The WEF and digital identity systems

The WEF and digital identity systems

Simon Deane-Johns, consultant solicitor and online financial services expert at Keystone Law, explains the necessity of digital identity systems in today’s tech-centric society, but suggests that the recent World Economic Forum (WEF) report is mistaken in thinking that the major financial institutions will be the ones to fully develop the systems needed.

What are digital identity systems as opposed to physical identity systems?

Broadly, digital identity systems can be defined as any electronic means of establishing a person’s identity, whether by reference to something physical (such as biometric information, like an iris scan or fingerprint) or data (especially behavioural data, such as your location or online activity, rather than static data from a database).

Whereas, a physical identity system involves the physical processing of an item that proves your identity, such as a passport control official viewing a physical passport that was handed to them by the passport holder, or a postal worker checking a driver’s licence to verify the identity of someone collecting a parcel.

What is the benefit of digital identity from the perspective of financial institutions? What benefits and additional capabilities would accrue to financial institutions, regulators and governments from the implementation of digital identity systems?

The theoretical benefit of digital identity systems from the perspective of financial institutions are twofold:

  1. it would be easier, quicker and more convenient for their customers than the current processes, particularly if the digital identity process was widely adopted/accepted
  2. it is thought to be more cost-effective for the institution, particularly in demonstrating internally and to the authorities that they have indeed verified the customer’s identity

It has been suggested there may also be new revenue opportunities, but I disagree because for the traditional financial institutions the situation is about catching up. Nevertheless, newer financial institutions do have the opportunity to deploy digital identity solutions as a further means of outpacing the more antiquated players in the financial services market and taking on their customers.

On the other side, there are numerous benefits for the regulators and the government. Although here, too, it is about catching up with innovative techniques, rather than leading the way. Nevertheless, digital identity systems can deliver an improved experience for the citizen/consumer and it would be more cost effective for the authorities’ own identity verification requirements. It improves their ability to detect where identity checks are not being carried out appropriately, either by themselves (the government has many identity verification scenarios) or the people they supervise (for example, financial institutions).

Which specific areas of financial services are likely to benefit from digital identity systems and how?

The full spectrum of financial services could benefit from digital identity systems. This is because most of the market is covered by the Money Laundering Regulations 2007, SI 2007/2157, so identity verification is a core feature of the customer relationship. The effect of streamlining the process for retail customers to switch savings accounts, for example, is obvious.

Perhaps less obvious is the fact that even in capital markets transactions, it can take weeks for banks to verify the identity of all the parties involved in opening bank accounts for funds and special purpose vehicles. A digital identity system incorporated into this scenario could streamline, simplify and speed up the process, while removing significant delays in the deployment of large amounts of money.

What are the existing digital identity systems and how does the report envisage that they can be improved/developed?

There are at least half a dozen significant existing digital identity systems mentioned in the recently released WEF report. However, the suggested improvements mentioned in the report all have at least one gap, whether in terms of, for example, service delivery capability, authorisation, attribute exchange, authentication across multiple scenarios/services, or requiring others to provide attributes. Rather than any one service winning out over others, I think this ultimately points to different systems being adopted in different scenarios, in combination with one or more services or providers that are able to fill the relevant gaps.

Why is the need for the development of digital identity systems becoming urgent?

This became urgent over a decade ago, with the advent of Web 2.0 and the adoption of technology by the general public, as well as cyber criminals. The situation is only becoming more urgent as the technological capabilities of cyber criminals is outpacing the legacy capabilities of financial institutions, regulators, and governments at an ever increasing rate.

Why does the WEF believe that financial institutions should lead the development of digital identity systems?

The WEF claims that (major) financial institutions are already storing customer attributes and verifying user information, as well as proving their executional ability and near-complete user coverage, all while operating across multiple jurisdictions. I do not share this belief because it massively overestimates the systems and capabilities of such institutions—especially UK retail banks.

For one thing, each ‘bank’ is, in fact, a ‘banking group’ made up of distinct subsidiaries with different purposes, products and regulatory permissions. Their national subsidiaries may share global brands, but they are by no means operating across any meaningful borders. There also tends to be a separate ‘core banking system’ (an old mainframe) for each brand, product and even for each central function (such as separate systems for risk, treasury and underwriting). They also still deal in the batch processing of transactions overnight, rather than real-time processing. These systems, for example, are not directly interoperating with mobile payment applications on a transaction-by-transaction basis, or keeping pace with up-to-the-minute customer balance inquiries. Unlike more modern businesses, banks rely heavily on spreadsheets and other applications running on individual users’ computers to make up for the deficiencies in legacy systems.

While the banks may store some customer attributes, and may even collect vast stores of behavioural data via websites or app servers, they are not able to efficiently retrieve or use the information meaningfully, or even associate each of their customers with all the products that each customer has with that same banking group. As a result, they spend millions each year on digital advertising to customers who already have the products being advertised.

In all these respects, the ‘executional ability’ of UK banks is actually very poor.

The WEF also suggests that the major institutions are trusted by customers and rigorously regulated. Again, I disagree. I do not think the banks are currently trusted by customers in any relevant sense, especially considering the technological failures of recent years. Indeed, how could rigorous regulation have allowed them to have declined to their current technological and administrative state? In these circumstances, I would even go so far as to say that they are definitely incapable of operating and providing the much-needed digital identity systems and services themselves. Nevertheless, I believe that they would be significant customers for any digital identity systems developed and operated by others. They could even help market such systems to their customers to help drive initial adoption.

What role could ‘blockchain’ technology play in digital identity systems?

‘Blockchain’ (the type of technology that underpins bitcoin) or other distributed ledger technology presents a good opportunity to establish efficient and cost-effective digital identity systems. Simply put, such technology creates a shared ledger of digital records or transactions that is accessible to all computers running the same protocol. Such technology could help digital identity systems because there are many useful attributes about a person to include (both physical and behavioural data) and the state or status of those attributes can change very frequently. This is also the case because those attributes may need to be shared for retail and commercial purposes across different industries and geographies, as well as different systems and software—this would be comparatively difficult to support using ‘traditional’ IT solutions.

What could be the relevance of digital identity systems beyond financial services?

There are a significant number of non-financial scenarios in which a person’s identity has to be established where a digital identity system could prove useful, such as the parcel collection and cross-border travel scenarios already mentioned. UK passport control has already introduced some e-readers for passports, for example.

There are also scenarios where one or more attributes are important to establish (for example, proving a person belongs in a particular age bracket for the purchase of alcohol or other age-restricted goods and services), which could be served by attribute exchanges operated by digital identity providers.

Interviewed by Giverny Tattersfield.

The views expressed by our Legal Analysis interviewees are not necessarily those of the proprietor.

Related Articles:
Latest Articles:
About the author: