Blog article
See all stories »

How the vLEI Enables Digital Verifiability in Financial and ESG Reporting and Beyond

The obligations on legal entities to increase their corporate transparency continue to evolve, most notably in ESG and financial reporting. For ESG to be truly credible, however, both as a subset of financial reporting and as a standalone requirement, a global climate information architecture is sorely needed.

Creating such an architecture, however, is contingent upon the establishment of a universal way to identify and authenticate the legal entities involved. Efforts to standardize ESG data continue to evolve, with industry experts highlighting that those identifiers that remain consistent and enable interoperability will be vital tools when seamlessly connecting emerging ESG datasets with existing data infrastructures. Success in this regard will allow firms to gain valuable insights much faster than their attempts to integrate non-standard identifiers and datasets. To analyze a company’s performance across ESG factors, for example, investors need to unambiguously identify entities engaged in activities that, for example, produce greenhouse gas emissions to be able to analyze and understand the climate-related impact.

The identification of legal entities in a unique and unambiguous manner is crucial to identify physical risk, transition risk, and liability risk. This was underlined in the Network for Greening Financial System (NGFS) Progress Report, authored by a network of 83 central banks and financial supervisors, which highlights that a major obstacle to accessing and making use of existing climate-related data is the lack of unique identifiers which are crucial for interlinking climate-related data and financial data.

This blog explores the role of the Legal Entity Identifier (LEI) and the verifiable LEI (vLEI) In providing robust assurances of digital verifiability in financial, Environmental, Social, and Governance (ESG) and all other types of non-financial reporting.

Confirming ‘the entity behind the report’

As part of its focus on enabling entity identity and authenticity for organizations and their representatives, GLEIF has championed using LEI data as the most effective way to unambiguously identify ‘the entity behind the report’ for years.

In 2020, the European Securities and Markets Authority (ESMA) formalized this process by mandating that annual financial reports published by firms engaged in capital markets must follow a consistent digital configuration, known as the European Single Electronic Format (ESEF), into which they must also embed their LEI. This mandate has heightened transparency in financial reporting and enhanced trust across the sector by enabling access, via a couple of clicks, to the entity’s non-repudiable identification data available in its LEI record, held in the Global LEI Index.

The evolution of digital signing

As the financial reporting process has evolved to adopt these digital formats, so has GLEIF worked with the enabling technologies to ensure the LEI could be embedded in the report’s digital credentials and be easily accessible to the reader in support of maximal transparency.

Conventionally, digital certificates have been used to fulfill identity verification requirements, including the encryption and authentication of emails, contracts, invoices, and other forms of digital communications and documentation. Digital certificates are issued by Certification Authorities and Trust Service Providers for specific use cases. Each certificate contains both the required identification content and details of the trust chain (issuance hierarchy) and is encoded with an end date, after which the certificate becomes invalid and can no longer be used. These attributes make digital certificates inflexible for today’s rich digital environment and often cause problems in their lifecycle management, especially when deployed at scale, leading to high levels of administrative inefficiency, cost, and complexity. When signing with a digital certificate, the signatory holds a protected encryption key, enabling them alone to use the certificate to sign a document. Yet, it is common practice for all certificates to use different cryptographic identifiers, which makes it virtually impossible to perform a complete trace on all certificates issued for the same entity or person.

To address these challenges, GLEIF has pioneered a multi-stakeholder effort to create a new form of standardized digital organizational identity leveraging the LEI. The vLEI builds on and extends the W3C standard for Verifiable Credentials and enables both organizations and their key representatives in official and functional roles to digitally sign individual sections within an annual report, as well as sign a report in its entirety, thus providing a far more robust set of authenticity assurances to its reader.

As a digitally trusted version of the LEI, the vLEI brings the ‘never trust, always verify’ mantra to life in organizational identity.

Unlike digital certificates, vLEI credentials do not require a central organization for issuance and revocation, nor must they have an expiration date (unless desirable to the use case they are issued to serve). Instead, a trust chain can be established where qualified vLEI issuers (QVIs) can issue a vLEI credential to a company, which can then manage the spawning of associated vLEI credentials to employees, customers, suppliers or members, etc., without the need to go back to the QVI.

vLEI credentials can be seen as life-long unambiguous identifiers that will never change but can be quickly and comprehensively revoked and new credentials issued in their place, in the event of a change of circumstances, should the LEI holding entity cease trading, for example, or if an individual leaves the post for which a vLEI role credential has already been issued. Crucially, thanks to the use of the Key Event Receipt Infrastructure (KERI) protocol, the revocation of vLEI credentials will automatically notify all ‘downstream’ applications so, if an entity does cease to exist, all vLEI credentials spawned to employees, customers, members, etc., become invalid simultaneously. These attributes resolve many of the problems currently experienced in the lifecycle management of certificates.

In 2021, GLEIF began the practice of signing its annual report (and financial statements contained therein) using vLEIs. The entire report was signed by GLEIF's CEO and Board Chair, and individual vLEIs were used by GLEIF’s Chief Financial Officer and GLEIF’s auditors to sign specific content. This means that not only ‘the entity behind the report’ is confirmed (by the presentation of the LEI) but also that the authenticity of each section is confirmed by those responsible for its production.

The signing of things to come: Enabling ESG and other non-financial reporting in anticipation of future mandates

In addition to more conventional factors such as fiscal performance, legal entities globally are increasingly being evaluated by investors, customers, and other stakeholders based on their ESG credentials. This is placing new demands on organizations to track and report on ESG metrics. For ESG reporting to reach its full potential, however, data collection must start with holistic and standardized entity identification along the supply chain, without which it is impossible to achieve the timeliness, accuracy, and reliability needed for meaningful ESG reports.

Currently, the lack of standardization in this area is making it difficult to find, compare, and consume ESG data, leading to an inefficient, costly, and error-strewn system that lacks transparency and creates opportunities for greenwashing and other misleading practices. This is unlikely to last for long. In June this year, for example, the United Nations Development Programme (UNDP), GLEIF, and Monetary Authority of Singapore (MAS) signed a Statement of Intent to embark on a collaborative initiative to develop digital ESG credentials for micro, small, and medium-sized enterprises (MSMEs) worldwide. Other initiatives supporting a uniform approach to the creation of ESG credentials are sure to follow.

Together, the LEI and vLEI ecosystems offer a powerful, machine-readable, and multi-jurisdictional system for tracking and reporting on an entity’s holistic ESG performance. Entities that have an LEI cannot conceal greenwashing activities via subsidiaries due to the 360-degree view that it offers, and now, the accuracy of an entity's reporting can be verified and signed using an individual vLEI credential created for the designated official responsible for the entity’s performance.

Looking further ahead, how long will it be before ESG regulations that mandate a consistent configuration for this kind of reporting are introduced, just as ESMA has done with ECEF in financial reporting? The vLEI can be utilized to increase transparency, authenticity verification, and accountability in digital reporting both within and beyond mandatory financial and non-financial reporting. And in doing so, it once again underscores the current and nascent value of LEI data to provide a broad public good.

10488

Comments: (0)

Now hiring