Up Front
KPMG Announces Secure e-BusinessVenture
KPMG Cayman Islands Partners announce securee-business venture. Left - Right - Theo Bullmore, Senior partner;Simon Whicker, Partner; Roy McTaggart, Senior Partner; Kevin Lloyd,Partner.
KPMG in the Cayman Islands has announcedthe development of an offshore Certificate Authority (CA) forthe jurisdiction as a platform to secure e-business transactionsoffshore. The initial area of focus will be on providing a securee-mail solution to Caymanís financial and professionalservices industry.
Kevin Lloyd, a KPMG partner, explains, "In order for Caymanto retain its position as a leading offshore financial centera secure online communications and trading environment is essential.Secure e-mail is the foundation for the development of e-commerce.Individuals and entities in the international financial sectorrequire positive identification of their business counter-parties.To date, this has been difficult to achieve in an on-line environment."
Locally, KPMG has risen to the challenge and developed Certeca,Cayman's Certificate Authority. Using Public Key Infrastructure(PKI) technology, Certeca will substantially reduce the risksof authentication, non-repudiation, and privacy associated withe-commerce. PKI Digital Signatures allow someone receiving dataover the Internet to determine not just the origin of the informationbut also its integrity. Such transactions are accompanied by aDigital Certificate, issued by Certeca, which allows the recipientof a message to check the identity and credentials of the sender.Furthermore, the recipient can take comfort in that the sendercannot later deny having sent the message. Finally, privacy ofthe message is assured through the use of the strongest industry-standardencryption.
"In the physical world, face-to-face transactions, photoidentification and even written signatures offer some protectionagainst fraud and money laundering.
Internet communications, however, remain anonymous, making itharder to know whoís at the other end of the network,"said Matthew Barnett, a KPMG consultant.
"It's also fairly common knowledge within the Internet industrythat communications can be scanned for particular content, read,spoofed, or even altered and resent. This can be done within anorganisationís own internal e-mail systems by staff, orexternally by telecommunications companies and Internet ServiceProviders (ISPs), continued Barnett. Even if you're comfortablewith this, the fact that the very same tools can also be usedby your competitors, various government agencies, or even hackersis much more unsettling.
The Certeca solution will use technology to ensure that Internetcommunications and transactions are secure in a way that is straightforward,reliable and simple to use. A wide variety of existing e-mailsystems and technical platforms are PKI-enabled. PKI is the acceptedglobal standard for Internet security infrastructure. The capabilitythat Certeca provides is a critical element in CaymanísInternet/e-business infrastructure. It brings benefits to existingoffshore organisations and will provide the necessary secure platformto attract Business-to-Business Exchanges to set up and operatein the Cayman Islands," said Kevin Lloyd.
Lawyer Olivaire Watler of Maples & Calder explains why hefeels that secure e-business is essential: "For e-businessto succeed, businesses and consumers must have trust and confidencein the Internet as a viable commercial medium. People must feelassured that their electronic communications are secure and haveremained unaltered, and be confident of the identity of the partywith whom they are dealing.
"Cayman's Electronic Transactions Law 2000 accords the samestanding in Cayman Islands Law to electronic signatures as toconventional signatures," continued Watler. "The Lawfurther accords legal standing to electronic certificates usedto support electronic signatures and gives official approval ofthe Information Security Service Providers (ISSPs)who will provideDigital Signatures, certificates and encryption products. CertecaLtd., as a pioneer Certificate Authority hopes to be the firstsuch approved ISSP as soon as the system of approval has beenestablished by the Government."
The Islandsí government, too, welcomes the establishmentof the Certificate Authority. The Hon. Thomas Jefferson, Ministerresponsible for Caymanís Tourism, Commerce, Transport andWorks stated, "The Cayman Islands have recently introducedcutting edge legislation which will facilitate the developmentof e-business in our country. It is important for this initiativeto be a public and private sector partnership from the very beginningwhich is why our Government is very pleased to support the establishmentof Certeca Ltd. as a Certificate Authority."
As secure e-mail and the use of Digital Certificates issued byCerteca become common place, follow-up products using DigitalCertificates will be developed to further the deployment of securee-business services within the offshore financial services environment.
A key truth is that technology alone cannot guarantee the levelof confidence and trust required by the financial industry inits day-to-day operations. Trust is preserved from the controlsaround the technology. As Simon Whicker, a KPMG partner explains,"Any individual can freely purchase digital security softwareand create Digital Certificates under any identity they choose.To ensure that you know the true identity of your counter party,a trusted third party is needed to vouch for individuals"identities and their relationship to their Digital Certificate.This is why KPMG, as a well-respected international professionalservices firm has established Certeca to provide the necessaryrole of trusted third party for e-business in the offshore world."
Douglas Graham, Managing Director of E-Commerce Consulting forKPMG in the US explains, "There is a massive need throughoutthe business worked for strong security based on Digital Certificates.If you also want to ensure the privacy of your data and communicationsthen you need to have a certificate authority that is based ina jurisdiction that has a reputation and track record for maintainingprivacy. That is why this is such a timely venture - the firstoffshore Certificate Authority run by a major professional servicesfirm - KPMG. It combines the need for technological security withthe need for strong legal protections along with an assuranceof integrity and reliability. This will prove to be pivotal fora new global e-commerce infrastructure that takes advantage ofglobal opportunities."
Individuals interested in learning more about how Certeca canmake your organisationís Internet communications more secureis invited to contact Troy Johns at KPMG, 914-4377 or e-mail tjohns@kpmg.ky
Executive Summary
* Offshore Financial Centres and financial service providers withinthese centres are looking for ways to attract and offer e-businessservices
* The rapid adoption of e-mail has created a substantial businessrisk for the sophisticated financial market
* A secure e-mail service is a necessary and readily understandableentry into e-business
* KPMG will develop Certeca as an Offshore Certificate Authorityto enable offshore financial service providers the ability tooffer secure e-mail to their clients in a cost-efficient manner
* Secure e-mail will be offered by Certeca utilizing public keyinfrastructure and Digital Certificates
* Certeca's technology and services will initially be tested andlaunched in the Cayman Islands, with phased launches in otherlarge international financial centres shortly thereafter
* All certificates are to be issued at the request of an offshorefinancial service provider thereby ensuring adequate trust levels
* In addition to secure e-mail, other products using Digital Certificatesissued by Certeca will be developed and marketed at a later stage.
* Transactions placed through Offshore Financial Centres (OFC's)are on average significantly higher in value than those placedthrough on-shore financial centres. They are initiated by entitiesand individuals from across the globe
* These entities and individuals are early adopters of technologydue to their significant financial means
* Worldwide, the financial services industry has shown itselfto be among both the early adopters as well as the most prolificusers of the Internet as a medium for business communicationsand activities.
* OFC's are positioning themselves to be offshore e-business centresto protect and supplement he existing financial services industrywhich is under increasing pressure from the OECD and others.
* Growing numbers of OFC's have passed laws or have issued draftlaws to recognize electronic signatures and Digital Certificates
* The majority of OFC financial service providers have not begunto offer e-business services to their clients and donítknow where to start. They are looking for a way to "get theirfeet wet" in e-business without committing significant capital
* The common denominator amongst OFC financial service providersis the use of unsecured e-mail
* Individuals and entities in the international finance sectorrequire positive identification of their business counter parties.This requirement is more difficult to achieve in an on-line environment
* Securing e-mail is a necessary and understandable entry intoe-business for these financial service providers but cost-prohibitiveto develop themselves due to significant start up and ongoingcosts.