DIGITAL IDENTITY AND OPEN BANKING
(Authored by Akshata Namjoshi- Lead: Fintech, Blockchain, Emerging Tech at KARM Legal Consultants, UAE)
Open banking by concept drives a costumer centric approach to give the consumer an increased choice of how she wants to consume financial products and services. Open Banking has also been a major driver in the rebalancing of a digitally-enabled economy, seeking to provide better outcomes for customers and appropriately manage the risk of a new digital ecosystem. In addition, an increasingly customer-centric regulatory response in EU is creating a precedent that is compelling institutions to leverage new technologies and give customers more control of their data and identity in the digital economy.
The European Banking Authority adopted the revised payment services directives, the PSD2, which paved the way for the banks to share customer account details and payment data to third-party providers (TPP) in a secure manner. The main objective was to create a better integrated internal market for electronic payments within financial institutions and giving a level playing field to both the consumers and the TPPs. Thanks to PSD2 the financial world bestowed an opportunity on TPPs to access open/public APIs so that they can build applications and services for the financial institutions, which means more services and solutions for customers. With open banking solutions, open banking customers would find the ability to manage their accounts and payment with different commercial banks and fintech providers. Unsurprisingly, Financial institutions will have to offer their customers uncomplicated data security, and they will have to implement a robust digital identity system.
To have a robust digital identity system though, there are multiple lose ends to fasten to realize full potential of open banking. Traditionally, identification of a person has been based on physical interactions and/or through identification systems followed by the government of the country. An identity system enables a person to prove that ‘you are who you say you are’ and this ability is fundamental for their active participation in political, social and economic life. The attributes of an identity system can be divided into various categories including birth related information, descriptive information, personal identifiers and biometric data like fingerprint, DNA, iris scan. Specifically, in the case of financial services, irrespective of the nature of identity used as a reliable source of identification, it is necessary that the identity system has a defined purpose, is legal, unique and digital[i] (fig 2.). These characteristics are not mutually exclusive, and an identity system can possess one or all of these characteristics to varying degrees. The FATF Recommendations oblige FIs to conduct CDD using “reliable” information. [ii]Therefore, a Digital ID system which complies with the required assurance levels and interoperability standards should be deemed to be a contingent requirement for such information to fulfill the ‘reliability’ test. [iii]
Federal ID and federated authentication of Digital ID
There is a difference, YES- there is. Think of Aadhar in India as a model of a federal ID (digitally operable to a limited extent) and think of Sweden’s bank ID as federated authentication. The Swedish eIDs are not issued by a national government (or government authorised authority), nor are the issuers tied to one national root. The issuance of eIDs in Sweden is made by a number of commercial companies based on their close relationship with groups of citizens (their customers) and based on the fact that they have access to the current population register (which includes the personal identity number, name, address etc for all citizens, except those that have been granted identity protection for special reasons). Banks with Internet bank-services are the typical commercial company for this kind of service.[v]
Therefore, based on the outcomes and observation of the World Bank and FATF (as cited) what is evident is that for a Digital ID to work effectively it needs to have:
The Bahrain Way
In November 2018, the Central Bank of Bahrain (CBB) introduced an open banking module (“OB Module”) for regulating undertaking of “account information” and “payment initiation” services. While theoretically similar to the PSD2’s approach, Bahrain takes the cake for the sheer clarity of regulatory expectation from the TPPs and banks.
If one was to look at the kind of regime the states must follow, below are the three most determinant factors of OB Module, which are likely to make things much simpler for provision of TPP services and using digital identity for facilitating open banking services.
A rather dormant link in the entire conversation around Digital ID and open banking has been the central banks across the globe. Similarly, commercial banks have been reluctant to share information with the TPPs for the reason risk of cyber security and crimes associated with Open APIs.
Although, as far as the implementation of Digital ID in the financial sector is concerned, central banks will have to ride the wave and turn it in this favor mostly. This isn’t a conversation about lack of regulatory clarity thankfully. There are major concerns around data protection and cyber security but to be able to truly realize the potential of a digital ID - Fintechs and TPPs will deserve a fair chance. Instead of long drawn processes to bring in the digital ID systems for commercial and financial transactions- the jurisdictions can also look at existing digital signature laws- like in the case of UAE Pass in UAE.
Because as we established earlier it’s all about “You are who you say you are!”
[i] World Bank Group, “G20 Digital Identity Onboarding” (2018), available at https://www.gpfi.org/sites/gpfi/files/documents/G20_Digital_Identity_Onboarding.pdf [Accessed 11 July 2020].
[ii] Financial Action Task Force, Fatf-gafi.org. 2020. [online] Available at:
[iii] Arab Monetary Fund, Amf.org.ae. 2020. [online] Available at:
[iv] World Bank Group, “G20 Digital Identity Onboarding” (2018), available at https://www.gpfi.org/sites/gpfi/files/documents/G20_Digital_Identity_Onboarding.pdf [Accessed 11 July 2020].
[v] Ec.europa.eu. 2007. Preliminary Study On Mutual Recognition Of Esignatures For Egovernment Applications NATIONAL PROFILE SWEDEN. [online] Available at:
To stay updated,
subscribe to our newsletter