All Episodes

Identity is Everything: Amit Sharma | Coercive Capital

January 7, 2025 59 mins

The evolution and modernization of how we manage and protect identity has moved into a new era. More than two decades after the tragic events of 9/11- when 19 hijackers used falsified identity documents to board planes, US travelers over the age of 18 will now be required to present a REAL ID compliant form of identification to board an aircraft, or access certain types of federal facilities Identity verification is also at the core of Know Your Customer requirements. And it’s why financial services providers are a key stakeholder in the evolution of digital identity.

Furthermore, new digital identity infrastructure has the potential to put the customer at the center of a user-based system that will help individuals retain their personal data and reduce the risk of fraud, identity theft and account takeover.

Coercive Capital host, Elaine Dezenski recently spoke with Amit Sharma, Founder and CEO of FinClusive, about the concept of sovereign ownership of identity and the integrity of personal data as a fundamental human right.

See omnystudio.com/listener for privacy information.

Mark as Played
Transcript

Episode Transcript

Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Today's podcast is supported by TRM. TRM enables compliance teams
to accelerate business revenue and deliver actionable intelligence to regulatory
and law enforcement stakeholders with leading attribution of severe risk categories.
Request a free trial today at TRM labs dot com.

(00:29):
I'm Eline Tzenski and this is Coercive Capital on the
Illicit Edge Network. More than two decades after the tragic
events of nine to eleven, when nineteen hijackers used falsified
identity documents to board planes, US travelers over the age
of eighteen will now be required to present a real
ID compliant form of identification to board an aircraft or

(00:50):
access certain types of federal facilities. It's been a long
time coming. If you've renewed your driver's license in the
past few years, you're probably familiar.

Speaker 2 (00:58):
With real ID.

Speaker 1 (01:00):
Meanwhile, the evolution and modernization of how we manage and
protect identity has moved into a new era. Identity verification,
of course, is at the core of know your customer
requirements and its why financial service providers are a key
stakeholder in the evolution of digital identity. This episode is
a must listen for anyone who is interested in understanding

(01:22):
the evolution and implications of digital identity. Ahmedsharma is founder
and CEO of Inclusive, a fintech firm and digital financial
services platform that uses blockchain technology, advanced analytics, and standards
based risk and compliance tools to advance financial inclusion. Omit
previously co founded Empowerment Capital, a strategic advisory and impact

(01:44):
investment company, and served in senior roles at the US
Department of Treasury, including the Office of Terrorism and Financial Intelligence.
We recently spoke about the concept of sovereign ownership of
identity and the integrity of personal data as a fundamental
human right. I wanted to just get started with your
take on this connection between identity management and national security.

(02:09):
I know it's something you've been thinking about for a
long time. Can you walk us through kind of your
own thought process on why identity management is such a
critical part of what you do, both in your work
at Conclusive, but also over the years as you've been
developing some really interesting approaches to how to improve compliance

(02:30):
in the financial services industry.

Speaker 3 (02:33):
Absolutely, I take myself back to the inception of tears
and financial intelligence at the US Treasury Department, where I
got my start, where we were developing tools right after
the awful events of September two thousand and one where
we realized the financial and commercial systems were exploited by
bad guys, and so all of the anti money laundering

(02:53):
financial crimes compliance obligations that we grew over that time
for regulated financial institutionsanks, trust companies, deposit institutions, payment services,
and then the expansive non bank sector. Right, and then
you fast forward, who does it apply to financial technology companies,
banking as a service, crowdfunding, institutional finance. At the crux
of what we were doing was really asking institutions that

(03:17):
were providing critical access to payment rails, business loans, lending,
and credit services to know who their customers were. So
at the crux of anti money longing and financial crimes compliances,
do you know your customer? At the crux of do
you know your customer is identity? Can I verify and
validate who Elaine is? Can I understand that the account
that she has belongs to her? Can I understand that

(03:39):
the payment that I'm conferring is for the purpose explicit
and is going to go to the account intended? These
are all identity questions. Now fast forward and I get
very passionate about this, largely because what gets a lot
of people passionate and the moment they have kids, the
whole world shifts. My children, at seventeen and ten years old,
do not know the world without the Internet, do not

(03:59):
know a world without social media. With engagements on a
digital device and a smartphone, I mean everything from how
they submit assignments in their classes, to how they coordinate
rides for their sporting events, to how they engage with
critical services across the community is increasingly week on week,
month on month, year on year digitally accessible. And are

(04:22):
we enabling the very critical protections of our digital selves
in an online world? Now? Now the two come together.
If we are trying to ensure that we know who
our customers are as a regulated financial service company bank
non bank alike, we have to understand what our identities
are in an increasingly digitally native world where I access

(04:44):
those services online, my digital identity now becomes SAFRICAINCT. And
we are now in a place where how we reveal
ourselves online and how we verify and validate ourselves online,
and how we share bona fide information of ourselves online
so that we can be paid payroll payment to thank
you for launch, Alaine, here's twenty bucks in your account

(05:06):
to digital asset services. All of these pieces require, at
the core, do I know who I am and who
I'm transacting with? And the digital representation of that now
becomes huge with the impacts of cross border internet economies
that no jurisdictional boundaries. Digital identity and the verification and

(05:28):
validation of oneself and the ability to track and trace
bad people and near to will's working to exploit that
is an identity problem at the core. That's why I'm passionate.

Speaker 1 (05:38):
Yeah, so I want to So what you've laid out
is fascinating, and we're going to dig into that in
a lot more detail. But I want to talk about
something that's happening real time, which is the implementation of
the real ID.

Speaker 4 (05:53):
Act, which, as you know, is based on legislation that
was passed in I think it was two thousand and
five based on the nine to eleven recommendations, because we
know that the.

Speaker 2 (06:09):
Hijackers of nine to eleven had many.

Speaker 1 (06:12):
Forms of false identification that they used to access airplanes
and corrupt our system and cause a massive amount of harm.

Speaker 2 (06:22):
But it's been literally twenty.

