric identification process, which consists of several stages. Below is a brief overview of the main
aspects covered within these stages.
The identifiable person is an individual who undergoes the biometric identification process, which consists of several stages. Below is a brief overview of the main
aspects covered within these stages.
Obtaining a reliable current image of the identifiable individual’s face and the identification data
The biometric identification provider, which is defined in the Rules as the organization responsible for obtaining a reliable current image of the identifiable individual’s face and/or comparing the current image with the reference image of such individual’s face,
uses software on a mobile device or computer to collect the facial image and the identification data.
The image authenticity is verified by sending the identifiable individual at least three signals and commands to detect discrepancies. Regardless of the verification results, an electronic document is generated containing the results, the identification data, the list of signals and commands, the client’s details, and the date and time. The document is signed with the provider’s digital signature and stored by the client.
The biometric identification provider, which is defined in the Rules as the organization responsible for obtaining a reliable current image of the identifiable individual’s face and/or comparing the current image with the reference image of such individual’s face,
uses software on a mobile device or computer to collect the facial image and the identification data.
The image authenticity is verified by sending the identifiable individual at least three signals and commands to detect discrepancies. Regardless of the verification results, an electronic document is generated containing the results, the identification data, the list of signals and commands, the client’s details, and the date and time. The document is signed with the provider’s digital signature and stored by the client.
Obtaining the reference image of the identifiable individual’s face
and comparing the current image with the reference image of the
identifiable individual’s face
The reference image is extracted from the government image
database or the biometric identification provider’s database of
verified images. This image is used as a reference for comparison
with the current image of the identifiable individual, which allows
identity verification and confirmation.
Regardless of the results of the image comparison, an electronic
document is generated containing the current image, the
identification data, the result, the client’s details, and the date
and time of the comparison. The document is signed with the
provider’s digital signature, stored in the database of verified
images (if available), and stored by the client.
Data Protection
To ensure confidentiality and prevent tampering with transmitted data, the communication channels used in the biometric identification process are encrypted.
Decision Making
Consequently, the client requesting the biometric identification decides whether the process was successful based on:
1) the results of the image authenticity verification;
2) the results of the image comparison;
3) the decision-making criteria for success established by the client.
and comparing the current image with the reference image of the
identifiable individual’s face
The reference image is extracted from the government image
database or the biometric identification provider’s database of
verified images. This image is used as a reference for comparison
with the current image of the identifiable individual, which allows
identity verification and confirmation.
Regardless of the results of the image comparison, an electronic
document is generated containing the current image, the
identification data, the result, the client’s details, and the date
and time of the comparison. The document is signed with the
provider’s digital signature, stored in the database of verified
images (if available), and stored by the client.
Data Protection
To ensure confidentiality and prevent tampering with transmitted data, the communication channels used in the biometric identification process are encrypted.
Decision Making
Consequently, the client requesting the biometric identification decides whether the process was successful based on:
1) the results of the image authenticity verification;
2) the results of the image comparison;
3) the decision-making criteria for success established by the client.
Contacts
- Dinara TanashevaPartner, Head of Tax & Law Practice in
Kazakhstan and Central AsiaTel.: +7 (727) 258 5960
Dinara.S.Tanasheva@kz.ey.com - Nargiz SuleimenovaSenior Associate, Tax & Law+7 727 258 5960
Nargiz.Suleimenova@kz.ey.com