The Rise of Digital Technology in KYC: Using the LEI to Ease the Process
A standardized approach to entity identification using the LEI would make it easier for everyone to participate in the global digital marketplace
Author: Stephan Wolf
Estimated Reading Time: 10 minutes
The way we work has been revolutionized by technology. As part of this, the automation and digitization of many manual processes within and across organizations has led to considerable time and cost saving. The rise of digital technology has also significantly simplified the process of setting up a business, as well as making it easier to conduct cross border deals and enter new markets.
In this increasingly globalized digital economy, a few clear challenges emerge. One of which is verifying the identity of customers, partners and suppliers which remains a time-consuming and costly process.
These concerns are clearly reflected by businesses with our recent report, ‘A New Future for Legal Entity Identification’ (see ‘related links’ below). It outlines the results of research that the Global Legal Entity Identifier Foundation (GLEIF) undertook with research agency, Loudhouse, on the challenges of entity identification, including know your customer (KYC) due diligence, in financial services.
This blog post explores the impact of rising digital technologies on entity verification and the potential capabilities and benefits afforded by adopting a standardized method using the Legal Entity Identifier (LEI). To illustrate the point, we analyze how combining the LEI with digital certificates could simplify entity identification for the digital age.
Most financial institutions expect new technologies to be integrated in the onboarding process
The GLEIF research, which surveyed over 100 senior salespeople in the banking sector in the UK, US and Germany, demonstrates the growing demand for a robust, simplified, improved identification process, particularly as 52% of our respondents think that onboarding time is only going to rise due to a combination of increased fraud, tighter regulations and growth in today’s business landscape.
Businesses need an entity identification system that keeps them on the right side of both regulators and clients, while making them more efficient overall. And they are aware that new technologies are increasingly likely to play a part in that. The majority of financial institutions expect new technologies such as digital signatures (51%), KYC utilities based on blockchain technology (50%) and digital certificates (46%) to be integrated in the onboarding process of new client organizations. However, there is a caveat to go along with that: 61% of our respondents believe that the growth of digital solutions will actually make identity verification more difficult, simply because it will mean a rise in the number of legal entities transacted with.
Improving identification in the digital age using the LEI
Financial services businesses can save time, gain greater transparency and work in a more streamlined fashion by adopting an LEI for each client organization. Banks operate in multiple jurisdictions and therefore need a global standard. The LEI offers businesses a one-stop approach to identifying legal entities, which has the potential to take the complexity out of business transactions. Via the Global LEI Index, we make available the largest online source that provides open, standardized and high quality legal entity reference data. No other global and open entity identification system has committed to a comparable strict regime of regular data verification.
Integrating the LEI into other entity verification methods, including solutions based on digital certificates and blockchain technology, will therefore allow anyone to easily connect all records associated with an organization, and identify who owns whom. By becoming the common link, the LEI will provide certainty of identity in any online interaction, making it easier for everyone to participate in the global digital marketplace.
The proliferation of digital certificates illustrates the point.
Digital certificates: What is driving identity challenges in today’s digital world?
We believe that digital certificate technology based on strong cryptography is critical to the smooth operation of the evolving digital economy. The proliferation of digital certificates, whether issued by governments or the private sector, has allowed organizations and individuals to get on and do business digitally.
However, this is now creating problems that need resolving to ensure they can effectively support the smooth operation of the global digital economy.
The major challenge with digital certificates is the extent to which users can track them. They are easily obtained from a host of different issuers and records are kept in multiple silos by a variety of organizations globally. Digital certificates come with a unique public-private key pair and a fingerprint. When they expire, a new certificate must be obtained with a completely different public-private key pair. Organizations usually hold multiple certificates from different certificate schemes, e.g. eIDAS and CAB/Forum, at the same time and for different use cases. (For background information on the European Union Electronic Identification and Trust Services (eIDAS) Regulation and the CA/Browser (CAB) Forum, refer to the ‘related links’ below.)
