Investment in Evernym - MWCUA
Transcript of Investment in Evernym - MWCUA
![Page 1: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/1.jpg)
Investment in Evernym An Equity Opportunity
![Page 2: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/2.jpg)
This Document is Confidential
The information provided by Evernym is subject to the terms and conditions of a confidentiality
and non-disclosure agreement. The information should not be shared with anyone or used for
any purpose other than determining whether the Mountain West Credit Union Association or
its subsidiary, Strategic Partners, will make an investment in Evernym.
![Page 3: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/3.jpg)
Background and Rationale
For the past 14 months, we have been researching distributed ledger technology. The potential
is extremely exciting. We have continued to pursue this initiative because we firmly believe
that it could make a huge difference for the credit union movement. In May, the National
Credit Union Roundtable chose to engage in this pursuit as well. This move created an
opportunity for the Credit Union National Association (CUNA) to assume a leadership role.
Since May we have been meeting with senior staff at CUNA on a regular basis.
In a Credit Union Times article this week, CUNA’s Chief of Staff/COO Rich Meade said, “This
could be a real game changer,” speaking of this initiative, “This technology could be the next
email, the next internet, the next big thing, so we’re really excited about doing that.”
Is there risk in this venture, absolutely. However, Mark Zuckerberg, founder of Facebook, said,
“The biggest risk is not taking any risk... In a world that’s changing really quickly, the only
strategy that is guaranteed to fail is not taking risks.”
Our recommendation, as management, is that we make an investment in Evernym. As many of
you will recall, we received an email from Steve Kelly, CEO of Metrum Credit Union telling us his
board had made the decision to disaffiliate from the Association. While this email was
disheartening, Steve made a point that resonates. He wrote, “Maybe it is time to use the
capital built,” referring the capital in the Association and Service Corporation, “to once again
provide business solutions internally, which can be provided to credit unions at a reduced rate
over the for-profit business sector.”
There is no question this is a big leap and we could lose our investment. However, we have
done our due diligence, which is contained in this packet, and feel like the potential upside can
really be a “game changer” for credit unions.
We selected two firms for review of Evernym. The first is SDR Ventures, a Denver-based
mergers, acquisitions and capital advisory services firm. We felt SDR’s private capital-market
experience would help us get a solid picture on the strength of an investment in Evernym. As a
supplement to the SDR report, we also engaged Best Innovations Group (BIG) to review the
market and the applicability of Evernym offerings in the credit union space. John Best, BIG’s
CEO, has been working with us since January. He has a strong knowledge of the credit union
landscape and what the potential for this type of technology would mean for credit unions.
Our strategic plan lists innovation as one of the five key elements of our mission. It says, “We
will lead and help credit unions be competitive in an ever-changing marketplace.”
This is an opportunity to lead.
![Page 4: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/4.jpg)
Summary Information
Evernym’s initial Capital Investment Opportunity
The Association has been presented with an opportunity to make a significant investment in
Evernym in exchange for company equity.
As background, there are two separate tracks being pursued by the CU industry. The
Association is supporting both initiatives.
Track one is CULedger. CULedger is assembling a consortia of credit unions and CUSOs to
initially push a “research to action” initiative resulting in the build-out of a private permissioned
ledger network. This network could be operated by a national CUSO dedicated to the needs of
credit unions. The initiative will prototype new applications for the network as well as re-launch
existing products and services. Additionally, new monetization concepts will also be developed
by the CULedger initiative.
Track two is a direct equity investment in Evernym. Sovrin, developed by Evernym, is a public permissioned ledger network designed exclusively for self-sovereign identity. A person or business or a credit union with a Sovrin identity may use it with any site, app, or system in the world that recognizes Sovrin identities—including other distributed ledgers like CULedger. It is important to note there are two specific points of synergy between the CULedger network and the Evernym Sovrin network:
1. The CULedger network may use the Sovrin network for identity (and credit unions that are part of the CULedger network can also run nodes on the Sovrin network).
