 Welcome to the ITU studio in Geneva. We're very pleased to be joining the studio this morning by Shami Stapaya, who is with the World Bank Group. And she's also co-chair of the Digital ID Working Group here for the Fiji, the Financial Inclusion Global Initiative. And we've got the Fiji Security Clinic going on this week, which is why you're here with us today. Yes, quite a mouthful. Great, absolutely. So thank you for joining us in the studio. Thank you for having me. Now I'd like to start off by talking about the Digital ID Working Group. As I mentioned, you're co-chair of this working group. Tell us a little bit about the work that you're doing in it and what we should be thinking about with regards to Digital ID. Of course. So just to take a step back, the working group was set up with the knowledge that Digital ID is a foundational element, a foundational element for the whole structure of digital economy as a whole. And so I think it's quite, lots of people are aware that there's about a billion people in the world without a Digital ID or without an ID of any sort. And there are millions more who have an identity, but they cannot be reliably verified or authenticated. So that was the emphasis behind why we decided to start this working group. And it was initially started under the GPFI, which is the Global Partnership for Financial Inclusion, which is under the G20 of the Argentinian presidency. And the work for this Digital ID Working Group is looking at the link between Digital ID and Financial Inclusion, and so expanding a little bit into that work. But having done the Fiji Symposium earlier this year, I think what we realized is that we cannot rely on just the financial sector and financial sector regulators, but we need to look a little bit wider. We need to look at the telecoms regulators, other people working in other sectors, because it has so much impact on a number of different facets. So in regards to the work that we've done under the group, we released a report at the latter end of last year that looked at Digital ID and what are the main facets of Digital ID that are important for use in the financial sector. So we came up with three main facets. One was that it needs to be legal, so that means it needs to be recognized by your government. Second is that it needs to be unique, and so it's you and only you who has access and who can use that identity. And third is that it needs to be digital. And digital because we thought that this increases the security, this increases the reliability. Now I'm going to caveat that by saying there are lots of other regions like privacy and sort of other areas of security that are important for identity, but these are the three main areas that we thought was required for use of identity in the financial sector. And so what this report also did was outline seven policy considerations of what governments need to think about as they're trying to implement Digital ID for each of their jurisdictions. So for example, those considerations included things like creating an integrated identity framework, looking at sort of the regulatory requirements around it, looking at oversight models because there are a number of players that are coming into the digital identity and identity sphere that are not sort of traditional financial players, so lots of people from the tech industry. And in the same vein, how to open up the market so that private sector players can play. So, you know, taking the example of UK's Verify, so using the private sector and sort of authenticating them or crediting them so that they can actually play within sort of the digital ID space. And then obviously, you know, data protection, which will hopefully come on to a bit later. Now these digital IDs are going to be national digital IDs because I presume if you try and apply this on a global basis, there might be some difficulties with regards to that. Absolutely. And so what we're saying is that it needs to be legal in the sense that it needs to be recognized. Quite often in countries there are a number of different identities, so they're different types, but they need to be interoperable for one. And then we talk about the levels of assurance about how your identity can be portable and how they can actually be interoperable with each other. And that's sort of a little bit of where the fact of work came in as well. And going back to sort of the work that we were doing on the work stream, so we've come up with these policy considerations, but we were like, now what? Now what happens next? And so we've had broad acceptance from the G20 and other players within the working group to say these considerations are good, but how do we actually implement them in countries? And so what we're trying to do now is come up with those implementing measures, so how we actually implement them in countries. And we're going to maybe potentially do pilots in countries towards the end of this Fiji work program. And hopefully what we want to do is not create a how-to guide. So this is a step-by-step of what you need to do to implement them in a country, but almost have a suite of tools. So to give people an entire suite to say these are all the tools available to you, you need to chop and change to see what best suits your environment. And in terms of the acceptance by the general population, have you looked into that as well? To some extent, and hopefully they will come out a little bit more within the pilots when we do them, because we're actually going to do samples and get people to get onto the platform. And when you mentioned privacy, I would imagine that would be one of the major concerns. So as you know, privacy and security in a digital identity system is probably one of the key concerns, in addition to, say, exclusion risks, which is something that we worry about at the digital economy as a whole. And especially because quite a few of these digital identities are in a centralized database. The issues of data leakage and the issues of cybersecurity are of paramount importance. Now, we are beginning to talk about things like decentralized identity, the use of blockchain, DLT, which potentially might take the trust away from sort of the individual databases and put the