The LEI: The missing ingredient in digital certificate management
August 25, 2020
How a simple integration can safeguard trust in tomorrow’s digital economy
By Stephan Wolf, Chief Executive Officer at the Global LEI Foundation
The world’s digital economy owes much to the enabling properties of digital certificates. Their proliferation has enabled both organizations and individuals to dispense with slow ‘old world’ paper-based documentation and instead engage digitally, safe in the knowledge that their business partner, together with the certified activities being performed, is trusted in a digital context.
Yet the system is flawed. As the use of certificates continues to grow in both number and use-case application, so too does the time and cost required to maintain them. Legal entities commonly hold multiple certificates from different certificate schemes and issuers, meaning records are kept in multiple silos by a variety of organizations, globally. The lack of ‘links’ between certificates is making the job of keeping track increasingly difficult to manage.
What’s more, the reference data available with each certificate (such as the name, legal form and address) is embedded as text strings that are potentially distinct to the certificate’s issuer due to a variety of reasons, including their use of as local language. This means that manual checks are often needed to establish that a) the certificate in question does indeed match to the counterparty’s organizational representation in internal databases and b) that the certificate itself remains current and the information it contains is up to date.
This latter point exposes yet another problem. Entities’ circumstances change; digital certificates do not. Should an entity rename itself, move premises or change its legal status, for example, these vital updates can not be reflected in their live certificates. Updating them effectively means starting again: legacy certificates are revoked. Updated certificates are reissued. However, this process only works in some circumstances. In case a downstream application can’t access the relevant revocation list, outdated information persists.
This, of course, assumes that the entity does what it should. In reality, a fair number of organizations will allow their active certificates to persist unchanged until their natural expiration date, and only then update their data. Whether this occurs deliberately or unwitting is, to some extent, immaterial, since the result remains the same: certificate information held about that organization is not kept up to date in a systematic way, or at all, by the information holders. The broader implication is that certified information is in circulation when it is out of date, and that organizations may also often have multiple certificates under different names, each with varying and inconsistent information. In short, the trust system is undermined.
This ‘maintenance problem’ intensifies as entities expand their use of digital certificates across a broader range of business activities, such as approving business transactions and contracts, client onboarding, transacting within import/export and supply chain business networks, or submitting regulatory filings and reports.
In response, entities urgently need a fast and simple way to ensure the information they are obtaining through digital certificates is suitably reliable.
An elegant solution: Integrate the LEI into digital certificates
Integrating the Legal Entity Identifier (LEI) into digital certificates at the point of issuance addresses these issues head-on. The LEI is a 20-character, alpha-numeric code based on the ISO 17442 standard that connects to key reference information to enable clear and unique identification of legal entities, globally. Each LEI contains information about an entity’s ownership structure, answering the questions of ‘who is who’ and ‘who owns whom’ – crucial for those operating to mitigate risk.
If the LEI can be embedded into digital certificates, it can become the common link between them that is so urgently needed. This would allow anyone to easily tie together all certificate records associated with an entity, determine which certificates are current, and clear up variances. In this way, it can provide certainty of identity and trust in any online interaction between entities, making it easier for everyone to participate safely in the global digital marketplace. It also significantly reduces the complexity and cost, both people and technology-related, associated with due diligence and validation of customers, partners and suppliers.
In order to facilitate the use of LEIs in digital certificates, the Global LEI Foundation has been working closely with standards setting organizations such as the International Organization for Standardization (ISO) and ETSI European Telecommunications Standards Institute in the EU. These technical standards are necessary for the certificate authority industry to consistently embed LEIs into certificates.1
Box out: Watch GLEIF’s video (https://www.youtube.com/watch?v=SL6gWP7IsVc) .
Looking ahead: digital solution adoption, APIs and new use-cases for digital certificates
Global LEI Foundation research that identified KYC challenges in the financial services industry reveals that 61% of stakeholders believe that the growth of digital solutions will actually make identity verification more difficult. As entities continue to adopt digital solutions that utilize emerging technologies, such as IoT and blockchain, their use of digital certificates will increase, not least because digital certificates technology now has consolidated regulatory backing, which enables greater reliability and trust in digital identity. This will continue stimulating further demand for precisely the kind of automated verification that the LEI can enable. To cope with this level of demand, certificate handling has no choice but to become faster, and current information must be obtainable on demand via application programming interfaces (APIs). Here, the LEI could become an essential building block for the usage of digital certificates – and digital signatures – in any kind of distributed supply-chain.
Today, different digital ID systems are based on varying standards, keys and encryption and the only common link between them is the entity name, which can vary widely and change over time. Without a consistent numerical link between IDs, automated methods will always result in errors and further challenges for organizations. The LEI is perfectly poised to provide this consistent link and, by doing so, cement its position as a force for good in the digital economy as a whole.
Categorised in: Blog