This seventh blog continues our series of insights into the Cyber, Identity and Privacy (CIP) sector of our RegTech Taxonomy. Previously, we have considered ‘good’ synthetic data to test models, synthetic data being the key to opening new opportunities, the importance of identity in a crisis, explored the intersection between Cyber Security and Data Privacy, examined the flurry of M&A activity in this space, and investigated the often missed opportunity relating to Financial Market Infrastructure providers.
This blog, written by guest writer Frank Joshi, Co-Founder and Director at Mvine, discusses with actionable suggestions the future of digital identification from the point of view of a regulated institution.
“Few topics grab my attention like Cyber, Identity and Privacy (CIP). And I know I’m not alone in believing we’re arriving at a new era for what we know as ‘the internet’ which is why RegTech has everyone riveted,” says Frank Joshi.
Without question, Cyber, Identity and Privacy are topics which have been catapulted by the global pandemic to occupy a whole new level of importance with government, industry and civil society.
Whereas far too many organisations seem to scratch the surface, doing just enough to satisfy regulatory compliance, the future of digital identification will cause many to wake up, tool up and skill up.
To help them wake up, this blog contains the “F” word, the “B” word and the “C” word in what it says next.
When it comes to digital identity you need to realise that there is more than one school of thought. And they really are poles apart.
Federated (the “F” word) versus Decentralised versus Centralised (the “C” word).
On the one hand, the centralised model of digital identity where all that is known about a person or a thing resides in a singular data store and is used and reused with consent does have great merits. But it has drawbacks too. One such drawback is the vulnerability it presents in terms of attraction to hackers. I could expand on this but, in the interests of brevity, suggest that you do a web search on “FinCEN files leak” where you will find copious references that illustrate my point about vulnerability.
On the other hand, the decentralised model of digital identity where all that is known about a person or a thing resides in the combination of data stores held at a multiplicity of locations, disseminated through sharing with consent and leaving fragments of data each time something is transacted, is a model that is far more representative of the real world.
The re-assembly of those digital identity fragments, called identity attributes, for a specific purpose, at a specific time and with a specific consent being granted is what makes federated identity and federated authentication a believable and pragmatic approach towards answering the digital identity conundrum facing us all.
Unfortunately, the nuances outlined for you here are totally lost on the vast majority of policymakers and solution architects, let alone on those who say they are identity specialists.
In my experience, there is nothing quite so dangerous as an expert who simply does not get it but act as if they do and bill you as if they do.
Regulated institutions, solution vendors, service providers and RegTech pundits must use 2021 to quarrel less and do more towards embracing one or other of these, remembering that Digital Identification is moving in the right direction. However, there seems to be a confluence of issues:
- Federated does not sit well alongside Centralised. They are not ‘best buddies’ and will never get along with one another because they are diametrically opposed.
- Decentralised does not equal Federated.
- And Self Sovereign Identity is not equal to Decentralised. Certainly, there is an argument for Self Sovereign Identity but the perception of it is being confused, mainly by people who don’t know what they are talking about.
Regulated institutions risk being beguiled into thinking the answer to digital identification is only a technological one. It isn’t.
Technology is only a part. A big part, yes, but still only a part. Let’s take a moment to explore this and to understand which technological advances deserve any of your attention in 2021. Chief Information Officers and Chief Technology Officers will argue, sometimes with each other but always quite reasonably, that their respective budget allocations for business as usual and for innovation is still too modest. One of the reasons I have found for this is that business as usual frequently cannibalises spend which should go to innovation.
The idiom of ‘keeping the lights on’ has become a spent force through its over-use. Nevertheless, as recently as 2020, this well-worn idiom has been trotted out in boardrooms as justification for why more budget needs to be found for improvements in innovation.
But the trouble is some of those innovations are themselves so wide of the mark that cost recovery is ridiculously hard and business cases built on benefit/cost analysis are derided as works of fiction. None more so than innovation projects which have as their cornerstone the “B” word.
History will be littered with failed blockchain (the “B” word) projects and business ideas, which is precisely why regulated institutions need to think again before 2021 is upon them. There is only just enough time left to scrap and reposition. The prime reason for this ‘failure’ is that distributed ledger technology, to give blockchain its more dignified title, is not in any respects the silver bullet you think it is or that you are looking for.
A significant majority of what any regulated institution needs and wants to do can be done perfectly well with other types of technologies which are available today as commercial off the shelf solutions and as software as a service solution. Instead of putting money down the drain on blockchain, greater thought needs to be given to ways that payment rails can be improved, such as the digital identity details of the initiator and beneficiary can be validated and be made to accompany the transaction across the payment rails.
That would be a smart manoeuvre in which RegTech could distinguish itself.
Thinking about it, another smart move would be for the RegTech sector to go to work on the astronomically high commission rates of transactions. For example, companies and consumer countries in sub-Saharan Africa suffer commission rates which are exorbitant.
RegTech in 2021 needs to find ways to fix these sorts of problems. Digital identification in the hands of regulated institutions can and should be a force for good. Societal good and economic good. Not one without the other. No, I’m not going soft. I am simply seeing Reg Tech playing an even better role in 2021. Perhaps you are seeing the same?
For the next blog, I’ll be looking at how those in digital identification will need to skill up in 2021 and pull together my thoughts on the different identity assurance schemes – including which one to watch next year.
Mvine’s Co-Founder and Director Frank is an accomplished entrepreneur with 28 years of experience in the technology sector. Frank was the Co-Founder of Martex Communications plc, a successful B2B portal that operated in 26 vertical sectors by the time he sold it in 2000 to the Tarsus Group for £16.5 million. Frank was Chairman of ChangeBase Ltd before successfully negotiating the sale of the business to Quest Software (now acquired by Dell) in October 2011 for $30 million. His investments included a large stake in Ovum plc, which achieved a successful AIM listing before being sold to Datamonitor for £36 million in 2006. He is Liveryman of the City of London and member of the Worshipful Company of Information Technologists. Mvine.com