Stephan Wolf Discusses this Week’s MiFID II LEI Mandate and Emerging Digital Certificates

Blog entry

The MiFID II mandate requiring the use of Legal Entity Identifiers (LEIs) to identify parties to financial transactions came into play on Monday, causing barely a ripple in trading markets, but still posing problems in terms of lapsed LEIs – a problem that Stephan Wolf, CEO of the Global LEI Foundation (GLEIF), suggests could be solved by embedding the identifier in digital certificates.

Day one of the delayed MiFID II mandate saw LEI issuance at a total of 1.2 million, although with 89 regulations using the identifier, it is impossible to assess how many LEIs have been issued to comply with MiFID II. The number of Local Operating Units (LOUs) – or LEI issuers – in the global LEI system stands at 32, with DTCC the largest issuer but losing market share, in part due to a subtle change made by the GLEIF in how LOUs operate.

While they were previously endorsed by the LEI Regulatory Oversight Committee (ROC) to operate in local jurisdictions, the GLEIF has ended the endorsement process and instead requires organisations to be able to demonstrate they have the necessary skills and access to local markets to become LOUs. Wolf provides an example: “An organisation can apply to issue LEIs in 10 jurisdictions, but it must be capable of doing so.”

Beyond MiFID II in the EU, the LEI is gaining traction in jurisdictions such as the US where it must be used by firms transacting with European counterparties, India where it is used to identify credit borrowers over a certain size, and Singapore and Hong Kong where it is also used as a regulatory identifier.

While getting the LEI this far since its inception in 2012 is quite a feat, particularly in light of previous identifier schemes that failed to flourish, it is not perfect, with lapsed LEIs causing concern. The problem stems from some jurisdictional regulations requiring use of the LEI and others requesting it. Exacerbating this, the MiFID II regime requires traders to renew LEIs annually, but not their counterparties. For example, if SAP is a counterparty, the European Securities and Markets Authority (ESMA) says a bank can’t insist on renewal. The US works along similar lines, although Canada requires all firms to renew LEIs on an annual basis.

This generates two types of LEI – those in financial services firms that are always renewed, and those of counterparties that don’t bother to renew them – which is why the number of lapsed LEIs is growing, says Wolf. He proposes a number of solutions to the problem, including banks asking counterparties for ‘power of attorney’ to register LEIs on their behalf and gather required reference data from an LOU.

A closer relationship between regulators and industry to make LEIs an industry tool could also help. For example, banks could issue onboarding policies requiring every client to have an LEI, a real benefit for Know Your Customer (KYC) and anti-money laundering (AML) processes. Alternatively, an LEI could be used in the front office to exchange data and build trust with a customer. Wolf says: “It is our job to look at the bottom line and add value for banks. For regulators we add transparency.”

The GLEIF runs regular meetings for LEI stakeholder groups such as LOUs, data vendors, and statisticians who gauge what the LEI is doing in the market. A group for technology firms is planned, as fintechs and regtechs build apps that could include the LEI.

On a larger scale and moving on from the initial rationale for the identifier, Wolf suggests the LEI could be included in digital certificates and become part of digital identification. He is keen to discuss this with industry and regulators, and envisages both private and public certificates to cover individuals in both their business and private capacity. He says: “This is the future of the digital economy. Including the LEI as an entity identifier in a digital certificate could combat cybercrime and identity theft, support the Internet of Things and make apps like KYC and client onboarding easier to fulfil.” The problem of lapsed LEIs would also be erased, as digital certificates must be renewed.

Applying for digital certificates from suppliers such as GlobalSign, Verisign and Thawte is voluntary, but that could begin to change with the introduction of eIDAS, an EU regulation covering electronic identification and trust services, essentially services such as electronic signatures that confirm an online document or other electronic data is sent from a trusted source, is authentic and hasn’t been tampered with. The regulation came into effect on July 1, 2016. By September 2018, EU governments must be able to allow citizens to use electronic identification to access online public services in all EU member states.

Wolf says: “eIDAS requires governments to give digital certificates to all users of their services. This is ground breaking, confirms identity and means no more signing of paper. It is only a matter of time until digital certificates are widely adopted. In that time, the GLEIF will work to include the LEI in certificates. This could make business transactions cheaper and access to transacted money faster.”