2. The CULedger network may use the same underlying distributed ledger technology (DLT) that Sovrin uses (called Plenum, a DLT optimized for high performance, high reliability permissioned ledgers). However this is not yet determined—the ultimate choice of DLT will be made by the CULedger governing body.
The legal structure of the CULedger governing body is still being determined by the CULedger organizing group, which is raising funds from credit unions and CUSOs to pay for research and development for CULedger. This group is spearheaded by CUNA, the National Credit Union Roundtable, Best Innovation Group and us. Recent additions to CULedger participating organizations include CO-OP, PSCU, CSCU, and CUNA Mutual Group. There are multiple credit unions also playing a key role. Further, as additional background, the Evernym Sovrin network will be governed by the international non-profit Sovrin Foundation. This non-profit is currently being set up by the Sovrin Foundation Organizing Committee, chaired by Phil Windley, Enterprise Architect of Brigham Young University. The Association is a member of the Sovrin Foundation Organizing
![Page 5: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/5.jpg)
Committee. The Sovrin Foundation Board of Trustees will consist of representatives of trusted institutions from around the world, including credit unions and USAA. Desert Schools is an initial member of The Sovrin Foundation Board of Trustees. Lastly, Evernym is the Utah-based startup that developed the Plenum DLT and conceived of building the Sovrin public permissioned ledger for self-sovereign identity. Evernym is doing a funding round that is entirely separate from the funding being raised for CULedger research and development. As management, we are recommending a capital investment of $1 Million in Evernym, referred to as Track two in this document. The recommended investment would be evenly split between Strategic Partners and the Association. At our joint board meeting on August 11, the leadership of Evernym will attend, do an investor
presentation and be available to respond to questions.
Frequently Asked Questions
Below are a series of links for your consideration and review prior to the upcoming joint board
meeting on August 11. All of the information is important background but please review in
detail the section below titled “Evernym Investor FAQs”.
Who is Evernym?
Executive Summary
What is the nature of the investment?
Investor Summary
Why is MWCUA considering an investment in Evernym?
Use Cases for Self-Sovereign Identity
How does the credit union movement benefit from an investment in Evernym?
How Credit Unions Can Win Universal Identity,
and Why They Should
Focus Presentation: Valuation
Big Dot Flyer
![Page 6: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/6.jpg)
Does Evernym have the technical skills needed for the investment to pay-off?
Evernym technology has been presented to many of the top credit union support organizations and some of the largest credit unions including: Boeing Employees Credit Union (BECU), Desert Schools Federal Credit Union, Suncoast Credit Union, Ent Credit Union, Public Service Credit Union, CFE Credit Union, CO-OP, CUNA Mutual Group, CU Direct, CUDC, CUSN, CUNA, and now Canadian credit unions as well. Outside our industry, USAA is a potential lead investor and values the ties to the credit union movement. They have been involved in over 24 hours of meetings with the Evernym team and are considering a significant series A investment. Microsoft has also expressed interested in using the Sovrin platform for their Azure cloud based platform as well as Active Directory worldwide.
Evernym Investor FAQ
Third Party Reviews
The following pages contain the reports, first, from SDR Ventures and second, from Best Innovations Group. Please let us know if there are any questions we can answer or track down prior to Thursday.
![Page 7: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/7.jpg)
EVERNYM REPORTAUGUST 4, 2016
CONFIDENTIAL
![Page 8: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/8.jpg)
Disclosure
This report (the “Report”) has been prepared by SDR Ventures, Inc. (“SDR”) solely for informational
purposes, based upon information supplied by the Mountain West Credit Union Association and
(“MWCUA) and Evernym (the “Company”). The information contained herein has been prepared by SDR
to assist the MWCUA in making their own evaluation of the Company and does not purport to be all-
inclusive or to contain all of the information a prospective investor may desire. In all cases, interested
persons should conduct their own investigation and analysis of the Company and the data set forth in
this Report.
