The Identity Question in Global Business:Who Is Your Counterparty, Really?

“The beginning of wisdom is to call things by their proper name.”

Confucius (attributed), Chinese philosopher,  (c. 551–479 BCE)

Pillar II – Identity in Global Trade – Part 1 of 3:

By Stephan Wolf, Chair of the Board of Trustees at Verifiable.Trade Foundation

June 2026

How misidentification creates board-level liability, distorts markets, and why legal entity identity is the strategic foundation your organization cannot afford to neglect.

The Question at the Centre of Every Transaction

Identity is one of the most fundamental concepts in business. Every contract, payment, shipment, trade finance transaction, customs declaration, compliance review, supplier onboarding process, and procurement decision begins with the same question: who is the counterparty?

At first glance, the answer appears obvious. Organizations maintain customer records, supplier databases, account numbers, tax identifiers, and enterprise resource planning platforms. Every organization has invested heavily in systems designed to identify the parties with whom it does business.

Yet a closer examination reveals something both surprising and consequential. In many cases, organizations do not actually know the identity of their counterparties. They know only a collection of identifiers, references, and historical assumptions that suggest identity.

The distinction between knowing a counterparty’s identity and holding a collection of their identifiers matters far more than most organizations realize.

This is not a philosophical observation. It is a practical and legal risk with direct implications for financial exposure, regulatory compliance, and the safety of automated business processes. Understanding the distinction and acting on it has become a board-level governance imperative.

The Difference Between an Identifier and an Identity

If you have read the earlier articles in this series, you will already be familiar with the foundational distinction this article builds upon. An identifier is a label assigned by a system: a supplier number in your ERP, a DUNS number in a procurement registry, an IBAN in your banking platform, the numerous ‘customer numbers’ your company has been assigned from trade peers and service providers. An identity is something fundamentally different: a structured, verifiable description of a legal or natural person within a specific relational and socio-economic context.

Identifiers can be duplicated, reassigned, spoofed, or simply go out of date. An identity properly constructed can be cryptographically verified, reused across contexts, and bound to the legal and governance structures that actually govern the real-world entity it represents.

Most organizations today operate with a large stock of identifiers and very little in the way of verified identity. The consequences are systemic.

Authentication Failure: The Business Email Compromise Problem

Consider a scenario that compliance officers and treasury departments will recognize immediately.

A supplier contact has been working with your organization for three years. Her emails arrive from the same address. Invoices carry the correct purchase order references. Payments have been processed successfully dozens of times. Then one day an invoice arrives with updated banking instructions. Nothing else appears unusual. The payment is made. Weeks later, you discover the account belongs to a fraudster.

Business Email Compromise has become one of the most costly forms of fraud globally. The FBI’s Internet Crime Complaint Center reported BEC losses of approximately $2.8 billion in the United States alone in 2023, with broader cyber-enabled fraud exceeding $13 billion. These are reported figures; the actual scale is considerably larger.

What makes these attacks particularly effective is that they do not primarily exploit weaknesses in technology. They exploit the gap between the authentication layer and the identity layer: the space where organizations have substituted pattern-recognition for verified, cryptographically bound identity.

Source: FBI Internet Crime Complaint Center (IC3), 2023 Annual Report. Figures cited are for reported losses only; actual losses are estimated to be significantly higher.

The Same Gap Appears Across Global Commerce

The authentication gap in supplier payments is one manifestation of a structural problem that appears throughout the global economy whenever identity must cross an organizational boundary:

• Procurement: A team evaluates a supplier based on information collected years earlier, unaware that ownership, management, or jurisdiction has changed. The identifier is stable; the underlying entity is not.

  
  

• Trade finance: A bank performs extensive due diligence on a counterparty that another institution has already verified, because identity cannot be reused across organizational or regulatory boundaries. The same entity is reconstituted from scratch in each system.

  
  

• Logistics: A service provider delegates authority to a subcontractor, creating legal and operational uncertainty about who is authorized to receive, release, or act on goods in transit.

  
  

• Multinational enterprises: A large organization maintains dozens of onboarding processes across different business units because each system maintains its own isolated version of counterparty identity.

In each case, the challenge is not the absence of information. It is the inability to establish a trusted, reusable, verifiable understanding of legal entity identity that travels with the entity across systems, platforms, jurisdictions, and time.

