R&C: Could you provide an overview of how digital identities are being utilised to tackle financial crime?

Caldera: The most difficult thing in financial crime is being able to track an individual, the many layers that may be used to hide their identity and the connections to other individuals or businesses. The addition of online financial business models and applications has further complicated matters, as online activities are easier to anonymise and much easier to hide the true identity behind the transactions. A proper digital identity infrastructure will allow the tracking and analysis of true identities of individuals, their connections and their activities in a much more accurate manner than today’s analogue version. The usage of digital identities is in its infancy in financial crime detection. Most of what is implemented at the moment is the digitalisation of existing processes. If before, say, you went into a branch to open an account, now the documents can be digitalised and the verification of such documents performed online. Another example of current usage is your mobile phone as a proxy for identity. However, one cannot confuse the use of proxies and aggregation of transactional data being digitalised with the ability to track individuals with a digital construct that represents an identity. Building and maintaining a digital identity is the starting point. An adequate digital identity should represent the ‘analogue’ offline world and the ‘digital’ online components of an identity. It needs to be updated in real-time so that the latest changes are recorded in the identity. A digital identity has to be annotated in the context of the applications that are being used. The details of an identity for healthcare and insurance are certainly different than those needed for financial crime analysis. Digital identity needs to define and describe the authentication context required to succeed in an authentication or authorisation challenge, it has to be non-repudiable once it is established, and it has to be auditable by regulators and law enforcement. Furthermore, it has to be accessible at all times and informed by as many players as possible. There are many of us pushing the envelope, and pushing the industry to start adopting infrastructures with these features even within contained environments.

Jul-Sep 2019 Issue