Speaker 1 (06:24):
Years actually a little bit longer than that since the
passage of that legislation, and in May the real ID requirements,
which standardized security features across all states.

Speaker 2 (06:40):
Will finally go into effect.

Speaker 1 (06:42):
With some exceptions, there's actually another two year implementation timeframe.
So at the same time that we have some really
advanced architecture and technology driving this converse around digital identity,
we're still struggling with the implementation of real ID, which

(07:06):
was based on a framework from a generation ago. So
how do we square this and can you talk a
little bit about the context of real ID and where
that leaves us right now in its implementation, but also
where we need to go in terms of a broader
digital identity management frame.

Speaker 3 (07:28):
So there's a couple of things to unpack there. As
relates to real ID, as relates to the security elements
in a post September two thousand and one context that
then spurred the legislation Visa VI a real ID that
came out in two thousand and five, and the ability
to better secure what effectively are paper based hard for ID.

(07:50):
Therein lies the first problem set right, is that real
ID as conceived of, was to ensure the appropriate, among
other things, the appropriate protections in your physical identity card
that was predominantly through a driver's license issued by a
state authority. So there are a whole host of challenges

(08:12):
to real ID that get into state versus federal authority.
And I'm not a constitutional law or federal and state lawyer,
but tracking those closely, but there are a number of
legitimate questions around state based authorities federal based authorities. That said,
the broader idea of ensuring that the document verification validation

(08:33):
process was not easily exploitable through fraudulent hard form ID
is really the underlying motivator for real ID in the
first place. And then you have to contend with both
technology capability mechanics as well as issuance of those identities
that ultimately are overseen by a federal program and executed

(08:55):
by the states. The underlying challenge with that is that
the world has evolved much faster in the digital context
than paper based forms of ID, and paper based forms
of ID are increasingly year on year being just that
much more obsolete in nature a because of the fraud
and exploitation elements associated with it. B. There are over

(09:16):
a billion people on the planet today that are that
are born without identity, without any form of identification, and
we here in the US, you know, win the postal
code lottery contest. We get this identity we get as
a security number or or a tax ID or equivalent.
We don't have those challenges. So how do you how
do you even address paper forms of ID to those

(09:37):
that are born without any form of identification at all.
And then finally, we have leapfrog by way of technology
in some of the most remote and emerging markets on
the on the planet. You have cell phone penetration rates
and smartphone penetration rates of ninety ninety five plus percent.
That wasn't the case ten years ago. So paper forms
of ID then have now translated to ID in other

(10:00):
forms of evolution and modernization that quite frankly are missing
the mark VISA via a digital economy. Now, how do
we think about this in the digital economy today? To
your point, we have architecture, we have technology that now
enables us to have identity in digital forms that and

(10:21):
this is the third and probably the most important piece
of this is owner controlled and right now across the world.
And certainly if we look at real ID, if we
look at the concept around security for real ID and
federal and state mandates. This is government saying we will
enable a specific trusted form of ID that then anointed intermediaries,

(10:42):
in this context, financial services companies, banks will then verify
and validate that you are legitimately who you are through
a paper form of ID that in and of itself
is antiquated. And in addition, you still don't own your ID.
The issuer of that credential if you will to get
a bank account is effectively saying, Elaine, I can verify

(11:06):
and validate that you are a person. And I can
verify and validate through know your customer and background, due
diligence and your SSN, check your SO security number, check
your O fact designation, are you on the O fact list?
Your email, yourself, your liveness, all these things that can
be fraudulently spoofed in some way. They are now the
effectively regulated party, the anointed intermediary that verifies and validates you,

(11:30):
and then they own and control that underlying data. So,
if we think about personal data rights as a human right,
which is the ethos that needs to change now in
a digital context, we have technology that not only enables
the ability to verify and validate you using a number
of non traditional ways of validation in a digital context.
But also we have to move back to the concept

(11:54):
of you Elaine owning your persona owning your identity, and
right now, legally, in many regulated industries like banking and finance,
you don't. It's owned by the financial services company. And
that is the ethos that needs to change alongside the
technological change.

Speaker 1 (12:12):
Okay, so if we're moving from a paper based process,
which means I present my birth certificate, I present my
Social Security card, I present my passport in order to
obtain another form of ID, how is a digital identification constructed?

Speaker 2 (12:31):
What does that look like?

Speaker 3 (12:32):
Yeah, so there's a number of different things that we
can do in that context. So digital representations can equally
be spoofed and fraudulently manipulated and the like. So then
the question is how do you create a proofing mechanism
that verifies and validates the bona fide underlying information and
ensuring prior to that that the underlying information is in

(12:54):
fact valid. And that's where the dependency comes on your
passport or your driver's license and the like. But now
in the digital context, we can create a credential a
code effectively that represents a number of underlying a testable
attributes about you. Your selfie and liveness, your biometric, your email,

(13:16):
your address, your SoC security number. These are all a
testable attributes that point to you, well, guess what else
we can do. We can utilize your social connections, you
can use your affiliations. All of these are additional proof
points that showcase that Elaine is Elaine. I can take omit,
social security number, David selfie, so and so's liveness, so

(13:38):
and so's email address, all real pieces, fuse them together
and create a synthetic ID. But if I now present
that to say, well, this synthetic ID Elaine was never
married to ohmit, why is that affiliation there? Right? I
can create all of other sorts of testable attributes that
form that underlying code or credential. And then thirdly, it's

(14:00):
the manner in which sharing, and this is where there's
still a lot of work to be done. How do
I take your credential and essential code and securely enable
the sharing of that to a third party verifier like
another bank, like a payments processor, like a card company, whomever.
To then say I can trust that the code that

(14:22):
came over to me is valid and the underlying bona
fide information is true. And this is where concepts like
zero knowledge proofs and other technological applications in the use
of credentialing and trust frameworks, and these are evolving over time,
and not any of them as a panacea. But this
is the evolution that's happening. But today we have technology

(14:43):
to verify and validate you in a digital context, create
effectively a credential that can be owned and user controlled,
enable that user to share that credential in a secure way,
and the ability to verify and validate that the underlying
information associated with that credential is up to date, true
and verified to the extent that it unlocks certain information.

