Message from the CEO, Nina Schindler
"As can be witnessed from the many times the topic has been featured on the agenda of different Councils of Ministers and even the European Council, Digital Identify is a top priority for Europe and its Digital Agenda. On 3 June, the European Commission released its Digital Identity package. The co-operative banking sector sees this topic as key for its relationship with members and clients. The recent lockdown has further evidenced how essential electronic identification is for finance to work digitally. Online identity verification has enabled consumers to open accounts and use multiple financial services at a distance.
The EACB, together with the European Banking Federation (EBF) and European Savings and Retail and Banking Group (ESBG) – known collectively as the European Credit Sector Associations (ECSAs) – are eager to do their part to make the EU digital identity framework a reality. Consequently, we have collectively established a dedicated ECSAs e-ID Task Force, with the aim to formulate common positions and views for the banking industry on the topic of Digital Identity (DI). This includes views not only on the legislative framework but also on the future role of banks in Europe’s e-ID framework.
The banking industry has welcomed the e-ID package, including the proposal for a European Digital Identify Wallet, which should allow users to access online services easily and safely anywhere in Europe with their national digital identification and to give people full control of the data they share. The wallet architecture with its underlying principles has the potential to further increase innovation within the financial industry, benefitting all European businesses and citizens. However, aspects such interoperability, standardization and liability need to be further clarified."
3 Questions to Jan Ceyssens, European Commission, DG FISMA, Head of Unit - Digital Finance
Jan Ceyssens is Head of the “Digital Finance” Unit in the Directorate General for Financial Stability, Financial Services and Capital Markets Union at the European Commission. He was previously Member and Deputy Head of the Cabinet of Vice President Dombrovskis and Member of the Cabinet of Vice-President Barnier, and Team Leader for Financial Supervision at the European Commission's Internal Markets and Services Directorate General. He graduated in law from Humboldt University in Berlin and holds a Master’s degree in European Law from King's College London. He works at the European Commission since 2006, initially in the Directorate General for Competition's Cartels enforcement Directorate and since 2009 in the Internal Markets and Services Directorate General.
_____________________________
- What changes is the Commission tackling compared to the current eIDAS Regulation? In what areas does the Commission expect more benefits to be generated for citizens and businesses thanks to the proposal?
The package as a whole is a game-changer for the use of digital identity in the EU. However, three developments merit particular attention.
First, a main challenge – in fact a No. 1 internal market obstacle raised by stakeholders in our public consultations leading up to the Digital Finance and Retail Payments Strategies - is that existing digital identity solutions are currently unable to scale up their operations across the single market. Moving towards a harmonized, standard-based system based on digital wallets will provide the necessary European scale to address this issue. The proposal for a European Digital Identity framework will strengthen the cross-border use of electronic identification, as well as a wide range of attributes and credentials linked to those identities. In finance, this will facilitate in particular remote onboarding/KYC, and identification for payment transactions. This will become possible with the introduction of secure, convenient mobile-based digital wallets (‘European Digital Identity Wallets’).
Second, concerning consumers, a truly novel development offered by the proposal is that all EU citizens will have a right to have a European Digital Identity Wallet that is to be accepted in all Member States both for public and private sector transactions. Today, not every citizen living in the EU has access to a means of digital identification. EDI will change this by obliging every Member State to notify at least one solution under the EDI framework. This will increase coverage considerably: by 2030, an estimated 80% of EU citizens will be able to have access to a trusted and secure electronic identity.
Lastly, the proposal extends the benefits of the eIDAS framework to the private sector. Banks, payment providers and fintechs - large and small - will be able to offer a range of identity-related services based on European Digital Identity Wallet and new trust services, such as qualified electronic attestation of attributes.
- A general concern would be uptake. Wallet download and usage seem to be voluntary for EU citizens, but mandatory acceptance is required for businesses. Are there any thoughts on how to incentivize the uptake of the European Digital Identity Wallet?
The context for the eIDAS Regulation in 2021 is fundamentally different to 2014, the year of its adoption. Innovation cycles are accelerating; this results in new consumer expectations. The COVID-19 pandemic is an important illustration of this point. Digital finance has helped citizens and businesses tackle the unprecedented situation created by the pandemic. For example, online identity verification enabled consumers to open accounts and use multiple financial services at a distance. Consumers expect effective, cross-border and user-friendly digital services across the EU.
The incentive to use the digital wallet will come from its user-centric design and cross-border functionality that will meet these consumer demands. Citizens expect to be able to identify online and by mobile with a single solution for public and private use-cases. Users also expect to be in full control of their data. The EU Digital Identity Wallets will link various aspects of people’s digital identities (e.g. national ID, driving license, bank-specific information) for use across multiple sectors, anywhere in the EU. Today’s system is based on voluntary notification by Member States relying on lengthy peer review process and the principle of mutual recognition. The new proposal aims to streamline these procedures, and the digital identity wallets should be based on common set of standards ensuring smooth interoperability. The digital wallet will give users flexibility and control in terms of accessing and managing their identity. This has the potential to transform customer experience - for the better.
