The Case for Financial Regulators to Take an Active Interest in National Identity Strategies

By David Porteous and Rajesh Bansal

In his recent CGD Policy Paper on Balancing Financial Integrity with Financial Inclusion, Alan Gelb recommends that financial regulators should engage more with national identification efforts. We agree, and would go further. All too often, we see financial regulators play the role of passive ‘takers’ of the national identity strategy in their jurisdictions.  As digital financial services grow exponentially around the world, we believe that financial regulators can and should play a more active role in the area of identity, especially digital identity.

There are two reasons for this bold claim. The first is mandate.  To be sure, financial regulators do not have a mandate to usurp the function of national identity authorities nor should they. However, as guardians of financial integrity under anti-money laundering laws, they play an active role in defining which types of identity are acceptable as part of account opening; but they often lack clear standards for accepting one form of identity and not another: why voters’ cards or letters from a local authority in some cases, and not others? The result is often a patchwork framework of different identity types which can risk the integrity of the financial system in time and not necessarily increase coverage for financial purposes. In Tanzania, for example, the National Electoral Commission (NEC) issued more than 23 million biometric based IDs in advance of a general election in 2015, far more than have been issued by the National ID Authority to date, but the NEC does yet not offer an interface for financial providers to access this database to verify identity.

In addition, the mandate of increasing numbers of financial regulators in developing countries now extends to financial inclusion to some degree. The World Bank estimates that some 1.5 billion people lack effective identity and providing a legal identity for all by 2030 is now a stated indicator under thesixteenth UN Sustainable Development Goal.  The absence of appropriate documentation for account opening is a reason given by as many as 18% of unbanked adults globally for not having a financial account, according to the World Bank’s 2014 Global Findex Survey. In this context, promoting national goals for financial inclusion requires that financial regulators actively assess whether national ID strategies are adequate for this, or if not, to consider what can be done to accelerate or influence them.

Photo was taken in Mongolia, during the May 2016 SME Finance Working Group meeting, drawing policymakers and regulators from around the world.

The second reason is based on the opportunity for regulators to promote positive outcomes for the financial sector based on the power of robust unique identification. Digital financial fraud, and the fear of it, are widespread and growing in many jurisdictions. The cost is borne by providers and in turn, the clients they serve. Fighting fraud often requires an industry response to detect patterns of abuse, just as with anti-money laundering, and to identify fraudsters. Having a unique identity system is a key pillar of anti-fraud efforts.  A recent example where a financial regulator has played an active role in encouraging an industry solution for this reason can be found in Nigeria. Although Nigeria has a National ID Commission , responsible for the issuance of a national ID card, rollout has been slow. Faced with rising concerns about fraud in the banking system, in 2014, the Central Bank of Nigeria with the Bankers Committee of senior bankers introduced an initiative to implement their own solution—the issuance of a unique Bank Verification Number (BVN) for all banking clients linked to biometric details of all clients.

If the case for financial regulators to engage more on identity is strong, why has it not yet happened more often? Financial regulators tend to interpret their mandate around integrity and inclusion narrowly. Underlying this narrow view, the more important reason for regulator inertia on ID may be lack of understanding and resources to engage in a relatively new and fast evolving area. There are as yet few acceptable international identity standards available for easy guidance—international standards exist only for passports where the International Civil Aviation Organization, a UN agency, has set standards for machine readable ones, as Gelb points out. Meanwhile, new private standards for transactional digital identity proliferate, set by coalitions like the FIDO Alliance which includes Google and major payment brands; or the Open ID Exchange.

However, the outlook for more public standards is positive. Several countries without national ID schemes have specified certification frameworks for different types of ID. The UK’s Digital Government Services has in 2016 launched an online service called GOV.UK Verify Which certifies service providers that meet defined standards for providing digital identities to citizens. In the US, the public-privateIdentity Ecosystem Steering Group (IDESG) evolved from the US Government’s 2011 National Strategy for Trusted identities in Cyberspace (NSTIC) and has recently published Baseline Functional Requirements and a listing and certification scheme for trust frameworks in the identity ecosystem.  On the international level, the World Bank’s recent ID4D initiative seeks to support national identification efforts and to promote more systemic understanding and classification.

What then should financial regulators do about ID? At the very least, they need to become more informed about the issues and the emerging frameworks, so that they can assess the adequacy of their own country ID strategy and process on an ongoing basis. International bodies like AFI, the World Bank and public donors can assist. There is a case for financial regulators to establish or participate in liaison groups with industry groups to exchange knowledge on this issue, as has happened in other areas.

With a better knowledge of their options and their own context, financial regulators can then produce strategies appropriate to their own contexts. These strategies may range from simply engaging national identification authorities and participating explicitly in their committee structures, to developing clear stated certification frameworks which set standards for financial sector reliance on IDs. A clear framework would be a welcome step beyond the current norm of simply publishing lists of which IDs are acceptable for KYC—that is, the outcomes without clear standards behind the process. Establishing standards like these can even help shape the national discourse towards addressing the mandate issues of integrity with inclusion. In cases where more enrolment agents are needed, financial regulators may be able to encourage banks to play a role as Gelb suggests, harnessing their branch networks and familiarity with KYC processes. In India, banks contributed approximately 30% of the total enrolments on the Aadhaar scheme.

In addition to these roles in ID frameworks which become the ‘new normal’, some financial regulators may still find that there is a case for even more engagement. They may even need to go as far as encouraging or promoting sectoral initiatives like Nigeria’s BVN. But they would do so based on a fuller understanding of national ID strategies and of the implications for their own regulatory mandates.

David Porteous is CEO at Bankable Frontier Associates. Rajesh Bansal is a Senior Advisor at Bankable Frontier Associates.