Big Data

SHARE

FOLLOW EBF

FOR MORE INFO CONTACT

Noemie Papp

Legal adviser

Consumer Affairs & Coordinator Digital issues

n.papp@ebf-fbe.eu

www.ebf-fbe.eu

DOWNLOAD

FOR MORE INFO CONTACT

Noemie Papp

Legal Adviser

Consumer Affairs & Coordinator Digital issues

n.papp@ebf-fbe.eu

www.ebf-fbe.eu

FIVE ACTIONS FOR THE FUTURE OF DIGITAL BANKING:

  • 1Boost digital inclusion by developing public-private partnerships between banks and public authorities.
  • 2Organise a full-fledged stakeholders debate on innovative payments and pan-EU solutions with consideration for costs and benefits for all stakeholders.
  • 3Promote a cybersecurity awareness campaign highlighting existing and new threats, making digital finance more secure and building trust.
  • 4Conduct a ‘fitness check’ on existing financial services legislation to adjust to the global market reality and to ensure consistency.
  • 5Conduct a joint assessment by both government and industry on opportunities and impact of crypto-technologies.

FOR MORE INFO CONTACT

Noemie Papp

Legal Adviser

Consumer Affairs & Coordinator Digital issues

n.papp@ebf-fbe.eu

www.ebf-fbe.eu

E-identification / e-signature

E-identification / e-signature

RECOMMENDATIONS

E-identification and e-signature

  • 1 Establish a truly interoperable environment with the recognition of a preferential use of cross-border national eIDs.
  • 2 Encourage trust in e-identification: further guarantees on the degree of trust in e-identification means ensuring that the person claiming a particular identity is in fact the person to whom the identity was assigned. Remote electronic signature service providers should apply specific management and administrative security procedures and use trustworthy systems and products, including secure electronic communication channels to guarantee: a) the reliability of the environment in which the e-signature is created; b) that the e-signature is used under the sole control of the signatory.
  • 3 Establish common standards for document authentication and procedure to ease the use of e-signature at domestic and cross-border levels.
  • 4 Establish a common bank industry standard to allow the use of eIDAS under SEPA and the future PSD2.

E-identification / e-signature

E-signature is the electronic equivalent of a handwritten signature whereas e-identification is the process of using personal identification data in an electronic form which uniquely represent either a natural or legal person, or a natural person representing a legal person. In the EU many Member States provide their citizens with electronic IDs via smart cards, a citizen card to access public online services or others technologies such as mobile devices, or a combination of card and phone.

The Regulation (EU) N°910/201411 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation) was adopted in July 2014. Its purpose is to enable secure and seamless electronic interactions between businesses, citizens and public authorities and increase the effectiveness of public and private online services, eBusiness and electronic commerce in the EU. Many positive opportunities are provided by e-identification, for instance, in terms of security. Nonetheless, in practice, a number of legal obstacles remain.

Opportunities

Trusted e-identification and e-signature are paramount for the development of the digital internal market and will offer numerous opportunities for the banking sector such as: facilitating access to distance product and services for consumers and the verification of customer identity.

Mutually recognised electronic identification in the European Union can facilitate cross-border provision of many services in the internal market and enable businesses to operate on a cross-border basis without facing many obstacles in interactions with public authorities.

E-identification and e-signature also contribute towards including citizens within a digital culture and creating an interoperable system involving all sectors.

E-identification/e-signature also reduces paper volume and creates a more efficient operational system.

Banks have a widespread experience in establishing digital identities, which places them in an ideal position to deliver digital identity services for business purposes and for the wider context such as partnerships with public authorities.

What do e-identification and e-signature mean?


E-signature is the electronic equivalent of a handwritten signature whereas e-identification is the process of using personal identification data in an electronic form which uniquely represents either a natural or legal person, or a natural person representing a legal person.

Positive role of banks in eID


In certain countries a major part of the success of eGovernment has been due to the implementation of eID by banks

Barriers

A number of banks already use e-signature as a way to complete the process of signing a contract (e.g. using a graphometric signature on tablet). In some Member States banks are currently using the e-signature as way to complete the process of Know Your Customer (KYC) identification imposed by the 3rd Anti-Money Laundering Directive in case of a non-face-to-face business relationship. Nonetheless, banks still need to collect copies of ID to complete the identification process. They are obliged to ensure a further check of the data acquired (enhanced customer due diligence), in a manner deemed appropriate to the specific risk.

We also observe that inconsistencies exist within recently adopted EU legislations chiefly with regards to the eIDAS Regulation 910/2014 and the 4th Anti-Money Laundering directive newly adopted. (See EBF Blueprint chapter on removing regulatory inconsistencies.)

New regulation on e-identity should include existing regulatory requirements and aim at enhancing and improving the identity process. Regulators should bear in mind that the digital development is moving at a very fast pace and adaptable regulation is key to providing a level playing field between banks and other less intensively regulated financial service providers. When it comes to issuing, verifying and exchanging data, equal enforcement and coordination between Data Protection Authorities and Financial Supervisory Authorities are essentia

Identity theft is a strategic tool used by criminals. Thus, all processes put in place for acquiring the e-identity should comply with a high-level of security and take into consideration the sophisticated nature of the crime, especially, if public authorities generalise the use of an e-identification/e-signature. Undeniably, it appears more difficult to falsify traditional paper documents than electronic documents. Finally, securitisation of administrative documents should be guaranteed across all EU Member States.

Removing existing barriers to the cross-border use of electronic identification is key. The e-signature is neither valid across markets nor from one country to another. If the digital solution is not trusted across markets it is difficult to find and establish customer friendly solutions. Favourable conditions should be created to ensure the interoperability of electronic identification such as work on standards, technologies and processes, and finding a convergence between the different sectors involved. In this regard, it is worth noting the European STORK 2.0 (Secure idenTity acrOss boRders linKed 2.0) project, aimed at realising a single European electronic identification and authentication area. The STORK 2.0 project is testing the opportunities of the cross-border use of eID in four key areas: eLearning, eBanking, Public Services for Business and eHealth.

Identity theft is a strategic tool used by criminals. Thus, all processes put in place for acquiring the e-identity should comply with a high-level of security and take into consideration the sophisticated nature of the crime, especially, if public authorities generalise the use of an e-identification/e-signature. Undeniably, it appears more difficult to falsify traditional paper documents than electronic documents. Finally, securitisation of administrative documents should be guaranteed across all EU Member States.

The legal effect of an electronic signature should not be denied on the grounds that it has an electronic form, as provided by the eIDAS Regulation. We observe that certain national authorities and regulators are reluctant to recognise officially private identification keys as a proper and legitimate form of client identification. The identification keys provided for clients by the banks should be a valid substitute for signatures used in business dealings with clients and not only for payment transactions in EU jurisdictions.Short of establishing a common e-identity and e-authentication system, digital signing of documents should be mutually recognised across borders as having the same legal status as physical signatures.

Safeguarding information over extended periods of time and guaranteeing the validity of the e-signature irrespective of technological changes are important elements to keep, notably for legal purposes.

In addition, it is essential to create awareness and develop understanding through strong communication within a company and towards citizens at large. A common framework for electronic archiving, with the same legal effect for e-signature and registered e-mails throughout the EU, could significantly reduce the cost and administrative burden of document retention.