The UK government’s push for a digital identity system has sparked a predictable split: tech optimists see streamlined services and reduced fraud, while privacy advocates envision an Orwellian surveillance state. But beyond the usual battle lines lies a more nuanced question that businesses can’t afford to ignore—when digital ID becomes standard infrastructure, will organisations be ready to capitalise on it, or will they be scrambling to untangle the regulatory knots?
The UK Government has outlined several benefits for digital ID cardholders. Citizens would gain streamlined access to public services such as council, taxation, and healthcare by having a single form of identification on their phone. Digital ID would increase efficiency by enabling instant identity verification, removing the need to wait for manual checks and paperwork.
The technology would also reduce wait times significantly, verifying identity in seconds rather than the days or weeks currently required for processing.
One of the biggest challenges so far in the ID debate has been the belief from companies that more guidance is needed from the government for using digital ID’s within an AML framework – an opinion voiced clearly by Max Worrall, UK GTM Manager at Cascade.
Worrall remarked, “One of the key areas the UK needs government guidance on is how digital IDs can be used in the broader sense for prevention of money laundering and how regulated firms for example a bank, payment service provider, asset manager, legal or crypto may access and use the service.”
Back in July, the Treasury published its ‘Improving the effectiveness of the Money Laundering Regulations’ consultation response. In Worrall’s words, it outlined that along with the DSIT, they will jointly produce guidance on using digital identities for MLRs identity verification checks. It will also likely feed into preparation for the 2028 FATF’s upcoming assessment of the UK’s AML/CTF regime.
How might the UK’s digital ID cut compliance costs via faster KYC and anti-fraud tools? Here, again, Worrall detailed that guidance is still being waited on from the government in terms of how commercial businesses may be permitted to use digital identities – and it is likely, Worrall claims, that this will spur a legal industry consultation and perhaps legal clarifications.
“The government has avoided making specific commitments just yet,” said Worrall. “There will need to be a lot of real-world and scenario testing of digital IDs before the commercial world looks to begin the journey of adoption as part of a KYC process. We need to see the fully developed version of the platform before the process of adoption can begin. Currently we do not know the cost implications of using such government service, its reliability of benefits over and above commercial KYC anti-fraud tools or the stance on liabilities.”
Despite this, Worrall explained that regulated firms will still need robust technology that can predict and identify suspicious activity or changes within client behaviour such as that found in transaction monitoring platforms both for cross border payments and crypto settlements.
“Other key advances in technology identify devices and geolocational risk; these topics sit outside the scope of the government proposed digital identity and will mean that regtech firms continue to play a key role in the battle to combat financial crime,” said Worrall.
Worrall gave the example of Estonia, where commercial businesses such as banks leverage the national E-ID in order to allow citizens to access its commercial services.
He said, “It is claimed that by using the system each citizen saves around 5 days of team time each year. The system has become an integral part of daily life and has become a pillar within the ecosystem of technology firms use to combat fraud.”
In what ways will the UK’s digital ID boost verification speed and fraud detection? Here, Worrall stressed it has been widely reporting by the government that the introduction of digitial identities will help prevent illegal employment.
He said, “The penalties for employing illegal workers are high; they included a 5 year jail term and a fine of up to £60,000 per illegal worker. It is therefore reasonable to say that reputable employers would welcome the introduction of digital identities as part of their hiring due diligence particularly industries with a high number of migrant employees for example healthcare and hospitality.
“The high degree of confidence employers would have from a successful digital ID verification would theoretically remove the reliance on a human reviewing paper documentation and physical ID’s, some of which may be high quality fakes illegally obtained from the dark web of traffic gangs,” he remarked.
In addition, the other key areas of fraud detection include targeting benefit claims where an identity may have been stolen or to cipher payments intended to support the most vulnerable in society with medical conditions.
“In one such case, the DWP commented that a claimants identity and address had been used by another person to claim universal credit and attendance allowance. Such types of fraud are costing the tax payers millions each year,” said Worrall.
Worrall stressed that legislative steps are already being taken, with a number of legislative items passed this year to provide legal footing to enable to digital ID rollout. This includes the Data (Use and Access) Act 2025, which provides in Worrall’s words a ‘foundation of legal credibility’ for digital IDs in areas like accountability and management.
Other areas include the creation of the Office for Digital Identities and Attributes, which can regulate and supervise digital verification services, as well as the digital identity and attributes trust framework, which introduces digital ID wallets 2025, which permits the sharing and storage of credentials. The final area is authorised corporate service provider, which ensures ACSP’s must comply with the standards required to verify someone’s identity using the Companies House.
Ryan Swann, founder of RegTech firm RiskSmart, also believes that the BritCard is a big opportunity.
He explained, “You can check someone’s identity once and re‑use it safely, so sign‑ups are quicker, checks are cleaner, and fraud is harder. Keep people’s data to a minimum, use approved providers, record consent, and share only what’s needed. Then you can watch how the government’s scheme evolves and tie in with Companies House checks so you don’t repeat work.”
Coming out of malaise
South African RegTech firm RelyComply outlined that the BritCard proposed is currently in a malaise, being caught between supplying an innovative take on IDV whilst causing a range of public backlash concerning data privacy, financial inclusion, restricted access and governmental transparency.
The firm added, “However, with further evidence of the plan’s rules around control, it could introduce a seismic shift in line with its sole functions: to prove identities mapped to governmental documents for legal living and working requirements checks, and to become a trustworthy mobile-first way to prove biometric authorisations across a range of private and public services, in the same way as the NHS app and acting like a European ID card or passport.”
The UK government has already noted how advanced encryption and authentication is being used to protect millions of daily digital transactions, as opposed to physical documents. RelyComply outlined the UK’s collated data can superpower the KYC capabilities for businesses – once it has been made very clear how and where such intelligence will be safely stored – as well as interoperability across various providers and regions.
“This will be particularly prevalent in the financial services industry, acting as fertile ground for cross-border suspicious payment activity where sanctioned or blacklisted peoples can be digitally verified at the onboarding stage. With digitalisation enabled as a standard for IDV, the appetite (and, in some cases, legal requirements) for instant biometric checks can be beneficial for businesses and consumers,” said RelyComply.
In addition, cleared entities can start transacting or dealing straight away, taking seconds to open accounts with their stored details and saving the companies’ time and resources on investigations, said the RegTech.
The firm added, “The speed and accuracy with which IDV can detect any fraudulent activity should, in practice, increase, save only for the Digital ID scheme being embraced by nationals. Confidence around the adoption of IDV through tech is rocky enough; making it a mandatory widespread compliance function has to jump through cultural hurdles (trust, integrity, and openness) and educate the idea that these developments are intended for good, such as halting illicit behaviours and increasing the operational arms of those fighting financial crime.”
RelyComply finished by stating that luckily, in the past year, frameworks such as the Data (Use and Access) Act may bolster this public trust that is required to ensure the Digital ID plans can lift off the ground in the first place – and move from scrutinised grey-area to key anti-fraud future tool.
Copyright © 2018 RegTech Analyst
