The 21st ECRF (European Commerce Registers’ Forum) conference took place on the 5th-7th June 2018 at the most southern tip of Europe – Gibraltar. The topics under discussion extended way beyond Europe’s borders, encompassing subjects such as Distributed Ledger Technology (DLT), Beneficial Ownership and Ubisecure’s raison d’être – Identity Assurance. A common thread throughout the conference was illustrating how these technologies can positively impact current and future KYC (Know Your Customer) & AML (Anti Money Laundering) practices.
The presentations and associated slide decks have now been made available on a micro site specifically set up for this event – https://www.ecrfgibraltar2018.gi/presentations.php
The International Business Registers report for 2017, available from the ECRF web site, along with reports for the previous 11 years, continues to highlight the high proportion of Business Registry’s operated by a government department. Over three quarters of the 98 Business Registrar’s who completed the 2017 survey were classified this way. Austerity measures seen across many government services have, in recent years, sometimes stifled innovation, meaning radical leaps in business processes have not been viable. However, looking over a longer period, there has been a steady rise in popularity of digital/electronic methods, not necessarily innovative, but presenting clear ROI opportunities for a registry compared to pushing around and storing paper based assets. It’s not surprising that in many jurisdictions, the formation of a company is now available through digital means leading to a lower cost of ownership both initially when the company is formed, but also for any ongoing lifecycle management such as mandatory annual filing.
We have therefore reached a tipping point in what’s possible for KYC services. Business Registries can now expand their own raison d’être’s from the traditional focus of purely being a jurisdictional filing function, to a true business eco system accelerator. How? By offering IdP (Identity Provider) functionality to external service providers.
Whilst the business information on Legal Entities published by the registry is, and will always be deemed authoritative, becoming an IdP also allows an assertion of association. An authorised individual can now positively assert their association to a Legal Entity which can be proven, easily, quickly and at low cost by a Service Provider such as a Bank, LEI issuer, Certification Authority – In fact anyone needing to verify the association. I cover all of this in my ECRF presentation.
With the Ubisecure Identity Platform the link between a username/password and a registered Legal Entity can also be delegated to others or even strengthened to require multifactor authentication for certain actions – known as step up authentication. Ultimately IdP services can be utilized by the entire eco-system surrounding the registry and although many registries provide numbers at a local level, they also provide assurance on a global scale through service providers such as Certification Authorities. See “Widening the scope of best practice for LEIs for SSL/TLS identity” on how Legal Entity Identifiers are also doing this.
The effective exchange of trusted business information via the registry as an IdP, whilst meeting the needs of GDPR is only just around the corner. Once here, so many eco systems will be transformed and automated that we’ll all wonder how we ever did business without it…