(15:04):
So those are the core components as we think about it.
And like I said, these are evolving pieces visa of
the technology, but those are the core components.

Speaker 1 (15:12):
Okay, So I want to go back to this question
about the elements of digital identity. Who sets the standards
around that frame, who drives this architecture, and is this
coming from the private sector, is it coming from the
public sector.

Speaker 2 (15:32):
Somewhere in the middle. Can you explain a.

Speaker 1 (15:35):
Little bit of that to help people understand where we
are in this process of defining digital identity as a standard.

Speaker 3 (15:44):
Yeah. No, it's a great question, and those processes are
still being born out, and it's the combination of both
private sector innovations and engagements and governance standards alongside public sector.
If I've just back up half a second, we're talking
about effectively credentialing in the open web, right, And when

(16:08):
the Internet was founded, the idea was much more, let's
enable information to be both produced and consumable online. And
then Web two you know that was Web one be
able to sort of look at information, curated information in
a digital form. Web two is can I write that
information to the web for others to consume? And I'm

(16:30):
being very rudimentary about my description. Web three now gets
into the context of I can create infrastructure on the
web that others can be enabling their services. And this
is where digital identity credentials can sort of come. So
if I look at the open web, it was early days.
If we had to do it over again, we could
look at what are the responsibilities of content creators on

(16:52):
the web and then curators of that information and consumers
of that information In terms of the shareability of it,
and we did not create the appropriate guardrails at that
time when the when the Internet was really formed. Now
we're revisiting that and the whole idea of sovereign ownership
of identity has come because today now we have an

(17:15):
again annointed intermediaries. The facebooks and Googles and apples give
access to the Web. They charge you rent if you
want to if you want to sell an app on
the in the app store, you pay Apple to do that.
You pay Amazon to do things, you pay Google to
do things. But now in Web three and beyond, you
don't have to pay these intermedias. You can actually provide

(17:35):
actual infrastructure on the Web yourself and effectively enable a
broader peace. So we from an Internet governance perspective, we
are now finally having a conversation and arguably in the
last two to three years, around Internet governance around personal data.
So that's that's number one. Secondly, when we think about
this in the context of data interoperability cross borders, now

(17:57):
you get into national standards for data, data, privacy, data,
So the nest standards that you know, the Department of
Commerce and others are sort of really pushing forward plays
a central role. How do we think about data from
the standpoint of who owns it, who is obligated to
protect it? How do we ensure that personal data gets
back to the owner of that personal data. Right now,

(18:18):
we don't own our data online and it's bought and
sold by data brokers by others to exploit that information.
You don't get compensated for that. Imagine a world where
you can be the determiner of whether your data is
exploited for advertising other purposes and you get paid for it.
Right But that requires this ethos shift to personal ownership

(18:38):
of that data. So right now the jury is still out.
Data standardization, data information sharing, data at rest, and data
forgetfulness like to be able to erase data. Those pieces
are still not symbiotic cross borders. There are still in
some in some ways conflicting rules, but they are trying
to modernize and standardize those rules border and that's where

(19:01):
organizations like NIST, like Trust over IP, like the Sovereign
Identity folks like the web through ID coalition like Open
Identity Foundation are all working to help create both interoperability
but also standardization across the board. And that's not complete.

Speaker 1 (19:15):
Yet, Okay, So There are a lot of threads here,
and I want to get to the questions around compliance
and get back to some of the national security.

Speaker 2 (19:24):
Cases for this. But before we do, can you give
us a.

Speaker 1 (19:29):
Sense of what the future of digital identity looks like
in the next five to ten years. Let's say we're
moving ahead with architecture, with standardization, we find a good
balance around the public private engagement required to move forward
on this new framework. What does that look like ideally?

Speaker 2 (19:51):
And can one.

Speaker 1 (19:52):
Opt out of the digital Identity framework?

Speaker 3 (19:57):
Yeah, it's a good question. So the arching on this is,
as I would describe from that question, is the following
in an ideal context, and I do believe we can
get there. I think that the technological advancements are happening
at such a pace that we can get to an
ideal state. The question is going to be one of
political will and governance. Like most things are challenged by right.

(20:18):
So we have the ability to enable your full ownership
of your identity today technologically, that's that's capable in an
online context. The question is how do we take what
is already out in the online world and sort of
bring it back to you. That's going to be very,
very hard. But the technology for you to sort of
own your data is there. What do I see in

(20:40):
five issuears? I see a process where Ahmit is at
the center of his identity online and his permissioning of
that identity to various gatekeepers or intermediaries to unlock services.
I liken it too. I walk into a bar today
and they say, okay, I order a pint and they ask
me for I And look at how many forms of

(21:03):
information are coming through that form factor of that my
physical ID. They're getting my eye color, my height, where
I live, my address. They need none of that information.
They only need to verify and validate that I'm over
a certain age. They don't need my month of birth,
my day of birth, they just need that. What credentialing
can do in this regard in the digital context is

(21:25):
I can effectively use the equivalent of a QR code
and say, here, I can verify and validate that the
underlying bona fides of my driver's license are valid and
that I am over twenty one And that's the only
information you get. And I can then walk out of
there and be able to walk into to an airport
like I do today and be able to scan the

(21:46):
QR code of my ticket, because the ticket in the
wallet that belongs to me is associated with my identity
and is associated with amit's proof of personhood to be
able to sit on that plane. And when I get
off that plane, I can effectively permission to the car
rental agency to unlock, you know, a vehicle for my
access and guess what, I can then pay for that

(22:07):
because that same credential is tied to a bank account
or a card that enables payment to that rental car agency.
These kinds of things put the consumer, the user back
to the center. Right now. The intermediaries are at the center,
and then they ask for this information over and over
and over and over again. So I believe we can
get there in five years. I think we can get
to a place where the user is back at the

(22:28):
center of that identity. And now the question is one
of governance. What enables Who has access? Is it the
issuer of that identity? Is it the third party verifier
of that identity? Ultimately I'm the holder of that identity?
How do we do this? Also for business entities, These
are the online questions we're trying to tackle today.