SDR makes no representation or warranty as to the accuracy or completeness of this Report, and shall
not have any liability for any representations (expressed or implied) regarding information contained in,
or for any omissions from, this Report or any other written or oral communications transmitted to the
recipient in the course of its evaluation of the Company. No person has been authorized in connection
with this Report to give any information or make any representations other than those contained herein
and, if given or made, must not be relied upon as having been authorized. Only those representations
and warranties, if any, which may be made to an investor in a definitive written agreement, when, as
and if executed, and subject to such limitations and restrictions as may be specified therein, will have any
legal effect.
The analysis contained herein is based on SDR’s assessment of the Company’s information. No assurance
can be given that any of the assumptions on which the information is based will prove to be correct or
that projected figures will be attained. Actual results will vary from the projections, and the variations
may be both material and adverse. The projected financial statements have not been examined,
reviewed or compiled by independent accountants and, accordingly, they have expressed no opinion or
any other form of assurance thereon.
This Report is not, and should not be construed as, an offer to sell or a solicitation of an offer to buy
securities of the Company.
By accepting this Report, recipient acknowledges the information contained herein is confidential and
proprietary and agrees not to make copies hereof or disclose any of this information without the
permission of the MWCUA and to take reasonable steps to prevent inadvertent disclosures to any other
party.
![Page 9: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/9.jpg)
Confidential 1
EXECUTIVE SUMMARY
Distributed ledger initiatives are quickly gaining momentum and attention throughout the world. This
technology appears to have numerous useful applications for meeting the challenges of personal
identity authentication and secure financial transactions. It is clear that over the next five to ten years,
national and even global adoption for distributed ledger technology will continue to accelerate into a
growth phase, ultimately reaching maturity within the technology sector in ten to fifteen years.i It
remains uncertain which organization, network or platform will prove dominant in what will become the
“new normal” for transaction, identity and digital security protocols.
Evernym, Inc. (aka “Evernym” or “the Company”) was created to harness the potential of this
technology. Evernym is an early stage technology company that is building Sovrin, an identity network,
using highly modified distributed ledger technology. The Company intends to provide a universal “self-
sovereign” identity available to everyone (a permanent, private, secure digital identity that cannot be
taken away by a company or government).
Evernym has raised a $1.5 million seed round and is seeking a $1 million bridge to a $20-$25 million
series A. It is our understanding that the investor syndicate will likely be comprised of strategic
investors, including several potential Sovrin partners/adopters, including the Mountain West Credit
Union Association (MWCUA). According to the Company’s business plan, the proceeds of the equity
round will be used for the development of the Sovrin network, building out messaging and payments
capabilities, as well as marketing and business development.
The company is implementing an “adoption first, monetize later” go-to-market strategy. That is to say,
the Company will not generate profits from the adoption of Sovrin. Identities will be free to users.
However, as the originator of the platform, Evernym believes it will be well positioned to offer a suite of
services to consumers and partners once a critical mass of participants is achieved.
We believe Evernym has identified and squarely placed itself at the intersection of a key market
problem and opportunity. It has also built and continues to expand on a solid business plan which
outlines a credible financing and operating path for executing on the opportunity. In the evolving
landscape of digital identity and security, what makes Evernym’s model unique and informs our view of
its likely success are two key factors: a scalable technology platform and a scalable adoption model.
THE EVERNYM INITIATIVE AND THE TARGET MARKET
Evernym is working to develop the world’s most advanced identity solution. The Company’s initiative is
extremely broad reaching, with potential use by entities both large and small, from governments and
world health organizations, to credit unions, small businesses and even peer-to-peer transactions.
Evernym is a first-mover in the market to create universal identity through a permissioned distributed
ledger system.
![Page 10: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/10.jpg)
Confidential 2
The Company seeks to deploy a B2B2C business model, by working with commercial partners and
creating solutions that serve their interests along with their client’s needs. The Company’s value
propositions for Sovrin users and partners are as follows:
Consumers: Enhanced convenience, greater security, and increased control over transactions
within a trusted platform.
