Completely electronic means of identification and authentication are rapidly improving the way companies can offer services to customers digitally.
Many products which could not be delivered online earlier due "trust" issues can now be migrated fully to the online platform. Nowhere is this transformation more visible than in the banking and financial services industry.
The products that banks offer are not only highly regulated but are the prime targets of fraudsters and hackers as well. Risks like these made it harder for banks to migrate fully to the digital platform, especially for large corporate clients. This is where tools like eIDAS come in, offering a solution to banks to meet the security challenges, identification and authentication issues, regulatory compliance and KYC requirements - all in one go.
EU regulators have provided a great combination of tools and guidelines (eIDAS, PSD2 and AML4) to financial companies, which allows them to construct a myriad of innovative digital products. What further enhances the appeal is how all of these guidelines are streamlined to work in conjunction with each other to build upon each other's strong points rather than becoming an encumbrance.
Services across borders
A unique challenge that the EU faces is how to harmonize the local regulatory guidelines across its various members states. eIDAS provides the answer to that by ensuring the highest level of identity proofing and assurance required by each member state that allows them to not only offer financial services but public services as well. And all of this without the need to ever get a local ID made in each country where you wish to avail these services.
The benefit that such a harmonization provides cannot be overstated - both to the service providers and the customers. For example, a bank with branches across various EU member states has to comply with each and every country's specific AML, CTF, KYC regulations in addition to the credit guidelines. This makes it difficult for businesses operating in multiple countries to seamlessly operate in each member state. Even a retail customer, like say a student who is studying in a different country, would find it a bit tedious to avail local services without a local ID. All of these concerns are addressed by a combination of seamless and cross-border identification, payment and compliance systems.
Illustration of a fully online, cross-border customer on-boarding process.
The above graphic provides a simple workflow for on-boarding a customer on a digital-only platform, even for a secure banking relationship. All the relevant information to identify a customer is transferred across EU member states seamlessly using eIDAS nodes. Additional information for KYC and customer due diligence is also shared and will eventually be standardized based on EU AML guidelines.
This would allow a customer to avail services from any bank or other service providers from any member state. It's a win-win for all - the customer can search for the best deal anywhere and the service provider can potentially tap into the entire EU single market - without the need for redundant and manual ID and KYC checks.
References and Further Reading
- Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (2016), by the European Commission
- Selected articles on Authentication (2014-16), by Heather Walker, Luis Balbas, Guillaume Forget, Jan Kjaersgaard, Dawn M. Turner and more
- Selected articles on Electronic Signing and Digital Signatures (2014-16), by Ashiq JA, Guillaume Forget, Jan Kjaersgaard , Peter Landrock, Torben Pedersen, Dawn M. Turner, Tricia Wittig and more
- REGULATION (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (2014) by the European Parliament and the European Commission
- Recommendations for the Security of Internet Payments (Final Version) (2013), by the European Central Bank
- Draft NIST Special Publication 800-63-3: Digital Authentication Guideline (2016), by the National Institute of Standards and Technology, USA.
- NIST Special Publication 800-63-2: Electronic Authentication Guideline (2013), by the National Institute of Standards and Technology, USA.
- Security Controls Related to Internat Banking Services (2016), Hong Kong Monetary Authority