Response to consultation on draft Guidelines on the use of remote customer onboarding solutions
Go back
GLEIF understands that the EBA refrains from being prescriptive under 4.2 and leaves enough room for the financial sector operators to choose which sources to use for client verification. That being said, providing that much flexibility has the potential to impair the harmonization of customer due diligence requirements set out with the new AML Regulation proposed in July 2021 and data interoperability across the EU. Therefore, GLEIF thinks that EBA could recommend financial sector operators to leverage certain data sources and therefore include certain data elements for remote client identity verification, for which the LEI stands out for unique and unambiguous legal entity identification.
GLEIF's interactions with financial sector operators confirm that the use of the unique identifiers can greatly streamline remote onboarding of their clients. Through integration of the LEI in their onboarding processes, financial sector operators could easily (1) validate the client record, (2) pre-populate the client record with information that must be stored within the financial institution and (3) verify the information that has been collected. The Global LEI Repository brings efficiency, transparency and trust to legal entity identification. Backed by the Regulatory Oversight Committee, it is the only online source with the potential to capture any entity engaging in financial transactions globally, regardless of who generates these transactions. By leveraging this as the unique source of identification within Remote Customer Onboarding Solutions and enriching the Global LEI Repository with the continuous validation efforts of financial sector operators, the ECB would make the Global LEI Repository an extremely powerful resource for private sector and public sector use. As noted by the European Systemic Risk Board (ESRB):
• The global economy is based on a web of contracts and financial transactions, including a large number of cross-border contracts that cover the entire planet, creating tightly knit and extremely complex patterns. This web covers not only financial institutions but also other entities that have relationships, contracts and exposures with each other and with the financial sector. If one crucial node breaks, a large portion of the network might unravel, potentially with deep implications across the globe. If left unchecked, such events could lead to financial contagion. The clear identification of individual entities and any connections among them is key to drawing a reliable map of the global economic and financial landscape. It is also an important prerequisite for reducing financial contagion and promoting financial stability.
The ESRB recommends that relevant authorities pursue and systematize their efforts to promote the adoption and use of the LEI, making use for this purpose of the various regulatory or supervisory powers which they have been granted by national or Union law. The Remote Customer Onboarding Solutions guidelines is an excellent opportunity to leverage this recommendation.
Financial Institutions can easily connect to the Global LEI Repository via the GLEIF Look-up application programming interface (API), which allows developers to access the complete LEI data pool in real-time directly and perform on-demand checks for changes to specific LEI records in a convenient and easy-to-read format. The application, developed by the GLEIF, responds to the market needs of multiple LEI stakeholders, including financial institutions, regulators, fintech companies, and analysts seeking to include LEI data in their machine-readable and automated processes. The GLEIF LEI Look-up API can easily be integrated into internal systems based on the widely supported JSON data format. The use of the API is free of charge and does not require registration.
Through connecting the GLEIF API at the stage of onboarding, financial institutions could ask client to provide their LEI. The verified and quality-controlled LEI data would automatically bring data fields in GLEIF’s Common Data File format without requiring the client to enter such details again. Removing redundancy for the client to resubmit all the information that is being already represented in the LEI data would bring mean better customer experience for the financial institution.
Under the “Validation Agent” framework, GLEIF allows financial institutions to issue an LEI for each onboarded client through partnering with accredited LEI Issuing Organizations. Optimizing the quality, reliability and usability of LEI data empowers market participants to benefit from the wealth of information available with the LEI population and is at the core of GLEIF’s mission.
The value of the LEI in AML to support transparency and efficiency has already been recognized by the European Commission in its anti-money laundering and countering the financing of terrorism legislative package. In the new AML Regulation, it is stated in Article 18 that "Identification and verification of the customer's identity - the LEI is required, where available, for the identification of a legal entity; for a trustee of an express trust or a person holding an equivalent position in a similar legal arrangement and for other organizations that have legal capacity under national law".
Therefore, GLEIF invites EBA to add the LEI as a recommended best practice for financial sector operators under 4.2.3 Identifying Legal Entities.
The LEI connects to key reference data that enables a clear and unique identification of legal entities participating in financial transactions. This includes the official name of the legal entity as recorded in the official registers, the registered address of that legal entity, the country of formation. The Global LEI System links with the local business registries that might be proprietary and in different character sets. With the LEI, financial institutions could quickly identify the entities and attributes set from a reliable and independent source of information, the Global LEI Repository. They can also easily contribute updates via the public challenge process.
