What are the priority areas and practical actions which would be most helpful to ease the cross-border use and convenience of electronic identification means under IDAS in the banking, payment and financial online services, in full compliance with the applicable legislation (such as AML4 and PSD2)?
The banking/financial sector is a sector where interest in eIDAS is increasingly growing as the tools it provides may allow to easily meet the legal obligations concerning security, know-your-customer (KYC), strong authentication of parties to a transaction and interoperability (e.g. as provided under the Payment Services Directive 2, the Anti-Money Laundering Directive 4).
Relying on MS "notified" eID means of level of assurance “high”, which is the highest requested by Member States for on-line cross border access public sector services, may be relied upon to allow anybody (natural and legal persons) to open a bank account in another EU country online without undergoing face-to-face identity verification in a branch. Indeed, eID means of level "high" carry the legal value associated to a strong identity proofing that includes also a step of in-person verification.
This is the first step in establishing a relationship with a bank. Currently banks encounter problems in the cross-border context in being able to demonstrate compliance with AML4 and PSD2. These include identification as well as due diligence and fraud countermeasures. It is a complicated landscape because banks in different countries, even within the same banking group, adopt non-harmonised approaches to satisfy many aspects of the financial regulatory framework related to customer due diligence and Know Your Customer requirements.
Discussions within the Commission and with relevant organisations and stakeholders have taken place with a view to ensure an alignment between the regulatory requirements in the banking and financial sectors and eIDAS Regulation.
A first concrete outcome was the publication of the European Banking Authority (EBA) Discussion paper on strong customer authentication and secure communication under PSD2 where eIDAS was presented as a possible solution for facilitating the strong customer authentication. The outcome of the Discussion paper will serve as the basis for EBA's further work on drafting the Regulatory Technical Standards in January 2017 in the context of the PSD2.
eIDAS was also mentioned in the green paper on retail financial services which outlines the eIDAS' role in facilitating distance payments as well as matching the Know-Your-Customer (KYC) requirements of anti-money laundering legislation.
What about trust services? How the banking/financial sector and the other sectors could benefit from the use of electronic signatures and the other trust services? Share your idea
In relation to consenting to transactions, the Regulation gives qualified electronic signatures (for natural persons) the same legal effect as handwritten signatures everywhere in the EU. For legal persons, eSeals ensure the origin and integrity of data. Another example is the possible use of Qualified Website Authentication Certificates to meet the strong authentication requirements for communications (i.e. HTTPS sessions) under the PSD2.
Share your views on how eIDAS may help deliver a fully digital solution as an alternative to current paper-based processes? Where do you think eIDAS will play a role in your processes (e.g. KYC) and related workflows (e.g. signing, delivering, identifying, authorising etc.)?