Speaker 1 (22:46):
But when you say the tech is already available that
you can can you can get into this frame of
being able to own and manage your digital identity. Where
exactly does that reside? Is that in a financial services application?
Is it in Where is that right now?

Speaker 3 (23:03):
There are options on that right now, so and even
financial services is struggling with this today. Look, it wasn't
that long ago that financial regulators have said you don't
have to have in all contexts physical records backed up
of your client's data. I mean, think of the concentration
risk and the exploitation of on premises ownership of information,

(23:28):
holding of information. And we've seen data breaches across the board,
from credit rating agencies to the option of personnel management.
You know, the number of the millions of people at
top secret security clearances was disclosed, was act haackable was
sitting in honeypots. So the first piece is is decentralizing
that data storage, being able to cut up all of
that data and send it out across tens of thousands

(23:51):
of servers and computers, et cetera, so that the reassembly
is very very very difficult. That decentralization capability today, and
we can use distributed ledger technologies to be able to
enable that. The second is how do you verify how
do you enable the access to that information? And that's
what we really care about in a law enforcement and

(24:12):
regulatory context. Right if there's a bona fide investigation of
omit as part of a terras financing investigation, a drug case,
or what have you, I want to be able to say,
can I query omits transactions? Who does he pay, what
does he pay, et cetera. We can query that because
the credential can be also attached to transactions themselves. That

(24:33):
is what I mean by that technology exists. Now your
question is at proposed it's okay. Right now, Legally financial
services companies are legally obligated to either hold, if not control,
and have access at any given time to their underlying
client's data. Well, now they do that for again law
enforcement and regulatory oversight purposes. But imagine where you can

(24:55):
effectively do so without holding onto the personal identity information
of that client and the credential itself or the associated
codes that show that point back to those A test
of attributes, your accounts, your transaction data, your personal data
can then be queried and where that's where there's legal

(25:16):
and compliance obligation issues. If I'm a US entity regulated
by US authorities, or if I'm a foreign entity operating
in the US regulated by US authorities, there are certain rules.
If I am operating in Europe, I've got GDPR, et cetera.
But the right to forget. If I'm a financial services
company and I leave that financial services company in Europe,

(25:37):
that financial services company is obligated by law to hold
on to that data for a further five to seven
years for again law enforcement, your regulatory purposes. So there
continues to be sort of legal and regulatory friction in
terms of the data management process of this, and that's
what needs to be addressed from a governance perspective, where
the underlying technology is now giving US avenues for moving

(25:58):
this forward, but the etho still is challenging. Many in governments,
especially at the federal level, not just the US but
the world over still kind of cling onto pay per
forms of ID and we need to sort of graduate
from that.

Speaker 1 (26:12):
Yeah, So what opportunities then does this digitalization of identity present,
more specifically in terms of combating financial fraud illicit activities such.

Speaker 2 (26:23):
As money laundering.

Speaker 1 (26:24):
I mean, we can go through a laundry list, if
you will, of national security threats that are specifically related
to identity management and the challenges with that immigration. You know,
we've talked about this, you know, the challenge at the
southern border. The immigration challenge is really one of identity management,

(26:47):
and if we.

Speaker 2 (26:48):
Could solve for that in a more meaningful way.

Speaker 1 (26:51):
We would we would be in a very different place
on that conversation on immigration.

Speaker 2 (26:56):
So yeah, so let's talk about that.

Speaker 1 (27:01):
You know, how, how do we think about digital identity
as a game changer when it comes to addressing a
range of national security threats And are there opportunities for
governmental bodies, like let's say, the Financial Crimes Enforcement Network
at the Department of Treasury to encourage that innovation in

(27:21):
digital identity because it seems like there is, you know,
there's an alignment around the potential interest in this and
how it could fundamentally reshape of financial crime compliance and
dealing with these national security threats.

Speaker 3 (27:39):
Right, And I think that we are just on the
cusp of that intersection between financial crimes compliance, driving a
more inclusive economy, especially through digital means and an online economy,
and personal privacy. That intersection is just now happening. I
think that's new. Financial crimes compliance and obviously have intersected

(28:01):
quite a bit. Financial crimes compliance and inclusive economies have intersected.
All three are intersecting now, and I think it's I
believe it's because for the first time, folks are realizing
at regulate regulatory levels, policy making levels again, not just
here in the US, but all over the world. And
one can argue some of the emerging markets and other

(28:21):
places are a bit more advanced and they're thinking on
this and moving towards digitization. Is that because cell phone
and smartphone penetration rates and internet access is getting so
much more pervasive that the propensity of services that are
being engaged online. That's the great unlocked, that's awesome opportunity.

(28:42):
If I can put literally the equivalent of a bank
account in the pocket of someone in an emerging market
that's a small business and link them to a US
dollar denominated account, I would argue that that goes farther
from a national security proactive approach than simply sanctioning that
whole country because of nearer dwells in their government or
paristatles or others that all of a sudden block them

(29:05):
from the whole dollar economy. We have the ability to
extend the reach of the US dollar, the US capital markets,
the US banking system through digital means because we can
effectively give folks wallets and access to accounts that access
the US economy. That's awesome and I believe that as
a proactive national security toolkit that is under used, under exploited.

(29:26):
How do we do that securely secure forms of digital identity.
If a bank in the rural place of Kansas that has,
you know, a diaspora community in parts of Africa can
engage those African diaspora in bank accounts, in lending and
credit services and remittant services and the like, not only
does their commercial value increase revenues increase, but the extension

(29:50):
of US dollars and the US banking economy to those
markets increases as well. And that binds from a foreign
direct investment person spective, from a commercial perspective in ways
that are much more emphatic than simple cutoffs and punitive measures,
which has been to go to for the US government
since since nine to eleven. Yeah I number one.