How Digital Transformation Created More Silos, Not Fewer

The expectation behind decades of digital investment was that technology would reduce this complexity. The result has largely been the opposite.

A company operating in global trade today may use one credential to exchange invoices through a Peppol-connected network, another to sign contracts through a document management platform, another to access customs systems, another for banking relationships, and additional identities for procurement networks, logistics platforms, cloud services, and regulatory reporting portals.

• Each identity works within its own environment.

• Each requires separate onboarding and lifecycle management.

• Each creates separate governance obligations.

• None are universally portable across organizational boundaries.

The digital economy did not solve the identity problem. It created identity silos and then built business processes that depend on them.

This fragmentation was not the result of bad decisions. Each system solved a real and immediate problem at the time it was built. The point-solutions were rational. The architecture that emerged from them was not.

The result is a global economy that invests enormous resources compensating for uncertainty about who it is actually dealing with. Verification is repeated. Documentation is recollected. Compliance checks are duplicated. Manual intervention becomes structural rather than exceptional. Trust is localized to individual systems rather than shared across business ecosystems.

The Economic Scale of the Problem

The trade finance gap, being the shortfall between the financing that businesses need to participate in international trade and what the financial system actually provides, remains approximately $2.5 trillion according to the Asian Development Bank. Identity fragmentation is one structural contributor to this gap, alongside capital requirements, risk appetite, and correspondent banking costs.

When a financial institution cannot reliably verify the legal identity of a counterparty, the cost and risk of extending credit increases, disproportionately affecting small and medium enterprises that cannot sustain repeated documentation and onboarding cycles across multiple platforms and jurisdictions.

Every time an organization cannot confidently determine who it is dealing with, costs increase: verification must be repeated, compliance checks duplicated, and trust rebuilt from scratch. At scale, across millions of trade relationships, this inefficiency is a structural tax on global commerce.

Source: Asian Development Bank, Trade Finance Gaps, Growth, and Jobs Survey. The $2.5T figure reflects the global trade finance gap across all contributing factors; identity fragmentation is one element among several.

Legal Entity Identity Is Not a Back-Office Problem

The framing of identity as a compliance or IT matter has historically obscured the board-level exposure it creates. That framing is increasingly difficult to sustain.

Consider what changes when AI agents begin to execute commercial processes autonomously. An automated procurement agent, a logistics coordination system, or a trade finance workflow operating without human review in the loop requires machine-verifiable identity at every step. If the identity of the counterparty, the authorized representative, or the instructing party cannot be cryptographically verified in real time, the organization has no reliable basis for accountability when things go wrong.

The question is not whether this transformation is coming. It is already underway. The question is whether legal entity identity infrastructure will be in place before automated processes begin to operate at the scale that makes identity failures catastrophic rather than merely costly.

Automated processes amplify identity errors at scale. What is expensive today becomes existential tomorrow.

Legal entity identification is therefore not a back-office compliance function. It is core governance infrastructure, as foundational to digital business as payment systems, contract law, or financial reporting.

What a Solution Actually Requires

The path forward requires more than better data or stricter onboarding procedures. It requires a structural shift in how legal entity identity is constructed, governed, and shared across organizational boundaries.

This shift must also encompass the delegation of authority. Businesses do not act as abstract legal entities. They act through employees, directors, contractors, suppliers, service providers, devices, and increasingly AI agents. Accountability, responsibility, and decision-making authority are delegated across a growing ecosystem of human and non-human actors.

Identity therefore cannot be separated from authority. Knowing that an organization exists is only part of the equation. Equally important is knowing who is authorized to act on its behalf, in what capacity, within which limits, under what conditions, and for how long. Delegated authority is governed by policies, mandates, contractual arrangements, regulatory obligations, and internal controls. These rules define both the scope and the prerequisites of delegation and must themselves become verifiable if trust is to operate at digital speed.

A counterparty’s identity is not a static record in a database. It is a dynamic, relational construct that includes:

• Legal personhood: the formal registration and jurisdictional standing of the entity.

  
  

• Organizational structure: ownership, control relationships, and subsidiaries.

  
  

• Roles and authority: who is authorized to act on behalf of the entity, in what capacity,

  under what governance constraints.

  
  

• Temporal validity: whether the identity is current, and under what conditions it can be revoked or updated.

