Let’s talk about digital identity with Clare Rowley, Head of Business Operations at the Global Legal Entity Identifier Foundation (GLEIF).

In episode 24, Clare and Oscar delve into the world of the Legal Entity Identifier (LEI) – what exactly is an LEI; the GLEIF’s role in ensuring the operation of the Global LEI System and promoting LEI engagement; and the specific, quantifiable benefits that the LEI can bring to the banking sector.

[Scroll down for transcript]

“Consumer protection, greater transparency in the supply chain, and the detection and prevention of fraud can be achieved only through full transparency of counterparties.”

Clare RowleyClare Rowley is the Head of Business Operations at the Global Legal Entity Identifier Foundation (GLEIF). Prior to working with GLEIF, Ms. Rowley worked at the United States Federal Deposit Insurance Corporation where she led technology initiatives improving bank resolution programs and contributed to research on subprime mortgages.

Find Clare on LinkedIn.

Established by the Financial Stability Board in June 2014, the Global Legal Entity Identifier Foundation (GLEIF) is a not-for-profit organisation created to support the implementation and use of the Legal Entity Identifier (LEI). GLEIF is headquartered in Basel, Switzerland. GLEIF services ensure the operational integrity of the Global LEI System. GLEIF also makes available the technical infrastructure to provide, via an open data license, access to the full global LEI repository free of charge to users. GLEIF is overseen by the LEI Regulatory Oversight Committee, which is made up of representatives of public authorities from across the globe. GLEIF has obtained the ISO/IEC 20000-1:2011 certification in October 2019 for its Partnership Program Services to the LEI issuing organisations (LOUs).

For more information, visit the GLEIF website at https://www.gleif.org/en

Ubisecure is a Local Operating Unit (LOU) for the GLEIF through its RapidLEI service and is the number one issuer of LEIs worldwide. Find out about becoming a RapidLEI partner at rapidlei.com/partners.

We’ll be continuing this conversation on LinkedIn and Twitter using #LTADI – join us @ubisecure!

 

Subscribe to
Let's Talk About Digital Identity

Or subscribe with your favorite app by using the address below

 

[Podcast transcript]

Let’s talk about digital identity. The podcast connecting identity and business. I am your host, Oscar Santolalla.

Oscar Santolalla: Hello and thank you for joining today. We usually talk about digital identity of individual people from many perspectives, but today we are going to talk about the identity of organisations.

The first question would be, do we have any universal way of identifying organisations in a way that can be electronically verified? The answer is yes, we have that and it’s called the Legal Entity Identifier or LEI. Today we are going to talk about that, and for that we have a representative from the organisation that works on the promotion of the LEI which is the GLEIF.

So let me introduce to you my guest today: Clare Rowley. Clare is Head of Business Operations at the Global Legal Entity Identifier Foundation or GLEIF. Prior to working with GLEIF, Ms. Rowley worked at the United States Federal Deposit Insurance Corporation where she led technology initiatives improving bank resolution programmes and contributed to research on subprime mortgages.

Hello Clare.

Clare Rowley: Hello Oscar, it’s lovely to be with you today.

Oscar: My pleasure Clare, it’s very nice talking with you and hearing what more about what GLEIF is doing. So, Clare let’s talk more about digital identity. The first thing I would like to ask you is: What is GLEIF?

Clare: Certainly. I will mention again, as Oscar said in the intro, I will use two acronyms throughout this discussion. The first is GLEIF, for Global Legal Entity Identifier Foundation and then LEI for the identifier itself, for Legal Entity Identifier. So, we at GLEIF, we are a non-profit Swiss foundation inaugurated in June 2014 and founded by the Financial Stability Board, with G20 endorsement. We are backed and overseen by the LEI Regulatory Oversight Committee, which represents 71 public authorities from around the world.

We are responsible for ensuring the operations of the Global LEI System, which includes implementing robust data quality management processes to support the highest levels of data quality. We also manage a network of our LEI issuer organisations. We contribute to the vision of having one global identity behind every business by supporting the implementation and broader adoption of the LEI in all jurisdictions and for all types of legal entities.

Oscar: Excellent. And what is the GLEIF’s role in the world of digital identity?

Clare: Our vision comes from our regulatory roots with our oversight committee, the financial stability board and the original visionaries – that being the leaders of the G20 nations. Our vision is to enable people and businesses worldwide to make smarter, less costly and more reliable decisions about who to do business with.