Speaker 2 (30:11):
Yeah, thank you, thank you.

Speaker 1 (30:13):
So I just want to say this is such a
powerful example of this connectivity going from the traditional financial
system into a decentralized model that could help us solve
some of these questions around financial inclusion and solving for
a financial inclusion.

Speaker 2 (30:34):
Helps security in a number of ways.

Speaker 1 (30:38):
I mean, we we want to we want people to
be in a system that is safe and secure and
immutable and traceable when necessary. But it's complicated to get there.
So you know, I suppose we have to take this
step by step.

Speaker 2 (30:59):
Are there any examples of where you know, we can.

Speaker 1 (31:04):
See this, uh, this this sort of decentralized approach making
wallets available, maybe in some sort of pilot that could
help you know, illustrate how this works, and you know,
kind of getting a model, uh, you know out there
as a as a potential path forward.

Speaker 3 (31:24):
Absolutely, and there are pilots out there that need to
be scaled. I'll give you two quick examples. When during
the early years of COVID, a country like Venezuela that
had a number of sanctions on them from the United
States and elsewhere because of you know, previous regime influences
that were absolutely legitimate to be coorted off. There are

(31:45):
a number of doctors that couldn't get paid that were
providing COVID relief and assistance in country and using US
dollar back digital assets like us d C were able
to put people in wallets that could transact in US
d C securely to COVID clinic and healthcare practitioners in

(32:05):
an otherwise sanctioned country where it was very hard to
use traditional banking and payment mechanisms to get them paid.
When in the early days of the Russian invasion in
the Ukraine Holy Count two years ago plus right, it's
two and a half almost three years, it's amazing. Within
the first forty eight hours there was over ninety million

(32:26):
in digital asset assets that were contributed to wallets opened
by the government that much faster than foreign aid could
flow in there that were effectively leverageable for people outgoing
refugees that had no access. They couldn't go to an ATM,
they couldn't go to a bank, they couldn't act their
financial value. But we were able to with a consource

(32:47):
of others, securely put a KYC enabled credential into a
wallet that we can then fund US dollar backed digital
assets that they could transact peer to peer. That's very powerful.
So these are already happening. These use cases are already happening.
What we need to do better is market them, better,

(33:08):
scale them, better, work with more government institutions, relief agencies, organizations,
and law enforcement. The funny thing about a lot of
this technology within the context of distributed ledgers and blockchains
and the like, without getting into a lot of the jargon,
they're the same underlying technologies that make the ability to
create digital forms of value, tokenized forms of value, crypto

(33:32):
currencies and the like. And yet the industry, the crypto industry,
does itself no favors with a lot of the lack
of controls that you've seen in the fraud, leakage, waste
and the terra lunas and the fdx's of the world.
But the underlining technology is amazing. If you talk to
law enforcement irs, criminal investigators to FBI that are tracking

(33:53):
and tracing those criminals using digital assets, they love it
because they are working on immutable, traceable chains and they
can see where those transactions go. So imagine if we
took cash transactions and put them digitally in ways that
are trac and more and immutable. So these are massive
risk mitigants and massive aids in this What we have

(34:13):
to do is overcome the ethos in the same way
the open Internet in the in the first instances, we're seen,
as you know, going to be a huge space for
for nar to will activity and it's it's really unlocked
the massive economy. We're doing the same We're doing the
same thing now in the digital asset domain. So there
are already a number of examples of where wallets and

(34:35):
the extension of digital value and secure access through digital
identity credentialing is already in place. What we need to
do is scale them. We need to have pilots that
are meaningful from an institutional perspective, and we need more
governments on board.

Speaker 1 (34:50):
TRM offers leading blockchain intelligence for AML compliance at financial institutions,
crypto businesses, and regulatory organizations alike, with sanction support on
sixty five blockchains and coverage of more than seventy million
digital assets.

Speaker 2 (35:05):
In a recent.

Speaker 1 (35:06):
Customer survey, eighty five percent of users agree that TRM
accelerates their work, ninety two percent of users agree that
TRM provides actionable intelligence, and eighty three percent of users
agree that TRM has provided intelligence they would not otherwise have.
See for yourself why customers rave about TRM by requesting

(35:26):
a free trial or demo at TRM labs dot com.
We've now moved into a conversation around the blockchain and
distributed ledger and making that connectivity between digital identity and
this web three decentralized environment that you've you've laid out.

(35:47):
But the reality is that there's a lot of illsted
activity going on around digital assets and within these decentralized systems, and.

Speaker 2 (35:59):
This is a problem. So how do we get back
to this idea of.

Speaker 1 (36:05):
Traceability, immutability, auditability. You mentioned that law enforcement actually loves
the potential to track illicit activity within these decentralized environments,
But at the same time, we have so many emerging
threats around how our adversaries are using these systems to

(36:29):
evade sanctions. So you know what's missing here what needs
to be added in how do we need to start
changing our thinking or how does the government need to
be changing its approach to creating an environment that is
actually secure and does not present this opportunity for a

(36:53):
massive proliferation of illicit activity.

Speaker 3 (36:56):
Yeah, no, I think that's right. I think first of all,
we certainly do need to level set, contextualize the largesse
of illicit activity that is known to have been perpetrated
using digital assets. And if you look at a lot
of the blockchain analytics that have come on from TRM labs,
from ch Analysis and the like, it truly is in

(37:17):
the single digit percentages of total list activity utilizing digital assets.
Now it gets marketed pretty emphatically. There's an assumption out there,
certainly by regulators and policy makers and I'll just say
it by the sceptagenarians and octagenarians, that you still live
in that analog world where crypto is just cryptos for criminals, period.