Commercial and Industry Partners: Reducing the costs and burden associated with managing
highly sensitive user data. Building trust and loyalty with customers, employees, and
commercial partners.
There are over 1,000 distributed ledger start-ups across the world according to a detailed report written
recently by Outlier Venturesii. The majority of the companies are focused on providing products and
services that require identity, but are not focused on identity specifically (financial services, sharing
economy, infrastructure, etc.). Yet, in addition to Evernym, there are a number of companies taking
different approaches to decentralizing identity. Examples include:
Blockstack: Is one of the earliest to offer personal identities backed by a permissionless
blockchain. They have grown their user base to more than 50,000 registered identities.
ShoCard: Has built a blockchain-backed digital identity platform that protects consumer privacy,
optimized for mobile. They have successfully tested a prototype for air traveler identification.
Airbitz: Has pivoted from offering a Bitcoin wallet to a full security platform, encrypting data all
the way from the end user while making it available as needed.
uPort: Is a ConsenSys platform, which has recently partnered with Microsoft to build an open
source, self-sovereign, blockchain-based identity system.
In terms of venture investing, the distributed ledger industry as a whole has seen over $1 billion in
venture capital investments made through Q1 2016iii. In addition, more than 50 “traditional institutions”
(includes governments, central banks, financial institutions and other large strategic investors)
announced investments in blockchain start-ups in Q1 2016, up from 34 in Q4 2015iv. Looking at the
trends in dollars invested and the number of start-ups in the blockchain distributed ledger space, there
is clearly evidence of the belief that there are benefits the technology can provide on a social and
economic level.
The main industry question at this early stage is adoption. Despite the growth in venture and early-stage
activity in the distributed ledger world, rapid adoption remains to be seen. At this stage it is unknown
when the technology will mature, generating widespread adoption. Adoption is also the key to
Evernym’s success. However, as discussed in the business plan below, this does not appear to be an “all
or nothing” metric (in other words, the Company can still be successful with other distributed ledger
systems existing in the market).
![Page 11: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/11.jpg)
Confidential 3
The Company’s adoption approach for deploying their identity solution is through strategic partnerships
with member-based institutions (vertical adoption) as well as inbound opportunistic opportunities that
support growth on a large scale through social and government organizations (horizontal adoption). The
combination of vertical and horizontal partnerships seems to support the roll-out of the Company’s
sovereign-identity initiative on a large scale.
The Company appears to be on the leading edge of a technological movement and forming solutions for
global identity problems. Although Evernym’s initiative is ambitious (to solve the world’s identity
problems), major companies and industry groups have publicized their interest and investments in
distributed ledger technologies (e.g. R3, clearXchange for financial institutions and Microsoft’s
Blockchain as a service platform). Governments and international bodies are also discussing the
implications of distributed ledgers on local and global economies.
Although the majority of the buzz is around financial services, there are potentially more robust
applications of the technology that go well beyond this sector. From identity, to intellectual property, to
smart contracts, there are competitive advantages that distributed ledgers providev.
Undoubtedly, there are strong market tailwinds supporting Evernym’s initiative for creating a universal
identity solution. Although the industry is in its infancy, the market is ripe for disruption. The Company is
engaging specific strategic initiatives that could support widespread market adoption. Partnerships with
organizations such as credit unions, USAA, Microsoft, etc. should enhance Evernym’s first-mover
advantage in the distributed ledger identity market.
BUSINESS PLAN ANALYSIS
Go-To -Market Strategy
Evernym’s go-to-market strategy is three fold: Stand-alone applications, Acceptors First, and Entire
Ecosystems. Evernym is building stand-alone applications on top of Sovrin to provide clear benefits to
members and partners (Enterprise messaging, password-less authentication, applicant vetting, etc.).
These stand-alone applications are intended to have a viral impact, creating a network effect. The
Company is also pushing vertical adoption through early acceptors like the credit unions, Microsoft and
USAA. By launching through these strategic partners in different industries, Evernym is positioning
Sovrin for widespread adoption. Finally, adoption by entire ecosystems could include universities and
entire countries. In this case, adoption is mandatory for individuals within each system (active
discussions include BYU and the country of Myanmar).
