Digital identity enables people, businesses and governments to interact in the digital world. It also facilitates remote transactions - e-commerce, payments or taxes - and access to sensitive services, such as healthcare, accelerated by the pandemic. Therefore, citizens and businesses should be able to use a digital ID, valid within and between countries. Banks, with extensive experience in creating digital identification processes for their customers in a highly regulated environment, could be key players in future internationally accepted and reliable digital identification systems.
This was recently explained by Santiago Fernández de Lis at a forum organized by the World Economic Forum (WEF) on the relevance of digital identity to foster financial inclusion. BBVA's Head of Regulation was part of a virtual discussion panel with experts from the private sector and academics.
Fernández de Lis agreed with the other participants that the absence of international standards has created a fragmented landscape. As a result, national digital identity solutions are often not operational across countries. A digital identity requires a provider to confirm it and, in the absence of a universally accepted one, this role is currently played by governments, generating national identities, mainly to access online public services, or private sector companies.
In this context, he believes that "interoperability is essential", with systems that allow information about the digital identity of each citizen or company to be shared between trusted domains. And public-private cooperation is key here. Examples of this can be found in Nordic countries such as Sweden, where the identity provided by banks can be used to access public services or other private domains.
The European roadmap Another obstacle to the development of digital identity has to do with the lack of digitization in the public sector. This is especially challenging for small businesses, which face numerous bureaucratic hurdles to register and manage their daily operations digitally, especially across borders. Therefore, when we talk about portability referring to digital identity, we are not only referring to it being valid across borders, but also across all segments of industry, he explained.
Any future measures must be based on open standards so that you can benefit from market developments
The European Union is trying to achieve this interoperability with the eIDAS Regulation, which establishes a legal framework for the mutual recognition of digital identities between Member States. Since 2018, all public services in the European Union were obliged to accept eIDs from other Member States under the eIDAS regulation.
However, "eIDAS has not achieved all these objectives because, despite establishing a correct theoretical framework, the implementation has been complicated, slow and pending technical aspects," indicated BBVA's Head of Regulation. In particular, the regulation has fallen short in the mutual recognition part, aimed only at national identities.
The European Commission plans to close this gap in the coming months with the creation of a framework for the private sector to use national electronic identification systems. In this regard, Fernandez de Lis believes that "any future measures should be based on open standards so that they can benefit from market developments, and not encounter the implementation obstacles seen in eIDAS".
Trust is key to creating digital identification systems
"Banks, because the financial sector is so regulated, are used to dealing with demanding compliance standards and can offer players in other industries their expertise in identity-based networks," said Santiago Fernandez de Lis. In addition, some regulations are favoring the entry of banks into the digital identity management business. For example, in Europe, PSD2 requires banks to give access to account data to third parties that may be potential competitors.
BBVA's Head of Regulation recalled that "consumers tend to trust financial institutions over other institutions to manage their finances." The key issue in digital identity management is trust. For this reason, "after public providers, in the private sector, banks are the ones that generate the most trust," he said.
We already have examples around the world of how banks are starting to develop new and secure ways for people to prove their identity. It is not surprising, therefore, that in the near future, depending on regulatory developments and market circumstances, banks could become digital identity providers.
But Fernandez de Lis also identified the risks that financial institutions face when entering the identity management market. These include cybersecurity-related factors, such as identity theft, and the consequent impact it would entail for banks' reputations; and the high costs associated with adopting new identity systems, which require commercially viable options for companies to adopt.
However, in his opinion, the robust identification systems that the financial sector possesses, due to the nature of its core business, open up a whole world of possibilities for banks in relation to digital identity.