The Global LEI Repository has already been recognized by the Bank of International Settlements as a “non-documentary verification” source under the “Verification of identity of legal persons”.
GLEIF understands that the EBA is considering the creation of a secure “Digital Identity” for all European citizens as a solution for the identification of natural persons in a non-fragmented way. However, the challenge remains for the identification of legal entities. GLEIF suggests that as a global and digital identifier for legal entities, the LEI has the potential to contribute to an interoperable digital identity framework for legal entities.
GLEIF agrees that the qualified digital certificate by itself guarantees the identity of the signer and its signature guarantees document integrity and frames it into a precise timing, using qualified time stamps in combination. Therefore, by adding LEIs into digital certificates, the recipient of a digital certificate can easily parse the certificate content and precisely identify its counterparty. Moreover, the digital certificate may contain outdated company information (e.g., a changed headquarter address, change in the name of the company). Change in the basic attributes would normally cause revocation of the certificate, which many organization forget or avoid due to time and cost concerns. Therefore, GLEIF suggests that if the LEI is a data attribute in these certificates, any attribution change in the LEI reference data can be reflected real time on the certificate without a need for the certificate being revoked.
Given EBA suggests Option 3 under “Digital identities”, which allows firms to determine which digital identity issuers to use, subject to certain conditions that would be set out in the guidelines, GLEIF invites EBA to recommend the LEI as an attribute in digital certificates for legal entities in its final Remote Onboarding Guidelines.
3. Do you have any comments on the Guideline 4.2 ‘Acquisition of Information’? If you do not agree, please set out why you do not agree and if possible, provide evidence of the adverse impact provisions in this section would have.
It is stated in the draft Guidelines that the methods financial sector operators use to verify that the person is the person that claims to be is one of the key aspects of these Guidelines. To fulfill this specific step, the financial sector operators should understand the risks and create a robust framework to ensure the reliability of the verification process.GLEIF understands that the EBA refrains from being prescriptive under 4.2 and leaves enough room for the financial sector operators to choose which sources to use for client verification. That being said, providing that much flexibility has the potential to impair the harmonization of customer due diligence requirements set out with the new AML Regulation proposed in July 2021 and data interoperability across the EU. Therefore, GLEIF thinks that EBA could recommend financial sector operators to leverage certain data sources and therefore include certain data elements for remote client identity verification, for which the LEI stands out for unique and unambiguous legal entity identification.
GLEIF's interactions with financial sector operators confirm that the use of the unique identifiers can greatly streamline remote onboarding of their clients. Through integration of the LEI in their onboarding processes, financial sector operators could easily (1) validate the client record, (2) pre-populate the client record with information that must be stored within the financial institution and (3) verify the information that has been collected. The Global LEI Repository brings efficiency, transparency and trust to legal entity identification. Backed by the Regulatory Oversight Committee, it is the only online source with the potential to capture any entity engaging in financial transactions globally, regardless of who generates these transactions. By leveraging this as the unique source of identification within Remote Customer Onboarding Solutions and enriching the Global LEI Repository with the continuous validation efforts of financial sector operators, the ECB would make the Global LEI Repository an extremely powerful resource for private sector and public sector use. As noted by the European Systemic Risk Board (ESRB):
• The global economy is based on a web of contracts and financial transactions, including a large number of cross-border contracts that cover the entire planet, creating tightly knit and extremely complex patterns. This web covers not only financial institutions but also other entities that have relationships, contracts and exposures with each other and with the financial sector. If one crucial node breaks, a large portion of the network might unravel, potentially with deep implications across the globe. If left unchecked, such events could lead to financial contagion. The clear identification of individual entities and any connections among them is key to drawing a reliable map of the global economic and financial landscape. It is also an important prerequisite for reducing financial contagion and promoting financial stability.
The ESRB recommends that relevant authorities pursue and systematize their efforts to promote the adoption and use of the LEI, making use for this purpose of the various regulatory or supervisory powers which they have been granted by national or Union law. The Remote Customer Onboarding Solutions guidelines is an excellent opportunity to leverage this recommendation.
