THE PROMISE AND THE POWER OF DIGITAL IDENTITY MEETING SUMMARY Part I

THE PROMISE AND THE POWER OF DIGITAL IDENTITY MEETING SUMMARY Part I

A SUMMARY AND FULL REVIEW OF THE DISCUSSION AT THE WEBINAR ON 21 OCTOBER 2020

Click here to see event information

 SUMMARY

Digital identities will save businesses money in customer due diligence and make it more convenient for customers to do business with them. 

Digital identities will, in their fully developed form, be invisible to the consumers which own and control them. As AI develops, algorithms will also acquire digital IDs to match their legal personalities.

There are no technical obstacles to widespread adoption of digital IDs. The chief obstacle is lack of agreement on a standard set of procedures for verifying identities.

Standards could also make digital IDs inter-operable, between the private and the public sector, and between different jurisdictions. 

Multiple international groups, including FATF, the EU, ISO, the IEC, the World Economic Forum and WC3, are working directly on standards or encouraging their development. 

FinTechs are pioneering the use of digital IDs in a variety of settings, including the use of transaction monitoring to reinforce the validity of a digital ID. 

Transactional behaviour is only one element in the evolution of richer personal data profiles that constitute ever more reliable and useful digital IDs.

Consumers and businesses should own their data and control both where it stored and with whom it is shared. In other words, it can be used by third parties only with the consent of the owner.

It is essential that this data is held securely, with respect for privacy, and only those parts of it shared which are necessary to complete a transaction. 

Sharing of identity and personal profile has a potentially large number of use-cases, including the delivery of health, customer due diligence, supply chain management and travel services.

The sharing of data while keeping it secure and respecting persona privacy requires the development of a DataNet, which uses universal identifiers and federated learning rather than direct access to data.

True digital IDs will encompass multiple attributes of individuals and businesses and evolve in terms of validity and utility as more information is added to them over time.

A class of third-party service providers will develop to issue digital IDs and store and update data on behalf of customers that do not wish to store their data themselves, and service those who become incapacitated.

Providers of digital ID issuance and identification data profile services of this kind will include banks, FinTechs and certification agents as well as governments. 

Banks have ready access to data and costs that digital IDs can reduce, and face competitors that could use digital IDs to out-compete them, yet are not conspicuous supporters of digital IDs. 

Misgivings about government involvement in digital ID issuance and personal data collection are more common in Europe and North America than in Asia.
Adoption of digital IDs is more likely to occur if it is led by consumers and private sector companies than by government-led schemes. 

All providers of digital ID services must commit to conform to an agreed set of standards in terms of how they originate, use, store and manage data that informs and enriches digital IDs. 

Liability for inaccurate or fraudulent information needs to be established. It could be the owner of a digital ID, or the digital ID service provider, or the source of the inaccurate information. 

Multiple digital IDs issued to different levels of assurance are conceivable. Consumers might, for example, use one digital ID to prove their age and another to travel abroad.

Digital IDs will be more useful (and so more valuable) if an ID issued by a bank can also be used with the tax authorities and is useable in foreign countries as well as domestically. 

The concept of digital ID is now at turning point, where it can become a tool of powerful corporations or over-mighty governments or empower consumers over large corporations or governments.

In developing economies, digital IDs can give otherwise poor and powerless people property rights and access to financial, health, welfare and education services, though they need access to energy to realise this potential.

FULL REVIEW

Digital identities (digital IDs) are potentially rich in benefits for both businesses and consumers. They can save businesses a fortune in manual processing of Know Your Client (KYC), Anti Money Laundering (AML), Countering the Financing of Terrorism (CFT) and sanctions screening checks when on-boarding and updating client records. 

Machines as well as people will own and use digital IDs because they are convenient

For consumers – and indeed businesses in their role as purchasers – the chief benefit is convenience. Digital identities would make it much easier for consumers and businesses to use digital wallets buy and sell products and access services both on-line – in particular, the number of passwords required will fall dramatically – and physically. Eventually, digital IDs will enable people to travel with much less physical interaction at national borders. 

Indeed, digital IDs will, as the early adopters give way to mass adoption of them, be invisible to the user. They will be stored not on devices but be accessible from anywhere. People may not even be the only entities to acquire and use digital IDs. As artificial intelligence (AI) and machine learning (ML) process more and more data, and start to take over an increasing number of functions currently executed by people, algorithms and machines will need legal personalities as well, especially once they start to offer, say, financial advice. Plenty of digital machines have IP addresses already.

