The Identity Challenge in Finance: From Analogue Identity to Digitized Identification to Digital KYC Utilities

Abstract

Identity is fundamental in finance: to protect against fraud and crime, to fulfil know-your-customer obligations, and to ensure market integrity. At the same time, identification and know-your-customer rules can be major barriers to accessing financial services. This paper considers the various requirements for identification in the financial sector and the evolving nature of identity. We argue that technology presents an opportunity to solve this challenge through the development of digital identity infrastructure and related utilities. The establishment of such utilities requires addressing design questions such as registration methods, data availability, and cross-jurisdiction recognitions. Yet, as with any reform, a balance between flow through efficiency and cyber-security needs to be reached to ensure that the objectives of financial inclusion and market integrity are not achieved to the detriment of financial stability.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3

Notes

  1. 1.

    See Zetzsche et al. (2018).

  2. 2.

    For example, the Google email identity may be used to certify a personality for the online accommodation service Airbnb.

  3. 3.

    Kulp (2017).

  4. 4.

    The degree of electronic identification depends on the business model. For example, accommodation providers such as Airbnb require digital passport copies, car rental service providers require a digital copy of a driver’s licence, etc.

  5. 5.

    For the European Union, see: Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No. 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC [2015] OJ L141/73–117 (European Parliament 4th AML Directive); for Hong Kong, see (a) Anti-Money Laundering and Counter-Terrorist Financing (Financial Institutions) (Amendment) Ordinance 2018, (b) Organized and Serious Crimes Ordinance (Cap. 455), (c) Drug Trafficking (Recovery of Proceeds) Ordinance (Cap. 406), and (d) United Nations (Anti-Terrorism Measures) Ordinance (Cap. 575); for Singapore, see the Monetary Authority of Singapore’s various notices and guidelines on AML/CFT, available at http://bit.ly/2p5BgJX; and for Australia, see Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).

  6. 6.

    For the European Union, see Art. 25 of Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Regulation (EU) No. 648/2012 [2014] OJ L173/84/349–496.

  7. 7.

    Asian Development Bank (2016).

  8. 8.

    International Finance Corporation (2017), p 13.

  9. 9.

    For example, the Hong Kong Monetary Authority issued a circular on de-risking and financial inclusion to banks operating in Hong Kong: Hong Kong Monetary Authority (2016).

  10. 10.

    Global Partnership for Financial Inclusion (2017), International Finance Corporation (2018), and World Bank Group (2018), p 1.

  11. 11.

    Financial Action Task Force (2018).

  12. 12.

    Schwab (2016).

  13. 13.

    Ibid.

  14. 14.

    Arner et al. (2017).

  15. 15.

    Litan (2016).

  16. 16.

    International Bar Association Legal Practice Division Working Group (2015), p 11.

  17. 17.

    Zetzsche et al. (2018).

  18. 18.

    Arner et al. (2016).

  19. 19.

    See, Zetzsche et al. (2018) and Arner et al. (2016).

  20. 20.

    Noto (2017).

  21. 21.

    Donnelly (2018).

  22. 22.

    Smith (2017).

  23. 23.

    International Bar Association Legal Practice Division Working Group (2015), pp 5–6.

  24. 24.

    World Economic Forum (2018).

  25. 25.

    World Bank (2017).

  26. 26.

    Morozov (2013).

  27. 27.

    Kumar and Pathak (2014). For details, see Arner et al. (2018).

  28. 28.

    For example, see International Bar Association Legal Practice Division Working Group (2015); Bracken (2012).

  29. 29.

    Pesin (2017).

  30. 30.

    See, Hardjono et al. (2016).

  31. 31.

    Reuters (2018).

  32. 32.

    For details, see Weigend (2017).

  33. 33.

    See, Lanier (2013).

  34. 34.

    Ibid.

  35. 35.

    Token Commons, The Windhover Principles for Digital Identity, Trust, and Data, 21 September 2014, http://tokencommons.org/Windhover-Principles-for-Digital-Identity-Trust-Data.html (accessed 11 December 2018).

  36. 36.

    Todd (2014).

  37. 37.

    Ibid.

  38. 38.

    Clippinger (2015).

  39. 39.

    Arner et al. (2017).

  40. 40.

    Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU [2014] OJ L 173/349.

  41. 41.

