TC 68/SC8 will be releasing the SC 8 ballot for a new standard on Official Organization Roles (OOR) before the end of November. This note is prepared to brief stakeholders on the OOR standard and the important use cases it will support. Click on the header to see the full briefing note.
What are official organizational roles?
Understanding the official roles of persons acting on behalf of organizations is an important consideration in fulfilling both commercial business and regulatory interactions and obligations. This especially is true of engagements and interactions in the digital world, and in financial services in particular, as we move toward creating and sustaining a global digital economy.
The ISO 5009 standard fulfils the need for listing official organizational roles in a structured way in order to be used to specify the roles of persons acting officially on behalf of an organization or legal entity.
Key provisions of the standard include:
- providing the data elements for the list of official organizational roles;
- creation of a maintenance agency for defining and maintaining the official list of organizational roles; and
- defining an official organizational role scheme that is extensible and free from limitation on use and redistribution.
What is the purpose of OORs?
ISO/TC 68/SC 8 anticipates that the official organizational role standard could be used to specify in a standard way the optional Role extension contained in X.509 public key certificates with embedded LEIs, as outlined in ISO/DIS 17442-2:2019, Financial services - Legal Entity Identifier (LEI) – Part 2: Application in Digital Certificates.
The official organizational role standard also could be used to indicate roles in a standard way in digital verifiable credentials, the format for interoperable, cryptographically-verifiable digital credentials being defined by the W3C standards organization (Verifiable Claims Working Group).
Combining LEIs with official organizational roles can become a key enabler for digital identity management as well as additional use cases that could be served.
Examples of additional use cases which would benefit from digital identity management inlcude:
- Client onboarding/ know your customer process
- Import/ export, supply chain, customs/ border control, payment for goods
- Trusted supplier/ provider network membership and registration
- Membership and registration (payment systems, health care exchanges/networks)
- Executing and securing business contracts with clients, suppliers and providers
- Business entity registration and licenses
- Entity identification in digital and online transactions
The Working Group discussed whether official powers (like signing authority) should be recorded for certain Roles. While understanding this could be valuable information, the Working Group recognized that there might be situations in which roles cannot be linked to an applicable legislation / regulation. The Working Group will seek feedback from SC8 on this topic though the ballot process.