On 21 March 2017 the expert conference “Customer identification and conclusion of contracts without media disruption took place. Two topics were in the focus of discussion: (1) video identification methods and (2) trust services (with a focus on qualified electronic signatures QES), following the overarching question if video identification and QES provide viable solutions for the digital future of banks. First, the legal frameworks have been presented with additional practical examples about introducing a video identification method and finally outlining application scenarios for trust-services.
Video identification methods
Currently, the new BaFin circular replacing the version RS 4/2016 (which is currently suspended) is highly anticipated. If the pending circulation contains requirements that are advantageous for the design of processes without media disruption, as is currently assumed, it is important that the circulation will be published before the fourth EU Money Laundering Directive comes into force. However, if the new circular will be published after the commencement of the fourth EU Money Laundering Directive which is also in the pipeline, the suspension of the RS 4/2016 will be withdrawn, meaning its complex requirements such as reference transactions will have to be put to use.
One conference contribution was dedicated to the introduction and use of video identification at BNP from the compliance perspective focusing on the internal discussions about possible risks and the corresponding mitigation strategies. However, in the end all risks were mitigated and a consensus had been reached. 20% of BNPs customers already use the video identification technology.
Figure 1: The identification and legitimacy of customers is a key instrument for anti-money laundering
In the field of trust services the key message is that, based on the current legal situation, gathered data compliant with the Money Laundering Act (MLA), can be used to issue a QES certificate to sign contracts online. An MLA compliant identification can also be enabled by a QES, however a QES does not contain all required information needed for an MLA compliant identification. The missing data can be submitted additionally either by the customer or by the certification provider via additional documents. The speaker pointed out that those points have already been presented to the Federal Network Agency and are rated as unproblematic. However, what’s far more problematic is the fact that within the draft bill for the Trust Services Law (TSL) from 18 October 2016 there is no explicit equation of MLA compliant identifications and identity verification as well as no information about the requirements for time boundaries is currently provided. Additionally, the processes for collection and consent are unclear. Thus, a new TSL has to be published but no informaiton about a release date has been communicated.
Trust services under eIDAS are commonly referred to when discussing digital signatures. However, a range of features such as other services like seals, time stamps and website authentication and especially their combination are available and deserve more attention. In the new ecosystem of trust services, banks can take over different roles leading to various examples for application or rather business models. For example, the bank could enable the trust service provider to use its identification as well as authentication procedures, which allows signatures to be used in any business process.
Nowadays, the creation of signatures according to the Signature Law is very time-consuming, expensive and inflexible since additional hardware and software is needed. Consequently, only few make use of that method. With the eIDAS processes are simplified, reducing the required efforts significantly. Banks have a particular importance for QES since banks already have the infrastructure to use eIDAS compliant signatures. Unlike other competitors, banks already identify their customers with MLA-compliant measures and use 2FA in their online banking which meets the requirement of MaSI or PSD 2.
All in all, we have understood that especially the different trust services have a high importance for financial institutes as they can be integrated as components in the context of digital identities for a sustainable secure infrastructure and will enable further digital business models.
Dr. Marc Störing (2017). Qualifizierte elektronische Signatur unter eIDAS und VDG. Lecture at the expert conference: Kundenidentifizierung und Vertragsabschluss ohne Medienbruch.
Hans-Peter Krais (2017). Verhelfen Banken der elektronischen Signatur zum Durchbruch?. Lecture at the expert conference: Kundenidentifizierung und Vertragsabschluss ohne Medienbruch.
Simone Roth (2017). Die Anwendungspraxis der Video-Identifizierung aus Sicht der Compliance. Lecture at the expert conference: Kundenidentifizierung und Vertragsabschluss ohne Me-dienbruch.
Ulrike Linde (2017). Anwendungsszenarien und Potentiale von Vertrauensdiensten. Lecture at the expert conference: Kundenidentifizierung und Vertragsabschluss ohne Medienbruch.
Ute Lorenzen (2017). Rechtliche Rahmenbedingungen des Video-Ident-Verfahrens vor dem Hintergrund des aktuellen Entwurfs zur GwG-Novelle. Lecture at the expert conference: Kundenidentifizierung und Vertragsabschluss ohne Medienbruch.