(37:38):
And I've been in testimony in Congress where I've had
members of the House, members of the Senate say, Nope,
crypto's only for bat It's just categorically untrue. It's factually untrue.
And in fact, the highest form, the form factor that's
the highest laundered in the world is still the US
dollar cash period, and we're not getting rid of cash.
And so we need to contextualize our response to these

(38:01):
with the data, and the data just doesn't bear out
that digital assets categorically are the go to for criminals
among other things. Don't get me wrong. Nation states like
North Korea and others are utilizing these for laundering purposes.
Nation states like China are leveraging blockchain for building in
surveillance tokens and monitoring activity. These are very real threats,

(38:21):
without question, and that's where these underlying tools are there.
The second is that we need to also from a
regulatory and policy and enforcement perspective, understand that some of
these technologies are inherently risk mitigating. Not all tech is
risk enhancing. Some of these technologies are in fact risk mitigating,

(38:41):
and we've talked about a lot of that inherently in
the conversation around digital identity. The ability to secure my
own dentity, my own identity so that it is not
exploited online and I only permission that which I choose
for access to information has a massive positive consequence for
identity management and for exploitation by bad guys. So we

(39:03):
need to understand that that underlying technology is very helpful
not hurtful in that regard. If I can create forms
of transaction value payments, peer to peer, institutional payroll remittances,
supply chain trade finance that are traceable against the conference
of a good from point A to point B, from
an individual from point B to point A I can

(39:25):
create a smart contract that immediately moves that value on
from that payment on delivery what we call delivery versus
payment right, and that can be instantaneous, and that I
don't need intermediaries either rent seeking, taking cuts, exploiting a
corruption through governments where I'm paying as I go. You
can actually create inherent transparency of the transaction against the

(39:49):
counterparts and the goods and services associated for immediate settlement.
That is a functional upgrade of the economic and financial
system that has been since the sixties not have that
functional upgrade, and now we can do that. And so
these are the things that we need to say. I
would argue that the vast majority of the challenges in

(40:11):
addressing and listed activity leveraging these technologies are more because
of the skepticism of the underlying technology doing what it
can do, because of the exploitation that we've seen with
FTX and other snake oil salesman out there exploiting the system,
and that is bad and wrong. But I do think
that the underlying characteristics of digital assets associated with them mutability, transparency,

(40:34):
permission ability, and the like are inherently massive step function
upgrades of the US economic and financial system. And arguably
the international financial system. We no longer have to talk
about this institutionally and trying to figure out ways to
create a better system for the Wells, Fargos and the
city banks and the Deutsche's and the bnps. We can
talk about this in the context of seven and a

(40:56):
half billion people literally connecting peer to peer the power,
and we can do it in a way that creates
an immutable transaction ledger that anyone can see at any
given time without disclosing the private information.

Speaker 1 (41:09):
And what is the role of the traditional financial services
community in this transition that you've laid out?

Speaker 3 (41:18):
You know, it's such an important question, and I'm an
equal opportunity antagonizers as you probably know. Look, there are
staid interests for banks, core banks and others that make
a lot of money being the anointed intermediary. And when
you start democratizing finance in ways that there's no one

(41:38):
or no institution, just a simple application or lines of
code separating a transaction between AMIT and the lane banks,
go wait a second, am I going to make that money?
Let's be very clear in the first iterations of using
XRP in the institutional case with top tier tier one institutions.

(42:00):
The banks didn't want to open this up. They didn't
want to open this up because they get money on
the float. They get money by creating a disconnect between
processing and settlement times, right, And now you're saying instant settlement,
where instant settlement takes away that fee, there's an economic
interest for many of the larger institutions to not let

(42:21):
this go to scale. Now here's what's interesting. We just
had a meeting around creating trust frameworks for combating fraud
for in financial services in the life, and it was
the tier three, Tier four institution saying, look, I'm a
small community bank and I've got a massive diaspora community
that i want to engage in, and I don't have
two hundred bank secrecy officers and compliance team, and I

(42:41):
don't have a fifty million dollar tech BUZT. I need
to work into consortia. So interestingly, maybe ironically, your credit unions,
your community banks love this tech because they want to
enable more access to more communities, more clients, more jurisdictions,
more products, and they need to be able to do
it in fully digitized ways, and they want to do
it where they have the regulators going Yep, they're doing

(43:03):
the right thing. And often it's the large, larger institutions
or others saying, hey, don't do it that way. We've
never done it that way. Use our big institutions as
you're clearing and settlement institution as your correspondent bank institution,
because there's a massive economic interest for them to do so,
and they create very deep regulatory modes, so that entrance
into this space are you know, have to spend millions

(43:25):
and millions and millions of dollars of just getting into
the space and the technology I mean with a general
ledger system, a user interface, some basic application to create
to find out your personal data and diligence it, and
some kind of engagement with an official payment rail, your bank,
your bank, if you have those four components, your bank period.

Speaker 1 (43:48):
Yeah, So that's a great segue into the next question
I'd like to throw at you, which is recently, the
Consumer Financial Protection Bureau issued a final rule rule number
ten thirty three, which was promulgated under the dot frank
at regarding how banks must provide customer information to non
financial institutions. And this rule is related to open banking.

(44:14):
But some things are concerned that it may be poorly designed.
Is there is there a role for digital identity and
bridging this transition between financial institutions and fintech providers or
is this also potential liability or potential risk associated with
data theft?

Speaker 2 (44:33):
What do you think about this?

Speaker 3 (44:35):
I'm I'm really glad you asked this question. I think
ten thirty three is a great unlock. Is it perfect? No?
You know it? Can it be streamlined and better? Can
it be? Could there be some additional you know, inherent
security obligations built in? Are there certain things around bank
versus non bank activity that needs to be addressed? Without question?

