In response to that growing demand, the Bermuda Monetary Authority has taken a first and vital step towards the regulation of digital identity service provider businesses in Bermuda.

On November 22, the island’s financial services regulator published proposals and a request for feedback on this topic titled Consultation Paper: Regulation of Digital Identity Service Provider Business.

The DISP consultation provides an extremely conscientious and thoughtful proposal for a DISP licensing regime and discussion of many of the issues that other regulators of DISP businesses must grapple with.

These include qualifying technical service standards, cybersecurity risk management, compliance with privacy law, the complications for DISP outsourcing and related authority for continuing oversight and enforcement.

In a concerted effort to seek the guidance and advice of all potential stakeholders and the public the BMA seeks to protect, the DISP consultation asks 18 specific and probative questions that focus on some of the more challenging aspects of its regulatory proposals.

Some of those questions assume a detailed knowledge of how digital ID systems work across multiple participants.

For example, question 11: “Do you think (regulated financial institutions) should adapt their online services to accept digital ID logins to access their proprietary systems, thus unlocking the convenience of ‘single sign-on’ for digital ID users?”

The more feedback and advice that the BMA can receive on this much needed initiative, the better and faster the solution will arrive to cure the present quagmire of incessant and time-consuming demand for “know your customer” personal information and related manual identity verification materials.

Moves in the direction of digital identity verification by governments, inter-governmental bodies and the private sector have been going on for about 35 years.

In 1989, the G-7 created the Financial Action Task Force as an independent inter-governmental body to promote countermeasures and policies necessary to address the growing global concern about money laundering, terrorist financing and the proliferation of weapons of mass destruction.

In the decades that followed, many governments around the world ventured into the realm of identity verification, including early attempts in Canada to merge driving licences and health ID cards into “smart cards” that would allow biometric access to a consolidated database for ease of online access and identity verification.

In March 2020, as a reflection of IT advances in data management, FATF published its Guidance on Digital Identity to promote the creation, adoption and regulation of digital ID systems that can be used and relied upon to securely, quickly and efficiently identify persons who are low-risk participants in global finance, investment and corporate management.

One of the most important recommendations of the GDI was for governments to create a “digital ID assurance framework” for the assessment, certification and continuing regulatory oversight of reliable digital identification service providers.

Certainly, the demand for one-stop identity verification services is rapidly increasing because regulators, regulated entities, individuals and corporations must constantly spend huge amounts of management time and expense verifying either their own identity to others or verifying the identity of those with whom they wish to do business or regulate.

The GDI was generally agnostic about how any combination of digital identity services might be configured to achieve those ends, and many jurisdictions around the world have (before and after the GDI) launched a wide range of digital ID systems.

Some are governmental, some are offered as public-private sector partnerships, and other jurisdictions have created regulatory regimes for the certification of trusted, private sector DISPs.

In 2022, Britain launched its own GDI initiative called the UK Digital Identity & Attributes Trust Framework, which seeks to encourage the launch of private sector digital identity solutions to meet those market demands.

Under the supervision of an Office for Digital Identities and Attributes, the UK DIATF defines the rules, standards and governance oversight for all DISPs.

The UK DIATF includes a certification regime to provide the public with assurance that the digital identity services they subscribe to will be secure, reliable and will be administered under the watchful eye of the Office for Digital Identities.

Kudos to the BMA for this recent initiative, and I hope that all other public policy and regulatory reform in Bermuda will follow the BMA’s thoughtful consultative lead.

First Published in The Royal Gazette, Legally Speaking column, December 2024

Locations

Bermuda

Services

Corporate, Technology & Innovation

Sectors

Privacy & Data Protection, Technology & Innovation

Type

Insight

Share
X.com LinkedIn Email Save as PDF
More Publications
Appleby-Website-Banking-and-Financial-Services
19 Feb 2025

Recent Updates on BVI, Cayman and Bermuda laws

Entities incorporated or registered in the British Virgin Islands (BVI), Cayman Islands and Bermuda ...

Fiona Chan
Angelina Wong
Fiona Chan, Angelina Wong
Appleby-Website-Employment-and-Immigration
18 Feb 2025

Fostering Respect: the Importance of Bullying and Sexual Harassment Policies in Bermuda (Part 2)

Under the Employment Act 2000 (EA), it is a requirement for an employer to not only have a compliant...

Theodora Hand
Theodora Hand
Technology and Innovation
31 Jan 2025

Bermuda Monetary Authority’s 2025 Tech Commitment

A focus on the crucial and enabling role that technology plays across all financial service sectors ...

Duncan Card
Duncan Card
Fund Finance
29 Jan 2025

Fund Finance Laws and Regulations 2025 – Bermuda

The Bermuda fund industry sees investment predominantly from North America and Europe, and therefore...

Matthew Ebbs-Brewer
Arielle DeSilva
Matthew Ebbs-Brewer, Arielle DeSilva
Employment-and-Immigration
23 Jan 2025

Fostering Respect: the Importance of Bullying and Sexual Harassment Policies in Bermuda (Part 1)

Under the Employment Act 2000 (EA), it is a requirement for an employer to not only have a compliant...

Theodora Hand
Theodora Hand
Appleby-Website-Insurance-and-Reinsurance
21 Jan 2025

Bermuda: Chambers Insurance & Reinsurance Guide 2025

This guide provides the latest information on sources of insurance and reinsurance law, overseas-bas...

Brad Adderley
Matthew Carr
Max Tetlow
Cathryn Minors
Josephine Noddings
Brad Adderley, Matthew Carr, Max Tetlow, Cathryn Minors, Josephine Noddings
Technology and Innovation
20 Jan 2025

Bermuda: Insurance industry is going through a ‘profound’ tech transformation

One of the most pressing demands on insurers, and their leadership, is coping with the accelerating ...

Duncan Card
Duncan Card
Technology and Innovation
17 Jan 2025

Augmented Advocacy Series (Bermuda): AI and Legal Privilege

The dramatic rise in the use of artificial intelligence in the legal sector raises issues around leg...

Ligaya Sanchez-Wilson
Ligaya Sanchez-Wilson
Appleby-Website-Insurance-and-Reinsurance
2 Jan 2025

Bermuda: Expect a Crazy Start to 2025 After Another Record Year

Brad Adderley
Brad Adderley
Website-Code-Bermuda
13 Dec 2024

Gifting a home in Bermuda: a review of your options

A home can be gifted to a spouse, or the next generation either during an owner’s life, or as an i...

Neil Molyneux
Neil Molyneux