Perhaps the greatest risk to the go-to-market strategy would be a lack of focus on execution of the
primary pillars of the plan. Evernym is receiving interest from potential “Horizontal” partners that could
be distractions from the business plan’s core initiatives. These potential distractions may also consume
valuable time and resources.
Evernym’s management team seems to recognize this risk and appears to be mitigating by prioritizing
the vertical partnerships (e.g. USAA and Credit Unions) critical to widespread adoption and
![Page 12: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/12.jpg)
Confidential 4
monetization. The Company’s partnerships with USAA and the Credit Unions could lead to momentum
in the marketplace. Evernym is also discussing a partnership with Microsoft, which will make Sovrin
identity attributes globally accessible through the Azure API. This could lead to easier integration into
large corporate identity environments.
Competitive Landscape
From a competitive standpoint, Evernym does have direct competition in the identity space. The top
two appear to be Blockstack whose product focuses on the Bitcoin blockchain and Consensys’ Uport
identity wallet which uses the Ethereum blockchain. The primary difference between Evernym and these
two competitors is the permissioned distributed ledger system vs. the permissionless systems designed
by Blockstack and Consensys. The Company believes that the distributed governance of a permissioned
system will increase trust and drive participation in highly regulated industries, which will likely play a
critical role in adoption and eventual monetization. The research seems to suggest that there is solid
reason for this view.vi There are also a number of indirect competitors that are either (i) not focused on
self-sovereign identity and/or (ii) do not use distributed ledger technology.
A risk to Evernym’s plan is the ability to differentiate itself within this expanding and competitive
landscape. A key assumption of the forecast and Series A investment size revolves around the
assumption that adoption rates will reflect those of the OTT messaging industry, with more than 500
million Sovrin users by FY2021.
Evernym appears to be leading the way as a first mover in the universal self-sovereign identity space
applying permissioned distributed ledger technology. The Company also seems to be separating itself
by focusing on identity first and building the Sovrin system around solving identity related problems that
have global application. This could prove valuable to both vertical and horizontal partners. Additionally,
given the diffused nature of this emerging market, Evernym’s strategy has the potential to be executed
on less than a global scale. By providing tangible benefits to strategic partners, the Company will likely
have opportunities to build simultaneous user communities.
Overall, Evernym’s approach to focusing solely on universal self-sovereign identity using permissioned
distributed ledger technology does appear to be unique in the market.
Monetization
Evernym will not make money off of the adoption of Sovrin itself, but by building layers on top of the
identity platform (Evernym’s “Sovrin Stack”), offering a software-as-a-service (SaaS) platform to Sovrin
nodes and layering products and services on top of the SaaS platform. Monetization under this platform
is scheduled to begin in Q1 2017. According to the forecast, the Company becomes profitable in mid-
2019, at which time active users exceed 100 million.
As seen in the Company’s financial forecast for FY2016 to FY2021, the near term revenues are driven
largely by the SaaS menu offered to partner institutions (i.e. registration, authentication, authorization,
![Page 13: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/13.jpg)
Confidential 5
reputation, messaging, data sharing, key sharing). Over time, the Company anticipates being able to
build on the additional products.
A hurdle to successful monetization will be Evernym’s ability to create commercial opportunities on the
Sovrin platform. Evernym’s monetization plan is predicated on layering products on top of a massive
adoption footprint. This would provide a vast and captive user base for rolling out applications. Support
for this effort comes from Sovrin’s focus on large market opportunities that rely on identity at their core.
These include P2P messaging and payments as well as enterprise messaging.
For example, the P2P payments industry was $16 billion in the U.S. in 2015 and is forecasted to grow to
$86 billion by 2018 according to a recent report by Goldman Sachsvii. In the same year, close to 113
million mobile phone users in the United States accessed OTT messaging apps to communicate. This
figure is projected to grow to 173.2 million users by 2020viii.