Aside from better customer experience, there is a strong business case for using wallets. The Impact Assessment accompanying the proposal illustrates that costs associated to establishing interoperable standards for the digital wallet will be outweighed by the significant benefits stemming directly from an increase in cross-border recognition and acceptance of electronic identity and attribute services. Digital identities based on wallets are a future proof solution: both the private sector and governments are already moving in this direction. In recent years, a number of banks have started to provide Wallet Apps, including in the Netherlands and Germany.
- The banking industry has a long history in customer identification. What role would you see for the banking industry in realising Europe’s ambitions under the Digital Identity Package?
The banking industry has an important role in realising the opportunities of the proposal precisely because financial institutions are major users and providers of digital identities. Financial institutions are in a strong position to pioneer digital identity solutions because of the high level of security and certainty required in order to access financial services. We see this in practice: in many EU countries bank-led digital identity solutions have developed reach and scale beyond the financial sector: BankID in Sweden, NemID in Denmark, and itsme in Belgium are three excellent examples.
Banks have a lot to gain from the proposal for a European Digital Identity framework. Secure electronic identification and the provision of attestation of attributes can offer additional reach for the financial services sector to identify customers and exchange of specific attributes necessary to fulfil a variety of important use cases. This includes complying with important elements of customer due diligence under the proposed Anti-Money Laundering Regulation, fulfilling suitability requirements stemming from investor protection legislation, and supporting the use of strong customer authentication in the field of payment services. At the same time, due to their experience banks are also well placed to develop new business opportunities when it comes to providing digital identification solutions beyond the financial sector.
We need to get the detail right in order to realise the benefits of the European Digital Identity framework. That is why the Commission has proposed to work with Member States on standards, technical specifications and operational aspects of the European Digital Identity Wallets under the Common Union Toolbox. The aim is to ensure that by the autumn of 2022 Member States, in close cooperation with the Commission, agree on the Toolbox to implement the European Digital Identity Framework. The work will rely on strong collaboration with key external stakeholders, including from the financial sector. The future of finance is digital, and banks are at the core of the digital transition.
Second Opinion from Jens Holeczek & Emiliano Anzellotti, Co-Chairs of the ECSAs e-ID Task Force
Jens Holeczek is Head of Digital Payment Unit at National Association of German Cooperative Banks -BVR- working in payments within the cooperative sector more than 25 years. He is responsible for all payment related topics including APIs, ID-Services and new topics like blockchain for payments and digital euro.
Emiliano Anzellotti is part of the ABI Lab team acting as Chair of the Advisory Board of the European projects eIB (eIDAS enabled banking- under CEF programme), TRUSTaWARE (Digital Security and Privacy – under Horizon 2020) and ENSURESEC (Secure Ecommerce -under Horizon 2020).
_____________________________
Recently, the ECSA e-ID Task Force submitted its views on the Commission’s DI proposal. The Task Force warmly welcomes the high ambitions presented in the Commission’s proposal for a European Digital Identity. The proposal will incentivise Member States to be more expedient in developing e-ID solutions with a wide scope of usage and potentially much higher adoption rate. The European Digital Identity Wallet (DIW) will make it possible to offer quicker onboarding processes and better user experience while ensuring the same level of security as face-to-face onboarding processes. It will also contribute to further adoption of digital banking services.
The Task Force members believe, however, that there is room to improve the legislative text. For example, identification, verification and authentication are different processes referring to different phases of the relationship between the bank and the customer – the difference between them and how they are used should be made clear. Better coordination of the DI proposal with other rules such as AML, data protection and PSD2 is needed in order to avoid any overlaps and inconsistencies.
Moreover, the proposal for mandatory acceptance of the DIW for Strong Customer Authentication for payments is questionable. Such mandatory DIW acceptance would require quite fundamental and costly adjustments to existing payment infrastructures without necessarily improving the customer experience. It could, on the contrary actually reduce security and privacy. Before mandating the use of the DIW for payments, it should be assessed how these, in principle static, credentials would meet the high security standards presently required under EU law that demand dynamic mechanisms, like “logic” in card chips or two-way authentication. Clear rules are needed within the Common Toolbox on which party can be liable for any abuse of data contained in the DIW. Indeed, liability is linked to interactions with relying parties when using the DIW. To protect users from fraud, it should be ensured that relying parties shall use certified procedures for the processing of data and be considered liable for the misuse of the data, which in case of financial data, would come from the financial sector. Further there is a need to clarify and harmonize liability about the IT-Security and processual design failures in the overall ID-System itself. Considering such requirements, to allow SMEs to act as relying party an intermediary role should be introduced that could support them in the complex technical issues and be able to bear the liability for data usage. We also see the need for some work as to the question how the DIW approach will fit in the already existing EU projects, e.g., the creation of a European payments scheme or the Digital Euro.
Finally, identity is a global requirement – a European framework needs to be connectable in a global context, too.
The financial industry with its wide customer reach has an important role to play in the e-ID ecosystem, in the design and implementation of the DIW. The further design of Europe’s Digital Identity framework should, however, consider that private authorisation processes and identification, including the verification of other information elements that e-ID users are willing to share and distribution of liabilities across parties in the identify chain, have different requirements compared to a governmental “passport” ID solution. The industry is keen to contribute to the further design of the framework and is looking forward to engaging in a dialogue with the different policy makers involved and to make it a success for citizens, governments and the private sector.