(44:56):
But at the crux, at the crux, and remember we
we I worked with the CFPV early on in their
notice for a proposed rulemaking around WEAF inclusive. Yeah, noo,
WEEF inclusive and a number of institutions that we're working
within the context of Web three ID and open identity
and the like sort of went to the CFPV and said, look,

(45:17):
consider the use of Web three enabled or decentralized identity
and verifiable credentials. Look at this technology because what it
does is the very intent that you want in open banking.
The ability for Elaine or amit to say I've been
banking at bank at institution A, I can port to
bait to institution B. But the challenges that have been inherent,

(45:40):
even though that's been on the books for a while,
certainly in the EU et cetera for some time, the
challenge has been Institution B still needs to fully KYICU,
which means then I have to redisclose all of this information.
What the CFPB did with ten thirty three, among other things,
is to say you elaine own your personal and financial data.
Off you have that right, you should be able to

(46:02):
take that and be able to port that. So if
I want to app up, you know, engage a fintech
application or a non bank financial service, I should be
able to enable that because I own that data. I
think it's a great unlock because precisely the use of
decentralized identifiers and digital identities really help unlock that and
enable technologically what ten thirty three is trying to do

(46:24):
with open banking. So if I want to go from
Institution A to Institution B, I can do that because
I own my personal and financial data, and if I
can wrap that into a credential that's sharable securely. Not
only do I own it, because I can port for
open banking, I can do a lot of other things.
I can attach those credentials for transaction tracking. I can

(46:45):
you know, radically reduce fraud in that context because identity theft.
You know, I'm not going to say it goes away,
But when I have to do a quick peer to
peer transaction from Wali data to wallet B or account
dat account B, I could do an instantaneous verification. Those
are huge travel rule compliance bank to bank to bank transfers.
I no longer have to disclose the personal and account

(47:05):
data of these individuals. I can just provide the credential.
So this form of digital identity plays a central role,
and I believe unlocking what ten thirty three's promise is.
Can it be refined? Can there be a certain data
protections that are refined. Can there be certain protections for
bank versus non banks? Absolutely? But I was a fan
of seeing it come to play because I think it's

(47:27):
a step in the right direction on a net net basis.

Speaker 1 (47:30):
So two questions, what stuffs should we be taking then
to ensure that new compliance regulations don't stifle innovation, particularly
in defy and Web three environment, and what's your sense
as to how the compliance function will evolve within traditional

(47:52):
financial services providers?

Speaker 2 (47:54):
What does that look like in five years?

Speaker 3 (47:57):
Yeah? Absolutely, So, just to take it kind of quickly
in reverse, I think getting back to the very first statement,
all financial crimes compliance, anti money laundering, know your customer,
et cetera, et cetera come down to that single do
you know your counterpart? Do you know your customer? And
that the core of do you know your customer is

(48:17):
can you verify and validate the identity? And in an online,
a digitally native context, digital forms of identity not plays
central role. So that's the first answer to that second question,
which is I believe that we are moving toward and
we should be moving toward a space where the use
of secure digitally enabled identities, tokenized forms of identity, decentralized identifiers,

(48:40):
verifible credentials and the like are at the core of
anti money launchering and financial crimes compliance because you can
associate it with transactions services products and it actually enables
KYC adherence ongoing monitoring adherence in a much more automated way. Right.
And then we can apply machine learning to advanced analytics

(49:01):
tools for transaction analysis, for behavioral analysis to understand suspicion,
suspicious transactions and activity and the like, both for identifying
illicit activity and importantly identifying ways to proactively serve your client.
If I can put them in a small dollar loan

(49:21):
because I know their expenses over the course of time,
visa be their business, then I can put them in
products and services that better enabled them. These are all
things that I think identity can be at the core.
So that's the second so to your question, I believe
that's the place we move from a compliance modernization perspective. Now.
The reason I answered that first is because the first
part of your question is that what can government and

(49:43):
what can the private sector? Do we have through things
like ten thirty three advanced some of these pieces On
the regulatory side, there are provisions for KYC pass boarding
and reusability within the context of both the Stable Cooin Act,
which is pending which passed the House last year and
is now pending for for for the Senate. In this
in this new Congress, there's gonna be some reformations there.

Speaker 1 (50:05):
There are a couple just can we just stuff on
that we can just explain for folks what the stable
Coin Act is.

Speaker 3 (50:11):
The stable Coin Act is specific to UH dollar backed
UH you know, digital assets UH vis a form of
cryptocurrency that is a payment payment product. That that basically
the stable Coin Act is saying who could be the
authorized issuers of stable coins and then who can and
how can they be transacted as a payment instrument in

(50:34):
that regard, And there's a number of forms of digital
forms of value. That's why I just want to point
so like cryptocurrencies on the whole slew of forms UH,
these are specific to to backed stable coins and in
this particular case US dollar back stable coins, of which
the vast majority of stable coins issued in the in
the world are actually US dollar backed, but you could
have gold backed, other asset backed tokens and forms of value.

(50:58):
So that that was refined BECAU because folks thought rightly
that we could advance legislation and enablement in the use
of stable coins as we think about the full regulatory
footprint for digital assets more broadly, which has security implications
CFDC implications, payments implications in the life. So there are
KYC passport provisions being thought through in this regard. Folks

(51:21):
like french Hill who are coming into leadership at the
House Financial Services Committee. Folks like Foster, who is very
very seized of issues around digital identity, are now coming
to the fore. And even so you've got both Republicans
and Democrats, those that are very conservative from a security
perspective as well as progressive they care about consumer protection
and privacy are now coming to a place where digital

(51:44):
identity can be a non partisan issue. The ability for
you to own your identity and be able to permission
that for finch services in the life means that exploitation
by institutions can go down. That's a huge value add
to progressives and consumer protection advocates and national security implications
where tracking and traceability, national security in anti money laundering
and financial crimes compliance are also equal met. So I

(52:07):
think there's a great convergence around digital identity to add
to both the anti money laundering conversation as well as
the digital asset and regulatory conversation. So I think I
think the iron is hot in that regard. And I
will just say, look, the incoming administration political ethics and
philosophies aside have certainly claimed that they're going to be
very regulatory friendly to the digital asset community, we'll see

(52:29):
clock's ticket. You know, I'm very hopeful if that's the case.
I'm very hopeful that if there's an unlock and a
and this is a technology purportedly technology forward administration coming
in that's true, we need to start looking at those
technologies in ways that address these risks. So the final
thing I will say is that the private sector plays
a very very important role in showcasing not just proof

(52:53):
of concepts, but scalable applications, in particular by traditional financial
services companies, your banks, your non banks that are regulated
in the fin services side, outside of mainstream crypto, if
you will, but traditional banks adopting these technologies, testing these technologies,

(53:14):
showcasing how you can pourt identity from one to the
second for open banking purposes, for peer to peer payments purposes,
for anti fraud purposes. Those go a long way to
showcase how that underlying technology and the use of digital
identities plays a direct role that ideally then gets codified
in legislation. So I don't believe zero regulation is right

(53:36):
by any means. So a regulatory favorable environment should mean
smart regulation, not no regulation. There's a reason we have
seat belts and cars and it's not because Ford and
GM and everyone wanted them. They were categorically opposed to them.
Seat belts goes in cars, death rates plummet. There's a
reason for it, and this is all good for humanity.

