US Financial institutions face a critical  challenge. Suspicious account records are on the rise despite innovations in identity and verification (ID&V) technologies. Can widespread adoption of High Assurance Identity Verification by financial institutions be the answer? 

Banks need to establish a reasonable belief of a customer’s identity during account opening, while minimizing risk. Cryptographically verifiable credentials, such as ISO/IEC mobile driver’s licenses (mDLs), offer a way forward by providing issuer-signed, tamper-evident identity data that can be cryptographically validated against trusted certificate authorities, enabling strong provenance. Yet a critical challenge remains: how can banks trust digital drivers licenses issued by multiple states and presented by multiple wallets? 

The OpenID Foundation's KYC and Identity Assurance Working Group (KYC & IAD WG) is serving as a key enabler on how US financial institutions verify customer identities starting with two new papers on - mDL Metadata Requirements to support Know Your Customer (KYC) and Customer Identification Program (CIP) compliance and OIDF Extended KYC Considerations.

These papers demonstrate how OpenID Foundation specifications can assist in addressing this critical challenge: providing standardized, machine readable trust signals that enable financial institutions to assess the provenance, assurance levels, and compliance indicators of mobile driver's licenses (mDLs) and other digital credentials. 

These credentials are viable for high-assurance use cases like opening bank accounts, while supporting the transparency and interoperability needed for robust regulatory compliance. 

Ecosystem alignment and next steps

The approach outlined in these two papers aligns closely with NIST's recently published technical blueprint for mDL assurance: Building Assurance in the mDL Ecosystem. This paper positions OpenID Connect (OIDC) for Identity Assurance as the standard for communicating trust in mobile driver's licenses across government, wallet providers, and banks. This NIST work provides crucial technical validation and serves as a  blueprint that informs the implementation guidance offered in the two OpenID Foundation papers discussed below.

NIST's work on encoding security controls and trust signals using standards validates the framework proposed here and demonstrates growing consensus across government, standards bodies, and industry on how to establish trust in digital credentials.

Together, these complementary efforts from the OpenID Foundation and NIST provide financial institutions with the guidance to establish regulatory confidence and a technical roadmap needed to adopt high assurance identity verification at scale. As more states issue mDLs and the ecosystem matures, this standardized approach will be essential for realizing the vision of low-friction, high-assurance digital identity verification across the US financial system.

Let's examine how each paper addresses these challenges

mDL metadata requirements to support KYC and CIP compliance

This first paper introduces a standardized metadata framework to help financial institutions meet regulatory compliance requirements, such as CIP and KYC, by providing machine-readable trust signals. As banks transition to digital credentials, they face a critical challenge: trusting external parties, like government issuers and digital wallet providers, without full visibility into how credentials are issued, stored, and verified. Existing standards provide clear technical specifications , but do not extend to machine-readable trust signals essential for high-assurance use cases like financial account opening.

To address this challenge, the paper proposes a structured metadata framework built around five key trust signals: 

• Credential Provenance - identifies the credential’s issuer and includes cryptographic evidence of its integrity 
• Assurance Level -indicates the strength of identity proofing and verification aligned with NIST IAL
• Authentication Context - describes how the credential was presented and the security measures applied during authentication
• Compliance Flags - provides regulatory indicators, such as REAL ID compliance 
• Auditability - ensures records for verification and regulatory audits.

The result is a clear ‘chain of trust’ extending from government issued credentials, through digital wallets, to financial institutions. This framework replaces operational blind spots with auditable, standardized metadata, giving banks the visibility they need to confidently accept Verifiable Credentials while meeting regulatory compliance requirements.

Harmonized mDL metadata for KYC and CIP: Comparative analysis and implementation guidance

This second paper provides a detailed implementation roadmap extending the metadata framework to regulatory and privacy requirements across NIST, ISO, Federal Financial Institutions Examination Council (FFIEC), General Data Protection Regulation (GDPR), Kantara Privacy Enhancing Mobile Credentials (PEMC), and California Consumer Privacy Act (CCPA).

Harmonizing mDL metadata with KYC and CIP requirements is critical for ensuring interoperability, regulatory compliance, and trust in decentralized ecosystems. Without standardized metadata, financial institutions face fragmented implementations that increase operational risk, compliance audits, and undermine assurance for account opening processes. 

The paper builds on the proposed metadata framework outlining implementation actions  anchored in NIST SP 800-63-4 digital identity guidelines as the assurance standard for identity proofing, authentication, and federation with a multi-jurisdictional framework of privacy and compliance requirements that govern how organizations handle personal data, verify identities and maintain transparency and accountability.  

By building on the proposed metadata framework and anchoring it in NIST SP 800-63-4 alongside a multi-jurisdictional framework of privacy and compliance requirements, financial institutions can embed standardised trust signals into identity workflows. This approach is a step towards scalable interoperability, strengthens regulatory assurance, and delivers high-confidence digital identity experiences that meet both security and privacy mandates. 

OpenID Foundation KYC Working Group - enabling the framework

George Fletcher, eKYC and IDA WG Contributor, and Community Representative to OpenID Foundation Board said, “Liability, risk, and compliance are all critical components for institutions processing high value transactions. As the deployment of the issuer-holder-verifier model grows (think wallets and mobile drivers licenses), metadata and additional attributes are critical to conveying information to reduce the risk and liability of the parties involved; especially the verifier as today it holds all the risk. This work is key to making deployments viable in the United States where no other trust framework exists.”

Hodari McClain, eKYC and IDA WG Co-Chair, said, “The working group supports extending identity attribute metadata frameworks that close gaps between government-issued credentials and various financial regulatory requirements. Financial institutions bear the load of compliance, liability, risk, privacy, audit responsibility and cost, limiting more widespread adoption in the United States. Standardized and scalable methods are needed to confidently accept newer Verifiable Credentials (mDL and other issuer-holder-verifier models). Juliana’s proposals are important to bridging the aforementioned gaps between technical standards and financial services implementations.”

Juliana Cafik presenting at the IIW in the Computer History Museum October 2025 with Dima Postnikov, Nithy Poosamani, Gail Hodges, Mark Verstege, Mark Haine, Nat Sakimura, and Kosuke Koiwai.

The expert behind the reports

These papers represent significant contributions from Juliana Cafik, an independent Identity Standards and Solutions Architect and longstanding contributor to the OpenID Foundation’s Working Groups. She was also the lead architect from Microsoft for the NIST and the OpenID Foundation interop events on OpenID for Verifiable Presentation and Verifiable Credential Issuance this summer.  

Juliana Cafik, said of the reports she contributed to the eKYC & IDA Working Group, “I am passionate about advancing identity and authentication workflows to preserve trust and protect critical sectors.. This work is a positive step towards a future where security, compliance and privacy are seamlessly integrated.”

Juliana’s work on these reports is expected to be instrumental in bridging the gap between technical standards and practical implementation by early adopters in the US financial services sector.

About the OpenID Foundation

The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at openid.net.