Digital Identity and Financial Crimes

0
9

You must be a member of ACAMS to read this article. Please login or join today for full access to www.ACAMSToday.org and other exclusive member-only content.

“Digital identity” has replaced blockchain to become 2019’s new tech-based solution to revolutionize compliance functions from anti-money laundering (AML) to audit. However, given the recent involvement of Estonia’s digital identity network in the Danske Bank money laundering scandal, the question of how to ensure adequate financial crimes oversight has taken center stage.1 This aside, the potential of digital identity still appears to be endless which further highlights the importance of engaging financial crimes professionals early on in the building stages so that a scalable and secure solution is deployed.

What is digital identity?

The definition of digital identity can vary depending on the context. For example, digital identity traditionally refers to an amalgamation of all available attributes and information that can bind an online persona to a physical person.2 Taking a step back, one could also broaden this definition so that it is not reliant on the internet by replacing the word “online” for the verbiage “available on computer systems.”3 The distinction between online and computer systems becomes increasingly important as the conversation around digital identity becomes more formalized. Entities interested in issuing digital versions of identity cards, or relatively static pieces of identifying information to a particular person, would be less concerned with the amalgamation of an individual’s online user history as they would with being able to securely store, transmit and trace particular pieces of information prescribed to an individual by a trusted entity, such as a government agency.

Digital identity is data about persons stored and accessible through computer systems that closely link to their civil and national identities

In looking at digital identity from the vantage of uploading physical identification documents to a computer-based system accessible by the internet, the definition of digital identity would change from the aforementioned to something more akin to the following: digital identity is data about persons stored and accessible through computer systems that closely link to their civil and national identities.4 This more formal definition of digital identity will be referred to as “digital identification” for the remainder of the article.

The definitions provided for digital identity and digital identification exclude exploration of digital identity from a philosophical perspective due to the scope of this article. However, there are a few relevant points related to digital identity and one’s personality that should be mentioned. First, it is widely acknowledged that the internet and its perceived anonymity—along with certain aspects of actual anonymity realized through encryption technology—allow a particular user to foster multiple personas online as opposed to their real-life environment. This autonomy can create challenges for entities seeking to establish standards for instant verified identification; however, the cumulated data can assist with identification of a particular individual via investigation. Second, it is important to note the ways in which individuals have begun to re-examine their self-existence, self-expression and self-identification in a digital age. This is an important realization when attempting to mitigate privacy risk as it highlights the heightened scope of information—and sensitivity to that information by underlying customers—that an issuing entity of digital identification would have exposure to should a breach be successfully executed. This risk is compounded as a digital identification network brings on more participants across various industry sectors, increasing the potential for oversight of a particular user’s lifestyle above and beyond financial transactions.

Lastly, it is important to note that digital identification differs from digital authentication, which is the act of validating one’s self when trying to access an account or device. For example, logging into one’s email account through inputting a password would be a form of digital authentication. In addition, leveraging biometric identifiers, such as fingerprints or retina scans, would be considered digital authentication. To recap, digital authentication answers the question “is that you?” while digital identification is intended to answer the question “who are you?”5

Digital identification networks

There are several digital identification networks operational today across public and private sectors in many respective jurisdictions. These platforms vary in their usability, as well as the technology, which underpins them. Some networks utilize a traditional database while others opt in for a decentralized blockchain and there are even hybrids in between. To the left is an overview of just some of the more prolific networks in operation.

Public sector

Several digital identification networks have been launched by many governments worldwide that seek to address different scenarios, from increasing the efficiency and accuracy of delivering social services to the issuance of digital driver’s licenses. Many of the platforms, such as India’s Aadhaar ID system and New Zealand’s RealMe system, also allow opening of bank accounts. While the following digital identification schemes are largely funded by the public sector, many are in partnership with private enterprises that specialize in the technology required to execute a digital identification system.