By Michelle Katics
Co-Founder and CEO, BankersLab
How will Regtech shape the future of identity?
Two fundamental conditions are required for a strong financial system: trust and identity. RegTech offers an opportunity to strengthen and scale both, although it is sure to encounter some obstacles along the way. What solutions might be on the horizon, and what will be their social impact?
For a financial system to be strong there are a few criteria that need to be met, namely trust and identity. This is where Regtech comes in and can hopefully offer a solution for the industry, while no perfect solution exists yet Regtech is well on the way.
Tools for Restoring Trust and Regaining lost trust
Trust in the financial sector may have been the biggest casualty of the global financial crisis. This was followed by a perfect storm on trust: hacking incidents, pervasive fraud, pyramid schemes, trading scandals, and financial executive compensation structures inviting moral hazard. To make matters worse, the erosion in trust was systemic.
The financial sector that modern society relies on has been battered and bruised in recent times, most recently during the global financial crisis when trust sank to an all-time low.
They say many small streams create a river; this is exactly what has been brewing since 2008. Having trust eroded by scandals such as hacking incidents, fraud, pyramid schemes, trade fixing, and last but not least pay structures in the top echelon of the financial industry.
What is trust based on?
Historically trust has been placed in big institutions and national governments as they have been able to provide the most secure and verified data. Herein the three pillars exist.
1. Sovereign state approval and backing of regulated firms.
2. Regulated firms with track records and recognized brands.
3. Rating agency assessments of these firms.
When we talk about the social impacts, we must put ourselves in the shoes of the general public, rather than the policy-maker, subject matter expert, or FinTech geek.
Society at large looks at the situation thinking the government was supposed to guarantee our savings in the regulated firms, and now we see the government itself needing a bailout.
The regulated firm was supposed to be the safest option for saving or borrowing money, and we have seen these firms either fail or incur large losses from fraud or their own mistakes.
The rating agencies told us everything was okay, and it wasn’t. Where am I to turn?” As a result, there has been a strong and surprisingly fast shift in public trust away from incumbent financial firms and towards new FinTech firms. What social changes do we notice?
The sovereign governments and big institutions that we trust to be the bedrock of our society have apparently failed, these actors are supposed to be able to handle the crunch that inevitably happens.
Last time things were different, how can you trust the guarantee of a government that your savings are safe when not even the government’s finances are safe? How do we even define safe in this day and age?
Liquid assets in the bank can become worthless very quickly with spiraling inflation, however unlikely this is in our highly developed countries it has happened before and will happen again. Assets might be guaranteed but what if the asset itself is worthless?
Banks and institutions under the hawkish eyes of regulators have a myriad of rules that have to be followed to even be an actor in the financial sector. These rules and regulations are supposed to stop large losses that endanger the savings of ordinary people, but the industry is constantly on the bleeding edge of development. When the smartest minds of our times often seek themselves to these financial firms, how can we expect the regulator to keep up?
These supposedly safe firms are prone to large-scale fallout from the never-ending pursuit of profit. Just look at the failure of banks in 2009, events that were never supposed to happen were suddenly on the front page of newspapers globally.
This erosion of trust has lead to an exodus of existing financial firms and newfound trust in Fintech firms born out of the ashes of the global downturn
Enter FinTech into the eye of the ‘trust storm”, and suddenly it is no longer a preposterous idea to bank using an unheard-of digital bank or lender with no branches. How did this happen? How was the trust built? The social network has been an important enabler. The social network entered the scene with perfect timing to provide a newfound ability to crowdsource trust. If a new FinTech platform or tool does not work, or someone loses money, the information will go viral. If an innovation is cool and effective (Venmo, CreditKarma, Revolut, SoFi), it can scale quickly by leveraging the social network effect. In the good old days, a bank would have had to work for decades to build up its name brand, customer base, and trust. Now if the firm plays its cards right, it can leverage the social network to crowdsource people’s trust.
Increased transparency is long overdue, and we are seeing new RegTech tools that provide enormous advances. Real-time monitoring and employee behavior analysis provides new opportunities for transparency. We can use these actionable insights to quantify and manage risk in the financial system, many of which are now more publicly available than before.
