Popular Posts:

What’s New:

GLEIF’s verifiable LEI issuer qualification programWhat are Child Entities and How do They Relate to Other Entities?Do I need an LEI when selling shares?Business Transparency: How to Create an Environment of TrustAnti Money Laundering (AML) in Banking: Everything You Need to KnowCorporate Structures Demystified: What You Need to KnowKYC in Banking: Why It’s Important and How to ComplyWhat is a parent company and how does it work?How long does it take to get an LEI?ISO 5009 – Identifying organizational rolesISO 17442 – Standard for LEI code structureESRB discusses the future of LEIGlobal Business Identifier (GBI) – Trade Transformation InitiativeWhat documents are required when registering LEI?How to get an LEI?Who is an LOU in the LEI Dimension?GMEI Utility vs LEI RegisterLapsed LEI – Why should you keep your LEI active?Who is an LEI Registration Agent?Are LEIs public?What is LEI transfer?Can an individual have an LEI?Do LEI numbers need to be renewed?Why is an LEI number required?How much does an LEI number cost?LEI Lookup – Fully dedicated LEI search websiteISIN to LEI mappingGLEIS | Global LEI SystemMiFID regulation | MiFID II LEIvLEIGLEIF | Global Legal Entity Identifier FoundationCompany Autocomplete by LEI RegisterOpen LEIEuropean Market Infrastructure Regulation | EMIRWhat is an LEI database?LEI Application – Apply For An LEI OnlineLEI Checker – Search Your LEI OnlineWho Needs An LEI Number?LEI for TrustsLegal Entity Identifiers in CryptocurrencyLegal Entity Identifiers in KYCDigital Identity Predictions for 2020The Future of Cybersecurity – DeloitteLegal Entity Identifiers in Digital CertificatesBroad Adoption of LEIs Could Save The Global Banking Sector US $2-4 BillionLegal Entity Identifiers for Government EntitiesThe European Market Infrastructure Regulation (EMIR) and Legal Entity Identifiers (LEIs)The FCA Will Take Pragmatic Approach to Supervising Reporting on Brexit DayAdoption of LEI in Payment Messages by the Payments Market Practice Group (PMPG)RegTech London – Event SummaryWhat is LEI-Search?LEI Register and RapidLEI Announce Official Partnership

Legal Entity Identifiers in Digital Certificates

Digital certificates are hugely important in encrypting the internet. Whether it’s for encrypting a website and adding the ‘S’ to HTTPS or it’s encrypting and signing a digital document like a PDF, digital certificates are everywhere. Up until now, they have solved some great security challenges on the internet by encrypting networks and communication channels. However, as we know, encryption is not always enough.

You can keep information encrypted but if you’re sending it to a criminal then encrypting it does nothing. As an example, imagine visiting an online shop. The shop is encrypted and so you feel safe enough to buy something and you enter your credit card information. Later, you realise the shop itself was merely a phishing site and you’ve actually sent your sensitive information to a cybercriminal. This is a regular occurrence on the internet today.

It’s not enough to know your information is protected. Today, we need to know who is on the receiving end of that information and be sure that we can trust them. HTTPS websites used to have the option of adding identity to the certificates but it was far too easy to get one if you were a cybercriminal and the people doing the vetting were the same people selling the certificates so there wasn’t much motivation to improve the process. Even code signing certificates (used to protect us from malicious apps) were being obtained by cybercriminals to sign apps that would infect our computers and phones.

LEIs Are Organisational Identity

Legal Entity Identifiers (LEIs) are gaining huge adoption in the financial industry as a way to identify organisations. Any organisation trading on the financial market today has to have a LEI and declare on that LEI their parent and child companies.

This database of LEIs is open and accessible to the public who can read and challenge the data. LEIs are obtained from independent Local Operating Units managed by the GLEIF. The power of a third-party identification system is huge and can be relied upon now for global financial reporting to comply with regulations like MiFID II, EMIR and MiFIR.

Going beyond trade reporting, LEIs have already been dubbed as a new tool to help save the Know Your Customer (KYC) and other due diligence processes in onboarding a customer. Using LEIs in digital certificates could increase the efficiency of this system even further.

For example, in Open Banking, where banks are opening up APIs to FinTech companies, two servers have to communicate with each other. eIDAS requires that these communication transactions are signed with a Qualified Certificate but what if those certificates contained a Legal Entity Identifier? Right now the identity vetting in the Qualified Certificate is done by a certificate authority and is not available on an open database. It’s also possible to change company details without the certificate details changing. This can create areas of vulnerability that a hacker can exploit.

What’s Available Now

Legal Entity Identifiers are not yet integrated with all types of digital certificates but you can obtain an SSL/TLS Certificate with a LEI and a Digital Signing Certificate with a LEI.

A good use case for digital signing is B2B transactions that involve paper based document signing such as contracts and agreements. An organisation looking to take these workflows online and make them paperless would benefit from having the additional security of LEI Numbers attached to the certificate that is doing the encrypting and signing of the document.

This LEI number can be checked against the onboarding data and reduce friction and time associated with transactions between two parties.

Interested in obtaining a Legal Entity Identifier for your business? Get one here today.