  
  

• Cryptographic verifiability: the ability for any party, in any system, to independently verify the identity without depending on a trusted intermediary.

Only when identity, authority, and delegation can be expressed and verified together can organizations establish trust across systems, jurisdictions, and increasingly autonomous digital environments. In a world where humans, software, devices, and AI agents participate side by side in commercial processes, verifiable delegation becomes as important as verifiable identity itself.

This is precisely what a global reference identity layer built on open, cryptographically verifiable foundations makes possible. Rather than each system maintaining its own version of counterparty identity, a verifiable legal entity identity travels with the entity, can be presented to any counterparty, and can be independently verified without requiring the recipient to trust the issuing platform.

That architecture is the subject of the next articles in this series.

What Does This Mean for You?

The problem described in this article does not require a transformation programme to address. It requires a decision to treat legal entity identity as infrastructure rather than a back-office function.

The practical starting point is a structured assessment of your current counterparty identity architecture: how many times is the same legal entity verified, onboarded, and re-documented across your systems, your business units, and your trading partners? What is the total cost of that duplication? What is the liability exposure when one of those reconstituted identities turns out to be wrong?

That assessment typically reveals that the economic case for portable, verifiable legal entity identity is self-evident. The question is not whether to modernise identity infrastructure. It is how to do so without replacing the systems that already work.

This is precisely what ISTTP is designed to address. The International Secure Trade Transfer Protocol (ISTTP) does not ask organisations to join a new network or replace their existing platforms. It provides a cryptographically verifiable identity and provenance layer that works across whatever systems counterparties already operate. A verifiable legal entity identity built on ISTTP travels with the entity, can be presented to any counterparty in any system, and can be independently verified without requiring the recipient to trust the issuing platform or the intermediary that issued the credential.

This is why ISTTP is positioned as a digital lingua franca for global trade rather than a new platform. A lingua franca does not replace the languages that already exist. It provides a common layer of communication that works across boundaries, without requiring bilateral agreements for every new relationship. ISTTP does the same for trust: it provides a common identity and provenance layer that works across platforms, jurisdictions, and governance domains — without requiring every participant to abandon their existing infrastructure.

English became the lingua franca of global aviation not because it is the best language but because it is the one that works across every border without a bilateral agreement. ISTTP is built on the same logic: a common trust layer for trade that works across platforms, jurisdictions and systems without asking anyone to give up what they already have.

For global trade, where the number of bilateral trust relationships is astronomically large and no single platform can credibly claim universal reach, a protocol-based lingua franca is the only architecture that scales.

The organisations that recognise this now will not need to rebuild their trust infrastructure later. They will already have one.

Each repetition is cost. Each repetition is delay. And each repetition is a point of failure: a moment where the version of that counterparty’s identity in your system diverges from reality, silently, until something goes wrong.

This is the problem ISTTP addresses directly. The Interoperable Secure Trade Transaction Protocol does not ask you to replace your ERP, join a new platform, or rebuild your compliance process. It adds a verifiable identity layer that travels with your counterparty across every system they interact with. Verify once. Reuse everywhere. That is the operating model.

Every major platform in global trade today requires participants to onboard into its ecosystem. That works within the platform. It does not work across the tens of thousands of bilateral trade relationships that most mid-size companies manage. No single platform will ever reach all of them. A protocol can, because it defines the rules of the exchange, not the network you must join to participate.

In practice, that means three things your organisation can point to:

• Reduced onboarding cost. A counterparty verified once through ISTTP does not need to be re-verified for the next transaction, the next platform, or the next business unit. For compliance and procurement teams, this is the difference between a process that takes weeks and one that takes hours.

  
  

• Lower fraud exposure. When payment instructions, contract counterparties, and authorised representatives are cryptographically bound to verified legal entity identities, the attack surface for Business Email Compromise and invoice fraud shrinks dramatically. The fraudster cannot simply impersonate an authenticated channel because the channel itself carries proof of identity.

  
  

• Automation that is actually safe. Every AI-driven procurement workflow, every automated payment release, every machine-to-machine trade instruction needs a reliable answer to “who authorised this?” Without verifiable identity at the foundation, automation scales the problem. With it, automation scales the solution.

  
  

The organisations that build this foundation now will not need to retrofit it later. The ones that wait will spend the next decade managing the cost of not having done so.