Identity really is the new money

close up of hand holding text over black background

Today is International Identity Day supported by the many organisations around the world seeking to address the huge inclusion issues caused by a lack of digital identity. It is tempting to think that this is a mainly developing world issue and that in the developed world the lack of digital identity services is more of an inconvenience than a real problem. Here in the UK, however there are still up to 5m people who struggle to access financial services because they do not have the right documents or data. More on that in our recent report.

Something I’ve been thinking about quite a bit this year is interplay between Digital Identity and Central Bank Digital Currency (CBDC). What’s that got to do with the pressing need to give effective digital identity to those that need it most? Two things really:

  • Firstly, a significant factor in the development of a CDBC will be to ensure it is inclusive. After all one of the main objectives in CDBCs is to provide a digital alternative to cash. The financially excluded rely on cash and so a CDBC may have an important role to play in addressing their needs.
  • Secondly, whilst the need is pressing, making it happen will take time. The UN Sustainable development goal 16.9 calls for the provision of legal identity for all by 2030. Many CDBC initiatives are operating on a similar timeframe.

The beauty of CDBCs is that, in the main, central banks are starting from a blank sheet of paper, which creates the opportunity to design something well from the start. A big problem in digital identity has been trying to retrofit it into a digital world after the fact.

Another interesting thing is that the emerging model for CDBCs has close similarities to the decentralised model for digital identity, which is the direction of travel in that space. Let me explain a little.

This following picture illustrates 2-tier model for CDBC:

Senders and receivers will have wallets that interact with each other. They will hold the identifiers (backed by private keys) that allow the parties to control the use of their CDBC value. The actual system of record will be a ledger provided by (or on behalf of) the central bank. Wallets will use tokens, which are cryptographic representations of the value managed by the ledger, which are bound to the identifiers (and keys) belonging to the parties.

Now look at the standard model for decentralised identity:

Identity information is sent from holders to verifiers. The information is sent in the form of cryptographic credentials (you could think of them as identity “tokens”) that are bound to identifiers which can be checked in a registry. Of course for those credentials to have any value they need to come from a trusted source – an issuer.

So you can see there is a strong correlation between CDBC and decentralised identity systems. The content of the two grey boxes is basically the same.

Furthermore, CDBC systems will have some very particular digital identity and privacy requirements:

  • There will need to be controls in place to prevent AML.
  • The CDBC must not become a mass surveillance system.
  • The system must allow anonymous transactions in some circumstances but not all.
  • Users must have control over how much data is shared (and in some cases if the user is not willing to share data the transaction will not be able to be completed).

These requirements could be met very well through the use of decentralised identity technologies such as those being developed in W3C, which support the presentation of verifiable identity information whilst employing strong privacy controls. There seems to be a strong case for the CDBC community to collaborate with the identity community. We have a foot in both camps and are working hard to ensure that the years of work put into decentralised identity is leveraged effectively in CDBCs.

It really is the case that Identity is the New Money.

5 things you need to know about Central Bank Digital Currencies

Central Bank Digital Currencies

Guest blog post by Mirela Ciobanu, The Paypers

The topic of Central Bank Digital Currency (CBDC) is gaining momentum. Across the globe, many CBDC initiatives aim to digitalise payments, support financial inclusion, make cross border payments faster and cheaper, support fiscal transfer, etc. What is firing up discussions around CBDC and why is it important today?

Adoption of new technologies and understanding of their huge potential to support and stimulate our life has caused the world to change a lot in the last year. The current pandemic has triggered the decline of cash usage to avoid getting the virus and safeguard the most vulnerable ones (health-wise). Economic wise, as many governments wanted to protect their citizens and directly stimulate the economy down to every citizen, they offered ‘helicopter money’ via digital wallets.

