The company wallet includes multiple data points and different layers of verification that will make it harder for fraudsters to set up fraudulent companies or impersonate others.
A reasonable definition of a wallet is given by the government in their digital identity trust framework (although they use the rather abstract term 'holder service' to mean a wallet): "a user-facing device, service, software or app that allows a user to collect, store, view, manage or share identity and/or attribute information and reuse it in multiple scenarios over time".
A wallet is essentially a data container, and the data could be ID data, payments data, accounts data or digital assets - anything you want to keep in it. The key benefit of storing and sharing data in a wallet is that digital certificates can be attached to the data to ensure it can be independently verified as correct and untampered with. A secure audit trail can be verified so that whoever reads the data can know who did any previous verification and to what standards. This increases trust and security in processes.
A wallet also means that the company identity is portable and available to use in various ways, whether a business is applying for a loan, verifying the identity of a supplier, or setting up an online business account with a digital platform such as Facebook or Google.
For individuals, digital wallets have been around for many years in various iterations; wallets that store payment credentials are used for Apple/Google Pay, for instance, and can store boarding and loyalty cards and, more recently, ID information. In Europe, eIDAS2 legislation mandates that each state make a digital ID wallet available by Christmas 2025. In the UK, many providers on the government’s Digital Identity and Attributes Trust Framework (DIATF) have ‘reusable ID’ wallet services that can store ID data to avoid having to rescan ID documents every time you prove who you are.
In the summer of 2024, CFIT convened a coalition of interested parties who would use, supply or receive data from a ‘company ID’ wallet.
If the company is new, the directors will need to incorporate it with Companies House via the existing company formation process (either directly or via an authorised 3rd party). This process could be adopted at Companies House in 2025 as part of the government’s drive to broaden the use of digital identity verification services. This will provide an additional check on the creation of new companies at Companies House and those who manage them.
To set up a company wallet once the company exists, a company director or an authorised party would carry out the following steps:
Once the data needed for a given use case has been added, it can be shared with a new Third Party, such as a bank, as input into the ‘Know Your Business’ onboarding process. Having the data to hand in the wallet saves the company director and the bank time, as they don’t need to collect it all during the onboarding process, and any previous checks done on the data can be re-used.
Research undertaken by CFIT estimates that the time taken by a bank to process an application for a new account to confirm the identity of the company could be reduced by at least half using a digital company ID, improving the speed at which the business could access finance.
There are likely to be iterations of company wallet services as Companies House (CH) adopts ID verification over the next few years:
For wallet service providers, most of the rules within the DIATF relate to individual IDs; the industry will need to work with the government to define any specific rules that may be needed to cover ‘role-based IDs’ (ID credentials that enable humans to act on behalf of businesses), or the company ID itself. Any defined ‘company ID’ rules can then be captured either in a future version of DIATF or as a ‘supplementary code’ if that is the most effective means of delivery.
CFIT has set up a Working Group that will define the trust and governance rules that providers of company ID services can adopt to bring the company wallet to market. This group will be issuing a proposal to DSIT in the New Year.
In association with this, the Working Group will look more closely at which data elements are needed to support the most popular use cases and methods required to verify these data to ensure only the right amount of information is shared to inform the identity of the business in the use case. This will help company ID providers and SMEs limit and control the amount of data they share to accurately confirm their identity.