The Bermuda Monetary Authority (BMA) has published a consultation paper seeking feedback on a proposed legal framework for the licensing and supervision of service providers for non-government digital identities in the British territory.
In the paper published on November 22, the BMA says the framework, which shall be regulated under a Digital Identity Service Provider Business Act (DISPA), is part of efforts to advance its policy objectives and expand the use of digital ID in other areas that may positively impact people’s lives.
The move, which is part of the BMA’s Customer Due Diligence, is also seen as a step by the financial services regulator to position the North Atlantic Ocean archipelago for “continued growth, diversification and innovation in the financial services sector in the future.”
With the ever-increasing use of digital means for the delivery of services, the need for secure and trusted digital IDs is becoming ever more acute, the paper notes, meaning that persons and organizations involved in various transactions with people they don’t know require an entity for “independent verification and risk checks.”
The paper also identifies use cases in the financial context which could benefit from a landscape of regulated digital ID service providers. These include the identification and verification of persons during onboarding and through their relationship with service providers, the authentication of customers seeking access to digital services, the improvement of financial inclusion as well as non-face-to-face onboarding.
The BMA says it hopes to “leverage its existing supervisory activities and skillsets to regulate this new DISP [Digital ID Service Providers] sector.”
“The vision for this regulatory framework is that a Bermuda-licensed DISP will provide an end-to-end service for users and RPs [Relying Parties] for the issue, use and maintenance of a digital ID. To reiterate, the vision is for a DISP to fulfil all of the roles supporting the user and RP interactions,” a portion of the paper reads.
“The vision is to license a DISP to offer a comprehensive Digital ID system utilizing various entities, technologies, processes and architectures.”
These roles of the DISP, according to the paper, include carrying out ID proofing by validating evidence and verifying that the validated evidence relates to the applicant; handling a subscriber’s primary authentication credentials and issuing assertions derived from those credentials to RPs; issuing and or registering authenticators and corresponding electronic credentials to subscribers; providing enrollment services, and verifying a claimant’s identity for an RP by confirming the claimant’s possession and control of one or more authenticators using an authentication protocol.
Given that digital ID systems pose serious security and privacy risks that must be taken seriously, the BMA mentions that its proposed licensing framework for DISPs factors in a robust cybersecurity mechanism and other measures aimed at combatting money laundering and other financial crimes.
The paper also spells out the scope of the licensing regime, the roles of DISPs, risk and cyber risk management, consent and privacy, enforcement, the three licensing categories to be considered, and the criteria for licensing. The Authority plans to issue Class T license for pilots or beta testing over a defined period; Class M for a defined period, and Class F for a full license.
“These three licence classes are intended to provide a progression of regulatory complexity and supervisory intensity that is commensurate with the nature, scale and complexity of the business and that supports prudent industry development.”
The Authority says it considers the proposed framework as “appropriate support for the introduction of Digital IDs to Bermuda to address the scope of declared opportunities.”
Partners for digital transformation
In a related development, the government of Bermuda says it is looking for “qualified vendors” for “a strategic partnership” on its ambitious digital transformation journey.
In a Request for Proposals, the government underscores its commitment to “a comprehensive digital transformation agenda aimed at improving citizen engagement, streamlining service delivery, and driving greater efficiency across its departments.”
In order to attain these goals, the government says it needs partners with proven experience and know-how who will help it realise “several high-priority projects that will leverage advanced digital technologies, improve data management, and simplify the public’s interaction with government services.”
The project focuses on three primary areas and the deadline for the submission of proposals by interested vendors is Friday December 6.
Bermuda’s digital transformation also includes a national CCTV project.
Article Topics
Bermuda | digital government | digital ID | digital identity | government services | identity proofing | rfp
