Working with the Open Identity Exchange (OIX UK), we have started to explore how the private sector might benefit from digital identity. This post is for anybody interested in the status of that work.
How could GOV.UK Verify be re-used outside of government?
GOV.UK Verify gives safer, simpler access to an increasing range of government services but is also designed to be re-used in the wider public sector and the private sector. The standards for GOV.UK Verify were designed to be interoperable with those of other sectors and those of other countries. We’ve used a market-based approach in the expectation that there would eventually be other buyers outside of government wanting to use the services our certified companies have built initially for GOV.UK Verify.
In 2015 OIX UK conducted an initial survey that looked at the different components of GOV.UK Verify to understand which elements might be of value outside central government. The survey showed us that there is a lot of interest in the financial sector in how digital identity assurance could be used to replace expensive and inconvenient face-to-face processes.
Financial institutions need to verify the identities of their customers as part of their Customer Due Diligence processes. Typically a customer may be asked to show a passport and a utility bill at a bank branch, but there is enormous variation in the way financial institutions go about identity verification.
The Tax Incentivised Savings Association (TISA) carried out a discovery project through OIX UK earlier this year to test customer reaction to re-use of their GOV.UK Verify digital identity when opening a new savings account. Whilst digital identity was found to be a convenient way for customers to confirm their identity to savings providers, more work is required to explain to customers how identity verification works in this context.
Learning more from the financial sector
We’re keen to build on what we learnt from the OIX UK survey, and the work TISA has carried out so far, so we can work out how we can best support the development of the market.
We’ve kicked off some more work through OIX UK with financial institutions to explore how they could allow people to re-use their identity account for financial services. This wouldn’t necessarily involve the GOV.UK Verify hub (which allows communication between the user, the certified company, and the service on GOV.UK) or the GOV.UK Verify brand. The important thing is that the user can use the same identity account (set up with a certified company) to access many services. In the Autumn these projects will publish their findings. This research will help us understand the potential use cases for digital identity in the financial sector.
Standards for identity assurance in the financial sector
It is important to understand in detail how identity and authentication standards would meet regulatory requirements for the financial sector. The main requirements are set out in Anti Money Laundering regulations. The Joint Money Laundering Steering Group (JMLSG) aims to promulgate good practice in countering money laundering and to give practical assistance in interpreting the UK Money Laundering Regulations. It publishes detailed guidance for financial institutions setting out how they can meet these regulatory requirements.
We are working with the British Bankers Association on a comparison of current bank identity verification processes against the UK government standards. The results of the study will be published through OIX UK later in 2016.
Keep up to date
The OIX UK project reports will set out ways in which digital identities might be re-used in this sector and the issues that will need to be addressed. You can follow the progress of the projects on the OIX UK website.