KPMG in the Cayman Islands has announced the development of an offshore Certificate Authority (CA) for the jurisdiction as a platform to secure e-business transactions offshore. The initial focus of Certeca will be on providing a secure e-mail solution to the Cayman Islands financial and professional services industry.

Kevin Lloyd, a KPMG partner, explains, "In order for Cayman to retain its position as a leading offshore financial centre a secure online communications and trading environment is essential. Secure e-mail is the foundation for the development of e-commerce. Individuals and entities in the international financial sector require positive identification of their business counter-parties. To date, this has been difficult to achieve in an on-line environment."

Locally, KPMG has risen to the challenge and developed Certeca, Cayman's Certificate Authority. Using Public Key Infrastructure (PKI) technology, Certeca will substantially reduce the risks of authentication, non-repudiation, and privacy associated with e-commerce. PKI Digital Signatures allow someone receiving data over the Internet to determine not just the origin of the information but also its integrity. Such transactions are accompanied by a Digital Certificate, issued by Certeca, which allows the recipient of a message to check the identity and credentials of the sender. Furthermore, the recipient can take comfort in that the sender cannot later deny having sent the message. Finally, privacy of the message is assured through the use of the strongest industry-standard encryption.

"In the physical world, face-to-face transactions, photo identification and even written signatures offer some protection against fraud and money laundering. Internet communications, however, remain anonymous, making it harder to know who ís at the other end of the network," said Matthew Barnett, a KPMG consultant. "It's also fairly common knowledge within the Internet industry that communications can be scanned for particular content, read, spoofed, or even altered and resent. This can be done within an organisation's own internal e-mail systems by staff, or externally by telecommunications companies and Internet Service Providers (ISPs). Even if you're comfortable with this, the fact that the very same tools can also be used by your competitors, various government agencies, or even hackers is much more unsettling."

The Certeca solution will use technology to ensure that Internet communications and transactions are secure in a way that is straightforward, reliable and simple to use. A wide variety of existing e-mail systems and technical platforms are PKI-enabled. PKI is the accepted global standard for Internet security infrastructure.

"The capability that Certeca provides is a critical element in Cayman's Internet/e-business infrastructure. It brings benefits to existing offshore organisations and will provide the necessary secure platform to attract Business-to-Business Exchanges to set up and operate in the Cayman Islands," said Kevin Lloyd.

Lawyer Olivaire Watler of Maples & Calder explains why he feels that secure e-business is essential: "For e-business to succeed, businesses and consumers must have trust and confidence in the Internet as a viable commercial medium. People must feel assured that their electronic communications are secure and have remained unaltered, and be confident of the identity of the party with whom they are dealing.

"Cayman's Electronic Transactions Law 2000 accords the same standing in Cayman Islands Law to electronic signatures as to conventional signatures," continued Watler. "The Law further accords legal standing to electronic certificates used to support electronic signatures and gives official approval of the Information Security Service Providers (ISSPs)who will provide Digital Signatures, certificates and encryption products. Certeca Ltd., as a pioneer Certificate Authority hopes to be the first such approved ISSP as soon as the system of approval has been established by the Government."

The Islands' government, too, welcomes the establishment of the Certificate Authority. The Hon. Thomas Jefferson, Minister responsible for Caymans Tourism, Commerce, Transport and Works stated, "The Cayman Islands have recently introduced cutting edge legislation which will facilitate the development of e-business in our country. It is important for this initiative to be a public and private sector partnership from the very beginning which is why our Government is very pleased to support the establishment of Certeca Ltd. as a Certificate Authority."

As secure e-mail and the use of Digital Certificates issued by Certeca become common place, follow-up products using Digital Certificates will be developed to further the deployment of secure e-business services within the offshore financial services environment.

A key truth is that technology alone cannot guarantee the level of confidence and trust required by the financial industry in its day-to-day operations. Trust is preserved from the controls around the technology. As Simon Whicker, a KPMG partner explains, "Any individual can freely purchase digital security software and create Digital Certificates under any identity they choose. To ensure that you know the true identity of your counter party, a trusted third party is needed to vouch for individuals" identities and their relationship to their Digital Certificate. This is why KPMG, as a well-respected international professional services firm has established Certeca to provide the necessary role of trusted third party for e-business in the offshore world."

Douglas Graham, Managing Director of E-Commerce Consulting for KPMG in the US explains, "There is a massive need throughout the business worked for strong security based on Digital Certificates. If you also want to ensure the privacy of your data and communications then you need to have a certificate authority that is based in a jurisdiction that has a reputation and track record for maintaining privacy. That is why this is such a timely venture - the first offshore Certificate Authority run by a major professional services firm - KPMG. It combines the need for technological security with the need for strong legal protections along with an assurance of integrity and reliability. This will prove to be pivotal for a new global e-commerce infrastructure that takes advantage of global opportunities."

Individuals interested in learning more about how Certeca can make your organisation's Internet communications more secure is invited to contact Troy Johns at KPMG, 914-4377 or e-mail tjohns@kpmg.ky

Executive Summary
* Offshore Financial Centres and financial service providers within these centres are looking for ways to attract and offer e-business services

* The rapid adoption of e-mail has created a substantial business risk for the sophisticated financial market

* A secure e-mail service is a necessary and readily understandable entry into e-business

* KPMG will develop Certeca as an Offshore Certificate Authority to enable offshore financial service providers the ability to offer secure e-mail to their clients in a cost-efficient manner

* Secure e-mail will be offered by Certeca utilizing public key infrastructure and Digital Certificates

* Certeca's technology and services will initially be tested and launched in the Cayman Islands, with phased launches in other large international financial centres shortly thereafter

* All certificates are to be issued at the request of an offshore financial service provider thereby ensuring adequate trust levels

* In addition to secure e-mail, other products using Digital Certificates issued by Certeca will be developed and marketed at a later stage.

* Transactions placed through Offshore Financial Centres (OFC's) are on average significantly higher in value than those placed through on-shore financial centres. They are initiated by entities and individuals from across the globe

* These entities and individuals are early adopters of technology due to their significant financial means

* Worldwide, the financial services industry has shown itself to be among both the early adopters as well as the most prolific users of the Internet as a medium for business communications and activities.

* OFC's are positioning themselves to be offshore e-business centres to protect and supplement he existing financial services industry which is under increasing pressure from the OECD and others.

* Growing numbers of OFC's have passed laws or have issued draft laws to recognize electronic signatures and Digital Certificates

* The majority of OFC financial service providers have not begun to offer e-business services to their clients and donít know where to start. They are looking for a way to "get their feet wet" in e-business without committing significant capital

* The common denominator amongst OFC financial service providers is the use of unsecured e-mail

* Individuals and entities in the international finance sector require positive identification of their business counter parties. This requirement is more difficult to achieve in an on-line environment

* Securing e-mail is a necessary and understandable entry into e-business for these financial service providers but cost-prohibitive to develop themselves due to significant start up and ongoing costs.