GLEIF maps out the future of digital corporate identity
A blog post by Global Legal Entity Identifier Foundation (GLEIF) CEO Stephan Wolf provides a tantalising view of a new approach to digital identity for business reports (amongst countless other things). As the D6WG – or Digital Signatures in XBRL working group – at XBRL International moves towards releasing initial drafts of its specifications, it is becoming clear that the new GLEIF-led verifiable LEI (or vLEI) will be a hugely compelling approach to confirming and securing the identity of reporting entities and their reports in a digital way that can be recognised the world over.
The upcoming Digital Signatures in XBRL specification will provide a way to associate a digital signature, or multiple digital signatures, with an XBRL document, such as an Inline XBRL report provided to a securities regulator or exchange. The signatories will have a mechanism that permits them to define which parts of the report they have signed. This could be the entire report, specific sections, or ultimately just particular facts. The specification will set out a standardised approach to achieve this level of clarity, but it won’t oblige the use of any specific signing technology.
As Stephan’s blog makes clear, the vLEI associates a particular person with a role within a specific legal entity. The LEI is the cornerstone for global corporate entity identification. The vLEI goes much further by providing a permanent cryptographic digital connection between a person and a particular role within that corporate entity at a specific point in time.
These features make the vLEI a particularly interesting candidate for use by regulators and policy makers. The way we see it, the vLEI combined with the upcoming Digital Signatures in XBRL specification can:
- materially enhance regulatory cybersecurity by acting as an authentication mechanism by way of a digital signature. This could work on its own or in conjunction with a regulator’s existing trusted perimeter security arrangements. If a hacker seeks to maliciously alter a report they would need to break both the regulator’s and the issuer’s security.
- permit multiple layers of accountability, by permanently connecting the signature of a person in a particular role with a specific reporting entity. This could be used in all kinds of ways, for example, by enhancing internal control certification via a public CEO and CFO signature, or a Board Chair and the external auditor signing off the financials and the audit report, or a Chief Sustainability Officer and independent assurance provider signing off the climate section of an integrated report. All in a digital manner that ties their signatures to the reporting entity.
We have covered these developments before, but this is all getting close now. Interested? If you are a regulator, you should start thinking about these options. If you are an auditor, you should be thinking about the way these mechanisms might enhance trust. If you are a software vendor, it’s time to start thinking about how you use these technologies, and how you provide a seamless and clear user experience.
Read Stephan Wolf’s Blog on the “Signing of Things to Come” here.