trust into the system, but we are still a ways away from sort of, you know, actually certifying that as something that can be used. So until then, it's up to the governments to actually put together the data protection laws, you know, sort of all the rules and regulations that surround the identity, and make sure that the data is safe when it's stored, when it's collected, and when it's in transit. How do the recommendations from the Financial Action Taskforce on Digital Identity relate to the work happening here? Okay, so the Financial Action Taskforce, or FATF, we call it, are mainly looking at how risks for AML-CFT, which is anti-money laundering and counter-financial terrorism. So how does this actually relate to the world as a whole? And because the digital payments are increasing by 13% year on year, and it's expected that by 2022, I think, there will be 60% of the world's GDP will be by digital payments. And so when you are doing a digital payment, your digital identity is very important. And so which is why sort of the link and why they're actually interested in how digital identity works. And what they have proposed is that we need to adopt a risk-based model. Now a risk-based model is very important because it maintains the balance between integrity and inclusion. So integrity so that not everybody is allowed on to the system, but inclusion that your thresholds aren't so high that people aren't allowed to access the system. So what they appropriate is a risk-based model that is based on levels of assurance. And we have a number of different levels of assurance around the world, probably the most popular and the most famous ones are the NIST, which is the National Institute of Standards and Technology, which is based in America. And the EDAS, which is much more of a European-centric body, which have listed out three levels of assurance across the whole identity value chain, which is sort of you're starting with identity, the second is authentication, and the third is what we talked about, sort of the data potability aspects. And each of them have levels of assurance. And the FATF have released these sort of guidelines and recommendations for authorities, regulated entities, and ID providers of what they need to look at when allowing or certifying a digital ID system within the framework. And so we are taking learnings from that and actually we were quite involved in the authorship of that paper as well as the World Bank and as the Digital ID Working Group. And so we're taking recommendations from that. We've developed a questionnaire to actually try and make sure that there is some sort of standardization across the world so we can actually compare like would like. We're taking the recommendations from the G20 paper that we wrote, so the seven policy considerations and a lot of work that the Working Group has been doing now which is developing the implementation approaches for those considerations and using them to one develop those pilots and then come up with sort of the entire suite of tools that hopefully countries can use and which will be obviously helped to furthering financial inclusion. Now we talked about security and data privacy, playing a key role in winning consumer confidence and catalyzing the adoption of fintech for financial inclusion. Are there any other elements that we should really be considering or that digital financial services provider should be considering? So I think we see as one of the, some of the biggest risks for digital ID are in addition to security and privacy which tend to be sort of of main importance is the exclusion aspects that I mentioned before. So potentially people not being, you know, who don't have access to smartphones, who don't have access to computers or you know 4G data, not being able to get onto the system which is a big risk and obviously the cost and sustainability aspects as well. And something else that you touched on before that there will be not this data, this portability between sort of the digital identity systems that are used. So they're not sort of, you know, interoperable whether across countries or whether within countries themselves is something that we're quite interested in looking at. So there's no one-size-fits-all? Unfortunately there is no one-size-fits-all. It needs to be tailored to the jurisdiction, tailored to individual consumers and tailored to sort of, you know, the economy that it's trying to serve and the sector it's trying to serve. And you mentioned some pilot projects. Are they going to be decided here at the security clinic or is it much more long-term? How is that going to be rolled out? So I think this will be decided with the working group potentially. And I'm sure you're aware that Fiji works in three specific countries. We work in Egypt, in China and in Mexico. And potentially we might decide to do pilot work there, but there's already sort of streams of digital identity work that's happening in each of those countries which is sort of the operational work that we're doing. So we're still debating which is sort of the, you know, the most ripe framework and where the need is the most. The plan is to not pilot all the policy considerations but to pick the two or three that are actually relevant to that country. And so we're working with the working group and also the World Bank as you might know has an entire department called the Identity for Development, ID4D. And I'm trying to leverage off some of the work that they're doing so that we can have sort of a quite a robust work plan. So is the Fiji looking rosy for digital idea rather well? I think this is something that we can't ignore. I think it's coming whether we like it or not. And it's very interesting to see how different people react to it quite differently. Some people are quite, you know, like we were talking with consumers, some consumers are very, want to have it and don't sort of want to do the face-to-face work or are quite happy to have sort of things authenticated by a selfie. But there are others who, you know, much prefer the paper trail and the guidance that that brings. So we will have to see but I think whether we like it or not, it's here to stay. So Mr. Pai, thank you very much indeed. Thank you.