Commenting on the content of the Draft Decree on electronic identification and authentication, Nguyen Thanh Long, Chairman of the Legal Club, the Banking Association, said that according to credit institutions (CIs), financial technology companies (Fintech), and payment intermediaries, some contents of the draft were not practical and need to be reconsidered.
For example, according to the provisions of the draft, it can be understood that all organizations providing electronic know your customer (eKYC) services are now also required to be permitted by the Ministry of Public Security to operate. The eKYC activities of all banks and organizations today may be considered illegal.
Therefore, this person suggested the drafting agency clearly define the scope of "Electronic identification and authentication service" which is understood in this decree as only "Electronic identification and authentication service using national resident data" to avoid misunderstandings with other electronic user authentication (eKYC) services on the market.
Long emphasized that electronic identification was not the eKYC that credit institutions were implementing. eKYC is only an indirect electronic method of customer verification.
“If credit institutions can combine eKYC with the authentication method specified in the Draft Decree, it will have a better effect, but it does not mean that this Decree regulates eKYC activities. If there is any content in the Draft that may cause confusion that the opening of online accounts must comply with the Decree, it needs to be checked and reconsidered," said the representative of the Bankers Association.
An important content that credit institutions are interested in is the issue of authenticating the subject's electronic identity and verifying the subject's information through intermediary organizations.
Currently, the Draft stipulates that credit institutions, organizations providing telecommunications and mobile services, units providing digital signature authentication services for electronic identification, notaries, bailiffs and other organizations assigned to perform the public service of verifying the identity of subjects, verifying information of subjects through organizations providing electronic identification and authentication services.
However, all representatives of member organizations attending the meeting suggested allowing credit institutions, Fintech companies, and payment intermediaries to be directly connected instead of having to go through an intermediary.
A representative of a bank said that there were some contents that the Drafting team needed to study and consider to create a favorable legal framework for electronic identification and authentication activities of economic organizations as well as citizens. For example, there should be a mechanism for credit institutions to access data, because it will cause costs and connection errors if it is through an intermediary as specified in the draft.
Banks also said that they have implemented eKYC authentication for a long time, so they proposed to allow data connection to the national population database to identify customers. According to banks, it is necessary to clearly define the application scope of authentication and e-identification under this Draft Decree, and the ability to affect eKYC operations that economic organizations are implementing. At present, it is not possible to predict how many intermediary organizations providing electronic identification and authentication services will be approved by the Ministry of Public Security. But if it is just a few, it will limit the ability of credit institutions to meet relatively large capital needs.
A representative of a payment intermediary said that the Decree needed to ensure a convenient and easy connection. According to this unit, when connecting through intermediary organizations, the error rate rose, increasing by two or three times compared to normal and this greatly affected business operations.
“It is necessary to allow credit institutions to connect and exploit electronic identity data in the operation of credit institutions to verify and authenticate customers to prevent money laundering and fraud in banking and financial activities. For the national database, the Ministry of Public Security should consider opening the API for the parties to compare for free.
“Currently, several countries in the region are also allowing free calls to the database, but of course with the condition that the callers need to register. This helps to expand banking and financial services in general,” said Long.
On the side of the State Bank, a representative of the Payment Department said that the banking industry currently has about 114 million individual accounts; any change in identification would greatly affect banking operations. Therefore, the Payment Department suggested that the Draft Decree should have an approach so as not to disturb banking activities.
Pham Van Son, representative of the National Population Data Center, Ministry of Public Security, said that the user accounts that the bank had created directly and had been using were not within the scope of the Decree. The use of such accounts is a civil agreement between people and banks and is still used normally. Credit institutions can also become service providers of electronic identification and authentication if they ensure the conditions of personnel, finance, technology, and are licensed.