Initially, our focus was to support the LEI’s mandatory roll out across the derivative markets, to provide transparency on the identity of participants in financial transactions. However, the much bigger and more exciting story today is that the LEI is uniquely positioned to enhance digital identity management across global business sectors.

We see today that, from banking to supply chain management, industries everywhere are adjusting to the digitisation of processes and transactions. Start-up firms and new technologies are challenging traditional business models to move forward quickly, embrace change, and think differently. To respond effectively, organisations need to rethink their approach to managing data and interacting with suppliers and customers.

And central to all of this is trust – and it can be a real sticking point that hinders development. How can an organisation trust that a supplier located hundreds of kilometres away is who they say they are? Or as a person, how can I verify that the organisation receiving personal data is who I believe them to be? From this perspective, the process of digitally establishing a stakeholder’s legal identity has become a foundational requirement; it enables the determination of ‘who’s who’ within a digital community. This is a challenge that’s increasing. As more processes and interactions become digital, stakeholders must work harder than ever to mitigate doubt.

This puts the field of identity management at the heart of digital transformation. Yet as the digital revolution gathers pace, the identity management field is becoming siloed. If this continues, it will lead to frustration among participants and high costs for users caused by the need to repeatedly re-establish their identities across different networks. It may also lead to monopolies, created by those that can build the biggest, fastest network, usually with proprietary platforms and without the benefits of leveraging standards.

So, this is where we see a unique opportunity for the Global LEI System to play an enabling role, by ‘solving’ the identity challenge with a universal solution that can provide organisations anywhere in the world with a unique, permanent and interoperable identification that avoids user lock-in, both on the provider and consumer sides.

And to top it all off, as a regulatory endorsed system overseen by members of our LEI Regulatory Oversight Committee, it is a system that establishes a recognised, monitored and standardised global identity for legal entities, all linked to the national identification system. The system is underpinned by open data, meaning any person or company can access the LEI and its associated reference data. Furthermore, the GLEIS bridges traditional and online processes by serving as a tool to help identify the counterparty in any transaction, as well as aggregating data on legal entities held in repositories.

So, we’re now working with a number of partners to define digital identity use cases that are applicable across the public and private sectors as well as different identity management solutions. For example, the LEI can enhance digital certificates and signing in financial reporting. We’re also looking into its relevance to blockchain and digital verifiable credentials. And lastly, we’re collaborating closely with the banking sector to support increased voluntary adoption of the LEI.

Oscar: I can see the foundation does many very important things for the identity organisations. As you said, how can you in any situation – and even now that we have less chance to meet in person with a potential business partner – how can we know that the supplier that is on another continent is the company that it claims to be and the person contacting you has the right to do that? So, it’s a big challenge. Also, it’s very interesting what you said that everything is done with standards, so there are standards that prevent monopolies, for instance. Even though you’re a non-profit organisation, one question I would like to ask you is: Who are the actors that are behind GLEIF? You mentioned, for instance, certification authorities. What are the main organisations that influence GLEIF?

Clare: So indeed, as I mentioned earlier, we were founded by the Financial Stability Board and the Financial Stability Board was mandated by the leaders of the G20 nations to develop the concept and the organisation of this global system for legal entity identification. The structure that the Financial Stability Board ultimately developed as a result of a very extensive public and private consultation has three layers. We have at the top what I refer to as our regulatory oversight committee. So, this a collection of 71 public authorities from around the world that set the policy and the evolution of the policy for the Global LEI System. We then have as a middle layer, the foundation, the GLEIF that I represent. We are responsible for taking those policies and implementing them and we also ensure the day-to-day operations of the Global LEI System. And then you have a third layer that we refer to as the LEI Issuing Organisations. These organisations have the practical link to the legal entities, so they provide the services of issuing and reviewing LEIs. They also bring to the system the local knowledge of what makes a legal entity a legal entity in the different jurisdictions for which they are accredited.

Oscar: Thank you for explaining a bit more. Yes, it’s the Financial Stability Board, but behind that public authorities from many countries in the world which is excellent because many countries are involved with that. Before we delve deeper into specific use-cases, could you explain exactly what an LEI is and why we need it?