The reference data available with the certificate, e.g. the name, legal form and address, is embedded as mere text strings. These strings are not harmonized across different issuers. This means there is no way to relate one certificate to another or determine the links between different parties without performing a manual matching exercise. Digital certificates today are strong in ad hoc authentication but lack the ability to view their owners in an unambiguous way.
Furthermore, certificates carry information that was available at the time of issuance. However, firms change their names or legal form, they move office, etc. Yet, none of these changes can be reflected by changing the certificate content as it would break the cryptographic checks. Firms might conclude to revoke the certificate and get a new one – or simply keep using it with wrong information until it expires. As a result, the information held about organizations is not kept up to date in a systematic way, or at all, by the information holders. Not only will information frequently be out of date, organizations will also often have multiple certificates under different names, each with varying and inconsistent information.
With no connection between different digital certificates relating to one entity and no way to decide which is out of date and which is current, determining identity in the digital sphere will only become even more complex.
Organizations and individuals need a way to ensure the information they are obtaining through a certificate is correct and up to date. A solution is needed to build certainty and trust in the system and the information it provides.
How can LEIs help:
Here at GLEIF, we wish to simplify identification for the digital age by combining the LEI with digital certificates. This would allow anyone to easily relate all records associated with an entity, determine which are current and clear up any variances. It will also allow business users to easily assess information on who owns whom.
This seemingly minimal addition will significantly reduce the complexity and cost – both people and technology-related – associated with due diligence and validation of customers, partners and suppliers. In case LEI codes would replace the reference data of a legal entity as well as the issuer entirely, certificate handling would become faster (less payload) and most current information could be obtained on demand via application programming interfaces (APIs). The LEI could become an essential building block for the usage of digital certificates – and digital signatures – in any kind of distributed supply-chain.
Digital certificates are already integral for organizations and individuals interacting and transacting digitally, and their usage is only set to increase with emerging technologies, such as IoT and blockchain. As mentioned earlier, 61% of respondents to our research believe that the growth of digital solutions will actually make identity verification more difficult. If the challenges associated with their success are not addressed, the complexity and costs for organizations will continue to expand considerably.
Likewise, extreme volume will also drive more demand in automated verification. Today, different digital ID systems are based on varying standards, keys and encryption and the only common link between them is the entity name, which can vary widely and change over time. Without a consistent numerical link between IDs, automated methods will always result in errors and further challenges for organizations. The LEI could provide this consistent link and cement its position as a force for good in the financial industry as a whole.
For those certification authorities wishing to embed identity data into the Subject Distinguished Name of a digital certificate, we have created an object identifier (OID): oid-info.com/get/220.127.116.11.4.1.52266.1.
For more information on the results of our research into the challenges of onboarding client organizations in the banking sector, please read the full report titled ‘A New Future for Legal Entity Identification’, which is available for download below.
* The text in italics was added to this blog post on 25 July 2018.
Permalink for this article: https://www.gleif.org/en/newsroom/blog/the-rise-of-digital-technology-in-kyc-using-the-lei-to-ease-the-process
If you would like to comment on a blog post, please identify yourself with your first and last name. Your name will appear next to your comment. Email addresses will not be published. Please note that by accessing or contributing to the discussion board you agree to abide by the terms of the GLEIF Blogging Policy, so please read them carefully.
Stephan Wolf is the CEO of the Global Legal Entity Identifier Foundation (GLEIF). Since January 2017, Mr. Wolf is Co-convener of the International Organization for Standardization Technical Committee 68 FinTech Technical Advisory Group (ISO TC 68 FinTech TAG). In January 2017, Mr. Wolf was named one of the Top 100 Leaders in Identity by One World Identity. He has extensive experience in establishing data operations and global implementation strategy. He has led the advancement of key business and product development strategies throughout his career. Mr. Wolf co-founded IS Innovative Software GmbH in 1989 and served first as its managing director. He was later named spokesman of the executive board of its successor IS.Teledata AG. This company ultimately became part of Interactive Data Corporation where Mr. Wolf held the role of CTO.