uPort partners with the GLEIF network to launch decentralized corporate identity management
Today, we’re announcing our partnership with the Global Legal Entity Identifier Foundation (GLEIF), a foundation that manages the process of issuing over 1.5M corporate identity verifications around the world called legal entity identifiers (LEIs). We’re taking these LEIs a step further by allowing GLEIF and others within their network to issue these digital credentials through our credential management platform.
In today’s highly digital, global economy, companies and organizations increasingly struggle to verify the identity of their potential business partners. In order to check the legitimacy of a partner, one must navigate through complex mazes of registries, ID numbers and verification systems that are often very specific to a particular country, region or industry.
To bring consistency and a standardized, global system of business identification, the Global Legal Entity Identifier Foundation (GLEIF) created the Legal Entity Identifier (LEI). LEI is a unique, 20-digit identifier that indexes a company’s information in a centralized, verified database. This system quickly answers the question of “who is who” and “who owns whom.” At the same time, it significantly improves transparency while also reduces the cost and complexity of the business verification process.
LEI adoption by businesses has been growing approximately 40% YoY, according to GLEIF’s 2018 annual report. That’s an impressive number on its own but GLEIF didn’t stop there.
GLEIF and uPort partnered to tackle the next pressing problem many businesses, organizations, financial institutions, and regulators face today: the verification of a person acting in an official role.
It goes without saying that companies are run by people. In their official capacity, these individuals are authorized to make decisions, perform transactions and sign official and financial documents on behalf of the companies they represent. While duplication of company registrations and identities can be avoided by using a unique LEI indicator, the situation is more complex when it comes to a verification system for the identity of a person acting on behalf of a business.
Main challenges for this system include:
Multiple forms of identification
Almost every country has different types of institutions that verify a person and issue identification documents. What is more, passports, ID documents, tax registrations or social numbers issued by these institutions often exist in data silos and are not linked. This can lead to situations where the same person performs two roles at different companies. In the registries, she is considered as two separate people. The system is even weaker when applied to a global scale. With multiple identifications, it’s challenging to ensure that a person who is verified by one valid set of documents and eligible to make business transactions on behalf of a company in a country A is not prohibitively sanctioned to do so based on a different set of verification in a country B.
Lack of one persistent form of identification
Contrary to businesses, almost all forms of identification for individuals have an expiration date. Any time a person renews her passport it comes with a new number. Moreover, even if a document remains valid, the data attributes included in it might change over time (i.e. address, last name). These simple facts make maintaining a database that is consistently accurate close to, if not completely impossible.
Private vs public data
Building a truly standardized and global identification system means that it has to comply with the laws of every country. This applies particularly to data privacy regulations which vary significantly from nation to nation. While business information is widely considered public, there are different rules when it comes to individuals. This places limitations on what information about corporate officers can be referenced or included in the publicly available GLEIF database.
By relying on today’s existing systems, the challenges listed above make the expansion of LEI data to include accurate, to-date and non-duplicative information about corporate officers almost impossible.
With these challenges in mind, uPort built with GLEIF a proof-of-concept for an identity and credential management platform. This PoC addresses the challenge of linking a person with an LEI to authenticate their official role within a company. It showcases how the GLEIF system can be designed to carry information about corporate officers required by regulators without the need to publicly expose private data.
uPort’s unique expertise in blockchain and self-sovereign identity led to a system that provides transparency, data accuracy, and data timeliness while also, crucially, being privacy-preserving by design.
Expanding benefits of the LEI through Verifiable Credentials
The LEIs issued in GLEIF’s network today answer the question ‘who is who?’ and ‘who owns what?’ for legal entities. To receive an LEI, companies submit reference data and ultimately receive a confirmation of validity by an LEI Issuer (i.e. Local Operating Unit). Through the PoC we implemented, we are now able to answer the question, ‘who represents who?’. This significantly expands the value of the LEI network.
We launched the PoC with different stakeholders in France from within the GLEIF network. The uPort team worked closely with the participating organizations to receive critical feedback and input as we developed the credential management platform. Besides GLEIF, the organizations involved are the following:
- Institut national de la statistique et des études économiques (INSEE) — The French Statistics Bureau that is as an LEI Issuer.
- Société Générale — The international investment and retail bank to whom that LEI is issued.
- Banque de France — The Central Bank of France that regulates and authenticates regulatory filings by financial institutions, like Societe Generale.
We used the GLEIF PoC as the first use of our credential management platform (Trust Agent). The application we implemented has the following three capabilities:
A. Enterprises to issue and store verifiable credentials
- GLEIF accredits INSEE as an LEI Issuer and upon successful accreditation, issues it a cryptographically signed verifiable credential, allowing it to become an issuer of LEIs.
- INSEE, upon verification of Societe Generale’s legal entity reference data (e.g. addresses, subsidiaries, jurisdiction), issues it a credential containing its LEI code and information about its corporate officers (name, role).
