CIAM & LEI for KYC & Customer Onboarding

Identity verification using reusable identities

Organisations need to verify the identities of users onboarding to their services – whether for enhanced security and/or KYC/AML requirements.

CIAM connects the Identity Providers (IdPs) and identity schemes to your services that you need to achieve seamless, secure, compliant and efficient identity verification. It supports dozens of reusable identities from IdPs, e-IDs, and regional identity schemes, and powers the world’s most extensive identity brokering platforms.

Identity verification using document verification or physical biometrics

CIAM enables real-time identity verification using government-issued identity documents and physical biometrics such as facial scanning. The combined solution from Onfido and Ubisecure scans physical ID documents from over 4,500 document types from 195 countries and can use biometric technology to verify that the document truly belongs to the person being onboarded.

This is useful for service providers needing/wanting to carry out digital-first identity verification, but that operate in countries that do not yet offer standardised verified digital identities.

Attribute Collection & Aggregation

Effective onboarding requires the company to simplify the identity management by consolidating the onboarding data set. Ubisecure supports the collection, aggregation and exchange of user attributes to offer Zero Trust networking while respecting user privacy. The core functioning includes:

• Normalising data from different providers to simplify application integration
• Masking user data according to minimum information disclosure principles
• External service queries – resolving a common attribute through a commercial or in-house web service

Ubisecure CIAM is used to efficiently integrate data sources so the user‘s identity-related data can be retrieved and utilised on a per-session basis. The result is an individual identity profile, specific to each connected application or outbound federation link. Only those attributes needed for functioning, and authorised by the user, are shared.

Delegated Authority

Delegated Authority enables multi-tier delegated administration and delegation of authority, improving efficiency, reducing costs and enhancing security. Delegated Authority allows the principle of “verify, delegate, assert” to be implemented at large scale within both closed and open ecosystems.

• B2C/G2C example – one admin user from a customer group plan (e.g. parent within family) carries out the onboarding process, then sends invitations to others in the group with role-based access.
• B2B/G2B example – one admin user from your partner organisation takes responsibility for their colleagues’ access to your digital service, within your defined parameters. The partner admin delegates access/authority to users within their own organisation.

Both scenarios remove manual work from your own IT/Support team and eliminate the need for shared access credentials which present a security risk.

Legal Entity Identifiers (LEI) – verified organisation identities

A Legal Entity Identifier (LEI) is a 20-character global identifier that identifies distinct legal entities that engage in transactions. It is defined by the ISO 17442 standard, endorsed by the G20 & FSB and is intended to be “the one identity behind every business”. The LEI provides access to verified organisation reference data and connects the numerous different organisation regional and private identifiers used in KYC/AML.

The use of LEIs in onboarding can be a significant cost saving tool, as well as having a measurable impact to people and staff productivity, streamlining processes, and improving transparency into available entity data. Service providers can view live, verifiable data about clients to ensure higher levels of trust for Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD).

RapidLEI is the organisation identity service from Ubisecure, a Local Operating Unit (LOU) of the Global Legal Entity Identifier System and accredited issuer of LEIs. RapidLEI is the number one issuer of new LEIs worldwide and offers both SaaS and API-based solutions for LEI issuance and management.

LEI Everywhere™

Organisations using (or considering) the new GLEIF Validation Agent (VA) solution can enroll for Ubisecure’s LEI Everywhere program. LEI Everywhere offers a clear and simplified path to obtaining and maintaining LEIs:

• Technical implementation of the GLEIF Validation Agent role through the RapidLEI API and SaaS dashboard
• Enhanced verification for both initial LEI registration and subsequent renewals, assisting KYC (Know Your Customer), AML (Anti-Money Laundering), Customer Due Diligence (CDD), Enhanced Due Diligence (EDD) onboarding and client refresh cycles
• Reduced annual fees – initial registrations at $11.99 and renewals at $5.99 (price include annual GLEIF fee)

LEI Everywhere lets organisations obtain LEIs for clients when verifying a client’s identity during initial onboarding or during a client refresh. Both the validation of legal entity identity data and the subsequent registration (and renewal) of the LEI can be automated to occur in parallel with existing workflows without the usual duplicative processes.

Find out more about LEI Everywhere

“By simplifying and accelerating the LEI issuance process, the new Framework also paves the way for FIs to expand their usage of the LEI beyond capital markets to encompass all banking business lines, an opportunity anticipated to save the industry U.S.$2-4 billion annually in client onboarding costs alone.” Global LEI Foundation

Ultimate Beneficial Ownership (UBO)

The European 4th AML Directive (2017) and the US FinCEN CDD Final Rule (2018) both contain provisions for capturing beneficial ownership (UBO). Penalties for non-compliance are significant, so maintaining proper UBO information is critical.

KYC/AML procedures and processes must collect information about the beneficial owner including the identity of all individuals who have a significant ownership or control position. The beneficial ownership information includes:

• The natural person opening the account: name and title
• The legal entity customer: name and address
• The beneficial owners: name, DoB, address and social security/passport of similar ID

Through a strategic partnership with UBO Service, Ubisecure makes capturing UBO easy. Find more information about RapidLEI’s UBO services.

Right to Represent

Right to Represent is a Ubisecure service which allows service providers or government departments to connect to and check a company’s verified identity and the rights of individuals to request on behalf of, or represent, the company.

Representation attributes can include legal, financial, administrative or other authoritative powers. Right to Represent digitises costly administrative governance to technically implemented governance. It makes way for automated workflows that reduce manual workflow costs by as much as 99% and reduce fraudulent organisational representation during the onboarding of new customers.

Digitising representation workflows also enables compliance to regulations by enhancing security and increasing transparency over who has rights to do what on behalf of the organisation. Because Right to Represent provides advanced KYC and ties an individual to an organisation, it can also dramatically reduce the time to execute successful corporate KYC/AML.