Financial Services in the eIDAS Era
The rapid evolution of technologies over the last two decades has led financial institutions to develop new digital services and respond to the rising customer needs for mobility and “anywhere, anytime” convenience. In a recent webinar on “Driving the Digital Agenda in Financial Services”, Alastair Campbell, Global Head of Secure Access & Digital Identity at HSBC stated, “Our ability to create an end-to-end digital origination process, and make it seamless and progressive for the customer, is a critical requirement for our business.”
In the banking industry, as online and mobile services continue to grow and as more customers transact in the digital world, the risks related to identity fraud and other financial cybercrimes are also increasing. As a result, banks and FIs need to ask themselves two key questions:
- How can I verify and ensure the identity of the customer (or applicant) before and during a digital transaction (e.g., account opening)?
- How can I continue to invest in digital services like online and mobile banking in a seamless and secure manner, while maintaining the legal value of the underlying transactions?
Enter eIDAS. The eIDAS regulation provides a common legal framework in the EU, including clear guidance for the use of e-signatures. It is especially relevant to regulated industries where obligations exist for security, reliable identification, strong authentication, and legal certainty of electronic evidence.
eIDAS: Three Levels of E-Signature
eIDAS defines three levels of electronic signature: Simple, Advanced, and Qualified. There are trade-offs associated with these three levels of e-signature under eIDAS. The Simple E-Signature (SES) optimizes customer experience and provides moderate signer assurance. At the other end of the spectrum is the Qualified E-Signature (QES). It provides the highest level of signer assurance, because it requires in-person identity verification. Somewhere in the middle is the Advanced E-Signature (AES). For high risk and cross-border transactions, it is considered a well-balanced approach, making only small trade-offs in customer experience while providing strong measures to mitigate against the exposure to risk and fraud. The Simple and Advanced E-Signature are by far the most commonly used signature types in terms of volume.
The Importance of Digital Identity and Intent
The signature is an important component of the process leading to an enforceable contract or agreement. It ties two facts to the document:
1. identity (who signed)
2. intent (the signer intended to be bound by the terms of the contract).
How do you choose the right level of e-signature for your institution and use case? It’s important to balance the trade-offs of the likelihood and risk of a legal challenge versus business productivity and customer experience. White papers offering a legal perspective on e-signature under eIDAS are available to provide you and your legal counsel with guidance.
The broader adoption of eIDAS will facilitate and boost the digital transformation of organizations, enhance customer experience and improve the security of digital transactions. Look for a solution that can meet your Know Your Customer (KYC) requirements through digital identity verification and authentication, and uses standards-based digital signatures to capture the signer’s intent. Not all solutions can do so and if not, they can’t be used immediately without some hard coding (read: delays and IT costs). Out-of-the-box readiness is one of the 'must-haves' that will ensure you can implement e-signatures today rather than waiting for the vendor to deliver on future development plans.