    Regulation (EU) No. 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC [2014] OJ L257/73.

  42. 42.

    Unique Identification Authority of India, About Aadhaar, https://uidai.gov.in/your-aadhaar.html (accessed 11 December 2018) and Unique Identification Authority of India, Aadhaar data update, https://uidai.gov.in/enrolment-update/aadhaar-enrolment/aadhaar-data-update.html (accessed 11 December 2018).

  43. 43.

    Abraham et al. (2017).

  44. 44.

    ‘Indian business prepares to tap into Aadhaar, a state-owned fingerprint identification system’, The Economist, 24 December 2016.

  45. 45.

    Australian Government Govpass, Digital Transformation Agency, Canberra, https://www.dta.gov.au/what-we-do/platforms/govpass/ (accessed 11 December 2018).

  46. 46.

    Council of Australian Governments (2017).

  47. 47.

    These include the face identification service, facial recognition analysis utility service, face verification service, identity data sharing service, and one person one licence service.

  48. 48.

    For the US, see Quarmby (2003).

  49. 49.

    See, Identity Documents Bill 2010 (UK).

  50. 50.

    See, Art. 5 of Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures [2000] OJ L13/12.

  51. 51.

    For the European Commission, see Kirova (2016).

  52. 52.

    Ibid.

  53. 53.

    See, Art. 11 of the eIDASR.

  54. 54.

    European Commission (2017b).

  55. 55.

    European Commission (2017a).

  56. 56.

    See, European Commission (2017c).

  57. 57.

    See, Arner et al. (2018).

  58. 58.

    For a comprehensive discussion, see Arner et al. (2018), p 13.

  59. 59.

    The technique was first introduced in 2015 and 2016 and clarified in later regulatory releases. For Germany, see BaFin Federal Financial Supervisory Authority (2017); for Luxembourg, see Commission de Surveillance du Secteur Financier (2018); for Switzerland, see FINMA (2016).

  60. 60.

    See, Art. 26 of Regulation (EU) No. 600/2014 of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Regulation (EU) No. 648/2012 [2014] OJ L173/84.

  61. 61.

    Financial Action Task Force (2018), p 8.

  62. 62.

    Stanley and Buckley (2016).

  63. 63.

    LexisNexis (2016).

  64. 64.

    ThomsonReuters, The South African KYC Service, https://africa.thomsonreuters.com/en/products-services/risk-management-solutions/kyc-as-a-service.html (accessed 11 December 2018).

  65. 65.

    IIFL (2014).

  66. 66.

    For example, see RBL Bank’s Abacus Digital Savings Account (temporarily disabled because of the recent Supreme Court Judgement); and HDFC Bank’s digital Instant Account: HDFC Bank, Account kholo chutki mein, https://www.hdfcbank.com/htdocs/digital-campaign/instantaccounts.html (accessed 11 December 2018).

  67. 67.

    For distributed ledgers, see Zetzsche et al. (2017).

  68. 68.

    Ibid.

  69. 69.

    For example, see Art. 25(1) of the European Parliament 4th AML Directive (above n. 5).

  70. 70.

    See, Joint Committee of the European Supervisory Authorities, Joint Guidelines under Articles 17 and 18(4) of Directive (EU) 2015/849 on simplified and enhanced customer due diligence and the factors credit and financial institutions should consider when assessing the money laundering and terrorist financing risk associated with individual business relationships and occasional transactions—The Risk Factors Guidelines, JC 2017/37, 26 June 2017, Title III, Ch. 1, No. 81, 83.

  71. 71.

    See, Association of the Luxembourg Fund Industry (2018).

  72. 72.

    See, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) [2016] OJ L119/1.

  73. 73.

    Zetzsche et al. (2017).

