Identity is fundamental in finance. At a time when huge TechFins like Amazon are making inroads into the financial services industry, major questions are arising as to the most effective methods of customer identification and meeting Know Your Customer obligations (KYC). Does the solution lie in redefining identity, in the methodology of retrieving identification, in some mix of the two, or in other ways? We have recently explored these issues, here.
To date, forms of analogue and digitized identity (i.e paper documents and scanned ID documents respectively) have been relied upon to prove an individual’s identity to, say, a bank. However, the next stage in the evolution of identity is digital. This involves considering broader characteristics that reflect an individual’s distinct personality – for example, using data from analyzing search patterns on the internet or social media profiles. The sheer amount of data collected makes it very likely that the user is the person she claims to be. What defines a person can no longer be limited to a static legal document like a passport.
However, banks are currently at a disadvantage to their TechFin competitors in acquiring this comprehensive view of their clients. TechFin entities are already capturing behavioral data that they can use for second-factor authentication; how people hold and use their phones, for example. User data from an online persona, like whether the customer tends to cancel orders, can also result in a better assessment of a customer’s risk profile. While a person’s electronic identity is technically external (in contrast to, say, a fingerprint), this identity is becoming increasingly internalized as we spend more time online and a more complete picture can be painted from this information.
We are beginning to see examples of countries adopting national e-identity systems. Most notably, in India’s Aadhaar system, residents are issued a 12-digit random number, based on biometric information, including 10 fingerprints and two iris scans, which is then used to access government and other services. Based on this system, India has also developed a paperless e-KYC service to instantly establish the identity of prospective banking customers. While the Aadhaar system has been criticixed, and even subject to a constitutional challenge, this sloppiness in implementation should not detract from the strength of the idea and the potential of a national biometrically-based identification system to underpin an entire digital financial ecosystem. Billions of rupees of financial benefits previously lost annually through fraud are now finding their way to the intended recipients.
In the EU, while there is no pan-European ID card system, the eIDASR seeks to ensure that people and businesses can use their own national eIDs to access public services in other EU countries. The goal is to ensure eIDs work across borders and have the same legal status as traditional paper-based processes. This provides, in principle, an open standard not limited to EU jurisdictions. Every national ID system that wants to connect to the eIDAS system can do so.
A basic eKYC system can be created simply from: (1) a base sovereign identity (which may or may not be digital, e.g. an Aadhaar number or a passport); and (2) golden source data (such as telephone or tax information). This alone can dramatically reduce the costs of opening an account while addressing concerns regarding market integrity (e.g. anti-money laundering considerations). The core objective is to make it as simple and inexpensive as possible for the public to open accounts. This should allow resources to instead be focused on higher risk customers, thereby not only supporting financial inclusion, but also better protecting market integrity.
Many issues will need to be addressed in building a national KYC utility. Some sample ones include: (1) which technological platform – a centralized or distributed ledger; (2) who may participate and how; (3) what type of information will be shared; (4) how often will the information be updated, and by whom; (5) how will liability be shared if, and when, things go wrong (as they will); and (6) which standards will be used for data sharing? There will also be governance issues, for example: Whether the utility ought to be a public or private enterprise, a for-profit entity, or an association.
Rethinking and implementing new digital identity approaches will have a disproportionate benefit in developing markets, precisely because so many people there stumble at the first hurdle for obtaining financial services: a valid ID. Presently, some 1.5 billion individuals lack a formal, legal form of identity. In the ideal digital financial services world of the future, identification will proceed smoothly, and clients will perform every necessary step simultaneously, and only once, for all services.
 Puttaswamy (Retd.) & Anor v Union of India & Ors (Civil) No 494 of 2012.
 Regulation (EU) N°910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation), OJ 257/73 of 28 August, 2014; European Commission, http://bit.ly/2p9FH5P.
This post comes to us from professors Douglas W. Arner at the University of Hong Kong, Dirk A. Zetzsche at Universite du Luxembourg, Ross P. Buckley at the University of New South Wales, and Janos N. Barberis at the University of Hong Kong. It is based on their recent paper, “The Identity Challenge in Finance: From Analogue Identity to Digitized Identification to Digital KYC Utilities,” available here.