The UK Joint Money Laundering Steering group (JMLSG) has this week updated its Prevention of money laundering/combating terrorist financing, Guidance for the UK Financial Sector to embrace the use of Digital Identities for the purposes of identity validation and verification.

This is an excellent step forward for the acceptability of Digital Identities in a vital new use case. It will enable users to easily open a new account and instantly pass AML KYC ID checks using their Digital Identity, meaning easier financial account opening, increased switching and leading to more competition in financial services.

An important point in the new guidance is that the Digital Identity used, or indeed any electronic verification solution used for KYC ID purposes, “is accredited or certified to offer the identity verification service through a governmental or industry process that involves meeting minimum published standards”.

The Digital Identity used can be from an eIDAS notified identity scheme, an eIDAS Trust Service, or a Digital Identity with a similar level of assurance to that defined by eIDAS.

A key question is: How will financial services firms know that providers of Digital Identities are accredited / certified? There are likely to be multiple Digital Identity Providers.

When leveraging eIDAS notified identities, or an eIDAS Trust Service, this is fairly clear – the approved schemes are publicly listed. GOV.UK Verify Digital IDs are eIDAS notified identities. The identities available through GOV.UK Verify and eIDAS are issued by many different Identity Providers. To enable access to these identities by firms in an easy to consume way, some form of Broker (or aggregator) is required. Does this aggregator need to be accredited / certified the minimum published standards?

When using Digital Identities, or other electronic verification services, which are not eIDAS approved, but are eIDAS aligned, who assesses and accredits that alignment?

Also, should alignment with the UK Trust Framework that is being produced by the UK Governments new Digital Identity Unit be considered? This would definitely be desirable in order to ensure interoperability of Digital Identities across finance and public sectors.

OIX suggests the best way to ensure Digital Identities are “accredited … though an industry process” is to establish a Trust Scheme. A Trust Scheme would be the “industry process” referred to in the guidelines.  A Trust Scheme would be responsible for:

  • Defining the minimum published standards to be assessed against, both for Digital Identities and Brokers.
  • Defining how non-eIDAS Digital Identities are assessed for compliance.
  • Defining how Brokers are assessed for compliance
  • Assessing compliance with these standards
  • Publishing who is compliant with these standards
  • Educating the market on the compliance process
  • Dealing with any queries and complaints

In order to achieve consistency and ease of acceptance of Digital Identity services across the UK financial services industry, a Single Trust Scheme for financial services KYC in the UK could be considered.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

By contrast, having multiple Trust Schemes could complicate the market and may cause confusion for firms and consumers. Especially if this a market of competitive Trust Schemes.

 

 

 

 

 

 

 

 

 

 

 

 

A Single Trust Scheme that is independently administered on behalf of UK financial services, rather than multiple Trust Schemes which may compete, would have the following advantages:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

As can be seen from the above there is a compelling case for an independent Single Trust Scheme to take the role of the accreditation body for Digital ID for KYC in UK Financial Services.

This independent Single Trust Scheme could be administered as a Not-For-Profit body, endorsed and supported by the financial services industry. The Trust Scheme could be a new separate body, or it could be attached to a suitable existing Not-For-Profit body in financial services or identity services.

The adoption of Digital Identity as an acceptable form of ID validation and verification into the JMLSG guidelines is a milestone for the evolution of Identity Services in the UK and is whole heartedly welcomed by OIX.

Many OIX members have identity solutions that can enable financial services firms to capitalise on the advantages of using electronic evidence and Digital Identities. OIX wants to encourage the development of an open competitive market for ID Brokers and Digital Identity Providers. A single clear and simple approach to accreditation and compliance will enable such a market to rapidly form and thrive.

The next step should be to consider how the use of Digital Identities for KYC purposes is governed in more detail. OIX and its members stand ready to assist.