Additionally, the market for secure enterprise mobile messaging is growing rapidly as people look to
replace email with more secure and productive ways of communicating/collaborating at work. In other
words, the market for enterprise messaging could be as large as the market for email. Slack, the leader
in the enterprise messaging space, latest reported stats, from August 2015, revealed that 1.25 million
people use the service each day, and 370,000 have paid accountsix.
BUSINESS AND MARKET RISKS
Even with the significant groundwork established and the thoughtful approached utilized by Evernym to
date, it will not be immune to the business and market risks of any new venture, business model or
major innovation.
As it continues to roll out its solution to this large market, Evernym, and its partners, will encounter
three risk factors in establishing itself as a successful option in growing market of identity based
solutions:
Will the solution and model adequately address the current challenge/opportunity?
Is there real market potential and is there a clear path to adoption?
What are the regulatory barriers and limitations?
Will the solution model adequately address the current challenge/opportunity?
This question gets to both the technology question and delivery model. In the current digital economy,
identity threats increasingly account for major economic loss, major organizational costs, and personal
disruption. A model seeking to address these challenges with a new, disruptive, platform will need to
build a solution with a technology structure solid enough to serve as a foundation but flexible enough
for collaboration and widespread use.
Evernym’s effort to address these challenges and opportunity is to reshape the landscape with a new,
universal identify solution. At the heart of Sovrin’s technology is Plenum, the Evernym developed
![Page 14: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/14.jpg)
Confidential 6
advanced algorithm that provides cutting-edge encryption protocols. Plenum exhibits low latency
characteristics which addresses one of the key technical challenges for a distributed ledger based
solution. Plenum was created to be an open source technology making it more likely that collaboration
and further development will take place. The Company has developed defensible IP, consisting of
patents (granted and pending) around creating a system that is an attribute-based, sovereign identity
graph platform on an advanced, dedicated permissioned distributed ledger (aka Sovrin).
The attributes-based nature of the Sovrin platform has been created for an individual identity holder on
the Sovrin network to reveal only the attributes (Social Security number, date of birth, address, etc.)
relevant to the transaction or desired purpose. These attributes are controlled and owned by the
identity holder and can only be authorized for sharing by the identity holder.
In our view, a major sign of business maturity and one of Evernym’s efforts to mitigate risk in its model is
the merger with Respect Network. Evernym’s merger with Respect Network has accelerated its
capability and understanding of the business rules that have to sit on top of the technology platform
itself. According to a research director at Caribou Digital, a top research firm focused on the digital
economy, none of the other players in this space have spent as much time working through the business
values that will sit on top of the platform to make their technology work.x Additional third party
validators such as Microsoft have confirmed the advanced and stable nature of the technology platform
by allowing it to integrate into their product set.
Finally, Evernym holds patents on the important components of the Sovrin platform which mitigates
significant risk to early investors or partners. A would-be competitor would need to work around the
unique features of Sovrin, or choose to collaborate thereby increasing adoption of the core platform.
Is there real market potential and a clear path to adoption?
Most, if not all, of the developing identity based technology platforms have the same inherent risk
factor that will determine their success: adoption. It is difficult to overstate how important the
adoption case and challenge is.
Early traction in adoption is a critical success factor on the road to broad based adoption. On that front,
Evernym’s approach in early partnerships with financial institutions and education organizations gives it
a head start among other identity solutions. In the open and permissioned platforms, Evernym is well
ahead in its ability to successfully correlate use cases with adoption partners.xi Specifically, partnerships
with USAA and Credit Unions would create a competitive advantage in this race for adoption.
Partnerships between these organizations creates a foundation layer for use cases that will infuse the
adoption momentum with insights that are critical to the success of building the Sovrin adoption
footprint.
