At UK Finance’s recent “Digital Identity: Unlocking Growth and Innovation” conference, discussions around digital identity – the digital representation of someone’s identity information – took centre stage, with panels addressing both the challenges with its adoption and its associated risks. I was thrilled to participate in those panels and contribute to the discussions.
Building trust in digital identity will require both innovation and collaboration – here are my key takeaways from both panels, and insight into the future solutions that could redefine how digital identity is managed.
The Role of Regulators and Financial Institutions in Digital Identity
The first panel made it evident that digital identity is not just about verifying credentials; it’s about establishing digital trust on a national and global scale. However, there’s still no consensus on who should lead the standard-setting process.
Governments must show leadership by advancing regulatory frameworks that protect users without stifling innovation. Meanwhile, financial institutions are responsible for implementing these frameworks and ensuring security throughout the adoption process. A central challenge here is balancing the need for standardisation with the demand for market-driven innovation.
As highlighted during the event, successful models from the Nordics, India, and Singapore demonstrate that multilateral collaboration – between governments, regulators, banks, and tech companies – is essential. The UK’s ongoing Digital Information and Smart Data Bill may be the key to establishing similar frameworks, though its full impact remains to be seen.
Nevertheless, it was agreed that the fundamental requirements are fixed:
- Digital identities must be provisioned in each case electronically by the Identity provider
- Those identities must be secured with some form of cryptography
- Any solution must still work when the customer is offline
- The administrator of any digital identity network must create the necessary infrastructure that reliant parties can use to verify offline transactions.
Risks in Digital Identity – Mitigating Fraud and Ensuring Security
The second panel addressed the risks associated with digital identity, with onboarding emerging as one of the most critical points of vulnerability. Onboarding risk sets the tone for the entire system: If the weakest provider in a network compromises security, the entire framework is at risk.
Any party seeking to provide digital identities must be prepared to be rated on the risks they introduce to the ecosystem in which they operate. In cases where they are also the relying parties, they can propagate the risks associated with the identity provider in that case.
The administrator of an identity framework is required to have a robust onboarding process for the identity providers that participate in the network, and to enforce the rules to ensure those participants adhere to the standards set in order to lower the risk to the network.
Financial institutions, which often face higher friction in their processes, must adopt risk-based evaluations to strengthen client onboarding without sacrificing customer experience.
Fraud was another focal point, particularly the growing threat posed by deepfakes and identity theft. As fraudsters become more sophisticated, financial institutions must stay ahead by using cryptography and biometric authentication to secure digital identities.
The discussions also highlighted the need for collaboration between identity providers and third-party entities that can connect disparate identity networks. These entities, however, also introduce additional risks that must be carefully managed.
Zero Knowledge Proofs – Building Trust Through Privacy and Innovation
Privacy is paramount to digital identity – this means that providers must do everything within their power to uphold it, such as providing options to customers that ensure that they only have to share the details they want to share.
Looking ahead, the adoption of Zero Knowledge Proofs (ZKPs) offers a promising solution to many of the privacy concerns raised during the event. ZKPs allow users to verify their identity without revealing sensitive data, addressing a key issue in identity verification. While still an emerging technology, ZKPs could play a pivotal role in ensuring the security and privacy of digital identity systems in the near future.
By addressing both the regulatory challenges and the security risks, the financial services sector can help build a robust digital identity infrastructure that meets the evolving digital needs of the financial services space.
At Davies, our Financial Crime & Regulatory Compliance experts remain at the forefront of these developments. We look forward to supporting our clients in navigating the challenges and reaping the benefits of innovations.