Clare: Indeed as you mentioned before Oscar, it is an ISO standard – ISO 17442 to be precise. The LEI is a 20-character, alpha-numeric code that links back to a data file held within GLEIF’s freely accessible online database. It contains verified information about an entity’s ownership structure and answers the questions of ‘who is who’ (and that is basic business card information) as well as the question of ‘who owns whom’ (and that is information on the direct and ultimate accounting consolidation parents). The LEI as well as its’ associated reference data is available in a centralised open database that is free of charge for the public to use. You can access this by a simple online search or for those of you that are looking for a more machine-friendly format there is a full file download or the API.

LEIs can be used across both the private and public sector. In the public sector, LEIs are already mandated by regulations around the world to enable better transparency in financial markets. For the private sector, an LEI reduces the need for firms to duplicate identification processes. This delivers massive benefits in terms of cost-saving and streamlining customer onboarding processes. Especially in the digital age, a global unique identification system is of great value for both the regulatory world and the business world.

In fact, speaking about the private sector, we’ve uncovered some significant cost savings for financial institutions in relation to identification efficiency gains during the onboarding / KYC process to the tune of billions of dollars.

Oscar: So 20 characters is the LEI that any organisation, right…And also to make it a bit more clear, what type of organisation, for instance can be a company…?

Clare: Indeed, so the ISO guidelines are broad. It defines a legal entity as one that is engaged in financial transactions. But it leaves ability also to extend beyond just simple companies (for example out of Companies House) but also to entities such as foundation, non-profit organisations. Most recently, with guidance from our LEI Regulatory Oversight Committee there is also an extension for funds and how to represent funds in the Global LEI System, so it is broader than a traditional, for example, limited liability company, but for any entity that has the ability and that is a legal entity construct.

Oscar: Correct me if I’m wrong, that also applies to a sole trader, a solopreneur, if this person is registered?

Clare: Indeed, that being the key. So, it does indeed extend to individuals acting in the business capacity which generally is sole traders depending upon the jurisdictions. Some jurisdictions require that sole traders also establish themselves in a business registry type registration, which gives them a legal personality. So indeed this standard can be extended to individuals acting in that type of business capacity.

Oscar: So, you have already started talking about that very important industry in which LEI will be very beneficial and shown the potential that it has is when we’re talking about financial institutions, when we’re talking about banks. Let’s talk more about that. What is GLEIF doing for banking and what value can the LEI bring to banks?

Clare: I’ve already mentioned that the LEI was originally established to support mandatory requirements for transparency in key financial markets. Following the proven success in these areas, in 2018, we (GLEIF as an organisation) started looking more deeply at private sector challenges with legal entity identification. We started first in collaboration with a group called LoudHouse – we surveyed senior salespeople in small, medium, and large sized banks in North America and Europe. We wanted to understand how these institutions were managing legal entity identification and specifically the obstacles they face. The survey revealed that on average financial institutions are using four identifiers for their legal entity clients. Think of the downstream mess this causes – wasted time due to manual reconciliations across datasets, reliance on proprietary and non-transparent information, not to mention lost money due to additional staff efforts, and poor customer experience, which sometimes leads to the client walking away.

In 2019, and in collaboration with McKinsey, we continued this investigation into the broader business model of the Global LEI System. As part of this process, McKinsey identified banking as the key global sector which would benefit most immediately from scaling adoption of the LEI. Our research unearthed that if banks adopt LEI in the near term to support all aspects of the Client Lifecycle Management process, the industry could save an estimated U.S. $2-4 billion annually in client onboarding efficiencies alone.

Specifically, McKinsey identified that the LEI would streamline processes for connecting internal and external data sources, resulting in time savings and improved efficiency in analytics. LEIs are already employed to streamline know-your-customer (KYC) processes in capital markets globally, so this is a good place for financial institutions to begin that expansion and broader integration of LEIs.

Oscar: Definitely many reasons to use LEI in the banking industry. One question related to what you recently said – you mentioned financial institutions were using 4 identities for the legal entity client. Could you give us an example of these 4?

Clare: Certainly. So, a financial institution might use other identifiers. They could be for a regulatory reporting purpose. For example, within the US we found that there was also high prevalence of an identifier for the Federated Financial Regulators, but I’m blanking on the name. We also have usage of proprietary identifiers for vendors. So where there is a use of a particular vendor product to enable some of those KYC checks as well, you would see that those types of identifiers also came up as frequently used.

What you see the financial institution is doing is it’s having itself to gather the basic information of the legal entities, so that starts with the name, the address, etc. And then, by applying complex algorithms, try to determine if it matches up to other entities already within its’ database or create a completely new profile. That comes down to the decrease inefficiency, so rather than having to do this many times in each financial institution, develop these types of complex algorithms. Where the LEI can help is access that umbrella identifier connecting to these different types of identifiers, be they established for regulatory reporting or be they for connecting to vendor products.