One of the possible accelerants to Evernym’s success is that the characteristics of the Sovrin identity are
built to actually be sovereign – meaning the individual owns it and is in control of it. Privacy and security
breaches continue to cast doubt about the identity protection and verification of large internet
platforms such as Facebook and Google. These players pose a significant risk to firms such as Evernym
![Page 15: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/15.jpg)
Confidential 7
seeking to build new platforms for secure and trusted identify. However, it appears these large internet
companies are not inclined to trade short term economic gains in order to move towards creating more
open, collaborative and user owned identity platforms. If this trend continues, they will continue to lose
the trust of its users. This clearly creates a window of opportunity for platforms such as Sovrin to gain
adoption traction as a “trust worthy platform” in what experts are calling the new “Trust Protocol” for
the exchange of information, goods and services.xii
True global reach and adoption would include credentials used by and/or issued by governments. This is
a complicated and often perilous area of identity adoption and it is extremely unlikely that government
authorities will give up control in maintaining a verification system for its citizens (Social Security
number, national ID, etc.). However, a government identity system could conceivably sit within a
broader identity platform such as Sovrin. There is a business case that can be made for governments
exiting the platform and infrastructure business entirely and instead issuing credentials that would
reside in a permissioned and open identity platform such as Sovrin.
Universal adoption is the overarching goal for the Sovrin identity platform. Yet, competitive pressures,
regulatory requirements, and technology advancements could make a multi- platform scenario a real
possibility. In the long term, the industry landscape might include several relevant platforms adding
value in identity, authentication, and security for various sectors of the economy and society as a whole.
In this scenario, Sovrin may be one of several platforms and/or Evernym may be one of various firms
building products for the Sovrin platform. This outcome could lead to a significant win for Evernym and
its partners both in terms of direct internal use and economic benefit.
Finally, it is clear that private capital investors and the largest strategic players such as Google,
Facebook, Microsoft and others will continue to invest in the expanding identity and distribute ledger
technology. An open question for big technology incumbents is if they are prepared to pivot from their
current model to successfully incorporate the requirements of trusted, secure, sovereign, universal
identity. A likely scenario is that these players will acquire companies with the ability to monetize
products and services on top of developing identity platforms. This could be a real outcome for Evernym
which could also generate meaningful returns for its stakeholders.
What are the regulatory barriers and limitations?
As the Credit Union community is very familiar with, financial transactions have emerged as the largest
focus and most often sited use case for identify and authentication technology solutions. This sector is
experiencing arguably the greatest security and monetary impact in our society. Given the incredible toll
security breaches and identity theft are taking on society, governments are continuing to step up policy
efforts to more effectively address these growing threats. It is clear that there are strong regulatory
tailwinds in this industry.
Still, distributed ledgers raise a number of questions for policy makers at the national and international
level. As with any new technology, new regulatory policies will need to be developed. The timing and
reach of regulatory framework is unclear at this point in time.
![Page 16: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/16.jpg)
Confidential 8
There are numerous initiatives by government organizations supporting the growth and adoption of
distributed ledger technologies to address commercial and social issues. U.S. Federal Reserve system
officials have highlighted distributed Ledger potential, recognizing the benefits and potential
applications in the financial communityxiii. Similarly, the U.S. Commodity Futures Trading Commissioner
calls for “examination of rules that may inhibit Distributed Ledger technology innovation”xiv. The UK
government’s Chief Scientific advisor recently released a report recommending pursuit and adoption of
blockchain technologiesxv.
In the U.S., the government has created a contest called “Blockchain and Its Emerging Role in Healthcare
and Health-related Research” with the goal of having participants create white papers on the topic of
blockchain technology and its use cases within the healthcare industry. Perhaps most importantly,
governments and Central Banks are directly funding distributed ledger research. For example, the
Department of Homeland Security recently announced grants to six companies working with distributed
ledger technologies for Identification Services (Including Evernym via Respect Network).
The risk for companies working within such a nascent industry is that despite government’s strong
encouragement to solve the stated problem, regulator’s “preferred” methods and processes frequently
remain elusive. A key regulatory burden that must be met is one of enforceability and the finality of a
given transaction. A company undertaking such a large task will face the potential risk of building a
solution that fails to meet the regulatory approval necessary for achieving broad based adoption and
certainty of the transactions flowing through its platform.
