LEIs as a live (and historical) source of Legal Entity data
Earlier this week, Ubisecure’s VP Identity Services, Steve Roylance blogged about why the Certificate Authority world should embrace Legal Entity Identifiers. This followup post is intended to examine the value of ‘live data’ aspect of LEIs.
As a quick refresher, a Legal Entity Identifier (LEI) is a standardised code issued to a unique legal entity. The LEI represents more than just a 20 digital code. It is designed to enable clear and unique identification of legal entities in a growing number of regulation and use cases. Each LEI contains information about an entity’s identity and ownership structure, answering the questions of ‘who is who’ and ‘who owns whom’.
The LEI is designed to be a constant identifier for an entity that may otherwise undergo changes to the data the LEI represents. For example, it’s not uncommon for a legal entity to change its legal name or address, to go out of business, or to change ownership. The good news is that LEI data is public and records of change are maintained and freely available. If you have reliance on LEI data it’s important to understand what changes to a legal entity’s LEI data typically could occur, and where to look to identify changes. Changes to data may include:
- legal or trade name change
- legal or headquarters address change
- bankruptcy or dissolution
- merger, acquisition or ownership change
How to search LEI data
The GLEIF provide open access to the entire LEI database at https://www.gleif.org/en/lei-data/access-and-use-lei-data. Alternatively you can use a lookup service like RapidLEI’s LEI Search.
LEI Data is not static
As LEI data is therefore not static, it is in the interest of the LEI owner to maintain accurate LEI data, and it’s in the interest of the entire ecosystem to challenge and report out of date data. The LEI system supports challenge, and in time we’d expect that all forward-thinking LEI issuers maintain automated methods to keep data of their issued LEIs fresh and up to date.
The advantages of live LEI data
This aspect of LEIs becomes highly advantageous not just to the financial community using LEIs for regulation and transactions, where up to date LEI data is essential, but also to the growing number of new LEI use cases, in particular those within the Certificate Authority world.
Continuing the LEI use case for Certificate Authorities
In the case of Digital Certificates, moving from a model that can only assure data accuracy at the time of Certificate issuance, to a model that refers relying parties to a live, publicly available database offers a much more accurate dataset. Plus it offers significant savings when legal entity data needs to be updated. Digital Certificates, like SSL, are static by nature – the actual legal entity data (such as legal name, address and jurisdiction) is encapsulated and digitally signed within the Certificate itself. Maintaining accurate data within Certificates becomes problematic as updating the Certificate requires it to be physically reissued – a process that involves creating new signing requests, requesting new Certificates from the CA, replacing the Certificates on the hardware where they are installed. Unless the enterprise is using a Certificate automation solution, this is no small feat, which is why so many organisations fall victim to the dramatic consequences caused by expired Certificates (such as the recent Ericsson issue).
The natural behaviour of IT Administrators is to avoid replacing Certificates outside of planned renewal cycles at all costs, which invariably means that change in legal entity data is not usually compelling enough to update Certificates, and if it is, there is material cost in doing so. Including references to live LEI data could potentially save enterprises significant IT admin hours, avoid the risk of Certificate related downtime issues, and of course present more accurate data to relying parties.