Financial Institutions can easily connect to the Global LEI Repository via the GLEIF Look-up application programming interface (API), which allows developers to access the complete LEI data pool in real-time directly and perform on-demand checks for changes to specific LEI records in a convenient and easy-to-read format. The application, developed by the GLEIF, responds to the market needs of multiple LEI stakeholders, including financial institutions, regulators, fintech companies, and analysts seeking to include LEI data in their machine-readable and automated processes. The GLEIF LEI Look-up API can easily be integrated into internal systems based on the widely supported JSON data format. The use of the API is free of charge and does not require registration.
Through connecting the GLEIF API at the stage of onboarding, financial institutions could ask client to provide their LEI. The verified and quality-controlled LEI data would automatically bring data fields in GLEIF’s Common Data File format without requiring the client to enter such details again. Removing redundancy for the client to resubmit all the information that is being already represented in the LEI data would bring mean better customer experience for the financial institution.
Under the “Validation Agent” framework, GLEIF allows financial institutions to issue an LEI for each onboarded client through partnering with accredited LEI Issuing Organizations. Optimizing the quality, reliability and usability of LEI data empowers market participants to benefit from the wealth of information available with the LEI population and is at the core of GLEIF’s mission.
The value of the LEI in AML to support transparency and efficiency has already been recognized by the European Commission in its anti-money laundering and countering the financing of terrorism legislative package. In the new AML Regulation, it is stated in Article 18 that "Identification and verification of the customer's identity - the LEI is required, where available, for the identification of a legal entity; for a trustee of an express trust or a person holding an equivalent position in a similar legal arrangement and for other organizations that have legal capacity under national law".
Therefore, GLEIF invites EBA to add the LEI as a recommended best practice for financial sector operators under 4.2.3 Identifying Legal Entities.
4. Do you have any comments on the Guideline 4.3 ‘Document Authenticity & Integrity’? If you do not agree, please set out why you do not agree and if possible, provide evidence of the adverse impact provisions in this section would have.
GLEIF agrees that remote customer onboarding solutions implemented by the financial sector operators should verify the document’s authenticity and integrity. Thereby, the financial sector operator can confirm that the legal entity has the right to conclude contracts and it is established in its respective jurisdiction.The LEI connects to key reference data that enables a clear and unique identification of legal entities participating in financial transactions. This includes the official name of the legal entity as recorded in the official registers, the registered address of that legal entity, the country of formation. The Global LEI System links with the local business registries that might be proprietary and in different character sets. With the LEI, financial institutions could quickly identify the entities and attributes set from a reliable and independent source of information, the Global LEI Repository. They can also easily contribute updates via the public challenge process.
The Global LEI Repository has already been recognized by the Bank of International Settlements as a “non-documentary verification” source under the “Verification of identity of legal persons”.
6. Do you have any comments on the Guideline 4.5 ‘Digital Identities’? If you do not agree, please set out why you do not agree and if possible, provide evidence of the adverse impact provisions in this section would have.
As stated in the consultation paper, the eIDAS Regulation introduced some convergence of approaches by defining standards that aim to increase the reliability of the digital representation of natural and legal persons. However, the use of digital identities particularly in a cross-border environment remains a challenge as there is no requirement for Member States to develop a national digital identity framework and to make it interoperable with the frameworks of other Member States.GLEIF understands that the EBA is considering the creation of a secure “Digital Identity” for all European citizens as a solution for the identification of natural persons in a non-fragmented way. However, the challenge remains for the identification of legal entities. GLEIF suggests that as a global and digital identifier for legal entities, the LEI has the potential to contribute to an interoperable digital identity framework for legal entities.
GLEIF agrees that the qualified digital certificate by itself guarantees the identity of the signer and its signature guarantees document integrity and frames it into a precise timing, using qualified time stamps in combination. Therefore, by adding LEIs into digital certificates, the recipient of a digital certificate can easily parse the certificate content and precisely identify its counterparty. Moreover, the digital certificate may contain outdated company information (e.g., a changed headquarter address, change in the name of the company). Change in the basic attributes would normally cause revocation of the certificate, which many organization forget or avoid due to time and cost concerns. Therefore, GLEIF suggests that if the LEI is a data attribute in these certificates, any attribution change in the LEI reference data can be reflected real time on the certificate without a need for the certificate being revoked.
Given EBA suggests Option 3 under “Digital identities”, which allows firms to determine which digital identity issuers to use, subject to certain conditions that would be set out in the guidelines, GLEIF invites EBA to recommend the LEI as an attribute in digital certificates for legal entities in its final Remote Onboarding Guidelines.