Look Back at the Past, but Don’t Stare
Forward-looking tools restore confidence that events can be prevented and mitigated. The news seemingly as an unlimited number of hacks on financial companies to report about. ECB getting infiltrated through its BIRD system, Capital One where the information of 100 million customers was leaked or the hackers that successfully uploaded malware on the website of Bank of India. But aren’t we already a bit tired of hearing the backward-looking forensic analysis? Did the forensic analysis give us more confidence that it will not happen again? Do we have any forward-looking tools that detect potential failure points or risk hot spots?
Identity Vulnerability Is Globally Pervasive
There are 1.5 billion people who do not have access to identity. A notable subset are the 10 million stateless people around the world — the most obvious population who are blocked from access to financial products. How do we get from the 10 million stateless to the 1.5 billion without identity? The majority live in Asia and Africa, but identity vulnerability is pervasive across all nationalities and socioeconomic groups.
- Identity theft can cause years of financial and legal hardship.
- Internally displaced citizens struggle to access social and financial services if they are unable to obtain their identity credentials due to location, poverty, illiteracy, or political instability.
- Administrative errors such as variations in name spelling and transliteration can flag an innocent citizen to be placed on a watch list.
- Social media identities are increasingly used to determine employment and credit and can be spoofed or stolen.
Identity as a Market Failure
As John Edge of ID2020 points out, a passport or ID card is not an identity; it is a credential. In the historical analogue world, the typical method of granting identity was to grant a credential. A credential is ‘a qualification, achievement, quality, or aspect of a person’s background, especially when used to indicate their suitability for something”.
In contrast, an identity is the fact of being who or what a person or thing is, which is not revocable by taking away a driver’s license or passport. Now that we live in a digital world, we have ways to recognize identity, but must still address one question: who ‘owns’ digital identity? Identity 2020 is working to address this market failure over the long term.
The social and cultural impact of this seemingly fine point of identity versus credential is enormous. The sovereign state no longer wields the power of granting or taking away identity through credentials, and the financial empowerment of the disenfranchised can flourish.
An important initiative in this area is self-sovereign identity. This initiative asserts that each individual owns his or her identity and takes concrete technical and policy steps to achieve this.
An example use case is uPort, ‘a self-sovereign identity platform built on Ethereum … just one such example of how decentralization is reshaping identity. On this platform, the user creates their identity and collects reputation data on a user-friendly mobile app without the need for technical knowledge and is completely independent of centralized 3rd parties.”
Herein lies the social and cultural game-changer: In the self-sovereign uPort model, the ownership of identity is moved from institutions to users who can selectively disclose their attributes to counterparties as needed”.
I encourage you to pause and reflect on this statement.
No longer does a third party or sovereign state give and take away identities. Individuals can confirm and maintain their credentials granted by a third party or sovereign, maintaining ownership and control of the sum total of their biometrics and credentials.
The advent of biometrics provides an opportunity for the paradigm change of individual ownership of one’s identity. The sovereign state “owns” your passport credential — it giveth and can taketh away. However, biometrics are at the core of an individual’s identity.
Perfectly summarized by the Daily Fintech, ® the three key requirements of a blockchain-based ID are:
1. Trustless and decentralized. Your identity is not under the control of any institution (either government or commercial).
2. Immutable. Nobody can change a record but can only append a new record. For example, all previous passports will be on the blockchain.
3. Granular control. For example, you can have my driver’s license but not my passport or medical records, and you can have it for only this one transaction.
Let’s review a few examples where digital ID solutions have already been implemented.
ClearBank is an example of a FinTech firm leveraging new technology to solve this identity market failure. They are using voice, visual, and vein? technology for a comprehensive identity management system that is a departure from traditional credential systems such as passwords, ID numbers, and tokens.
An example of identity management infrastructure is ShoCard which uses public and private keys, data hashing, and multifactor Citizenship), and Tradle also hands identity ownership back over to the individual.
Industry advocacy has been well underway for years to convince sovereigns to trust self-sovereign systems. A refugee bank such as Tanaqu would flourish once self-sovereign identity is widely adopted.
