By Hamish Thomas, UK Advisory Banking Technology Leader, Ernst & Young LLP and EY EMEIA Payments Leader;
Martin Jones, Director, Ernst & Young LLP and
Mark Torpey, Senior Manager, Ernst & Young LLP
Open Banking is an emerging global trend. It is expected to drive increased choice for how individuals and businesses consume financial services, and is driving significant change as the financial services industry adjusts to a digitally-enabled economy, seeking to provide better outcomes for customers and appropriately manage the risk of a new digital ecosystem. In addition, an increasingly customer-centric regulatory agenda is creating a tipping point that is compelling institutions to leverage new technologies and give customers more control of their data and identity in the digital economy.
For a truly integrated digital ecosystem to work, businesses and individuals must be able to seamlessly navigate across ecosystem participants without the headache of enduring several similar authentication and on-boarding experiences. Developing efficient and effective Know Your Customer (KYC) processes remains a common objective for the industry. However, harmonization of standards and risk appetite remains a frequent stumbling block to industry-wide KYC initiatives.
The provision of a cross-industry, cross-sector, verified and enriched digital ID has the potential to provide the foundation of a “trust network” where customers participate and control their own personal data, with simplified access to digital products and services, and operational challenges for institutions are eased.
Current approach to identity confirmation
Identity has traditionally been verified through the physical provision of documentation that confirms a person or a business. Historically, the acquisition of goods or services required face-to-face interaction and, therefore, the presentation of verification documentation did not create a significant burden. The evolution of digital channels has resulted in increased remote availability of goods and services, but the corresponding identity verification process has largely been left behind. The failure of identification services to digitize in line with evolving digital channels has led to issues that must be resolved if the promise of an increasingly digital economy is to be realized for customers and financial institutions.
Why change is necessary
The advent of Open Banking, the second Payment Services Directive (PSD2) and General Data Protection Regulation (GDPR) are all acting as a catalyst for digital developments. These regulations have the potential to provide customers with more banking choices, more control and a more competitive banking market by enabling customers to give permission to third parties to access their financial data in order to provide new services, over and above those provided directly by their bank. Additionally, financial institutions that embrace these changes and create compelling products and services within this changed landscape have an opportunity to innovate and grow their market share.
The current lack of a standardized authentication and authorization mechanisms for the acquisition of new products and services leads to a poor customer experience due to the following common challenges:
Customer information must be provided with every on-boarding process with a new provider, leading to time-consuming and repetitive new product application processes.
Once new products are created, they are tied to the institutions where they were created and are difficult to switch or move around, without repeating arduous on-boarding procedures.
Increasing levels of private company and personal information required for bank account opening means lengthy forms and increased levels of supporting documentation.
These challenges also result in highly complex and expensive customer on-boarding KYC requirements for service providers.
In addition to the poor customer experience related to on-boarding, customers face the challenge of trusting new service providers with their personal data. Therefore, an approach that builds customer trust in the safety and security of their personal information is critical.
The challenge of differing requirements for customer data
Service provider on-boarding within an ecosystem is further complicated by divergent requirements for customer data when on-boarding, e.g., the data required by a property insurer is likely to be different than that required by a personal loan provider. The lack of a reliable method to exchange trusted data between providers leads to a number of challenges:
Service providers lack visibility into the provenance or veracity of customer data from digital interactions.
Difficult to entice customers to switch or use services from multiple providers without a seamless, pain-free on-boarding and product portfolio management platform.
High drop-off rate in the account application process.
High level of manual effort and operational cost when verifying customer information during the on-boarding process.
Risk of disintermediation through propositions from third-party providers enabled by FinTech and Open Banking trends.
Digital identification as a solution
These previously mentioned challenges could be addressed through the creation of a trust network of institutions and businesses.
This network would be tied together by a set of shared, digitally identifying data attributes that are permissioned by the customer, and are adaptable to the nature of the relationship being formed.
This framework would allow for the creation of a trusted adaptable digital identity, allowing customers to prove that they are who they say they are and authenticate themselves digitally with service providers, to the extent required by the service being requested, thus removing a key pain point in the on-boarding journey. A permissioned, trusted digital identity engenders greater customer trust in institutions, as customers have sole control over their identifying data that institutions may only share in line with the customers’ comfort levels around security and privacy.
A “core” or digital ID, made up of the customer’s basic proof of identity information, has the potential to be expanded to include additional attributes, enabling the creation of an enriched digital ID, containing all of the trusted data required to enable on-boarding.
Core digital ID attributes
A core digital ID can serve a number of purposes. In the first instance, the ID can be used to prove that a customer is who they say they are and could contain only static identifying fields (e.g., name, date of birth and biometric data) used to verify a customer’s identity and track the provenance of the digital information. As this information is the same across institutions and the level of required diligence is homogenous, this allows for a digital ID created by one service provider to be accepted by another, provided an agreed set of verification or assurance standards are adhered to. The level of assurance and the set of core data contained within this core digital ID would allow for access to a range of services.
Image 1: The levels of assurance that the digital ID could provide and the associated risk of each level
An enriched digital ID
A digital ID that only proves a customer’s identity is useful, but is limited in the services that it can allow and access it can provide. Both the Level of Assurance (LOA) that a digital identity provides and the identity attributes it attests to will have an impact on the services it enables.
Core digital IDs with LOA Level II, when moderate risk is associated with erroneous authentication; Level III, where a substantial risk is associated with erroneous authentication and identity proofing procedures are dependent on verification of identity information; and Level IV, when substantial risk is associated with erroneous use and face-to-face authentication is required, provide a good service for tracking static information about customers (i.e., name, gender, date of birth). However, the range of services that can be accessed using a digital ID is not solely predicated on the level of assurance that the static data provides.
Not all attributes required to access financial services are static. Many require transient or temporally sensitive pieces of information to perform requisite due diligence and provide access. Addresses, proof of address, articles of incorporation or proof of identification may be required by key services.
Greater value can be delivered by enabling an enriched form of digital identification that digital ID provides and an adaptable set of additional required data attributes, and facilitating the sharing of this enriched ID across a trusted network.
Image 2: The levels of information that can be used for richer digital identification
The outcome of introducing a digital ID
The establishment of an enriched digital ID that allows for the exchange of trusted data between ecosystem participants will lead to a better experience for business and retail customers and for financial institutions. Customers will no longer face lengthy and frustrating on-boarding processes, with face-to-face and paper verifications of their identity. The active participation of customers and institutions will grow Open Banking ecosystems and reduce operational costs for on-boarding and KYC in both public and private sector institutions. In addition, a shared approach to enriched digital identification will provide collective risk management, reducing the ability of bad actors to access public and financial services, benefitting participating institutions and reducing the likelihood of fraud and cybersecurity breaches for customers.
Image 3: The benefits of an enriched digital identification for both customers and financial institutions
In summary, the provision of a cross-industry, cross-sector, verified and enriched digital ID has the potential to provide the foundation of a “trust network” where customers participate and control their own personal data, with simplified access to digital products and services.
It would also allow for operational and revenue benefit for financial institutions and other participants of the “trust network” and improved access to and adoption of digital financial (and other) services, ultimately increasing the growth potential of the digital economy.
The views reflected in this article are the views of the authors and do not necessarily reflect the views of the global EY organization or its member firms.