There are no technical obstacles to widespread adoption of digital IDs

There is no technical obstacle to enjoying these benefits immediately. Equipping every inhabitant of the planet with a unique, universal personal identifier is a challenge which digital and Internet technologies have solved already. It would be little different from an IP address. 

The obstacles are largely commercial and political. Chief among them is the need to agree on a standard and universally applicable process by which claims about personal identity can be validated, verified and authenticated. 

Narrowly conceived, digital IDs mean that businesses and consumers will still submit to a conventional identification process. Individuals will share their name, address, date of birth, passport, drivers’ licence, a utility bill, a bank statement and their educational qualifications with a provider which would work to officially agreed standards for authenticating the documents. 

Businesses would undergo a similar process, in which they shared entries in a commercial register, tax identification numbers and lists of authorised signatories. Both individuals and consumers would then be issued with a digital ID, by a body that ran the entire process to an agreed set of international standards.

Standards are key to adoption of digital IDs

Standards are essential to govern what documents are used to support a digital ID and how they are assessed. In Digital Identity, a paper published in March 2020, the Financial Action Task Force (FATF) – the international regulatory body whose 40 recommendations on countering money laundering and terrorist financing have been adopted in more than 200 jurisdictions – advocates a risk-based approach.

The United Kingdom government, which has implemented the FATF recommendations into national law, accepts digital ID as a valid way of identifying an individual or a business. The Joint Money Laundering Steering Group (JMLSG), to which all the major financial services trade associations in the United Kingdom belong, specifies the checks it believes are necessary to identify an individual or an entity in a digital way. The evidence required varies by the nature of the financial product.

The digital ID project for financial services in the United Kingdom, led by the Investing and Saving Alliance (TISA), has opted for the most demanding form of evidence. The aim is to bind the identity claimed to a reliable source, such as a government document or a set of log-in details. The United Kingdom government uses a broadly similar approach in its national cyber-security guidelines, though it also attaches importance to activity histories.

A number of supranational bodies are working on or encouraging standards

FATF advocates agreement on standard levels of assurance (the level of confidence that can be placed on the reliability of a digital ID) and technical standards (to define the component of a digital ID system) of the kind pioneered by the US National Institute of Standards and Technology (NIST) and the e-IDAS regulation of the European Union (EU). These are now being codified into a single set of international standards by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC). 

Similar work is in hand elsewhere. The Word Economic Forum published a blueprint for digital identity as long ago as 2016 and followed up with a second white paper on the same subject in January 2020. A European Self-Sovereign Identity Framework group is working on a trust and technical architecture to replace repetitive, paper-based identity checks with re-usable digital IDs controlled by the user and which can be used throughout the European Union. The Worldwide Web Consortium (WC3) also maintains a digital ID community group, whose objective is to build a scalable, inter-operable digital ID system on global scale, though it has yet to publish any reports. 

FinTechs are pioneering the application of digital lDs

FinTechs are also progressing with digital ID projects. IDWorks, a start-up which is developing a digital identity product designed to give consumers control over their data, relies on Verifiable Credentials (packages of data supplied by, say, a bank or health insurer) and cryptographic digital fingerprints called Decentralised identifiers (which confirm the package of data was supplied by the bank or health insurer). 

This is an approach which depends on banks and health insurers being trustworthy sources and validators of information about individuals and businesses. Their input is intrinsically superior to self-attestation but does not eliminate the need to assess them too. Though they raise questions about privacy, especially if they encompass all forms of on-line behaviour and access to the data is not controlled by the user, behavioural patterns – the patterns created by a digital presence – are the most economical way to do this. 

Transactional behaviour reinforces the validity of a digital ID

The Nuggets on-line KYC and KYB (Know Your Business) processes, for example, require applicants to take a photograph of a government-issued identity document, which is then manually assessed. It is followed a live encounter between the applicant and a trustworthy organisation (such as a bank), and a valid debit or credit card. But what matters is that, over time, the level of confidence in the identity is reinforced by the number of valid payments transactions the individual or business completes. 

Keeping track of valid transactions is also a way of obviating the need to re-validate an entity by repeating all or some of the original process. At the moment, banks and other financial institutions re-check customer identities on a regular one to three-year cycle, with high-risk clients re-assessed every year and low risk clients every third year. Relying on digital behaviour instead is much cheaper. Individuals and businesses can also be required to take responsibility for updating it by informing their service provider of any changes (such as a change of name or address). 

