Legal Entity Identifiers (LEIs)

1 November 2023

by David O’Mahony, Business Analyst, AusPayNet

The Global Legal Entity Identifier Foundation (GLEIF) was created by the Financial Stability Board (FSB) in 2014 in the wake of the 2008 global financial crisis (GFC), which galvanised the G20 to commit to fundamental reform of the global financial system, including the creation of the Legal Entity Identifier (LEI).

The LEI is a 20-character, alpha-numeric code based on the ISO 17442 standard developed by the International Organization for Standardization (ISO). It connects to key reference information that enables clear and unique identification of legal entities participating in financial transactions. For example, the LEI corroborates data on the legal name of the entity, where it is registered, its company/business number, other global identifiers (e.g. Bank Identifier Code or BIC, and International Securities Identification Number or ISIN), and its address. It also captures relationship data of the entity based on accounting consolidation (e.g. parent/child). And the Global LEI Index provides corroborated evidence of the entity’s existence.

In Australia, as with other jurisdictions, LEIs are required for reporting of over-the-counter (OTC) derivative contracts to trade repositories. This fulfills the original aims of the FSB and G20, and provides regulators with the transparency required to evaluate market behaviour. While that task is now complete, the question that remains is whether there are additional benefits to LEI usage.

One estimate of those potential benefits, published in 2019 by McKinsey, identified that US$2-4 billion worth of savings could be achieved for the global banking sector in client onboarding costs alone by broadening LEI utilisation. Some examples follow.
 

Counterparty Lifecycle Management

From a counterparty lifecycle management perspective, the LEI represents a step change in verifying the legitimacy of an entity prior to onboarding. For example, the Global LEI Index can be used to re-verify the legitimacy of entities for Know Your Customer refreshes.
 

Anti-money Laundering (AML)

Use of an LEI in a sanctions lists could greatly streamline certain aspects of AML processes, reducing the investigation time resulting from a false positive during payments processing.
 

Reconciliation

McKinsey notes that one global bank’s internal operations team uses the LEI as the primary attribute that aggregates and reconciles client trade information, which is often stored in disparate internal systems and tagged under different client ID numbers.
 

Broadening LEI Usage

Many jurisdictions are mandating LEIs beyond the original use case of reporting OTC derivative contracts. For instance, the Bank of England has mandated that LEIs be used for the Clearing House Automated Payments System (CHAPS) payments between financial institutions from November 2024. The Reserve Bank of India (RBI) has taken a similar approach, with LEIs now required for large value payments where one or both parties are non-individuals.

The Chinese Cross-border Interbank System (CIPS), is now mandatorily assigning its users an LEI, which is also a mandatory business element in their business transactions.

At a broader international level, the LEI is also being recommended by many international bodies. For example, the FSB identified the LEI as one of the major building blocks for improving cross-border payments and recommended that FSB jurisdictions and other international bodies consider usage of LEI in ISO 20022 messaging standards and mandate LEI for cross-border payments.

From an Australian perspective, perhaps it is time to reconsider the LEI and its wider use across the economy. As we gallop towards a digital future, the LEI may enable greater efficiency and transparency. With over 2.5 million companies registered in Australia and only 18,200 LEIs issued, it would seem that efficiency gains could be significant, even if only some of McKinsey’s benefits were realised.
 

Verifiable LEI

The LEI system is not without its limitations. One of the main challenges is that the LEI itself only identifies legal entities. It does not support identity management at a person-to-person or entity-to-entity level. However, it is the digital adjacency to the current LEI that presents new opportunities that may usher new solutions to these types of intractable problems.

The fundamental challenge to address is, in a word, ‘trust’. Presentation of an LEI in and of itself does not provide any surety that the representative is authorised to act on behalf of that entity. This is the trust gap. To address this, a verifiable credential, that allows for the verification of the authority of the representative to act on behalf of the entity, would logically improve interactions on a person-to-person and entity-to-entity basis. To accomplish this, GLEIF has created a secure digital counterpart of a conventional LEI. By embedding the LEI in a Verifiable Credential, the new verifiable LEI (vLEI) can replace manual processes required to confirm an entity’s LEI and the bona fides of its authorised officers.

As one would expect, there is complexity in the vLEI model. This article does not propose to delve deeply into that complexity but offers a very high-level view of the opportunity.

For ease of explanation, these verifiable (digital) credentials cryptographically bind three elements to create an Organisational Credential:

  • the organisation
  • the representative
  • the representative’s authority (to represent the organisation).

A vLEI is issued by a GLEIF Qualified (i.e. certified) vLEI Issuer (QVI) to a legal entity that has an LEI. Once contracted by the entity, the QVI is responsible for verifying the registration and status of that entity and for performing identity verification on their authorised representatives. Once this has been completed, the entity is provided with their vLEI by the QVI. Next, an appropriate person within the organisation (defined as the Official Organisation Role, or OOR) can then request issuance or revocations of credentials for official personnel. This is built around the new ISO 5009 standard where official roles are defined.

A one-size-fits-all approach is inappropriate, given the complexity of organisations. Organisations range from the very small and straightforward to the very large and complex. The vLEI can accommodate the spectrum of size and complexity. This is achieved by issuing a ‘functional credential’. Functional credentials are more flexible. They are issued by the legal entity itself (or a service provider) for any kind of internal role (e.g. trader, accountant, programmer). It should be noted that functional credentials remain in the wallets of their holders and are not stored centrally anywhere.

Greater take-up of the vLEI may transform the way entities communicate. As an example, a digital credential that is verifiable, such as a vLEI, would ensure trust and therefore could make instances of business email compromise and phishing much more difficult for fraudsters. The ability to confidently exchange data, with trust, could also help transform other areas of trade lifecycles, such as Trade Finance. Overall, the verifiable credential allows for the verification of the authority of the representative to act on behalf of their entity, which will improve interactions on a person-to-person and entity-to-entity basis.

In a world of scams and fraud, the question for business leaders must be, 'How can I insert trust back into our relationships with suppliers and stakeholders?' An opportunity to do so now exists through the vLEI.