References

  1. Abraham S, Sharma RS, Panda BJ (2017) Is Aadhaar a breach of privacy? The Hindu, 31 March 2017. https://www.thehindu.com/opinion/op-ed/is-aadhaar-a-breach-of-privacy/article17745615.ece. Accessed 11 Dec 2018

  2. Arner DW, Barberis JN, Buckley RP (2016) The evolution of FinTech: a new post-crisis paradigm? Georget J Int Law 47(4):1271–1319

    Google Scholar 

  3. Arner DW, Barberis JN, Buckley RP (2017) FinTech, RegTech and the reconceptualisation of financial regulation. Northwestern J Int Law Bus 37(3):371–413

    Google Scholar 

  4. Arner DW, Buckley RP, Zetzsche DA (2018) Fintech for financial inclusion: a framework for digital financial transformation. A report to the Alliance for Financial Inclusion (AFI). https://www.g24.org/wp-content/uploads/2018/09/G-24-AFI_FinTech_Special_Report_AW_digital.pdf. Accessed 7 Jan 2019

  5. Asian Development Bank (2016) Global trade finance gap reaches $1.6 trillion, SMEs hardest hit—ADB. Asian Development Bank News Release, 7 September 2016. https://www.adb.org/news/global-trade-finance-gap-reaches-16-trillion-smes-hardest-hit-adb. Accessed 5 June 2018

  6. Association of the Luxembourg Fund Industry (2018) Global fund distribution. http://www.alfi.lu/sites/alfi.lu/files/Poster-GFD-2018-web-BAT.pdf. Accessed 11 Dec 2018

  7. BaFin Federal Financial Supervisory Authority (2017) Circular 3/2017 video identification procedures. 10 April 2017. https://www.bafin.de/SharedDocs/Veroeffentlichungen/EN/Rundschreiben/2017/rs_1703_gw_videoident_en.html. Accessed 11 Dec 2018

  8. Bracken M (2012) Identity and privacy principles. UK Government Digital Service, 24 April 2012. https://gds.blog.gov.uk/2012/04/24/identityand-privacy-principles/. Accessed 5 July 2018

  9. Clippinger JH (2015) A proof of concept pilot for a decentralized autonomous authority (DAA) for KYC compliant decentralized identity and authentication services. MIT Media LAB/ID3. http://financelawpolicy.umich.edu/wp-content/uploads/sites/26/2016/09/Clippinger-A-Proof-of-Concept-Pilot-for-A-Decentralized-Autonomous-Authority4.1.16.pdf. Accessed 7 Jan 2019

  10. Commission de Surveillance du Secteur Financier (2018) Frequently asked questions on AML/CTF and IT requirements for specific customer on-boarding/KYC methods. 8 March 2018. http://www.cssf.lu/fileadmin/files/LBC_FT/FAQ_LBCFT_VIDEO_IDENTIFICATION_080318.pdf. Accessed 11 Dec 2018

  11. Council of Australian Governments (2017) Intergovernmental agreement on identity matching services. 5 October 2017. https://www.coag.gov.au/sites/default/files/agreements/iga-identity-matching-services.pdf. Accessed 11 Dec 2018

  12. Donnelly G (2018) 75 Super-useful Facebook statistics for 2018. Wordstream, 7 September 2018. https://www.wordstream.com/blog/ws/2017/11/07/facebook-statistics. Accessed 11 Dec 2018

  13. European Commission (2017a) Consumer financial services action plan. 23 March 2017. https://ec.europa.eu/info/publications/consumer-financial-services-action-plan_en. Accessed 11 Dec 2018

  14. European Commission (2017b) First private sector eID scheme pre-notified by Italy under eIDAS. 7 December 2017. https://ec.europa.eu/digital-single-market/en/news/first-private-sector-eid-scheme-pre-notified-italy-under-eidas. Accessed 20 June 2018

  15. European Commission (2017c) Proposal for a Regulation of the European Parliament and of the Council on establishing a framework for interoperability between EU information systems (police and judicial cooperation, asylum and migration), 12 December 2017. https://ec.europa.eu/info/publications/home-affairs/sites/homeaffairs/files/what-we-do/policies/European-agenda-security/20171212_proposal_regulation_on_establishing_a_framework_for_interoperability_between_eu_information_systems_police_judicial_cooperation_asylum_migration_en.pdf. Accessed 11 Dec 2018

  16. Financial Action Task Force (2018) Outcomes FATF plenary, 21-23 February 2018. 23 February 2018. http://www.fatf-gafi.org/publications/fatfgeneral/documents/outcomes-plenary-february-2018.html. Accessed 11 Dec 2018

  17. FINMA (2016) Circular 2016/7 Video and online identification. Due diligence requirements for client onboarding via digital channels. 3 March 2016