Digital IDs are the foundation block of much richer personal data profiles

The initial process would also be no more than the foundation of a much wider form of personal identity. The identity of an individual or a business cannot be reduced to an alphanumeric string based on documents submitted once and updated occasionally. Instead, digital IDs will evolve into detailed profiles based on multiple data sets drawn from a variety of sources.

In the case of an individual, those sources will include health records, bank accounts, tax payments, credit scores, energy consumption, travel patterns, insurance claims and all the other forms of online data presently captured by major technology companies such as Facebook and Google. They may in time encompass a reading of individual genomes. Likewise, individual businesses can be profiled by drawing on similar sets of data drawn from, say, bank accounts, trading platforms, tax returns, company registers and devices embedded in buildings and vehicles. 

Personal and commercially sensitive data must be held securely and shared with consent only

This data is obviously valuable, often personal, certainly private and frequently commercially sensitive, which is why it needs to be held securely, and shared only with the consent of the individual or business to which it pertains. That in turn requires that the data must be owned and controlled by the individual or business, who alone must decide who has access to their data, and how much of it. The Yoti app, which stores personal details and enables users to share only the details required to complete a transaction, provides this capability already.

Once the owner of the data is in control, they can decide, for example, if they wish to share their data with Facebook or Google in return for a free social media or email service. They can also decide which parts of their data they wish to share with a bank or an insurance company or an auction platform or a utility company from which they wish to purchase a service. The distribution of the data will, in this vision, be based on an assumption of privacy and on the explicit consent of the owner.

Sharing personal and commercially sensitive data efficiently requires a DataNet

Aggregating, normalising, managing and securing the vast quantities of data that make up a personal or corporate identity profile of this kind is a non-trivial task. It requires multiple organisations to share and access data from multiple sources in multiple formats while remaining complaint with data security and privacy laws (such as the General Data Protection Regulation (GDPR). 

It is also a task that is continuous. The data owned by a new-born baby will consist of little beyond a name, an address and a birth certificate but, as they grow up, the range and volume of data will accumulate steadily.

Efficient data sharing requires the development of a DataNet

In short, data-based identity profiles require the data equivalent of the Internet, whose Transmission Control (TCP) and Internet (IP) protocols allow computers on the network to communicate with each other: a DataNet. 

The key to building a DataNet is unique and universally recognised identifiers that can be allocated to every digital and physical object in a distributed, rather than centralised, way (as telephone numbers are). The identifiers also need to be persistent (durable over time), resolvable (the system can locate them anywhere in the network) and actionable (web browsers can take the user to the object). 

This entails taking the uniform resource locators (URLs) that are the equivalent of physical addresses on the Internet and generalising them, or suppressing what is unimportant while retaining what matters, including the relationships between objects, in much the same way that physical maps maintain relationships between physical objects. 

Benefits of a DataNet extend to shopping, health, travel and customer due diligence

Drones provide a vivid example of why relationships between objects matter. If drones in the same space did not communicate their co-ordinates to each other, they would crash into each other. Collaboration between data sets through a DataNet would provide similar benefits in other areas. In retailing, for example, melding health and retail data sets would allow a grocery store to identify shoppers with gluten intolerance buying unsuitable products – and recommend alternatives. 

CommonPass, the digital health passport currently in trials as part of a project to allow air travel to resume despite the pandemic, relies on the ability to verify that the laboratory test results and vaccinations claimed by a traveller come from a trusted source and that they meet the health screening requirements of the country they wish to enter. A DataNet, which could add where the traveller had been as well, would make such a service much easier to universalise.

A DataNet respects data privacy through federated learning

In the United Kingdom, work on a DataNet that relies on generalised URLs is being undertaken by an industry-university consortium that is building the AIR platform. The platform protects privacy because it does not absorb the underlying data into the Cloud but relies instead on the “federated learning” pioneered by Google, in which AI and ML algorithms go to the data rather than the data coming to the algorithms. They can also travel between data sets on different servers and share the results.

One obvious application of a DataNet reliant on unique and universal identifiers is KYC, AML, CFT and sanctions screening checks. If banks checking credentials could access personal data in another jurisdiction easily, the process could be automated. 

Likewise, if medical researchers were able to access data about individual patients it could accelerate drug trials and treatments – or vaccines. In the current pandemic, efficient data exchanges could also be used to issue health and immunity passes so people could travel, which would help the airline and tourism sectors. 

A DataNet could also facilitate supply chain track-and-trace services, in which a physical object can be monitored on its journey through the supply chain, from the machine on which it was made, through the transport providers that delivered it to a warehouse, to the picker that selected it off the shelf for despatch to the buyer. It can also be used to trace not only the provenance of goods, but also who produced them. This enables individuals and businesses to enforce property rights in objects. 

