Using Blockchain for Legal Entity Identifiers or LEIs

| 19-09-2019 | Carlo de Meijer | treasuryXL

In one of its reports, GLEIF, the Swiss-based organisation which coordinates the management of the global Legal Identity Identifier (LEI-) system, suggested to use blockchain technology for identifying financial legal entities, as that would not only improve transparency and security but may also lead to broader global acceptance of the LEI.

This however raises a number of questions such as: Why could blockchain be of use for LEI and its users? What role could smart contracts thereby play? What benefits could blockchain bring for the LEI? And what does the most recent blockchain-based projects for the LEI tell us?

What is the LEI?

But first, what is the LEI? According to their website definition, “the Legal Entity Identifier or LEI is a 20-digit, alpha numeric code based on the ISO 17442 standard. It connects to key reference information, allowing clear and unique identification of legal entities participating in financial transactions. Each LEI contains information about an entity’s ownership structure and thus answers the questions of ‘who is who’ and ‘who owns whom’”.

In other words a LEI is a uniform way of keeping track of financial legal entities. They are global and have no borders at all for accurate and trusted identification of companies around the world. Looking in that way, the publicly available LEI data pool can be regarded as a global directory, which may greatly enhance transparency in the global marketplace.

The management of the LEI system is coordinated and supported by the above mentioned Global Legal Entity Identifier Foundation (GLEIF), while registrations are performed by so-called LOUs or Local Operating Units.

GLEIF and Blockchain

In their report on the LEI to the Financial Stability Board (FSB) in 2012, the GLEIF stated that “the design of the global LEI system would be premised on a ‘logically’ centralized (meaning not physically centralized) database that will appear to users to be from a single seamless system”.

GLEIF however recently recognised that the organizationally federated operating model used for the LEI in 2012, could be upgraded to a technically federated operating model: the distributed ledger model (DLT). This upgrade could potentially provide the same DLT platform for both the LEI and the UPI (Unified Payments Interface), of which the GLEIF is supposed to be the natural repository. This distributed design has always been a longer term goal for the global LEI system.

Present challenges for LEI

The LEI provides a global standard for the representation of identity as well as a standard validation rule set. Both elements however are subject of a very detailed compliance program in order to ensure proper issuance and maintenance of LEI and data quality.

Nowadays collection and storage of data is conducted in multiple country or regionally located operating units (LOUs). Each has their own databases (there are more than 30 at present in the LEI system and a large number of separate ones for each trade repository), and send their data daily in batch overnight processes. LEI data is sent to the GLEIF. Trade repositories send their data to multiple regulators and to central collection facilities depending on the jurisdiction. All regulators and trade repositories maintain their own data copies of identifiers for products and counterparties, and for trades.

This method bears in it a number of challenges, in terms of non-optimal transparency, security and risk issues where blockchain could be of help.

Blockchain and Identity Management

When it comes to use cases for blockchain, security is one of the serious items that comes in many minds. Identity management is one sector of industry that is supposed to provide high-level security to those who rely upon it to keep their data safe. But in reality security is not always what they get. The digital age has introduced new challenges in terms of preventing identity fraud and other criminal abuses for private people but increasingly also for corporates.

Nowadays there is an increased need for strong, multi-step security that identity management services should bring. The widespread adoption of blockchain technology to ensure that any number of these centralised databases are ‘not compromised’, should give enough arguments for the identity management industry to embrace this technology.

Some use cases for identity management

There are a number of interesting blockchain use cases in the identity management field. These include issues like identity verification, non-custodial login solutions, self-sovereign identity, secure identities for the decentralised web etc. These use cases have all proved their usefulness in such an environment.

Identity verification

Blockchain’s multi-step, multi-factor identification processes have proven to work and are already implemented by a number of companies. Admittedly, it is hard to imagine why the blockchain authentication model has not (yet) gained more mainstream adoption, especially considering the stakes of stolen identities and credentials.

Non-custodial login solutions

With non-custodial logins based on the blockchain, there is no longer need of a central entity who holds the power over user names, pass words, and the database that controls them. By removing the custodian of these credentials and replacing them with public and private keychains for logins, the former centralised entity can still ensure that ‘those logging in are who they say they are’, without holding a central database that hackers can easily acquire and use as ransom money.

Reduce third parties’ involvement

Blockchains could also help reduce the number of third parties while still maintaining a user’s identity. One solution could be that a user would store their data and identifiers on a blockchain which they could use throughout the internet, instead of granting each site or service their personal data and credential time. A second proposal is built on a similar blockchain containing the user’s data but allow third parties to access the data with their consent.

Smart contracts for Identification services

Using blockchain for the identification services including the LEI would preferably be in the form of so-called smart contracts. These contracts are ‘included and coded’ applications and data representing the life-cycle processes of a trade. It is stored and activated across a networked database – the distributed ledger – which itself is networked across the Internet.

In other words, a smart contract is self-actuating, based on standardized contract terms that is translated into standard trade life-cycle processes imbedded in coded applications. The smart contract acts on standardized data sets, setting its outputs in conformity to each participant’s processing requirements.

A smart contract requires data standards, including the LEI and its reference data for each participant in the supply chain; the UPI (Unified Payments Interface) and its reference data; and the UTI (Unique Transaction Identifier). It also requires process standards for each event in the life-cycle of a trade.

How could smart contracts be used for the LEI?

But how can smart contracts be used for the LEI? The central point of using smart contracts for the LEI is to treat a single record for any entity to be identified by some key as ‘atomic’. This in the sense of being administered as a single unit of data, by the authority that assigns the keys. Then the representation of a single ‘atomic’ record can be considered as a state for a single smart contract.

