Table of Contents
Why the Financial Industry should adopt regulated identities
By Philip Hallenborg, CEO, ZealiD
Introduction
In today’s digital age, the financial industry faces a growing challenge: ensuring the security and reliability of customer identities in a world where transactions increasingly occur remotely.
As technology continues to advance, the need for robust identity verification methods becomes increasingly critical. This article explores the compelling case for the adoption of regulated identities within the financial sector.
Specifically, we will delve into how the European Union (EU) has been at the forefront of implementing regulated identity measures, such as national eID and qualified signatures, through money laundering directives. We will argue that regulated identities are the solution to the most challenging aspect of Know Your Customer (KYC) processes: remote identity verification.
The Evolution of Identity Regulation in the EU
Over the past decade, the EU has made significant strides in addressing the challenges of identity verification in the digital realm. The implementation of money laundering directives, such as the Fourth Anti-Money Laundering Directive (4AMLD) and the Fifth Anti-Money Laundering Directive (5AMLD), have paved the way for the integration of regulated identities.
These directives have introduced the concept of eIDAS-regulated identity methods, which include national electronic identification (eID) and qualified digital signatures.
National eID, as a regulated identity, allows individuals to access a wide range of online services and financial transactions with the utmost confidence in their identity. It is a standardised and secure way of proving one’s identity, often supported by government authorities.
Qualified digital signatures, on the other hand, provide legally binding electronic signatures, ensuring the authenticity and integrity of digital documents. Qualified digital signatures derive from a qualified certificate which is the second type of eIDAS regulated identity.
These regulated identity methods not only enhance security but also simplify and streamline remote onboarding processes for customers and employees. Similar to the EU, the UK has adopted eIDAS regulations that govern qualified electronic signatures, ensuring a high degree of trust in UK qualified e-signature services.
In France, qualified digital signatures are already recognised in business and legal settings. E-signatures also benefit from the standardisation of e-signature acceptance across the EU internal market through the eIDAS regulations. Use of regulated digital identity in France is also primed to grow as on 5 October, the National Assembly set the objective of achieving 100% access to a digital identity in France by 2027 to meet the objectives of the EU’s digital identity law.
Similarly, in the UK, qualified digital signatures are well ingrained in the country’s business architecture. There is also strong compatibility with EU regulations, as the UK eIDAS mirrors the EU’s eIDAS in technical standards and specifications. For example, qualified trust services providers for qualified digital signatures can come from either the UK or EU. The degree of interoperability makes using qualified digital signatures a common-sense option for UK companies doing business with EU-based counterparties.
Regrettably, there is a scarcity of effective national eID schemes in the EU and elsewhere. Many nation-states struggle to harness the innovations of the private sector, resulting in citizen journeys that impose excessive demands on their citizens. Additionally, there is a limited availability of public digital services essential for encouraging citizen adoption.
With the exception of the Baltic and Nordic regions, the majority of EU countries lack a substantial proliferation of national eIDs. Even in cases where such eIDs exist, they typically take the form of physical ID cards, requiring cardholders to remember a passcode. This, in turn, presents additional challenges when citizens aim to use their eIDs in online settings.
National eID schemes often restrict eID acquisition to citizens of the same nationality. This creates additional barriers for cross-border service provisioning, where eIDs may vary in terms of assurance levels and require different types of technology and software support, all governed by national not international regulations. While the UK has been broadly supportive of ensuring the private sector can adopt digital identity tools by putting regulations in place, there is widespread hesitation about the idea of adopting a national eID card and such a step is unlikely in the foreseeable future.
Clearly, for large enterprises looking to cater to global customers (and why not employees) while maintaining flexibility and adherence to international standards, the qualified certificate emerges as the optimal choice. This highly standardised and closely supervised option provides financial service providers with the ultimate tool to transition into the digital realm.
Addressing the Challenge of Remote Identity Verification
Remote identity verification has long been a stumbling block for financial institutions seeking to comply with KYC regulations. Traditional methods, such as in-person visits and paper documentation, are cumbersome and inconvenient for customers. Moreover, they are not suited for an increasingly digital world. Regulated identities offer an elegant solution to this problem.
By adopting regulated identities, financial institutions can easily and securely verify the identity of customers without the need for physical presence. This approach simplifies onboarding processes, reducing friction for customers and allowing financial institutions to stay competitive in the digital era. Furthermore, regulated identities are compliant by design with supervisory authorities’ requirements, making it easier for financial institutions to meet their regulatory obligations.
Compliance by Design for Supervisory Authorities
One of the most significant benefits of regulated identities is that they are designed with compliance in mind. Supervisory authorities in the financial sector, such as central banks and financial regulators, are increasingly demanding stringent identity verification processes to prevent money laundering, fraud, and other illicit activities. Regulated identities align with these regulatory expectations seamlessly.
Financial institutions that adopt regulated identities not only enhance their own security measures but also contribute to the broader goals of financial regulation. Regulators can more confidently oversee the industry when they know that institutions are employing robust identity verification methods. This, in turn, fosters trust and transparency in the financial sector.
Personal Data Protection
In an age where data breaches and identity theft are prevalent, personal data protection is paramount. Regulated identities emphasise the importance of safeguarding sensitive customer information. These methods are designed with strict data protection measures in place, ensuring that customer data is handled with the highest level of security and privacy.
Standards-Based Information Security
Regulated identities are built upon established standards, making them a reliable choice for financial institutions. These standards ensure the interoperability and compatibility of identity verification methods across various systems and platforms. Financial institutions can have confidence in the consistency and reliability of regulated identities, reducing the risk of fraud and errors in their operations.
Conclusion
The financial industry’s adoption of regulated identities, as introduced and championed by the European Union through money laundering directives, represents a significant step forward in enhancing security, compliance, and efficiency. Remote identity verification, a long-standing challenge for KYC processes, can be effectively addressed through the use of regulated identities. In practice, for multinational financial service providers this means making use of the eIDAS qualified certificate and digital signatures derived from it. Not only for its customers but also for its employees and key stakeholders.
This regulated identity method not only simplifies onboarding processes but also promotes compliance by design for supervisory authorities, protects personal data, and adheres to standards-based information security. As the financial sector continues its digital transformation, regulated identities are poised to play a pivotal role in ensuring trust and security for both institutions and customers alike. Embracing this technology is not just a choice; it is a necessity in an increasingly interconnected and digital world.