News & Media GLEIF Blog

The LEI: The Missing Ingredient in Digital Certificate Management

How a simple integration can safeguard trust in tomorrow’s digital economy


Author: Stephan Wolf

  • Date: 2020-08-25
  • Views:

id-blog-2-website-750x422

The world’s digital economy owes much to the enabling properties of digital certificates. Their proliferation has enabled both organizations and individuals to dispense with slow ‘old world’ paper-based documentation and instead engage digitally, safe in the knowledge that their business partner, together with the certified activities being performed, is trusted in a digital context.

Yet the system is flawed. As the use of certificates continues to grow in both number and use-case application, so too does the time and cost required to maintain them. Legal entities commonly hold multiple certificates from different certificate schemes and issuers, meaning records are kept in multiple silos by a variety of organizations, globally. The lack of ‘links’ between certificates is making the job of keeping track increasingly difficult to manage.

What’s more, the reference data available with each certificate (such as the name, legal form and address) is embedded as text strings that are potentially distinct to the certificate’s issuer due to a variety of reasons, including their use of as local language. This means that manual checks are often needed to establish that a) the certificate in question does indeed match to the counterparty’s organizational representation in internal databases and b) that the certificate itself remains current and the information it contains is up to date.

This latter point exposes yet another problem. Entities’ circumstances change; digital certificates do not. Should an entity rename itself, move premises or change its legal status, for example, these vital updates can not be reflected in their live certificates. Updating them effectively means starting again: legacy certificates are revoked. Updated certificates are reissued. However, this process only works in some circumstances. In case a downstream application can’t access the relevant revocation list, outdated information persists.

This, of course, assumes that the entity does what it should. In reality, a fair number of organizations will allow their active certificates to persist unchanged until their natural expiration date, and only then update their data. Whether this occurs deliberately or unwitting is, to some extent, immaterial, since the result remains the same: certificate information held about that organization is not kept up to date in a systematic way, or at all, by the information holders. The broader implication is that certified information is in circulation when it is out of date, and that organizations may also often have multiple certificates under different names, each with varying and inconsistent information. In short, the trust system is undermined.

This ‘maintenance problem’ intensifies as entities expand their use of digital certificates across a broader range of business activities, such as approving business transactions and contracts, client onboarding, transacting within import/export and supply chain business networks, or submitting regulatory filings and reports.

In response, entities urgently need a fast and simple way to ensure the information they are obtaining through digital certificates is suitably reliable.

An elegant solution: Integrate the LEI into digital certificates

Integrating the Legal Entity Identifier (LEI) into digital certificates at the point of issuance addresses these issues head-on. The LEI is a 20-character, alpha-numeric code based on the ISO 17442 standard that connects to key reference information to enable clear and unique identification of legal entities, globally. Each LEI contains information about an entity’s ownership structure, answering the questions of 'who is who’ and ‘who owns whom’ – crucial for those operating to mitigate risk.

If the LEI can be embedded into digital certificates, it can become the common link between them that is so urgently needed. This would allow anyone to easily tie together all certificate records associated with an entity, determine which certificates are current, and clear up variances. In this way, it can provide certainty of identity and trust in any online interaction between entities, making it easier for everyone to participate safely in the global digital marketplace. It also significantly reduces the complexity and cost, both people and technology-related, associated with due diligence and validation of customers, partners and suppliers.

In order to facilitate the use of LEIs in digital certificates, the Global LEI Foundation has been working closely with standards setting organizations such as the International Organization for Standardization (ISO) and ETSI European Telecommunications Standards Institute in the EU. These technical standards are necessary for the certificate authority industry to consistently embed LEIs into certificates.*

Looking ahead: digital solution adoption, APIs and new use-cases for digital certificates

Global LEI Foundation research that identified KYC challenges in the financial services industry reveals that 61% of stakeholders believe that the growth of digital solutions will actually make identity verification more difficult. As entities continue to adopt digital solutions that utilize emerging technologies, such as IoT and blockchain, their use of digital certificates will increase, not least because digital certificates technology now has consolidated regulatory backing, which enables greater reliability and trust in digital identity. This will continue stimulating further demand for precisely the kind of automated verification that the LEI can enable. To cope with this level of demand, certificate handling has no choice but to become faster, and current information must be obtainable on demand via application programming interfaces (APIs). Here, the LEI could become an essential building block for the usage of digital certificates – and digital signatures – in any kind of distributed supply-chain.

Today, different digital ID systems are based on varying standards, keys and encryption and the only common link between them is the entity name, which can vary widely and change over time. Without a consistent numerical link between IDs, automated methods will always result in errors and further challenges for organizations. The LEI is perfectly poised to provide this consistent link and, by doing so, cement its position as a force for good in the digital economy as a whole.

*Note that the method for including the LEI is different between the two mentioned standards and GLEIF has not taken yet a position if one method is preferred to another, as we are observing market trends and market adoption to advise consistently.

GLEIF Blog and Discussion Board

If you would like to comment on a blog post, please identify yourself with your first and last name. Your name will appear next to your comment. Email addresses will not be published. Please note that by accessing or contributing to the discussion board you agree to abide by the terms of the GLEIF Blogging Policy, so please read them carefully.



Read all previous GLEIF Blog posts
About the author:

Stephan Wolf is the CEO of the Global Legal Entity Identifier Foundation (GLEIF). Since January 2017, Mr. Wolf is Co-convener of the International Organization for Standardization Technical Committee 68 FinTech Technical Advisory Group (ISO TC 68 FinTech TAG). In January 2017, Mr. Wolf was named one of the Top 100 Leaders in Identity by One World Identity. He has extensive experience in establishing data operations and global implementation strategy. He has led the advancement of key business and product development strategies throughout his career. Mr. Wolf co-founded IS Innovative Software GmbH in 1989 and served first as its managing director. He was later named spokesman of the executive board of its successor IS.Teledata AG. This company ultimately became part of Interactive Data Corporation where Mr. Wolf held the role of CTO.


Tags for this article:
Data Management, Digital Identity, Open Data, Global Legal Entity Identifier Foundation (GLEIF), Know-Your-Customer (KYC), LEI Business Case, Risk Management, Level 1 / Business Card Data (Who is Who), Level 2 / Relationship Data (Who Owns Whom), LEI News