How to facilitate and secure supplier onboarding (KYS) with the identity wallet?

‍In2023, nearly 37% of French companies were targeted by fake supplier fraud, according to a Trustpair study.

With 64% of companies having already suffered at least one fraud attempt in 2023, the observation is simple: the phenomenon is steadily intensifying. Fraudsters are using increasingly sophisticated techniques, thanks in particular to AI, leading to heavy financial consequences and disrupting the entire supply chain.

The stakes are many: avoiding supplier payments to usurpers, protecting the company's information system, anticipating and guarding against attacks, and maintaining the confidence of all stakeholders (customers, partners and suppliers). A company is not limited to its internal network of employees; the consequences of such a threat can impact the entire extended enterprise: partners, customers, subcontractors and, of course, suppliers.

Faced with the growing sophistication of fraud and identity theft techniques, new solutions are emerging, such as AI, or in particular the European identity wallet, which is establishing itself as a sustainable response for companies in all sectors.

I - Challenges and opportunities of the identity wallet in a KYS context

KYS (Know Your Supplier) refers to the process by which a company gathers information on its potential or existing suppliers (identity, business practices, financial reliability...) and any other relevant element to assess the risks associated with the business relationship.

Today, it is framed by the Sapin II Act of 2016 and the Duty of Vigilance Act of 2017: two laws aimed at improving the management of risks of corruption, fraud and corporate social responsibility (CSR).

Challenges associated with KYS: supplier onboarding

The Know Your Supplier process presents a number of challenges that companies need to overcome to ensure reliable, compliant supplier relationships.

  1. Need to verify the identity of interlocutors during business-to-business exchanges.
  2. Gathering and managing documentation: verifying the identity of companies, their officers and directors involves processing numerous documents, making the process complex and time-consuming.
  3. Processing times: delays in retrieving and verifying information from suppliers can be lengthy, delaying validation and impacting operations.
  4. Regular updates: throughout the supplier's lifecycle, frequent updates are necessary to maintain accurate information.
  5. Legal compliance: companies have to comply with increasingly stringent legislation on supplier auditing.
  6. Simplified onboarding: the supplier entry process must be fast and reliable, so as not to discourage potential partners, while guaranteeing exhaustive verification.

These issues call for a strategic approach and the use of technological solutions to ensure simple, secure management of supplier relations.

Existing solutions for supplier verification

Numerous solutions exist today to help companies with their KYS processes, while complying with current legislation. In particular, they facilitate the verification of supplier documents and information to limit fraud. Advanced techniques such asartificial intelligence help to reduce fraud without eliminating it. They offer a first level of security.

These solutions don't particularly address the security issues associated with simplifying onboarding processes: the documents required for verification are often single-use. It is also becoming increasingly easy to copy a document perfectly. This is where AI sometimes finds its limits: the difficulty lies less in analyzing the document itself, and more in being certain of its authenticity and source.

Faced with some of these constraints, the identity wallet for individuals and companies has emerged and is gradually making its mark on the verification market.

Identity wallet providers, such as Archipels, stand out by securing and streamlining the exchange of digital data between companies and individuals, thanks to a decentralized solution enabling identity verification and attestation. In this way, they optimize identity management and business transactions, while complying with the strict standards of European regulations such as eIDAS 2.0.

Rise of the wallet and eIDAS 2.0 regulations

In the spring of 2024, the new eIDAS 2.0 regulationregulation, establishing a single framework for digital identity in Europe, with the introduction of the European wallet (EUDI wallet). Its aim is to enable secure and reliable electronic identification and authentication of individuals and legal entities throughout Europe. European citizens will thus be able to prove their identity, and request and present certificates such as proof of address, diplomas or IBANs.

Businesses, for their part, are very interested in the wallet, as it will make it much easier to enter into relationships in general, such as customer or supplier onboarding. They will be able to interact with the wallets of individuals or companies to verify or issue certificates.

So it's not just a tool for proving identity, but rather a truly secure solution for facilitating exchanges between stakeholders, underlining the undeniable synergy between the digital identities of individuals and companies.

It is therefore important to emphasize that eIDAS 2.0 and the wallet offer new opportunities for all companies wishing to secure their KYS processes and limit fraud. For example, if a company wishes to verify the identity of its suppliers, it will be able to request the presentation of the Kbis, which will have been issued by an authentic source, such as Infogreffe.

II - Advantages and benefits of the identity wallet for optimal KYS management

The digital identity wallet is an innovative solution for streamlining and securing the exchange of identity information between individuals and companies. In the context of the KYS process, it is the solution of choice, making it easier to verify the authenticity of suppliers.

Automatic checks and updating of supplier data

Automated exchanges, workflows and checks

Traditionally, Know Your Supplier involves the collection and validation of various documents, to ensure the identity and legitimacy of the various stakeholders (companies, representatives, managers, etc.). Thanks to the identity wallet for legal entities, a company can create its own personalized workflow to define the certificates it wishes to receive, and connect its various business tools to it. In this way, the process of requesting and verifying attestations is automated.

For example, Archipels Business already enables the presentation of attestations required for a supplier process, such as the Kbis, the list of beneficial owners and the IBAN. In the near future, numerous other attestations will be available, such asCredential de vigilance, de régularité fiscale (liasse fiscale), or the Liste Nominative Travailleurs Etrangers (LNTE).

Risk management and supplier lifecycle

The identity wallet manages the risks associated with your suppliers' identity, throughout the entire life cycle of the business relationship. The advantage of certificates is that they can be reused over time. If you need to update certain information, you can schedule the presentation of one or more certificates at defined intervals: for example, you can ask your suppliers to present theirCredential Kbis every 6 months.