Agricultural supply chain vendor Agriledger is already using blockchain technology to identify individual smallholders and so enable them to claim, retain and enforce their property rights in their produce as it travels through the supply chain. 

The attachment of near field communication (NFC) tags – devices which store machine-readable digital information – to products is making ownership rights visible even offline. Ultimately, it enables smallholders to receive a fairer share of the proceeds of the eventual sale, because they can prove an object is the product of their work.

True digital IDs must encompass multiple attributes of individuals and businesses

In other words, the authentication of identity through the perusal of official documents, and preserving the privacy and security of the data on which that authenticated identity is based, is only the starting point. 

A true digital ID capable of transforming the structure of an economy as a whole, by giving individuals and corporates ownership and control of their data, must encompass many other attributes of the individual and the corporation. 

The “attributes” will include not just documentation and bank account details but biometric information about individuals, such as gender, fingerprints, genome, voice patterns, gait, and even the different ways individuals interact with devices such as mobile telephones, laptops and tablets.

“When we think of digital identity we therefore need to see it not as a single thing,” as the European Union Blockchain Observatory and Forum put it. “It is rather the sum total of all the attributes that exist about us in the digital realm, a constantly growing and evolving collection of data points.” 

Trusted third parties to issue digital IDs and store identity data will be needed

Where those attributes should be stored raises profound questions about individual liberty, privacy and autonomy. Once issued, a digital ID itself can be separated from all the document checking and attestation by trusted organisations that validated and manufactured it. Indeed, the documentation submitted to the validating organisation need not be stored by that organisation; it can be retained on devices or blockchains controlled by the owners of the digital ID. 

But the role of trusted validators will not necessarily cease at the point of issue of a digital ID. If an individual becomes incapacitated, and their digital ID and the associated documentation about their health and financial position are trapped on a personal device or blockchain no third party can access, it will be difficult to treat or look after them. A trusted third party needs to be appointed, just as powers of attorney are granted on behalf of incapacitated individuals in the analogue world.

Government involvement in digital IDs is not welcome everywhere

Which is why the earliest custodians – as well as validators, or issuers – of digital IDs are likely to be regulated entities such as banks, rather than governments, whose involvement would exacerbate concerns about personal liberty, at least in western Europe and North America. In Asia, citizens are more comfortable with the idea of government-issued and controlled digital IDs. 

In China, for example, local government and private sector schemes (such as the Sesame Credit scheme run by Ant Financial) exist alongside the notorious central government social credit system, which can deny individual citizens the right to travel, buy property or obtain credit. 

However, the line between State and private sector is blurred in China. It is difficult, for example, to open a WeChat account without a personal endorsement and even more difficult to open a WeChat wallet without being in China and having a Chinese bank account. 

Libertarians fear the same is true of Europe and the United States, where they express concern that banks and other private enterprises are merely proxies for government surveillance. A more optimistic view is that corporates such as banks are so concerned about the financial cost and reputational risk of losing customer data to hackers that they are unwilling to share any of it with any outsider. 

Banks have the means and the incentives to issue digital IDs 

But even concern about reputational risk has negative connotations in the banking industry. In the United Kingdom, banks have taken to unilaterally closing the accounts of customers whose views or activities they consider a risk to their reputation. This not only suggests they monitor customers’ activities in detail but are engaged in political decision-making that makes them less than impartial.

Though they have so far done next to nothing with the customer data they generate in the normal course of business, banks are not unaware of its value. If their revenues from other sources (such as net interest margin) continue to weaken, or competition drives the price of banking services down further, banks might be tempted to monetise customer data. At that point, it will be hard for them to maintain that they are neutral custodians of digital IDs and profiles.

For now, however, banks are not only regulated and – despite their best efforts to disprove this – regarded by most consumers as trustworthy. As banks increasingly realise, they also have ready access to information useful in proving identities, such as data collected in the on-boarding process and payments activities. In addition, they are incurring massive costs both in fraud and in their currently manual KYC, AML, CFT and sanctions screening processes. 

Studies in 2017-18 by Lexis Nexis put the cost of financial crime compliance in Canada, the United States and just five European countries alone at $115 billion a year. So banks have a significant financial incentive to invest in digital IDs. 