A way to embrace “over the counter” mobile money transactions

As one of the pioneers of mobile money (cutting my teeth on the initial service proposition and business model for M-PESA, way back in 2004, three years before commercial launch), I’m always naturally inclined to see its potential in a positive light. But I’m starting to wonder if maybe we need to give it a bit of a nudge – realign it, if you will.
One of the more interesting phenomena we’ve seen in recent years is the rise of Over The Counter (OTC) transactions – those transactions carried out by agents on a customer’s behalf, in many cases without any link to the real people relating to a transaction. We’ve seen cases where agents maintain four or five mobile money accounts, on different phones, so that they can spread their customers’ transactions across accounts and so avoid transaction limits.
The reasons for OTC can be various, but certainly include illiteracy, lack of appropriate language support on mobile handsets, and – fairly commonly – liability (after all, if things are going to go wrong, you want someone else to blame, don’t you?). But the obvious potential for money laundering means that this situation can be a financial regulator’s nightmare.
Of course, it doesn’t have to be this way, and there are examples of it being done properly, with even in some cases biometric authentication of all parties to an OTC transaction. Worldwide, however, this is rare.
But I digress. What I really wanted to talk about was the somewhat self-congratulatory attitude we in the industry are all guilty of at some time – after all, an industry that has grown from nothing to something more than 270 services in over 90 countries in only fifteen years is undeniably impressive. But I do wonder if we’re all kidding ourselves sometimes. I mean, sure, for the middle classes, and for many of the employed poor, it has been an amazing opportunity, and has transformed access to financial services. But there are gaps – possibly some big gaps.
As an example, I’d like to relate a recent experience. First, you have to understand that I believe you can’t develop anything new without spending time with the people who are going to be using it; so I like to go out to the field, and see what people are actually doing, not what the research tells me. Just sit and watch, and ask the occasional question. It can be very educational.
So we were working with this mobile money operator (MMO), who has a deal with an MFI for the delivery of MFI services through MM. On paper, it all looks very good, plenty of transactions, lots of people receiving loans and making repayments, all through MM. I was very keen to go to a group meeting and find out what the customers thought, how they used it, what else they did – the usual.
We turned up at the meeting, and the first thing that was happening was training from the field officer. Great. But there was a surprise in store; the training included the following advice about security: “Always keep your PIN secret. Never tell anybody. EXCEPT the Agent – you should whisper it quietly into his ear” – uh oh. The alarm bells started to ring.
And then the Agent turned up. At this point the field officer started to gather repayments, in the traditional way for group lending – laboriously entering everyone’s name into a list, checking that they have the cash to make the repayment, noting down the repayment amount, all at a glacial pace (now this is one area where investment in IT could make an immediate impact) – and then the mobile money part started. Each person making a repayment took their phone and their cash, one by one, to the Agent – who took their phone, ‘deposited’ the cash for them, then forwarded the repayment to the MFI.
There were also three loan disbursements that day, and the process was much the same: hand your phone to the Agent, whisper your PIN to him, walk away with a wad of cash.
All of these people at the group meeting are in the MMO’s books as active mobile money subscribers. So I have to ask: in what way are these people mobile money subscribers? How is this empowerment? All that I can see is that the MFI has outsourced their cash management problems to the Agent, who walks the streets with a bag full of cash. Glad that’s not me.
So there are clearly a large number of people, down towards the bottom of the pyramid, for whom the step from a pure cash environment to being asked to use a mobile money wallet or account to manage their finances is just too big. Expecting people who’ve never had a bank account to make the conceptual leap from paper cash to mobile finance in one step is asking too much. Without help many of them will never do it.
Maybe the way forward is to make the steps a little more manageable. Introduce an intermediate step. And I think the way to do that is to embrace OTC, but to do it in a way that formalises it and addresses the concerns of the regulatory authorities: give this section of customers a card, which identifies their account. Maybe secure it with biometrics, if you want. Let them visit an agent, and get the agent to do the transactions for them, but now with all transactions linked to the card/the account. Link it to their mobile phone, so that the more adventurous can see their balance via the MM service. Make sure they’re comfortable with this, and make sure there’s a migration path that leads to the full MM service over time.
After all, this is the long term migration path we’ve seen in Europe over the course of decades; the move from cash, to bank accounts, to debit and credit cards, to Internet banking and mobile payments has happened, of course; but with each step taking years or even decades. Expecting people immersed in a world of cash to make the leap in a matter of days or weeks is just unrealistic. Why should they be any different?

Footnote: Yes, the author is well aware of Safaricom’s moves to issue a companion card for the use of M-PESA for retail transactions. That’s somewhat different to the case described here, though in itself interesting.

