Guardianship in Financial Services
This article builds on the implementation guidelines and technical requirements produced by the Sovrin Guardianship Working Group and identified in previous articles [https://www.linkedin.com/pulse/guardianship-benefit-all-john-phillips/]. It looks at how verifiable credentials and secure, decentralised interaction mechanisms – used in self-sovereign identity (SSI) based solutions – provide a step-change in how guardianship enables responsible customer management in critical financial situations.
Why this is important….for financial services
- Financial Service providers have a regulated responsibility to protect and provide services to their customers.
- Life events such as Guardianship, Power of Attorney and the execution of Wills fall outside normal service patterns and yet are certain to occur in any large customer base.
- Handling these events is a regulatory responsibility, handling them well is an act of humanity during difficult circumstances and an opportunity to leave a good impression.
What you can do
- Banks and other FS providers can offer online recognition of Guardianship, improving and augmenting the existing services that they offer to their customers as part of their digital and physical engagement.
- Working with lawyers and government verifiable credentials based on these guidelines can improve how guardianship scenarios enable online financial services.
How you can do it
- Read the Guardianship documents.
- Ask Jo or John to see how we can help you and your organisation support online recognition of guardianship.
Life is complicated, and trying to make technology respect complex and changing relationships is really difficult. This is particularly tough when it needs to be done with sensitivity, during emotionally charged and challenging life-events, and across multiple and complex service providers.
This is the challenge that banks and all sorts of financial service providers have, every day, and it’s all too easily (and all too often) made a mess of. Being able to identify a parent, a legal and financial guardian or an executor of a will is critical in these tricky events. This typically means creating new, specific customer types, specific solutions and product features across the entire product portfolio, before these are then allocated to guardians and control the ability of both guardians and dependents.
Just remembering that the customer is a guardian, as another aspect of their customer profile, and therefore able to access accounts and act on products owned by a dependent is difficult, let alone joint custody and multi-actor relationships. Every interaction needs to be aware of these relationships, physically, remotely and digitally. Any changes to these relationships needs to be reflected and effective consistently and immediately.
You can see why these scenarios are typically handled with large numbers of customer “service operators” and often result in a document mess and massive headaches for all involved. The challenge is that, without controls and processes in place to restrict access to funds and transaction initiation, financial fraud and mistakes can happen easily.
Finding a better, simpler, way
Luckily, there’s an open standards based approach that makes the establishment of guardianship arrangements and identification of guardian rights and duties much simpler and useful in all scenarios – using verifiable credentials and decentralised interactions. We started the journey by applying guardianship concepts to the WRC verifiable credentials data model, and developed technical requirements for solutions that look to support guardianship scenarios (parental roles, refugees, supporting dementia and aged relations, etc.).
Guardianship relationships with financial implications are typically underpinned by legal arrangements [interestingly parental allocation isn’t – these are identified through birth certificates]. By identifying these relationships as verifiable credentials, a guardian can present their personal and guardianship digital credentials for use by any service provider if they have this already. Alternatively, the service provider can allocate a specific guardianship credential, for their own use, having gone through the current process of verifying the input documentation and recognising the specific relationship.
By issuing and giving a customer a guardianship credential that identifies the type of relationship, identifies the dependent and defines the rights and duties of the guardian, the service provider can “consume” these credentials at specific times in the online (and physical) processes and reflect what’s accessible to the guardian using the credential. The service provider needs to allow the customer to “hold” their credentials in a trusted wallet (supplied by the provider or another wallet provider) and “present” the credential for verification and validation as part of the online or physical process.
For example, the guardianship credential used for a parent with dementia may identify the dependent’s accounts and products that are accessible to the Guardian and provide other controls, such as debit access and specific online channel transaction limits. The rules and controls are therefore easily accessible for every interaction, without additional overheads or system design complexities. The online interaction pattern just needs to be able to access the credentials and take note of the defined controls.
Where a guardianship credential is allocated by a trustworthy source, for example a government agency, a lawyer, notary, or a bank, this credential could be used in multiple online interactions, as required.
Proving the concept
In April 2021 a European initiative led by TNO (a Dutch research organisation) involving RaboBank (a Dutch multinational Bank) and KNB (the Royal Dutch Association of Civil-law Notaries) demonstrated this approach using verifiable credentials. The initiative explored the way this approach can simplify the process and protect the participants in the case of a deceased estate and inheritance.
Validity Period, Conditions, and Revocation
This approach also has an elegant way to handle the expiration and revocation of credentials – when a credential is no longer required, it can be revoked by the issuer and its (revoked) status confirmed by the verifying party. Guardianship Credentials can also declare their validity period (and even, potentially, conditions) during which they are considered valid by the issuer. This enables planned/periodic renewals or predictable and deliberate transitions (such as when a dependent child becomes an adult).
Works for Dependents too
Whilst it’s obviously important to know that someone is a guardian, who they are acting for and why, it is also just as important to remember that someone is a dependent and who acts on behalf of them. Like the guardian, the dependent (child or otherwise) can be provided with their own credential(s), including details like account information. The beauty of the decentralised model is that these credentials can be accessible and usable by each person, independently but with selective disclosure and even using Zero-Knowledge Proof mechanisms.
Looking beyond Guardianship
A similar scenario to guardianship in financial services is the allocation of delegation roles and responsibilities in business banking and trust management. In the same way as for guardianship arrangements, delegation role allocation can use the same model of credential definition, issuance and usage. In this way, a business customer can allocate account access and activity access rights to a user which is verified in real-time by the online banking solution without this having to be reflected and maintained in multiple back-office bank solutions. Of course, the same technology can be used for any other products that need verification and validation of relationships during online activities.
A common misconception is that you need to wait for formal guardianship credentials to be issued by the government or a legal source. You don’t. If a business needs to reflect guardianship for its own purposes, it should issue and verify (consume) their own credentials. In this way, it can build the basis for a solution that can be enhanced easily using the same technology as different credentials are made available by external sources. That’s the benefit of basing the solution on globally defined standards. Minimum effort for maximum future-aware flexibility.