  18. Global Partnership for Financial Inclusion (2017) 2017 Financial inclusion action plan. July 2017. https://www.gpfi.org/sites/default/files/documents/2017%20G20%20Financial%20Inclusion%20Action%20Plan%20final.pdf. Accessed 8 Jan 2019

  19. Hardjono T, Shrier D, Pentland A (eds) (2016) Trust:Data: a new framework for identity and data sharing. Visionary Future LLC, Massachusetts

    Google Scholar 

  20. Hong Kong Monetary Authority (2016) De-risking and financial inclusion. 8 September 2016. https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2016/20160908e1.pdf. Accessed 2 July 2018

  21. IIFL (2014) Axis Bank introduces a paperless, eKYC based a/c opening. India Infoline News Service, 26 February 2014. https://www.indiainfoline.com/article/news/axis-5875391291_1.html. Accessed 11 Dec 2018

  22. International Bar Association Legal Practice Division Working Group (2015) Digital identity: principles on collection and use of information. Report of IBA Legal Practice Division Working Group. https://www.ibanet.org/Document/Default.aspx?DocumentUid=2E931F85-C5D0-4952-A6E6-6EA48C593155. Accessed 11 Dec 2018

  23. International Finance Corporation (2017) De-risking and other challenges in the emerging market financial sector. World Bank Group, 1 September 2017. http://documents.worldbank.org/curated/en/895821510730571841/De-risking-and-other-challenges-in-the-emerging-market-financial-sector-findings-from-IFC-s-survey-on-correspondent-banking. Accessed 28 July 2018

  24. International Finance Corporation (2018) Increased regulation and de-risking impeding cross-border financing in emerging markets. World Bank Group, January 2018. https://www.ifc.org/wps/wcm/connect/9e5b33c0-63a2-4ab4-bf54-b87c539538d4/EMCompass_Note_48_R2.pdf?MOD=AJPERES. Accessed 28 July 2018

  25. Kirova M (2016) eIDAS regulation. eIDAS Observatory, 28 June 2016. https://ec.europa.eu/futurium/en/content/eidas-regulation-regulation-eu-ndeg9102014. Accessed 11 Dec 2018

  26. Kulp P (2017) Facebook quietly admits to as many as 270 million fake or clone accounts. Mashable, 3 November 2017. https://mashable.com/2017/11/02/facebook-phony-accounts-admission/#3Jg1dt85kPqZ. Accessed 11 Dec 2018

  27. Kumar L, Pathak A (2014) Aadhaar based e-KYC service—the much needed change catalyst for financial inclusion! MicroSave, July 2014. http://blog.microsave.net/aadhaar-based-e-kyc-service-the-much-needed-change-catalyst-for-financial-inclusion/. Accessed 5 July 2018

  28. Lanier J (2013) Who owns the future?. Simon & Schuster, New York

    Google Scholar 

  29. LexisNexis (2016) Banks willing to collaborate on shared KYC utility. Finextra, 28 September 2016. https://www.finextra.com/pressarticle/66294/banks-willing-to-collaborate-on-shared-kyc-utility. Accessed 11 Dec 2018

  30. Litan A (2016) The global identity dilemma—static biometrics are NOT the answer. Gartner Blog Network, 16 September 2016. https://blogs.gartner.com/avivah-litan/2016/09/16/the-global-identity-dilemma-static-biometrics-are-not-the-answer/. Accessed 2 July 2018

  31. Morozov E (2013) Your social networking credit score. Slate, 30 January 2013. https://slate.com/technology/2013/01/wonga-lenddo-lendup-big-data-and-social-networking-banking.html. Accessed 11 Dec 2018

  32. Noto G (2017) Want mobile banking users? Eliminate the login. Bank Innovation, 30 March 2017. https://bankinnovation.net/2017/03/want-mobile-banking-users-eliminate-the-login/ Accessed 11 Dec 2018

  33. Pesin I (2017) Your online, mobile, and social behaviour are now data-points used by FinTech startups and governments in scoring credit-worthiness. e27, 4 May 2017. https://e27.co/online-mobile-social-behaviour-now-data-points-used-fintech-startups-governments-scoring-credit-worthiness-20170504/. Accessed 5 July 2018