Identity and inclusion, an ongoing case study

America is a strange country to foreigner such as myself. And one thing that is particularly strange about it is the constant demand for identification in a society that lacks an identity infrastructure. The most obvious manifestation of this, as I’ve written before, is that when I am asked for identification (in order to get into a building in America, for example) I can present documents that the security guard cannot conceivably verify or validate (e.g., my UK driving licence) or documents that are not identity documents at all (e.g., my expired building pass for our office in New York) and gain entry. This is, as is often remarked, security theatre not security. It’s like a play about security where we all say our lines and play our parts but there’s no actual security involved at all. When it comes to identity, there’s definitely something odd about America.

Buying an assault rifle is easy. You need not show formal identification… Opening even the most basic bank account is far more arduous. The process begins with a rigorous ID check…

From It’s easier to buy an assault weapon than open a bank account. Really. – The Washington Post

Now, I don’t want to get into the madness of KYC/AML here as that’s not the point I want to make, although I will flag up the fact that America has something in the region of a hundred million unbanked people. The point I’m making here is that I don’t understand why we can’t implement a universal risk-based approach for “small” accounts in order to get people into the financial system (not necessarily through a bank account, of course). In Europe, we have a very interesting case study unfolding in front of us right now.

When Anas Albasha arrived in Germany after fleeing Syria in late 2014, one of the first things he tried to do was open a bank account. “In Germany you need a bank account for everything,” he says.

From Without German bank accounts, refugees are stuck in limbo – FT.com

Indeed. Rich Germans and people smugglers might well keep their cash in 500 euro notes, but poorer law-abiding Germans use debit cards and direct debits. If you don’t have an account, you have no access to the infrastructure of daily life. And, in my opinion, if you keep everyone out because one or two of them might be terrorists, then you don’t get to track, trace and monitor the terrorists anyway. Hence the German plan to give refugees a sort of provisional identity so that they can enter the financial system makes complete sense.

But it has been a struggle to persuade banks, which have to verify their customers’ identities, to open accounts for refugees. The heart of the problem is documentation. “Many refugees arrive in Germany without a passport or ID card; that’s just the way it is after the journeys they have been through,” says Katharina Stamm, an expert on migration law at the charity Diakonie.

From Without German bank accounts, refugees are stuck in limbo – FT.com

In September 2015, the Federal Financial Supervisory Authority (“BaFin”) relaxed the KYC requirements for refugees so that they could gain access to formal financial services.

With immediate effect and for a transition period, refugees will be able to open a basic account even if they cannot produce a document satisfying the passport and ID requirements in Germany.

From BaFin – News – BaFin makes opening bank accounts easier for refugees

Later last year, in October, the German government went further and passed a law requiring banks to offer these basic bank accounts to refugees. Unfortunately, and despite that law coming into effect in June of this year, “

Germany’s anti money laundering law still contains a clause that effectively requires a passport or ID card to open an account.

From Without German bank accounts, refugees are stuck in limbo – FT.com

Incidentally, we have the same problem here in the UK because the only ID document that refugees have is the Biometric Residence Permit (BRP) and many bank staff refuse to accept this as an ID document for opening an account. As the British Banking Association point out, “banks have to undertake thorough checks before opening accounts in order to comply with strict anti-money laundering rules”. Once again, as in Germany, it is AML rules trumping KYC rules. And I don’t want to point the finger as to the origin of the problematic AML rules, but the Centre for Financial Inclusion do note that it might be better for society to have people inside a system where they can be monitored and risk managed. 

Lower [KYC] requirements also means that governments concerned with international security (particularly the U.S.) must determine how they will mitigate the risk of new financial services innovations.

From Financial Inclusion and Immigration in Europe – Disrupting Identity Norms | Center for Financial Inclusion blog

I’m writing about this because I’m in Ivory Coast for the International Finance Corporation (IFC) and MasterCard Foundation conference on “Partnership for Financial Inclusion”. I was here to keynote about risk management for digital financial services (and how “fintech” and “regtech” can help) but I’ll definitely be hoping to learn more about the relationship between identity and inclusion from the experts here. 

IFCMCF2016 Q&A

I’ve already had a couple of pretty interesting discussions about the idea of building “bottom up” (i.e., attribute-driven) identity to help with inclusion and the relationship between such identities and those KYC/AML issues discussed above. I’m genuinely curious to know what you all think about this stuff – please get in touch – and how some of this thinking might connect with initiatives such as Identity 2020.


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
Verified by MonsterInsights