As every industry proceeds warp speed into digital transformation, the question on the minds of security and privacy experts is: “how are we managing all of these digital identities?”. Digital payments are growing at an estimated 12.7% annually, and are forecast to reach 726 billion transactions annually by 2020, according to CapGemini. Now that 2020 is here and impacted by a world pandemic, this number could be exponentially greater as more and more people turn to online commerce.
Banks are especially important in this transition as they are the digital custodians of both individual and business identities. They’re responsible for vetting organisations and reducing the likelihood of fraud through Know Your Customer due diligence checks. But as the industry is well aware, fraud is still rife.
The UK’s National Cyber Security Centre (NCSC) said it took down more than 2,000 online coronavirus scams last month. Cybercriminals are seeking opportunities in all sorts of places, impersonating and targeting the World Health Organisation, impersonating the UK government, banks and organisations of all sizes where there is an opportunity for financial gain.
Priti Patel (UK’s Home Secretary) even took the time in a Covid-19 press briefing to remind the criminals that the Home Office is still after them.
All over the world, governments and organisations are accelerating digital identity initiatives in the hope that some sort of cohesive framework will be successful enough to reduce fraud and help governments identify the citizens who are most at need of support in these difficult times.
One example is the Bank of Nigeria who had begun issuing Bank Verification Number (BVN) to each Nigerian with a bank account. The system consists of a biometric database of over 36 million Nigerian citizens. The Bank of Nigeria discovered that this new system lowered onboarding costs and contributes to a more robust competition in the financial market. Customer identification and verification with the BVN is instantaneous and also allows for remote verification through mobile devices. Now the Bank of Nigeria is using this system to hand out loans to Nigerians most impacted by coronavirus.
In Sweden, banks also play an important role in digital identity but more alongside the government. The government manages the central database of identities for all Swedish residents and citizens but facilitates this digital identity through private partnerships, where the private companies act as digital identity service providers, issuing credentials and providing authentication services.
Sweden goes a step further in playing a role for entity identification in the fight against money laundering and fraud. The use of digital ID for customer identification/verification is explicitly provided for in the AML/CFT Act (Ch. 3, s. 7).
“An obliged entity should identify the customer and verify the customer’s identity through identity documents or extracts from registers or through other information and documents from an independent and reliable source. In the application of the first sub-section, instruments for electronic identification and trusted services pursuant to the eIDAS Regulation may be used. Other secure remote or electronic identification processes that are regulated, recognised, approved or accepted by relevant authorities may also be used.”
The Financial Action Task Force had recently published its recommended guidance on digital identity verification for customer due diligence (CDD). The guidance sets out FATF recommendations for onboarding customers as individuals and as business entities.
It is recognised that verifying digital identity documents online poses a risk to organisations in relation to cyberattacks and potentially large-scale identity theft. On the other hand, many digital identity systems and frameworks are in place that already mitigate risk and hold great promise for strengthening AML and CFT (Countering the Finance of Terrorism) controls while also increasing financial inclusion, improving customer experience and reducing costs for regulated entities.
Onboarding Customers – Individuals
“Regulated entities when establishing business relations with a customer (i.e., at on-boarding) are required to identify the customer and verify that customer’s identity, using reliable, independent source documents, data or information”
Onboarding Customers – Business Entities
“regulated entities must conduct “ongoing due diligence on the business relationship and scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the institution’s knowledge of the customer, their business and risk profile, including, where necessary, the source of funds.”
The message is clear, organisations are expected to continue customer due diligence checks in a way that can reliably identify both individual customers and business entity customers. Additionally, for checks on businesses entities, it is stated that these must be ongoing as they post a higher risk to fraud, CFT and money laundering schemes.
Along side this work done by the FATF, the Financial Conduct Authority (FCA), the Global Legal Entity Identifier Foundation (GLEIF) and other organisations have been working hard to implement global adoption of a new standard for Legal Entity Identifiers (LEIs). To do this, the GLEIF has worked with regional banks and regulators to ensure that LEIs are adopted as the gold standard for business entity verification.
Today, LEIs have their own ISO standard, 17442, as well as being included in other standards such as the payment ISO 20022. LEIs are required in regulations such as MiFID II, EMIR, MiFIR, SFTR and Solvency II. And those are just in the EU. Regulators all over the world are considering how to implement LEIs into reporting and financial trade regulations whether they require or request LEIs.
Some examples include:
It is the responsibility of an organisation to ensure they have their own LEI registered on the GLEIF database, however it is possible for large financial firms to help their clients by managing their LEI portfolios. LEI’s must be renewed each year so this can become a burden for firms. ManagedLEI can reduce some of that burden by offering multi-year discounts and portfolio management.
Register a new LEI or transfer an existing LEI to ManagedLEI today for low cost LEI renewals.Buy or Transfer an LEI
Trusted Identity Ltd. LEI: 98450054NFCE7A67C172Managed LEI © 2022. All Rights Reserved. Freelance Developer in Kent