In response to that growing demand, the Bermuda Monetary Authority has taken a first and vital step towards the regulation of digital identity service provider businesses in Bermuda.

On November 22, the island’s financial services regulator published proposals and a request for feedback on this topic titled Consultation Paper: Regulation of Digital Identity Service Provider Business.

The DISP consultation provides an extremely conscientious and thoughtful proposal for a DISP licensing regime and discussion of many of the issues that other regulators of DISP businesses must grapple with.

These include qualifying technical service standards, cybersecurity risk management, compliance with privacy law, the complications for DISP outsourcing and related authority for continuing oversight and enforcement.

In a concerted effort to seek the guidance and advice of all potential stakeholders and the public the BMA seeks to protect, the DISP consultation asks 18 specific and probative questions that focus on some of the more challenging aspects of its regulatory proposals.

Some of those questions assume a detailed knowledge of how digital ID systems work across multiple participants.

For example, question 11: “Do you think (regulated financial institutions) should adapt their online services to accept digital ID logins to access their proprietary systems, thus unlocking the convenience of ‘single sign-on’ for digital ID users?”

The more feedback and advice that the BMA can receive on this much needed initiative, the better and faster the solution will arrive to cure the present quagmire of incessant and time-consuming demand for “know your customer” personal information and related manual identity verification materials.

Moves in the direction of digital identity verification by governments, inter-governmental bodies and the private sector have been going on for about 35 years.

In 1989, the G-7 created the Financial Action Task Force as an independent inter-governmental body to promote countermeasures and policies necessary to address the growing global concern about money laundering, terrorist financing and the proliferation of weapons of mass destruction.

In the decades that followed, many governments around the world ventured into the realm of identity verification, including early attempts in Canada to merge driving licences and health ID cards into “smart cards” that would allow biometric access to a consolidated database for ease of online access and identity verification.

In March 2020, as a reflection of IT advances in data management, FATF published its Guidance on Digital Identity to promote the creation, adoption and regulation of digital ID systems that can be used and relied upon to securely, quickly and efficiently identify persons who are low-risk participants in global finance, investment and corporate management.

One of the most important recommendations of the GDI was for governments to create a “digital ID assurance framework” for the assessment, certification and continuing regulatory oversight of reliable digital identification service providers.

Certainly, the demand for one-stop identity verification services is rapidly increasing because regulators, regulated entities, individuals and corporations must constantly spend huge amounts of management time and expense verifying either their own identity to others or verifying the identity of those with whom they wish to do business or regulate.

The GDI was generally agnostic about how any combination of digital identity services might be configured to achieve those ends, and many jurisdictions around the world have (before and after the GDI) launched a wide range of digital ID systems.

Some are governmental, some are offered as public-private sector partnerships, and other jurisdictions have created regulatory regimes for the certification of trusted, private sector DISPs.

In 2022, Britain launched its own GDI initiative called the UK Digital Identity & Attributes Trust Framework, which seeks to encourage the launch of private sector digital identity solutions to meet those market demands.

Under the supervision of an Office for Digital Identities and Attributes, the UK DIATF defines the rules, standards and governance oversight for all DISPs.

The UK DIATF includes a certification regime to provide the public with assurance that the digital identity services they subscribe to will be secure, reliable and will be administered under the watchful eye of the Office for Digital Identities.

Kudos to the BMA for this recent initiative, and I hope that all other public policy and regulatory reform in Bermuda will follow the BMA’s thoughtful consultative lead.

First Published in The Royal Gazette, Legally Speaking column, December 2024

Locations

Bermuda

Services

Corporate, Technology & Innovation

Sectors

Privacy & Data Protection, Technology & Innovation

Type

Insight

Share
X.com LinkedIn Email Save as PDF
More Publications
Appleby-Website-Employment-and-Immigration
23 Jun 2025

Practical Tips for Conducting Workplace Investigations

Allegations of harassment, bullying or other misconduct in the workplace can create a legal mine fie...

Anna Markiewicz
Anna Markiewicz
Bermuda-1024x576-1
19 Jun 2025

Bermuda encourages investment with residential certificates

On March 31, 2023, the Bermuda Government replaced its previous tool intended to attract capital to ...

Anna Markiewicz
Neil Molyneux
Anna Markiewicz, Neil Molyneux
Appleby-Website-Insurance-and-Reinsurance
11 Jun 2025

Bermuda Paves the Way for Captive Insurers with New Stablecoin Policy

The Bermuda Monetary Authority (BMA) has announced a significant new policy framework that allows ca...

Brad Adderley
Ojeda Smith
Brad Adderley, Ojeda Smith
Appleby-Website-Insurance-and-Reinsurance
10 Jun 2025

Bermuda benefits from a strong and capital efficient regulatory regime

Bermuda’s long-term reinsurance sector is experiencing a new phase of complexity and scrutiny but ...

Max Tetlow
Cathryn Minors
Max Tetlow, Cathryn Minors
050-Insolvency-Restructuring-Grid-Image
9 Jun 2025

Bankruptcy & Restructuring – To Enforce, or not to Enforce

Bermuda’s flagship restructuring process is the appointment of provisional liquidators, whose powe...

John Wasty
Sam Riihiluoma
Claire van Overdijk KC
James Batten
John Wasty, Sam Riihiluoma, Claire van Overdijk KC, James Batten
ICLG Fintech 21 cover
5 Jun 2025

Digital transformation done right (Bermuda)

As any specialised tech lawyer or technology consultant will tell you, digital transformation projec...

Duncan Card
Duncan Card
Appleby-Website-Insurance-and-Reinsurance
2 Jun 2025

2025 Global Financial Crisis Stress Test: Bermuda

The Bermuda Monetary Authority (BMA) has recently published instructions for a significant data coll...

Brad Adderley
Max Tetlow
Brad Adderley, Max Tetlow
Bermuda-1024x576-1
22 May 2025

Corporate real estate acquisition in Bermuda

Corporate real estate acquisitions in Bermuda are a matter of careful balance. That is because, a...

Neil Molyneux
Jane Walker
Milaun Perott
Neil Molyneux, Jane Walker, Milaun Perott
Appleby-Website-Insurance-and-Reinsurance
22 May 2025

Long-term reinsurance and ILS are set for growth

After a record-breaking  2024, Bermuda’s life reinsurance sector is likely to expand further this...

Brad Adderley
Brad Adderley
Appleby-Website-Insurance-and-Reinsurance
15 May 2025

Bermuda: The vital role of the principal representative

Bermuda's regulatory framework requires every insurance company registered under the Insurance Act 1...

Ojeda Smith
Ojeda Smith