A digitalized world requires digital identities. This is especially true for regulated sectors such as payment and banking but also education, health, mobility, telecommunications and certainly e-government. While there is an abundance of (fake) identities on the internet and on social platforms, regulated use-cases rely on verified identities. Thus, providing verified digital identities has become one of the biggest challenges in order to unlock the full potential of digital economy.
At the same time, we need to provide for convenient digital identification procedures that are attractive to the user while safeguarding the user’s privacy. The implementation of the General Data Protection Regulation (GDPR) in May 2018 and massive data scandals such as the Facebook-Cambridge Analytica scandal, data breaches at Marriott hotels and the German Federal Parliament (Bundestag) have raised awareness and highlight the importance of secure data processing.
The issue with one-time single purpose identification
Digital identification procedures often face the same challenge as other services: the safer they are, the less convenient they are. While video identification is already a big progress that can make face-to-face identification in a bank or post office obsolete, it still takes up to ten minutes until the identification procedure is completed. A time span that is quite long for the fast-paced digital world, especially if this onerous procedure has to be repeated by the same user for every new onboarding process with another company.
Furthermore, video identification is costly. Banks, payment, health care and telecommunication providers bear significant costs for the identification of their users. Since each of the companies identifies the users individually.
Identity platforms as a solution
Identity platforms that provide for safe and compliant data storage and provide digital identities that comply with all relevant regulatory standards can be a solution. The user only needs to be identified once, stores his/her identification data set on the platform and re-uses it very time he/she needs to complete an identification procedure with another company.
Ideally, this digital identity can serve all regulated and unregulated sectors by complying with highest quality or assurance levels.
AML Regulation and KYC in the financial sector
One sector with the strictest identification requirements is the financial sector. Banks and payment providers have to comply with strong AML-regulation. Within the European Union, the EU Anti-Money Directive (EU-AMLD) provides for the regulatory framework, which still requires national implementation acts.
EU-AML-Directive provides for multi-party transfer of identification data in AML context
The EU-AMLD already provides for the opportunity, that obliged entities throughout the EU may “rely on third parties to meet the customer due diligence requirements”, Art. 25 EU-AMLD. This includes customer identifications conducted by other obliged entities, such as banks or payment providers from a different EU member state. Thus, if a customer wants to open another bank account with a B-Bank in one EU member state, he/she can ask B-Bank to reach out to another bank (A-Bank) in another EU member state, where the customer had previously opened a bank account, to request the identification details obtained during the previous identification at A-Bank. Certainly, a big improvement, which reduces onerous identification procedures but also provides for high quality identifications that comply with applicable AML-regulations.
EU eIDAS Regulation harmonizes eID for Public Sector
Also in the public sector, the EU Commission has identified the need for standardized electronic identification. Regulation (EU) 910/2014 on electronic identification and trust services for electronic transactions in the internal market, the eIDAS regulation came into effect July 1, 2016. The regulation aims to “provide a predictable regulatory environment to enable secure and seamless electronic interactions between businesses, citizens and public authorities” within the EU. The eIDAS regulation has a direct impact on eID in the public sector, since it “ensures that people and businesses can use their own national electronic identification schemes (eIDs) to access public services” in other EU member states where eID is available.
Call for EU-wide cross-sectoral harmonization of KYC and CDD requirements
Following this legislative initiative, the EU-Commission explored how “how electronic identification under eIDAS could be leveraged by the banking sector to comply with Know-Your-Customers’ (KYC) requirements under the fourth Anti-Money Laundering Directive (4th AMLD); and to guarantee strong authentication requirements of parties in the context of the revised Payment Services Directive (PSD2).” Understandably, the EU-Commission considers eIDAS as its starting point. Another option would be to make AML-compliant identities from EU regulated banks the standard. For example, in Sweden Bank ID is already the leading electronic identification system.
Regardless, which identity becomes the new standard, wouldn’t it be great if EU citizens who want to start their Erasmus studies, work or retirement in another EU member state could use their digital identity for registering the new domicile online? And later on, they could also use this identity for signing up online for a mobile phone contract with a local telecommunication provider, opening a bank account with a local bank and for signing up a new health insurance even before starting their move?
Identity platforms for secure and easy onboarding and user-centric data management
Regulated identity platforms that provide for secure storage of all different kinds of identification attributes and different identification levels can play an important role in harmonizing identification requirements within the EU. Therefore, identity platforms that provide high quality digital identities can be the key enabler to unlock the potential of digital economy while at the same time they can help safeguard the user’s privacy.
The European identity platform Verimi simplifies identity verification: The Berlin-based start-up enables users to easily prove their identity within onboarding processes.
Instead of confronting users in each industry with different legitimation processes, Verimi offers them the opportunity to store their identity data once in their Verimi account in order to reuse this data to identify themselves quickly for multiple use cases.
The next onboarding procedure can be completed with one click, a smooth solution for the user which increases the conversion rate, saves costs and time for both users and companies.
Maximilian Riege, Chief Representative & General Counsel at Verimi