Adopting innovative technology – Digital ID Systems- Consultation Outcome
In August we wrote about the challenges of confirming your identification. We also discussed the consultation process underway in Jersey regarding the adoption of Digital ID Systems. As a reminder, the paper told us there were three main barriers to adoption:
- Lack of industry confidence to invest in digital solutions – how do they really work/how do I assess them/know they do what they say they do?
- Differing risk appetites across businesses and sectors- internal risk appetites across sectors and client types drive differing internal requirements for the same clients in different organisations
- Lack of critical mass uptake – who wants to risk the first mover disadvantage of getting it wrong?
The consultation proposed three options to address some of these barriers:
- Further clarification in the existing regulatory regime, enhancing Section 4 of the AML/CTF Handbook and incorporating Digital ID Systems into law
Establish an accreditation framework in which Digital ID Systems and their providers are accredited
Create new class of regulated business so that Digital ID Systems Providers become Supervised Persons regulated by the JFSC
Our position regarding the consultation was:
As neither a Digital ID Systems Provider, nor a Supervised Person, we stuck our head above the parapet. Option 1, in our view, must happen. But there also needs to be consistent application of the regime amongst the Supervisors, and an open dialogue between Supervisors and Supervised Persons on the use of technology and how it supports regulatory requirements within a Supervised Persons’ Risk Framework.
Option 2 is a good idea and one we fully support. The Digital ID Systems Providers we know would be willing to get accredited to help clients be comfortable with using the technology as part of their overall process. Unfortunately, it’s not a quick solution to work out an accreditation regime, get accreditors and start the process, but we’ve got an opportunity to push for clarity and make it easier for digital adoption by Supervised Persons.
Option 3 is unlikely to work. While Jersey-based Digital ID Solution Providers might consider it, those based outside Jersey are unlikely to want to become subject to its regulatory regimes, nor are they being asked to in most other jurisdictions. Requiring this would likely reduce the number of options available to Supervised Persons, defeating the global nature of our industry in Jersey, and the purpose of this consultation.
The response was published at the end of November, making for interesting reading. While there was a high degree of engagement across the industry, the reactions to the individual proposals were, unsurprisingly to us, highly polarised. Concerns tended to focus on the practical realities of implementation but often gave suggestions which have shaped the next steps, so kudos to those who responded as it seems to have resonated.
Respondents confirmed that the barriers to adoption noted above were correct. Other barriers were also noted, including:
- comments from multiple respondents that no matter how widespread to adoption amongst the financial community, this would be hampered by the ongoing unwillingness of the banking community to accept Digital ID
- no upside to being an early adopter of new technology as Supervised Persons would be held accountable in any event where the failure related to a Digital ID System
- inconsistent approach from the JFSC helping Supervised Persons understand how to use technology to support their regulatory compliance function
- Supervised Persons need to be able to articulate better the appropriateness of technology deployed in their risk and compliance framework
- Multiple respondents cited cost as a barrier to adoption.
Before this consultation, two prior consultations into a “Shared KYC Utility” (a centralised platform where customer identification and verification could be undertaken once for a customer rather than several times by different Supervised Persons) were conducted. The unwillingness to adopt this previously stemmed from issues with Jersey-based subsidiaries and branches adopting a Jersey-specific process that might not be interoperable with cross-border standards. This consultation also considered whether the sentiment has changed in 2022. While there was more support for it, there were still barriers raised, making it difficult to implement:
- Risk of creating a standard that is not interoperable across international jurisdictions.
- Risk of surrendering control over a Supervised Person’s customers’ data with challenges in meeting data protection requirements, and
- Cyber security concerns regarding creating a “date-lake” of personal, identifiable information.
Option 1 More Clarity in Handbooks
The feedback unanimously supports further clarity within the AML/CFT handbook regarding the use of Digital ID Systems and will be progressed. In addition, the Money Laundering Order will also need to be updated to include more clarity regarding Digital ID Systems.
Option 2 – Accredited Framework
Feedback on this option supported some accreditation framework or other minimum technical standards to which Digital ID Systems should adhere, although there were a number of concerns, including the cost of accreditation, risk that a Jersey-based Framework would prove a barrier to entry for RegTech starts up and that it could not conflict with international standards to ensure it would be accepted for equivalence in other jurisdictions.
Further exploration will be undertaken, drawing on resources and experiences of other jurisdictions, on the introduction of guidance on how IDPS’s should operate, including reference to international standards.
Option 3 – Create a new class of Supervised Person where Digital ID Providers would become Supervised Persons
While there was a mixed view about the effectiveness of this option, significant challenges were raised, including IDSP’s not wanting to become regulated, it being the most expensive option, and it might end up being limited to Jersey-based businesses, eliminating non-Jersey-based providers and reducing competition. Most respondents felt this option would be prohibitively expensive. The result is that this option does not appear viable for Jersey at this time and will not be pursed at present.
Option one – will proceed as planned, with changes to Section 4 of the AML/CFT Handbook and updating of the MLO. Early, quick technical amendments are being made before the end of 2022 to update Section 4 of the AML/CFT Handbook, while Amendment to the MLO will start during Q1 2023.
Option Two – will proceed with modifications. For this option, Government will continue to monitor emergent international technical standards with a focus on the UK and other Crown Dependencies, to determine best practices and to assess how it can appropriately articulate technical standards.
Option Three – will not proceed at present
Domestic Inter-Agency Co-operation
Respondents identified that in addition to implementing Option 1 and aspects of Option 2, further cooperation between the JFSC, Government, Jersey Finance and Digital Jersey is required to ensure a shared understanding of the approach to Digital ID systems and their use cases.
Digital Jersey and Jersey Finance will develop educational events and materials further to support the adoption of Digital ID Systems under Fintech.je banner, such work to start early in 2023.
An outreach and engagement programme related to Digital ID Adoption systems in Jersey will launch in Q1 2023
During Q3 2023, relevant global standards for IDSP’s will be considered, guidance notes prepared, and more substantial amendments to Section 4 of the AML/CFT Handbook will be provided.
It’s great to see that respondent feedback has shaped the outcome. While it’s not the perfect solution for everyone, it’s certainly a step in the right direction.
For the full Consultation Paper Result, please see Digital ID Adoption Consultation Outcome Report