Oscar: Now I can understand more about the complexity behind this. There are a few systems in the banking industry to identify organisations, depending on the jurisdiction, where you are and there might be 4 or even more of these.

Sounds like a solid, clear value proposition, the use of LEIs in the banking industry. So, what would you say? Why have banks still not used it so extensively?

Clare: As part of their independent research, McKinsey conducted close to 100 ‘voice of the customer’ interviews. What they found when speaking with financial professionals, was that the LEI is mainly used in the initial onboarding phase to comply with regulatory mandates. In almost all cases, it is obtained at the end of the onboarding phase, after many of the steps for entity identification have already been completed.

If the LEI were obtained and used at the beginning of the onboarding process, the LEI could expedite counterparty identification and verification, including compliance with KYC requirements. For example, the LEI could be used to pull in information from different vendor platforms, instead of mapping the internal bank identifier to each of those vendor platform identifiers.

And McKinsey found that this type of manual linkage between identifiers is still the top pain point for interviewees. For example, most matching algorithms use ‘entity name’ as the starting point. As we all know, entity names can be abbreviated, incorrectly translated or transliterated from the natural language, or simply misspelled. The amount of time that financial institutions waste reconciling possible matches between entity names is stunning. And, as we all know, wasted time equals wasted money. McKinsey estimates that today banks spend around USD $40 billion on client onboarding annually. By widely adopting the LEI in its onboarding processes, banks could generate cross-sector cost reductions of between 5-10 percent annually or back to that number indicated earlier – $2-4 billion.

By leveraging the LEI, a 20-digit alphanumeric code, rather than entity names, financial institutions would significantly improve straight through processing and therefore efficiency. But the strategy assumes that all vendors also have the LEI in their platforms, and importantly correctly mapped to their internal identifiers. If financial institutions are having so much difficulty in mapping these entity names, then why should the entity trust the vendor is doing a better job?

This is another prong of our strategy. In addition to the deeper engagement with financial institutions, we are also engaging the vendor community for our Certification of LEI Mapping programme. We put in place this service for vendors which desire an independent quality control review of their processes to map the LEI to their own identifiers. It ensures that the uses state of the art methodologies and / or processes to do/maintain so accurately. To date, we have two major organisations have engaged in the our Certification programme – SWIFT for the BIC and ANNA for the ISIN. We are actively engaging with the vendor community through our vendor stakeholder group to complete further certifications.

Oscar: It’s very interesting what you said, that one of the main mistakes is that the LEI is being use by many financial institutions, but very late in the process. It should be the opposite. It should be the starting point. As you said, there are many benefits because of that. Something that is very easy to understand is that there might be many misspellings with the entity names. How do I say “I put LTD or Limited, uppercase or lowercase, etc…”? This is a nightmare and very prone to mistakes.

You also mentioned that two major organisations have already been engaging with GLEIF Certification programme, Swift and ANNA for the ISIN. That sounds very good. Is GLEIF seeing interest from banks? Are banks contacting the GLEIF?

Clare: We also have a stakeholder group for managing our relationships with financial institutions, and we are engaging through this stakeholder group to establish pilot projects during which we will examine how to embed the LEI into the customer onboarding processes. Our intent is to first engage conceptually with these institutions to understand the technical, legal, and operational changes needed. We are fully committed to supporting the banking industry’s widespread implementation of the LEI beyond those mandated requirements. That’s why we are collaborating with the banking industry to assess how the future evolution of the Global Legal Entity Identifier System may meet best meet the sector’s requirements.

We don’t expect to be able to implement a wholesale change overnight or see an immediate 100% application of the LEI across the banking portfolio. But we do hope that the pilots will start the journey leading to that end result. We are excited that wider use of the LEI brings such significant potential benefits to the banking sector and our priority at this stage is to support voluntary adoption of the LEI in banking use cases beyond regulatory reporting so that these benefits can be fully realised.

We also work with our LEI Issuing network, as I mentioned earlier, to implement a similar outreach programme. The LEI Issuers bring local knowledge to the Global LEI System. They understand the needs of small and mid-sized financial institutions in the jurisdictions in which they operate.  We believe that our efforts together will result in interesting pilot projects in 2020 and going into early 2021.