- Societe Generale, as an enterprise with an LEI, issues role credentials to persons acting in official roles with the associated permissions. These credentials populate corporate officer role information and the corresponding persons in the GLEIF database
B. Employees to sign and submit documents with the uPort mobile app
4. On behalf of Societe Generale, Corporate officers can now use their role credentials to sign and submit regulatory filings to the French regulator, Banque de France.
C. Regulators to view and verify the signatures of submitted documents
5. Banque de France is able to trust that the submitted filings have indeed been signed by authorized officers on behalf of Societe Generale.
When Banque de France clicks “verify”, the request queries all the issuers of the credentials in the value chain to validate them at once. It also checks that the officer has the right permissions to sign and submit the filings.
Our current implementation solves for duplication and challenges of multiple IDs for corporate officers. It also provides better traceability and a privacy-preserving solution across the GLEIF network of participants:
Tracking verifications from their source
The chain of digital credentials starting from GLEIF and going through INSEE, Societe Generale and finally to an individual corporate officer allows Banque de France to trust that the officer submitting regulatory filings on behalf of Societe Generale is indeed verified. Each credential issued as well as the signed and submitted documents can be verified through a simple query. This connective tissue created between the PoC stakeholders for credential issuance, storage, consumption, and verification happens through uPort’s Trustgraph, a user-controlled graph infrastructure. It represents the connections between issuers and subjects of credentials with controlled access by the owner of the data.
Mapping multiple roles to one person
To receive a role credential, a person downloads the uPort mobile wallet app and creates a decentralized identifier (DID). From there on, every credential that is issued to that person is linked to their unique DID. By managing one mobile wallet an individual can store multiple “role” credentials.This allows a person who may have multiple corporate officer roles to still be recognized as a single person to regulators, and solves for duplication challenges previously outlined.
Preserving privacy rights
Our product is privacy-preserving by design. The corporate officer credentials are stored in users’ mobile wallets. They have sole control over whom they share these credentials with and when. This way personal information that cannot be publicly available in the GLEIF index can be revealed to regulators by a request made directly to an individual.
Additional use cases in which verifiable credentials and the LEI can be used
The core products we relied on for this PoC, our credential management platform and user-centric mobile wallet, can be used to enable verified data exchange and increase counterparty trust across many different industries and use cases. While there is wide applicability to what we built, we will focus in this section on exploring use cases related to corporate identity and LEIs.
Early adopters of LEIs were traders in capital markets relying on these identifiers for transaction reporting to regulators. A joint McKinsey and GLEIF study in 2018 identified that LEIs have a broader potential to create business value across the financial services market as well as in supply chain, through reducing the time spent on identifying counterparties and improving the reliability of information.
We believe that if GLEIF, regulators and GLEIF network participants were to rely on decentralized identity technologies like ours, they can drive wider LEI adoption and derive substantial cost savings. This PoC has demonstrated how legal entity and corporate officer data can become more standardized, persistent and portable.
Examples of use cases relying on LEIs and decentralized identity besides the one demonstrated in this PoC include:
- “Know your customer”(KYC) for businesses — Businesses looking to sign-up for financial services undergo a robust and lengthy diligence process during on-boarding. Recent research shows that It takes an average of six to seven weeks to onboard a new legal entity. The KYC methods relied upon by financial institutions are still inadequate, and often rely on manual processes. The ability for businesses to have portable, verified credentials with info about their legal entity and corporate officers can reduce onboarding costs drastically.
- Trade finance — The global trade finance market was estimated at $59.5B in 2018, and is expected to grow by a CAGR of 3.2% yearly to reach $76.5B by 2025, according to a research study by MarketInsightsReports. Verifying the identities of counterparties in transactions, especially cross-border, is highly costly and time-consuming. Relying on verifiable credentials and LEI reference data that can add more traceability and reliability to the data being shared will vastly reduce these transaction-related costs.
Let us know if you’re interested in using uPort for your use case!
Throughout our joint efforts with GLEIF, we demonstrated an alternative system for identification and authentication of legal entities and their corporate officers — one that is reliant on decentralized identifiers and verifiable credentials. This new system allows digital credentials to be issued to both enterprises and persons, and using these credentials to digitally sign documents. It not only removes duplication challenges with regards to identity verification of persons acting on behalf of a business, but also preserves data privacy of these persons.
Our collaboration with the different stakeholders and regulators provided us with deep insights of the existing systemic issues related to authentication and verified data exchange. We explored with them how blockchain-based solutions, like uPort, can create efficiencies for each of them, while also remaining compliant.
This PoC is only the start. As we learn, test and gather insights from the participating organizations and beyond, we will use these insights to continue building out our uPort Serto product suite.
If you are a business interested in a credential management platform that enables verified data exchange, please get in touch with us at firstname.lastname@example.org. You can also sign up for our newsletter to stay up to date on the latest uPort partnership announcements, product releases, and developer information.