Dear colleagues, We will soon begin working with third parties to fulfil our mandatory due diligence requirements in two key areas: sanctions screening and the validation of identification documents. To keep you informed, we have published an article on RIPE Labs that explains the relevant processes in more detail: https://labs.ripe.net/author/felipe_victolla_silveira/using-third-parties-to... You can find a summary of the key points below. -- Sanctions screening We need to perform sanctions checks whenever we receive a request to transfer, allocate or assign resources, or to open a new membership/LIR (this also includes End User requests). We need to check the company making the request, its director, the people on its board, and also any other companies or individuals with a share in that company. This adds up to a lot of checks requiring specialised skills and data, further complicated by the administrative and legal differences across our service region. Working with Altares Dun and Bradstreet and also Dow Jones, we will soon start to run automated checks against their databases to verify company information and to check if individuals, companies or any of their signatories are subject to sanctions. We will use the database run by Altares Dun and Bradstreet to quickly verify information about companies and individuals. Dow Jones maintains a list of all sanctioned entities around the world and we plan to run automated checks against this list. This collaboration will allow us to carry out our mandatory due diligence checks in a structured, complete and efficient way. For the vast majority of members, we expect that these checks will basically run in the background and not have any visible impact. We will only need to contact you if there is missing information in Altares Dun and Bradstreet’s database. In this case, we would let you know that they would like to contact you. This is voluntary, and there is no requirement to accept their call. -- Validation of identification documents Validating identification documents is a manual process that we want to automate. Until now, we have worked with fraud specialists to manually authenticate IDs that appear suspicious. We want to apply a uniform approach that verifies all ID information across the board. We will be working with iDenfy, a specialised provider in automated ID validation and remote identification services, to ensure a high standard of diligence and security across all ID documents that we process. Once this is ready, members will upload personal identification documents directly to the iDenfy system using a secure link that we send. In addition to maintaining a high level of security, iDenfy will ensure that this data is deleted within 14 days of being submitted. In line with GDPR, we remain the ‘data controller’. Work is currently underway to integrate our external request processes with iDenfy’s systems and we plan for this to go live on 23 September. Kind regards, Felipe Victolla Silveira Chief Operations Officer RIPE NCC