Who should Control or Regulate Identity Verification?


When you consider the various players involved in identity verification, this number is quite large. Border security agents, cashiers at the provincially-owned liquor stores across Canada, employers and banks are a few that may come to mind. Identity verification is necessary across many industries and use cases: insurance, the gig economy, car rental and real estate, to name a few. 

The question becomes: who should be responsible for the control and regulation of such verification? 

This past October 2019, the Financial Action Task Force (FATF) released its draft guidance on digital ID, outlining recommendations for digital ID service providers, authorities and regulated entities. The updated guidance offers clarity in regards to the process for confirming the existence of corporations and other entities. Providing a regulatory framework, guidelines such as the one offered by the FATF are crucial in exploring this and identifying various recommendations. 

The General Data Protection Regulation (GDPR) and the Payment Services Directive (PSD2) are two examples of European-wide sets of regulations, cited in a recent blog post from DIACC member Trulioo. Yet different countries have different rules for compliance, which makes global harmony a challenge. Furthermore, the increasing power of organizations to collect and store personally identifiable information (PII) means that individuals need to have greater authority in controlling their own information. 

“Organisations relying on implied authorisation or other legal constructs to process consumers’ personal information are taking risks that could be avoided by incorporating consumer consent into their verification and business processes,” the blog’s author, Zac Cohen, COO of Trulioo, pointed out. 

World map with satellite data connections. Connectivity across the world.
Different countries have different rules for compliance, which makes global harmony a challenge.

Additionally, Zac notes that there has been a 500 per cent increase in regulatory changes in the developed markets over the past 10 years, and, each year, banks are spending $270 billion on compliance and regulatory obligations.  Innovations in compliance-led technology (RegTech) are also critical, and new technology is now available for developers to instantly verify customers in multiple markets, while supporting Anti-Money Laundering (AML) and Know Your Customer (KYC) laws that are country-specific. 

Such examples highlight why collaboration, and an interoperable solution, are important – a clear line of communication and helping various parties develop a clearer understanding of how digital ID systems work. 

In today’s digital age, with so many different players, channels, sophisticated methods and possible loopholes to exploit, identity verification, and who should control or regulate it, is a challenge to solve. Yet the work of DIACC members in the space, and the support of its three committees, offer a uniquely Canadian approach to this challenge. One such action is the submission that was filed on behalf of the DIACC to the FATF in response to their public consultation, this past November. By taking action on such opportunities, the DIACC has the chance to shape the Canadian, and global, conversation.

We invite you to join the conversation, collaborate with other leaders and solve today’s real-world challenges, in Canada and beyond.