eIDAS Qualified Signatures

The New Gold Standard for Remote Registration in Finance and Insurance

New Identity & eSignature Regulation                           

The eIDAS regulation (EU N°910/2014) came into force in 2016. With eiDAS, the EU has regulated the way EU citizens’ electronic signatures and identities shall be created, audited and supervised. 

 

In doing so, the EU has created one of the most powerful frameworks to power the digital economy. With eIDAS, e-signatures and identities are recognized across national borders and public authorities and courts alike are mandated to accept their legal validity.

 

Standards based

The beauty of the eIDAS regulation is that it for the first time opens for true cross border recognition and interoperability. The fulfilment of eIDAS regulation on so called Trust Services is linked to specific standards issued by the European Telecommunications Standards Institute (ETSI). ETSI is an independent, not-for-profit, standardization organization in the ICT industry in Europe.

                                  Screen Shot 2020-09-30 at 11.53.57

ETSI standards not only guarantee technology, quality, security and consumer protection, but they also provide the commercial sector with a future-proof, EU wide compliant set of services that can be procured from competing suppliers under the scrutiny of the eIDAS audit and national supervision systems.

Pains for Finance and Insurance                               

Consumer behavior is shifting rapidly to digital and mobile. Finance and insurance providers across the globe are scrambling to introduce digital offerings and use cases. Fintechs are introducing new service models and customer experiences. With mobile devices at the fingertips of every consumer, three basic pains need to be solved to build compliant services:

  • Remote Registration: the need for a compliant, user friendly and cost effective onboarding to services that have specific procedural anti-money laundering requirements
  • Digital Contract Signing: the need to ensure that the physical person can use, or create at the point-of-sale, a compliant electronic signature that is appropriate for the level of financial and compliance risk of the service. 
  • Authentication: the need to ensure that a physical person can access personal or otherwise sensitive data as well as authorizing transactions with a secure means of authentication. This needs to comply with personal data protection legislation (e.g. GDPR) and emerging financial regulation (e.g. PSD2).

Registration Gold Standard                              Screen Shot 2020-09-30 at 12.00.54

All EU countries have national regulation and supervisory guidance to finance and insurance service providers in the field of remote identification following anti-money laundering (AML) legislation. Although there has been long time harmonization with money laundering directives, eIDAS electronic signatures have been adopted in almost all EU countries as a compliant means of remote registration. Never before in the history of the EU, has one method of registration been compliant in all member states. That method is the qualified electronic signature (QeS).

Qualified Signature & Trust Services                   

The QeS is the esignature with the highest level of assurance and security. The signature falls under strict standards and audits and is not a “black box” type of technology. It is a perfect match with finance and insurance industry needs because of its “compliance by design” characteristics.

The QeS is provided by a qualified trust service provider (QTSP), which is a regulated, audited and supervised entity according to the most demanding IT security, management system, personal data protection, liability and accessibility requirements. 

What to look for in the market

 

Advances in open banking, computing, biometric recognition and smartphone proliferation means that it is possible to build cost effective, compliant and user friendly remote registration processes based on eIDAS qualified signatures. These are, for all the aforementioned reasons, superior to any other types of ad hoc solutions however effective they may seem. 

 

Procurement Checklist: 

 

  • Look for an eIDAS qualified signature that a QTSP can provide remotely to natural persons (users) at your point of registration - start by reviewing the so called EU trusted list

 

  • Select a solution that allows for persistent e-signatures i.e. enabling the user to reuse their signature for at least 2 years or more - avoid costly and cumbersome identification services that need to be repeated

 

  • Design a solution that solves all three pains in one - don’t buy remote registration, e-signing and authentication separately

 

  • Search for providers that leverage smartphone technology to enable authentication and authorization with touch and faceID for registration, signing and authentication - your users will love it

 

  • Demand a registration process in the user’s preferred language that can be self serviced - live video conferencing is poorly received and has low conversion

 

  • Secure that your solution covers your main markets - avoid setting up one process for each market - leading providers can cover at least all of the EU.