Digital security & trust

The primary aim of the KYS process for a company is to ensure the identity and credibility of its suppliers.

As mentioned earlier, one of the wallet's major assets is the enhanced security it provides through the verification of supplier information. Where traditionally, the KYS process relies on manual or even AI-based verification of inauthentic documents, companies can now verify the identity of their suppliers quickly, automatically and securely. And best of all, the digital documents presented come from authentic sources and are therefore official. The digital identity of suppliers is therefore verified at every exchange, reducing the risk of identity theft and fake supplier fraud throughout the supplier lifecycle.

Rather than relying on potentially false information, or going through manual or AI verification, which is often costly and perfectible, the wallet ensures the veracity of digital data. This is illustrated by the triangle of trust:

  1. Trusted third parties act as issuers of forgery-proof certificates. For example, a Credential company identification document must be issued by the country's trade register (Kbis extract in France).
  2. As verifiers of these attestations, companies are guaranteed that the data has not been corrupted, as it comes from authentic sources.
  3. For their part, suppliers who hold these certificates can reuse them as they see fit with other companies.
KYS process and identity wallet
Illustration of the KYS process with the identity wallet (simplified diagram without the trust register)

Some players are offering a decentralized identity wallet on blockchain to enhance the transparency, security and privacy of identity data and information. Unlike centralized systems, where a single point of failure can be a target for cyberattacks, data stored in a decentralized way is distributed over a network of nodes. This considerably reduces the risk of hacking and information corruption. It also means that no single entity (state, company, etc.) has access to the information.

Accelerated compliance

When a company wishes to enter into a business relationship with a supplier, it must first investigate according to the principle of due diligence on its potential supplier. This investigation can be cumbersome and time-consuming, as it has to take into account the numerous regulations and laws in force, depending on the country or sector of activity, for example:

  • Anti-money laundering, combating the financing of terrorism (ALM)
  • Protection of personal data (RGPD)
  • Laws on the employment of foreign workers
  • Ethical standards covering aspects such as the prohibition of child labor, forced labor and discrimination

The aim is to obtain a complete assessment of the risks associated with suppliers, with regular audits and inspections to ensure compliance. In general, due diligence on a supplier can take from a few days to several weeks. For a small company with simple operations, the investigation could be completed in a week or less. For larger companies or more complex situations, the process could extend over 2 to 4 weeks, or even longer.

This analysis of suppliers is made much simpler thanks to the automated production of qualified certificates, including information previously verified by trusted service providers: Credential de vigilance, Credential de régularité fiscale, Liste Nominative des Travailleurs Etrangers, justificatif d'immatriculation...

This automation enables significant savings to be made by reducing resource requirements for manual checks.

III - Limits of the identity wallet

Availability of certificates

The origin of the reliability of the components of the triangle of trust lies in the first link: the issuer. To obtain reliable data, the wallet needs to be issued by trusted players, otherwise known as authentic, unforgeable sources.

So, for a decentralized identity wallet player, the deployment of available certificates is a gradual process, requiring partnerships with each trusted player. For example, Archipels is proud to have Infogreffe as its trusted partner for the Kbis extract in France.

Collaboration between issuers and wallet developers is therefore essential to gradually build up the library of certificates available to businesses.

Technology adoption & change management

Introducing the identity wallet into the KYS process can indeed become a challenge in terms of technological adoption and change management. Companies and suppliers may be reluctant to abandon their existing business processes, even if they are less efficient and ultimately often more complex. Familiarity with old methods can create resistance to adopting a new tool.

Paradoxically, the technology used by the decentralized identity wallet is quite complex for enhanced security, but its use and application within a company are simple.

IV - Use case: KYS supplier process with Archipels Business wallet

As part of the new eIDAS 2.0 regulations, and in order to achieve the most reliable, useful and secure European wallet, four large-scale pilots have been undertaken. Archipels is one of the companies contributing to these projects, testing the use of the wallet in the KYS process as part of the EWC.

Here is an example of a typical customer-supplier exchange with Archipels Business :

TechInno SA is looking to establish a partnership with a new supplier, InnoServ.

  1. TechInno SA had already created its KYS workflow. It now automatically sends a request to InnoServ for the submission of digital certificates.
  2. InnoServ receives the application on Archipels Business. The legal representative, agent or delegate of InnoServ accepts the presentation of the following certificates: Kbis (proof of registration); IBAN; List of beneficial owners.
    If InnoServ does not yet have the required certificates, it can request them directly on its Business space.
  3. TechInno SA automatically receives and verifies the authenticity of the certificates. According to the workflow created, the information is transferred to its various business tools.

If required, TechInno can also present its certificates. So, in just 3 steps, the companies have entered into a relationship with the authentic documents they need for their business partnership.

KYS process certificates - Archipels Business

TechInno may schedule periodic checks of the Kbis, to ensure that InnoServ remains compliant throughout their business relationship.

As a result, the entire KYS process - which could have taken several weeks with email exchanges and manual checks - is completed in just a few hours.

Conclusion

Integrating the identity wallet into the KYS process represents a major step forward in supplier relationship management. Despite the challenges of adoption and the links in the triangle of trust, the benefits in terms of security, regulatory compliance and simplification of relationship entry are undeniable. This technology promises to radically transform business practices, offering an unprecedented level of digital trust and transparency.

The potential for extending this solution to other aspects of business relationships, such as customer relationship management (KYC), suggests a more interconnected, secure and fluid business ecosystem.

If you want to leave behind the world of obsolete document verification and embrace the era of authentic, unforgeable data, it's time to explore the possibilities offered by the digital identity wallet.

Find out more about the Archipels solution
I want to talk about it!

Last 6 blog posts