The UN and World Bank ID4D initiatives have set a goal of providing everyone on the planet with a legal identity by 2030 regardless of whether this identity is through a National eID program which an increasing number of countries from Myanmar to Algeria are creating at a blistering pace.
Not all new forms of eID are as progressive as the name might entail, the programs are merely spinning the same identity scheme with a new technological twist. Estonia has emerged as the frontrunner in creating a truly ground-breaking transnational e-residency program using blockchain verification.
With governments moving into the space of eID and blockchain-based solutions at breakneck speed the public projects focusing on making self-sovereign identity run the risk of becoming obsolete. Creating mass adoption is required for any electronic identity program to work and governments are increasingly turning to blockchain for efficiency in managing the population’s needs.
India is just one example of a sovereign state that has taken identity matters into its own hands. India’s Aadhaar system is the largest biometric database in the world and is unlocking financial services for millions.
Evidence suggests that the program is succeeding in bringing social services to those who were previously marginalized. However, privacy concerns are resulting from assertions that the Aadhaar data has been compromised.
The shortcoming of the Aadhaar and other sovereign-owned identity systems is that the sovereign maintains control of the data rather than the individual. The database could be hacked, which some assert has already occurred. If this is the case, identity vulnerability has yet to be solved.
The potential social impact of these changes is stunning. First, 1.5 billion people would be empowered through access to healthcare, financial services, and social services. This has second-order impacts on the geopolitical balance of power. For example, if every stateless person had economic empowerment, it would change the course of the conflicts that were the root cause.
One hopes that corruption in the area of social service and relief payments would be mitigated, and the economically disenfranchised would now have a fighting chance at financial and socio-economic well-being.
How the Futurist Sees Trust and Identity: Social Due Diligence
If you talk with a millennial about dating, you will learn that they are likely to Google each person before going on a first date. Before meeting, they are likely to know their date’s favorite foods, whom they have dated in the past, where they have traveled, and details about their family.
There is an emerging cultural expectation that we ‘social network due diligence’ potential dates, restaurants, airlines, and financial institutions. The financial sector is far behind in providing the type of social due diligence we would expect, even about something as simple as a taco stand.
If I can check each health violation and customer complaint about my taco stand with an app, why is it so hard to find out how safely my financial institution is operating? This social expectation is not going away, but rather becoming pervasive among all age groups.
The firms that push the envelope with increased transparency can win the hearts and minds of current and future generations. This opportunity to leverage the social network to build trust has not yet been fully exploited in the financial industry.
Which credit card product has the best customer service? Which payment mechanism is the most hack-proof? Which lender has the smoothest approval and customer onboarding? I would certainly expect to quickly Google the analogous metrics about a taco stand and am impatient to have the same ability for financial products and services.
Trust but Verify
Through open application programming interfaces (APIs) and social sharing, financial institutions can provide metrics and indicators that monitor and measure their customer service, skills, knowledge, cybersecurity, and conduct.
As Nick Cook of the UK’s Financial Conduct Authority (FCA) points out, as a regulator, the FCA aspires to a data-driven, self-regulating system in the future. Consumers, regulators, investors, and stakeholders would have a clear line of sight into the quality and health of the firm.
These metrics are both forensic and forward-looking predictors. The social implication is that society as a whole would be policing the systemic risk of the financial system, in the same way, that Yelp reviews provide systemic policing of the health and safety of restaurant food.
‘You Don’t Own Me!’
The advent of self-sovereign identity is perhaps the most material game-changer as a social and cultural change. The shift in power from the sovereign state to the individual over a host of services and access is a fundamental change in how we view ourselves and the state. This is if the state doesn’t get to it first and completely annihilate the public
Roth, Felix (2009), “The Effects of the Financial Crisis on Systemic Trust”, CEPS Working Document No. 316/July 2009.
Principles on Identification for Sustainable Development: Toward the Digital Age, World Bank, 2017,
https: //www.mastercardcenter.org /insights/nobody-knows-name
https://b-hive.eu/news-full/2016/11/14/blockchain-enabled-self-sovereign-identity; http://www.windley.com/archives/2016/04/self-sovereign identity _and_legal_identity.shtml