They also face a competitive threat. Large technology companies, such as Amazon, Facebook and Google, are demonstrably interested in financial services. If they also dominate the issuance of digital IDs, it will give them a substantial competitive advantage over the banks in developing digital financial services because it will allow them to control the customer interfaces. 

Banks are curiously unenthusiastic about digital IDs

Curiously, however, banks are not conspicuous supporters of digital IDs. Just four support the TISA digital ID project in the United Kingdom, and in other parts of the industry banks continue to believe that data pooling utilities are a superior solution to their mounting customer due diligence costs. 

The kindest explanations for this adherence to failed solutions of the past are the weight of existing investments, limited knowledge of the alternatives, distrust of “blockchain,” regulatory differences between jurisdictions – which makes it hard to create a global standard global banks could adopt – and lack of customer pressure for digital IDs. 

A bottom-up approach to digital ID is more likely to succeed than a top-down one

But the main reason banks need to engage with digital IDs is that they are likely to prove a massive global market. It will certainly be large enough to support a large number of service providers. Indeed, despite the recalcitrance of established financial services firms, market provision is much more likely to succeed, as the muted response by consumers to the GOV.UK Verify scheme has proved. 

Worse, over-centralisation of the data used to create digital IDs would provide a single-point-of-failure target for hackers. Not only have top-down approaches to standardisation failed, a bottom-up, distributed, market-led model will also be much safer in terms of cyber-security.

Companies already active in the field (such as Yoti) or in an adjacent area (such as IdenTrust, which provides identity-based digital certificates) are obvious candidates to enter the market. InfoCert, for example, whose digital billing, certified email and digital signature services are already accredited by the Global Legal Identifier Foundation (GLEIF) and under the eiDAS regulation, recently announced an expansion into corporate digital identities.

Providers of digital ID services must operate to an agreed set of standards

But any validator or issuer of a digital ID or custodian of the data behind a digital profile will still need to prove they can be trusted. An obvious solution to this conundrum is to draw up a trust framework of the kind TISA is creating for the financial services industry in the United Kingdom and the Open Identity Exchange (OIX) is developing in its Trust Framework Principles.

Such frameworks pose a quis custodiet ipsos custodes? question which is answerable by a government-backed trust framework licensing authority. It could lay down procedural rules, inter-operability, data privacy, AML, CFT and cyber-security commitments and other terms and conditions to which every service provider must subscribe before being licensed. 

The specifications must be sufficiently high level to apply across multiple industrial and commercial sectors, yet sufficiently flexible to accommodate the nuances peculiar to individual industrial and commercial sectors.

Liability for inaccurate or fraudulent information must land somewhere

Those terms and conditions must include, however, is the assumption of liability for the accuracy of the information used to create a digital ID. One reason attempts to pool KYC, AML, CFT and sanctions screening data about individuals and companies via utilities tend to fail is that users want the suppliers of data to assume legal liability for its accuracy. A similar issue arises in health care, where one doctor is not willing to rely on the tests conducted by another doctor.

Digital IDs do not eliminate this problem. If a digital ID is derived from a government-issued document that is subsequently proved to be false or fraudulent, liability for any losses or regulatory fines incurred must still come to rest somewhere. The choice reduces to the user of the digital ID, the owner of the digital ID, the issuer or validator of the digital ID or the issuer of the document at fault. The liability might well deter some entities from entering the market.

Consumers might own multiple digital IDs

For consumers, possession of multiple digital IDs might be feasible. Bank accounts and telephone numbers, for example, also have unique identifiers and are also issued by trusted third parties. They are all resolvable – a system can locate them anywhere in a network – and can therefore be used to verify identities, especially where the identity does not require passport-strength verification. In other words, different levels of identification can be used, depending on what is at stake. 

An individual looking to persuade a pub landlord they are over 18 may be able to rely on a digital ID backed by a mobile telephone company, but this might not be adequate to board an aeroplane. Levels of assurance about the reliability of a digital ID will develop naturally through usage, though they could also be formalised by government through the extension of existing assurance frameworks, such as those being codified by ISO and IEC.

Digital IDs need to be inter-operable between industrial sectors and different jurisdictions

Given that multiple sources of digital IDs are emerging already, and are likely to proliferate, it is equally important that digital IDs are inter-operable. A digital ID issued by one of the five authorised issuers (Barclays, Digidentity, Experian, the Post Office and SecureIdentity) under the GOV.UK Verify scheme, for example, is already useable within the EU under the eIDAS scheme. The United Kingdom government is also exploring how its standard for digital identity (set out in Good Practice Guide No 45, or GPG 45) can inter-operate with the digital identity standard set by NIST in the United States.

