ISO debuts standard for legal entity organizational roles through digital ID

The International Organization for Standardization (ISO) has created a new standard to recognize official organizational roles in a business entity with digital IDs, which can be used to authenticate the identity of authorized representatives for meeting the KYC and related regulatory requirements of business transactions.

The standard, ISO 5009, is used to verify the identity and position of individuals who represent an organization like a business or company by a legal entity, and is intended for inclusion into current and future digital assets. It achieves this through global uniformity of two kinds of digital assets under the Legal Entity Identifier (LEI) digital ID umbrella: verified LEI (vLEI) and digital certificates embedded with LEIs.

An LEI is a 20-character, alpha-numerical code based on ISO 17442 that links to reference information that identifies legal entities participating in financial transactions. It is a universal identifier that provides answers about the entity’s ownership structure, and ‘who is who’ and ‘who owns whom.’ An individual cannot obtain an LEI, which is where a vLEI can fill in some gaps. Once an entity receives a vLEI, ISO 5009 can issue credentials to authorized members of the organization which covers the LEI, the individual’s name, and official organizational roles. ISO 5009 can specify in a standard way the optional role extension contained in a X.509 public key certificate (a digital certificate used in many internet protocols) with embedded LEIs as outlined in ISO 17442 for digital certificates embedded with LEIs.

ISO says the 5009 standard can function as a structured universal authenticator for the identities of people authorized to act on behalf of an organization. With activities like signing sensitive business documents digitally that demand absolute confirmation of the person’s name and role to ensure security, ISO 5009 holds value, it says.

The role of LEI in know your customer (KYC), know your business (KYB) and anti-money laundering (AML) processes is described in a recent blog post from LEI Worldwide.

The Global Legal Entity Identifier Foundation (GLEIF) first proposed ISO 5009 to bring clarity and structure to the role that information held in the two LEI-based digital tools.

Stephan Wolf, the CEO of GLEIF, says, “The publication of ISO 5009 is a standardization milestone that facilitates a universal approach to the inclusion of official organizational role information in digital ID credentials. This will make it far easier – and perhaps more widely expected – to include role related data in these credentials thanks to a consistent approach. In time, this has the potential for LEI-based digital ID tools to become more widespread thanks to their extended utility; not only can they verify the identity of a legal entity, but they can also verify the identity of that legal entity’s representatives in official organizational roles.”

Article Topics

AML  |  authentication  |  credentials  |  digital ID  |  identity management  |  ISO standards  |  KYB  |  KYC  |  Legal Entity Identifier (LEI)  |  regulation  |  secure transactions  |  standards