Oscar: Sounds good, engaging with pilots in the financial institutions and of course use cases that go beyond the compliance. Compliance is one of the reasons the financial institutions are already using LEI, but that isn’t the full potential of LEI. These pilots, you mentioned, they are executed in the financial institutions, correct?

Clare: Yes, so we do engage confidentially with those members of our stakeholder group that like to engage in pilots, but we have set up a standard process for engagement, starting with a commitment statement so it’s very clear for both parties what is the objective and outcome. These are not major projects with huge technological developments. We focus really on the financial, the operational and the technical changes to gain that understanding. The expected duration is 4-6 months so it’s largely an engagement and a thought process. It’s also not financially binding for these institutions, so each party covers its cost when coming to the table.

But what we really aim to do here is to gain from these pilot projects a more global understanding and a better implementation method of really understanding how to make the LEI work better for financial institutions in the onboarding process. The LEI is not a stranger in the banking and financial institution world, rather it just simply seems as a result of our McKinsey research that it’s being applied at that in stage of the customer onboarding, so at the time when there’s the final compliance checks based on the type of product that the client is interested in and it ultimately takes away from the benefits for the financial institution of using it at the beginning and then leveraging the LEI to act as that connector, to enable straight through processing in creating the profile and a clear understanding of ‘who am I potentially doing business with’?

Oscar: Sounds excellent that at this time there are already these pilots in several financial institutions that put the LEI very early in the process – onboarding and other financial processes. Clare, could you give us a tip to protect our digital identities?

Clare: I’d like to flip that question around and instead provide a tip for anybody looking to validate the identity of businesses they are transacting with and I do it simply because this is the business that we’re in.

The challenges we are all facing thanks to the world’s COVID-19 bring the difficulties of reconciling exposure into sharp focus. You mentioned this at the very beginning of the podcast, how much we are moving towards more digital interactions with key suppliers, with business partners, with online purchases. So this issue goes much, much further than just the financial sector – it sits at the heart of the global digital economy. Unambiguous legal entity identification is necessary for parties involved in the flow of goods and services, for example. It has become really clear how integrated the production and distribution of goods are in the global supply chain is. This includes cross-border logistics and payments. To function optimally – and certainly for the benefit of all the end users – this requires a strong legal entity identification system.

Consumers of all types now use online platforms and many of the goods and services they seek cross jurisdictional boundaries, and also understanding of ‘what are the types of legal entities that I’m interacting with?’. In times of crisis and panic, consumers become particularly vulnerable to fraud from suppliers who do not exist at all or are not who they claim to be. Additionally, we see governments around the world have announced large economic relief and support packages. In order for these packages to reach genuine businesses and not fraudsters pretending to be so, a system for validating the authenticity of legal entities is needed to protect taxpayer funds.

At GLEIF, we believe that transparency behind every business can help to support the real economy and financial stability. We believe this is a valuable time to promote the Global LEI System as a broad public good that can underpin confidence in the marketplace wherever it is. Consumer protection, greater transparency in the supply chain, and the detection and prevention of fraud are all enabled with broader adoption of the Global LEI system.

If listeners would like to find out more, take a look at the GLEIF website and take a look in particular at the publicly available LEI data. More information can also be found on the LEI and of course how to engage with us further on this topic.

Oscar: Thank you. This is a very practical tip for people who are working in some companies or organisations and want to know the identity of a potential business partner or supplier. Going to the GLEIF website and searching on the database is already helpful.

Clare: Indeed. It’s always nice to really see and feel what is the information that is out there and available publicly.

Oscar: Excellent. Thanks a lot Clare for this very interesting interview about the GLEIF and everything that you have been doing and now focusing a lot on financial institutions. Please tell us the best ways of how people can find more information about you or about GLEIF, how they can contact you or someone from GLEIF. What are the best ways?

Clare: Our website is GLEIF.org, very simple. We also have the ability there to sign up for a technical newsletter if you are interested in learning more details about technical changes to the LEI data and then if you’d like any information or have any questions on the LEI or on myself or the foundation you can always send an email to info@gleif.org and you will then be routed to the applicable person.

Oscar: Perfect. Thanks a lot again Clare. It was a pleasure talking with you. All the best.

Clare: Thanks very much Oscar.

Thanks for listening to this episode of Let’s Talk About Digital Identity produced by Ubisecure. Stay up to date with episodes at ubisecure.com/podcast or join us on Twitter at @ubisecure and use the hashtag #LTADI. Until next time.

[End of transcript]