But inter-operability matters within and between sectors as well as between countries. In the United Kingdom, the NHS is trialling digital passports to enable medical staff to move more easily between sites, allowing doctors and nurses to plug gaps in services as they arise. 

The same applies to the source of a digital identity. A digital ID issued by a bank, for example, will be more valuable to its owner if it can used to access services – say, health benefits, travelling abroad or income tax payments – other than banking. If separate digital identities have to be secured for different activities, adoption will be retarded, even within one country.

Digital IDs can empower corporations and governments or consumers

Digital identity, especially when it is conceived not solely as a means of proving personal identity but as all the attributes that make up what older forms of English called “personalty,” is now at a turning point. 

The fact that large corporations such as Facebook and Google already profit from the personal data consumers create through their on-line behaviour is already contentious. Clearly, digital identities and profiles could reinforce that power or even become engines of social and political manipulation by the State.

The alternative history is that digital IDs and profiles restore power to consumers and citizens, redressing the steady shift in the balance of power from people to corporations and governments. 

Early manifestations of this include the relative ease with which it is now possible to change banking, insurance, energy or broadband provider in the United Kingdom, because consumers can give their consent to their personal data being shared more easily. 

That control over personal data protects consumers too. By enabling consumers to own and control their data Nuggets, for example, can protect them from false positives and loss of data when they access services and make payments on-line. Its service capitalises on the fact that passwords are clumsy and insecure, as are the centralised databases of customer information which hold them, because they are hacked regularly. 

Digital IDs can give poor and powerless people access to financial, health, welfare and education services

For some consumers, a digital ID provides a more fundamental source of power. Individuals without conventional means of proving their identity, such as a fixed address and a passport, cannot open a bank account at all. Agriledger, for example, is running a project in the Democratic Republic of the Congo (DRC) to enable registered teachers to prove they are entitled to collect a salary, and have it paid into a bank account. 

For the same reasons, digital identity can facilitate access to health, welfare and education services – and to the right to vote in elections – too. This is why the United Nations (UN) favours giving every human being a useable identity from birth. 

A digital ID is the obvious way to fulfil that ambition, though it does depend on every individual in every part of the world having access to the electricity, telecommunications and data storage infrastructure they need to take ownership of their digital ID and build their data profile. 

The global pandemic is accelerating progress towards adoption of digital IDs

It will not be easy for everybody in the developing economies to make use of digital IDs. But even in developed markets, not every consumer is ready to take ownership and control of their identity and their data. Most will want to entrust the data to trusted third-party organisations, so digital ID is a major new business opportunity. 

Importantly, the pandemic is accelerating progress towards realising the value of the opportunity. A higher proportion of retail and wholesale transactions are now being completed digitally, because physical interactions are no longer possible. Track-and-trace schemes are accustoming consumers to using their on-line identities to share information with third parties. If the pandemic has any upsides at all, acceleration of the adoption of digital IDs might be among them. 

Questions to be addressed at the next Digital Identity discussion

1. How can a DataNet be realised most efficiently?
2. What role can government play in accelerating progress towards widespread adoption of digital IDs?
3. What can we learn from a comparison of the digital ID schemes in those jurisdictions which have adopted them already?
4. How can Open Data initiatives best be harnessed to the adoption of digital IDs?
5. What factors will encourage banks to take digital IDs seriously (in those country where they have yet to do so)?
6. Which types of organisation are best suited to issue digital IDs and manage the associated information flows and data storage?
7. Where should liability for inaccurate, misleading or fraudulent identification information lie?
8. Is an internationally agreed set of digital ID and data profile standards desirable and, if so, how can they best be achieved?

1. World Economic Forum, A Blueprint for Digital Identity: The Role of Financial Institutions in Building Digital Identity, An Industry Project of the Financial Services Community Prepared in Collaboration with Deloitte, Part of the Future of Financial Services Series, August 2016.
2. World Economic Forum Community Paper, Reimagining Digital Identity: A Strategic Imperative, January 2020.

3. European Union Blockchain Observatory and Forum, Blockchain and Digital Identity: A Thematic Report, 2 May 2019.

The Future of Finance is always open to hold further meetings to answer these and other questions and to continue the conversation. If you would like to sponsor such a meeting please contact Wendy Gallagher at the number or email address below. Also view our upcoming meetings elsewhere on http://www.futureoffinance.

Wendy Gallagher
Tel: + 44 (0)7725 160903
Email: wendy.gallagher@futureoffinance.biz