(53:57):
And guess what, we sell more cars than we ever have,
So you know, there's a commercially applicable way to do this,
but both the private sector and the government have to
take a concerted kind of private public partnership approach to this.

Speaker 2 (54:10):
Yeah.

Speaker 1 (54:11):
So we've touched on the federal engagement, the role of
federal regulations, but it strikes me that the role of
the state in this digital identity DeFi world that we've
been talking about.

Speaker 2 (54:24):
Looks much reduced. What is the role of the states
as we go forward?

Speaker 3 (54:30):
They will still play a pretty massive role. I mean
the United States, you know, at its inception with respect
to federalism versus state and control and operations by our
founding fathers certainly created a very interesting framework for US today.
And the reason why I believe that the states will
continue to play a role because remember the vast majority

(54:52):
of your non bank fin services around money transmitters and
money service businesses are still still regulated at the state level, right,
And you still have state level departments of financial services
authorities that regulate financial services among a number of other
sectors in their states. So we have to contend with those,
and they're not always copasetic, right. And you have very

(55:13):
forward leading states Wyoming, Arizona, Utah, a couple of others
that are that are very, very very forward leading around
digital assets New York. New York has taken a very
proactive and very innovative stance at the Department of Financial Services.
Hats off to Adrian Harris and her team to really
sort of to to to put and be proactive in
working with the sector for creating a set of of

(55:37):
governance principles as well as laws and regulatory requirements for
digital asset services. So the states aren't going away that way.
I'm hopeful that the states come to a cohesive space
where there's consistency, consistency between federally mandated regulations, especially with

(55:58):
those institutions that are regulated equally by the states and
not the over regulation, in my mind, is equal parts,
not just obligations that have perpetuated over time, but the
multiple regulators. That's really hard in a federated regulatory environment.
Where investment banks and others have five regulators, and commercial

(56:19):
banks have up to three regulators, and non bankin services
like money service businesses had fifty plus regulators. If they're
going to operate in all fifty states, that's a burden.
That kind of consistency and clarity through a consolidation of
processes would go a long way. And that's where I
think efficiency can be had, and then the application of
some of these technologies to get right back to the

(56:40):
very first question you were asking around real ID that
was a federal mandate to consolidate and create consistency as
it relates to the security elements associated with your identity card,
if you will, among other things. Okay, that has a
core good intent. How do we ensure consistency of application
approach at the state level where governance, technology and applications

(57:03):
are going to differ. So I don't think the state
issues are going to go away, but we do need
to address them from a efficiency perspective.

Speaker 2 (57:09):
Great, excellent, well amit. Thank you.

Speaker 1 (57:12):
We've covered a lot of terrain here. Thanks for helping
us work through some pretty complicated concepts and ideas. As
we look back on twenty years since the passage of
real ID. I think we're all hoping that it won't
take another generation for us to figure out what the
next phase of identity management needs to look like.

Speaker 2 (57:32):
So thanks again for joining us now.

Speaker 3 (57:35):
I appreciate that, and I really appreciate your dedication of
the topic. I'm hopeful that what we talked about really
reemphasizes the critical nature of the why now, but also
in the context of the core national security, whether it's
financial system integrity and or exportation of US principles all
the way to combating bad guys in a digitally native world,
identity is core to that, and that's why it needs

(57:57):
to services national security. The final two seconds I will
put here is that and this may sound cheesy, but
I truly tremendously believe this, especially given the first comment
of like my kids, one's identity online is also how
we understand one's dignity. And if you have an identity,
you care about your identity and how it's not only showcased,

(58:21):
how it's used, where it's verified and validated, and what
access channels you give. So the ability to provide digital
forms of identity that are owned by the holder is
a huge movement toward enabling and reinforcing one's dignity. And
whether you're an individual or a small business, a woman, entrepreneur,

(58:44):
an immigrant, that is central. And so identity plays central
to not just the core tactical applications of national security
and access, but really get down to the heart of dignity.
And that's why I feel passionate about this.

Speaker 1 (58:58):
A digital identity infrastructure has the potential to put the
customer at the center of a user based system that
will help individuals retain their personal data and reduce the
risk of fraud, identity theft, and account takeover. And while
implementing federal standards for driver's licenses has taken a generation,
the adoption of digital identity measures will move much more quickly.

(59:21):
The growth of the web economy and web based models
for decentralized financial services will drive this innovation. Thanks to
Ahmed Sharma for his great insights on the evolution of
digital identity and why identity management continues to be a
core element of a national security framework. I'm Elaine Dozinski,
and this is coercive capital

Speaker 2 (59:42):
On the illicit edge network
Advertise With Us

Popular Podcasts

Stuff You Should Know

Stuff You Should Know

If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.

Dateline NBC

Dateline NBC

Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com

The Breakfast Club

The Breakfast Club

The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy, Jess Hilarious, And Charlamagne Tha God!

Music, radio and podcasts, all free. Listen online or download the iHeart App.

Connect

Explore

iHeart

Live Radio

Podcasts

Artist Radio

Exclusives

News

Features

Events

Contests

Photos

Information

About

Advertise

Blog

Brand Guidelines

Contest Guidelines

Subscription Offers

Jobs

Get the App

Automotive

Home

Mobile

Wearables

© 2025 iHeartMedia, Inc.