  34. Quarmby B (2003) The case for national DNA identification cards. Duke Law and Technology Review 1. https://scholarship.law.duke.edu/cgi/viewcontent.cgi?article=1071&context=dltr. Accessed 8 Jan 2019

  35. Reuters (2018) US proposes reviewing social media of nearly everyone seeking entry. The Guardian, 31 March 2018. https://www.theguardian.com/us-news/2018/mar/30/us-immigration-social-media-visas. Accessed 11 Dec 2018

  36. Schwab K (2016) The fourth industrial revolution. World Economic Forum, 14 January 2016. https://www.weforum.org/agenda/2016/01/the-fourth-industrial-revolution-what-it-means-and-how-to-respond/. Accessed 11 Dec 2018

  37. Smith C (2017) 65 Amazing WhatsApp statistics and facts. DMR, Expanded Ramblings, 1 July 2017. https://expandedramblings.com/index.php/whatsapp-statistics/2/. Accessed 5 July 2018

  38. Stanley RL, Buckley RP (2016) Protecting the West, excluding the rest: the impact of the AML/CTF regime on financial inclusion in the Pacific, and potential responses. Melb J Int Law 17(1):1–24

    Google Scholar 

  39. Todd S (2014) Manifesto vows to give consumers control of digital identities. American Banker, 20 October 2014. https://www.americanbanker.com/news/manifesto-vows-to-give-consumers-control-of-digital-identities. Accessed 11 Dec 2018

  40. Weigend A (2017) Data for the people: how to make our post-privacy economy work for you. Ingram Publisher Services, New York

    Google Scholar 

  41. World Bank (2017) Principles on identification for sustainable development: toward the digital age. February 2017. http://documents.worldbank.org/curated/en/213581486378184357/pdf/112614-REVISED-English-ID4D-IdentificationPrinciples-Folder-web-English-ID4D-IdentificationPrinciples.pdf. Accessed 11 Dec 2018

  42. World Bank Group (2018) The decline in access to correspondent banking services in emerging markets: trends, impacts, and solutions. http://documents.worldbank.org/curated/en/552411525105603327/pdf/125422-replacement.pdf. Accessed 28 July 2018

  43. World Economic Forum (2018) Digital identity on the threshold of a digital identity revolution. White Paper, Davos-Klosters Switzerland, 23-26 January 2018. http://www3.weforum.org/docs/White_Paper_Digital_Identity_Threshold_Digital_Identity_Revolution_report_2018.pdf. Accessed 11 Dec 2018

  44. Zetzsche DA, Buckley RP, Arner DW (2017) The distributed liability of distributed ledgers: legal risks of blockchain. European Banking Institute Working Paper Series 14. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3018214##. Accessed 8 Jan 2019

  45. Zetzsche DA, Buckley RP, Arner DW, Barberis JN (2018) From FinTech to TechFin: the regulatory challenges of data-driven finance. N Y Univ J Law Bus 14(2):393–446

    Google Scholar 

Download references

Acknowledgments

The authors are grateful for comments from Iris Chiu, Emilios Avgouleas, Pierre Schammo, Jean-Louis Schiltz, Anton Didenko, Tsany Ratna Dewi as well as participants of the Alliance for Financial Inclusion Global Policy Forum (AFI GPF) in Sochi (September 2018), and for the research assistance of Rohan Balani, Jessica Chapman and Evan Gibson. All responsibility is the authors. The authors gratefully acknowledge the financial support of: the Luxembourg National Research Fund, project ‘A new law for Fintechs—SMART Regulation’, INTER/MOBILITY/16/11406511; the Australian Research Council, project ‘Regulating a Revolution: A New Regulatory Model for Digital Finance’; and the Hong Kong Research Grants Council Theme-based Research Scheme.

Author information

Affiliations

Authors

Corresponding author

Correspondence to Douglas W. Arner.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Arner, D.W., Zetzsche, D.A., Buckley, R.P. et al. The Identity Challenge in Finance: From Analogue Identity to Digitized Identification to Digital KYC Utilities. Eur Bus Org Law Rev 20, 55–80 (2019). https://doi.org/10.1007/s40804-019-00135-1

Download citation

Keywords

  • Finance
  • Identity
  • Digital identification
  • eKYC infrastructure
  • KYC utilities
  • Market integrity
  • Anti-money laundering
  • Financial inclusion
  • FinTech
  • RegTech