Each such contract would offer a method for accessing the representation, and a dynamic data structure that holds ‘revisions’ of the representation. That is, when the record changes globally, its new representation would be added to the state of the contract. Such contract can hold many revisions of the representation, bound only by the capabilities of the network’s global storage, called ‘entity contract’. Together with entity contracts, someone can devise one or more ‘master contracts’, that keep track of individual entity contracts and make accessing an easier process.

What approach for the LEI?

The use of permissioned and private blockchains or distributed ledgers for identity management purposes such as the LEI will require mapping between real world entities. This is hosted via cryptographic algorithms creating public/private keys pairs linked to reference data. The owner of the private key can write into the chain.

This however raises a number of major issues: Firstly, are we going to see multiple digital IDs depending on the application or are we going to use one ID to access all applications. And second, what is the appropriate management for all these IDs.

There are a number of possible scenarios:

One could use identity labels i.e. unique keys in the blockchain/DLT application. That means using the LEI in a distributed ledger system for tracking financial instruments. This is de facto the standard approach due to legal and regulatory requirements.

Another scenario is using blockchain/DLT for managing the LEI creation and management itself. This however should be seen as a longer term project. There are still many open questions but this approach bears interesting aspects for the further evolution of the LEI system.

MakoLab LEI.INFO and Graphchain Proof of Concept

An interesting project that should be taken seriously for further development is the MakoLab LEI.INFO system. Polish-based MakoLab, a Digital Solution Agency for the industry, last June announced the deployment of their production grade Blockchain-based LEI system.

This was the result of two Proof of Concepts (PoCs) for a radically new blockchain LEI system, based on the private Hyperledger Indy blockchain, using the innovative GraphChain database that is much more flexible than any standard existing system available today. These PoCs allowed MakoLab to investigate deeply the possibility to construct a system which represents the ‘highest level of both technological and organisational security’ and is completely decentralised.

Hyperledger Indy Framework

Given the vulnerability of the data, the suggested architecture for LEI is that of a so-called consortium type of blockchain that works on Hyperledger Indy. This is a blockchain model where the consensus process is controlled by a pre-selected set of nodes. The network of Hyperledger Indy nodes thereby runs as a private, permissioned blockchain for the Global LEI System.

In this model different nodes are used. User nodes that participate in the global blockchain as passive users. They can see all the data stored in it, but cannot create or edit anything. Registration nodes having all the properties of the User nodes plus the ability to provisionally add new LEIs to the system. However, such newly added LEIs are not visible on the system until the LOU nodes confirm them through the ‘Proof of Authority’ mechanism. And LOU nodes that have all the properties of the Registration nodes plus the capacity to confirm the new or modified LEIs as valid. Application of the blockchain technology with LOUs running their own nodes, would make the LEI system much safer and more reliable.

GraphChain

End June MakoLab announced the full production version of the innovative GraphChain for the LEI.INFO infrastructure. They thereby created a conceptual proposal how the entire LEI system could run on GraphChain. GraphChain should be seen as a new innovation of creating a blockchain compliant distributed database. The main idea behind GraphChain is to use blockchain mechanisms on top of an abstract RDP (Resource Description Framework) graph data model, that is used for data publishing and interchange on the web.

GraphChain is thereby defined as a linked chain of named graphs specified by the GraphChain ontology and an ontology for data graph part of the GraphChain; a set of general mechanism for calculating a digest of the named RDF graphs; and as a set of network mechanisms that are responsible for the distribution of the named RDF graphs among the distributed peers and for achieving the consensus.

The data graph model describes the semantics, or meaning of information and stores these data as a network of objects with materialised links between them, thereby managing highly interconnected data. It thereby uses graph structures with nodes, edges and properties to represent and store data.

LEI.INFO system

The new functionality allows cryptographic verification of the accuracy or usefulness of the underlying LEI data. The LEI.INFO system uses the RDF graph data model to express LEI reference data as semantic data, that can be verified against the network of Hyperledger Indy Blockchain. This LEI.INFO platform allows to get instant access to the database of entities holding LEI’s and as a result to find a reliable supplier, partner or customer.

LEI.INFO offers a wide range of LEI-related services including a new LEI registration process, resolution of the LEI codes for both humans and software agents, Data Analytics Solutions and integration services for KYC and financial information consolidation applications.

What may blockchain bring for the LEI?

From what is said before, it should not be difficult to see how blockchain and a single database that could be updated in real-time, securely maintained through encryption technology, distributed and shared by all of the participants could benefit those organisations who use the LEI. The reconciliation of the various copies of what is intended to be identical data sets could be done in real-time.

Managing LEI on blockchain delivers transparency and ensures the necessary trust and certainty optimal for combatting financial crimes, streamlining various administrative processes like onboarding, and truly knowing corporate customers, partners, and other businesses. This could ‘revolutionise’ the oversight of the financial industry. As a result of this all, it may lead to firmly reduced resources and costs of the validation process required for conducting due diligence about those entities.

McKinsey, the global consultancy estimates that the largest financial institutions alone can each save $1 billion in costs through a simplified portfolio of data repositories. ISDA members, many being the largest of financial institutions, are envisioned as direct beneficiaries of such savings.

Going forward

Blockchain technology could be of great help for the Global LEI system. The MakoLab project is thereby a very interesting one that deserves further investigation.

This LEI.INFO project however is just a first step in their research and development process with this technology. Taking into consideration the growing potential of the solution, MakoLab is “working on further-enhancing the LEI resolver with other top-class solutions – semantics particularly – as well as translating blockchain into other business areas” .

In the end such an architecture of the new LEI system will enable ‘thousands of registration authorities from multiple countries to participate in the new LEI creation’, thereby opening the path for the true global adoption of the system.

 

 

Carlo de Meijer

Economist and researcher