Editorial

Could Legal Entity Identifiers be what the UK needs to make Digital Identity effective?

‘We believe that as companies like Ubisecure make Legal Entity Identifiers (LEIs) more accessible, and build services that use the identity assurance power of LEIs, we’ll get closer to the point that every company in the world will want and need an LEI’

Posted 30 April 2019 by

At last year’s Think Digital For Government in November, Simon Wood, CEO of Ubisecure, a Digital ID company that works to simplify the most complex customer identity and security challenges faced when building applications, brought what was for many of us a very new concept into the UK Digital Identity discussion: LEIs – the Legal Entity Identifier, codes for connecting key reference information to enable clear and unique identification of legal entities participating in financial transactions.

Since then, Wood and his team have been beavering away with their work on LEIs, and now seem ready to share news of what all that hard work has achieved – so we sat down with Simon again yesterday to find out more.

Hi, Simon: hope you don’t mind, but would you take a second just to get us all up to speed again on LEIs – what ID job are they trying to do, and what does it matter so much? 

LEI stands for Legal Entity Identifier. They are unique codes that identify organisations in transactions or circumstances when one party needs to validate the authenticity and details of another party. They differ from some of the other organisational identifiers, such as company registration number or tax IDs, because they are globally unique. There is a well developed G20 endorsed ecosystem for LEI management – from overseeing standards bodies, to LEI issuers (like Ubisecure) and even provisions on distribution channels. There is a core concept of making organisation identity data transparent, verifiable and accessible in real time to anyone, anywhere.

LEIs are important for a few reasons, but primarily to provide transparency of who is who and who owns whom. Lack of transparency and accountability in transactions was one of the contributing factors to the 2008 global financial meltdown, which is why the G20 is now backing LEIs as the central identifier.

Thanks so much for that. So it seems you have a successful LEI business now, over at Ubisecure – RapidLEI. What’s the story behind that – what are you guys trying to achieve?

Our core vision as a company is to simplify the interactions between the three identity domains: individuals, organisations and things. To me, this is very important, because identity enables transactional value from interactions. Ubisecure has a mature identity platform that helps companies manage identities belonging to individuals and organisations. But organisations represent a broad definition, and in line with our vision, bringing high assurance to subsets of organisation identity drives the highest RoI. We see LEIs as the best option to start addressing that.

LEIs are an enabling layer in our broader plan to deliver new waves of digital services, but we need to make them accessible and as frictionless as possible. We’ve always had a clear vision where we can use innovation and technology to improve the LEI provisioning process so as to make it easier, faster and cheaper to register LEIs. Now that we have been an accredited LEI issuer for almost a year, we are starting to release those next generation organisation Identity services.

It looks like your work on issuing LEIs is going pretty well, Mr Wood – I saw a recent company blog from you guys that suggested in your first nine months issuing them, you did remarkably well – with LEIs to over 6000 companies around the world signing up, for example. Can you speak to this; hat is the underlying trend you think this points to?

We’ve been amazed how well our RapidLEI service has been received by the community. We were relatively unknown in the LEI space, so we had to launch with something pretty special, after all – something the LEI world hadn’t seen before. We invested heavily in automating the LEI issuance process by connecting our systems to the various business registries around the world, which means we can issue LEIs in just minutes versus days, ensure greater LEI data accuracy, and have a much better handle on keeping the data current. We also introduced an LEI issuance API that lets our partners, and LEI users like banks, integrate on-demand LEI issuance into their own application workflows.

We recently announced that after 9 months of being live, we’ve welcomed 6000 companies to RapidLEI. Almost 2000 of those were in March alone – and most have never had an LEI before. We believe that as companies like Ubisecure make LEIs more accessible, and build services that use the identity assurance power of LEIs, we’ll get closer to the point that every company in the world will want and need an LEI.

How does this map onto what I believe Ubisecure is calling ‘RtX’ – or Right to Represent?

The Ubisecure identity platform delivers Customer Identity & Access Management functionality. Part of that functionality is something we refer to as ‘delegation of authority’, which maps how organisations can manage which individuals within the organisation have authority to do what, and to what level. It’s multi-tiered, meaning that organisations can delegate authority to internal parties and externally to 3rd parties, who in turn can have their own rights and roles mandated and actions fully auditable. Ubisecure delegation of authority is widely used throughout the Nordics. For example we have mobile operators using this to define family ‘organisations’, energy companies defining tenant ‘organisations’ and Governments departments mapping commercial organisations in areas such as corporate tax submission and pension management.

This helps Government and organisations move past the time consuming, costly manual delegation of interactions, such as those used in comparable UK Government services, to fast, effective, and inexpensive automated delegation. Even better, our delegation technology, delivered as a platform, is proven at nationwide scale, but we have long considered that it would be very useful to deliver this as an ecosystem. Strongly authenticated individuals with assertions or rights, and levels of certain legal, financial or technical authority, linked to highly assured organisations, available to any workflow/process and not hidden in ‘closed use cases’. This is where RapidLEI opens up new opportunities.

In order to obtain an LEI from Ubisecure, our systems and processes will check the right of the applicant to apply for the LEI. Through the process of issuing the LEI we create with a database of highly assured organisations and the associated individuals with rights to request or represent that organisation. When combined with our delegation of authority service, those individuals can assert their rights to 3rd parties, or sub-delegate their rights to other individuals or organisations. The RtX service allows 3rd parties to build verification of those rights into their own workflows minimising KYC overheads and increasing automation to drive RoI. 

The earlier tax office scenario is very specific, with a pre-defined set of rights. Looking generically at the relationship between individuals and organisations, we see a standardised set of rights:

  • Right to associate
  • Right to request
  • Right to represent.

This core set of rights is the basis for all interactions between organisations. Automating the assertions of these rights provides the basis for simplification of business interactions and obtaining significant cost savings in the process. Delegating subsets of these rights with varying parameterisation enables the online automatic implementation of governance policies and makes the savings available to all levels within any organisation.

In real world examples, it could mean a supplier validating the budgetary or spending authority levels of an organisation’s employee through a completely electronic workflow, or the signing authority of a specific manager to accept a new financial service from a bank. It even has strong Government use cases, for example defining family organisations for health benefit claim processing. 

If we came back to speak to you about LEIs and RtX in, say, 6 months, Simon, what would you like to be able to tell us by then?

We are in a unique position as an accredited LEI issuer and provider of delegation management solutions. We therefore have lofty goals for the strategic initiatives around LEIs in 2019 and beyond.

We are on track to become one of the largest issuers of LEIs worldwide – at least top 10, for sure – and ranking against the big names like Bloomberg and DTCC. We’re already outpacing the competition so it’s not unthinkable, especially as we build out our partner network and see more same-session LEI issuance API integrations go online.

We launch the RtX cloud services and API in Q3 this year and will have our first beta customers on the platform and benefiting from the RtX organisation database. We will also have the ability for thousands of organisations to be able to assure 3rd parties exactly who has representation rights in their organisations, and what those rights really mean. 

Thanks for your time today – and good luck with LEIs and indeed, all things Digital ID-related!

If you’d like to hear more about the issues raised in this Q&A, then make sure you attend Simon Wood’s special ‘Identity In Action’ talk at the upcoming (June 7) Think Digital Identity For Government 2019, where he will be discussing the advances now available around Digital Identity for both UK organisations and individuals.

Ubisecure is a Diamond Level partner for the event, whose agenda is here and registration details here – we hope to see you there!