As it seeks to scale across geographic markets, what may help Evernym avoid these hurdles is its
permissioned and transparent identity model. Sovrin can also accommodate numerous and diverse
credentials while permitting only authorized nodes, or screened and approved participants in the
platform, to verify identity protocols. This is vital component to broad based regulatory approval.xvi
Building on the momentum around standardization for identity, Sorvin’s permissioned protocol,
advanced cryptography, and open structure appears to position Evernym to successfully address the
competing questions around real universality and high security protocol standards. Obtaining regulatory
acceptance for use in financial transactions, educational institutions, healthcare records, and
government systems is a high bar that Evernym seems to be uniquely prepared to meet.
CONCLUSION
Security threats and regulatory requirements will undoubtedly continue to create tremendous business
challenges for financial institutions like the Credit Unions. There appears to be a similar accumulation of
risk in not being deeply involved in the expanding area of digital identity technology. Financial services
firms or any organization that manages sensitive customer data cannot afford to stand on the sidelines
as advances in customer identity, security and engagement take hold. Organizations who fail to adopt a
plan for incorporating advanced identity and digital security technologies for their internal systems,
customers and members will more than likely find themselves requesting permission to participate in
someone else’s. Doing so may come at a great economic and reputational cost. As such, perhaps the
![Page 17: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/17.jpg)
Confidential 9
ultimate question facing a financial services organization considering investing in and/or adopting
advanced identity verification and distributed ledger technology is not if, but when.
Sovrin and the Evernym model are built on an infrastructure platform that is open. As the industry
experts repeatedly remind us, any identity solution is only as good as the number of people who will
trust it and use it. The Sovrin platform is built so that that other ecosystem participants can build on top
of it. Evernym’s merger with Respect Network has accelerated its capability and understanding of the
business rules that have to sit on top of the technology platform itself. This key differentiator from
other solutions positions Everynym to succeed in the large task of building a scalable technology
platform with broad based adoption.
Although the buzz and excitement around this fast moving technology may create uncertainty around
which path to move down, the MWCUA has carved out an advantageous position in its discussions with
Evernym. In addition to the relevant use cases explored as well as the work being developed with
CULedger, the direct Evernym investment may fortify the MWCUA’s position even further. An
investment in Evernym could very well create the path for a Credit Union industry-wide framework for
establishing the necessary elements that build a technology foundation and a collaborative ecosystem in
which multiple value streams are explored, nourished and implemented. More specifically, the
partnership with Evernym has three complimentary value proposition for the MWCUA:
Access to the core technology and platform of the Sovrin network.
Continuous innovation of products for direct beneficial use within the Credit Union community
and by its members.
Commercial returns from Evernym products built on the Sovrin platform.
We believe the MWCUA should strongly consider utilizing this partnership with Evernym as an
opportunity to advance its position with its members and within the broader financial services market
landscape. Working alongside an organization with the technical and industry validation advantages of
Evernym has the potential to generate both near-term and long-term benefit for MWCUA members. At
the same time, it may greatly reduce the looming and eventual costs and risks associated with a
prolonged evaluation of the many options for engaging in the digital identity and security arena.
A strong partnership or investment with Evernym would plant the flag and create a clear direction for
successfully navigating a digital identify based future for the MWCUA. It will not be perfect, and many
pivots will necessarily take place to respond to the evolving technological, regulatory, and global
adoption challenges. However, having an internal, front row seat will allow the MWCUA and its
member organizations to adapt and respond with more useful assets and knowledge. Business
scenarios where partners with different core missions provide tangible, mutual, and long-term value
creation are rare. We believe this could be one of those scenarios.
![Page 18: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/18.jpg)
Confidential 10
Sources:
i https://www.accenture.com/t00010101T000000__w__/au-en/_acnmedia/PDF-6/Accenture-Blockchain-Enabled-Distributed-Ledgers.pdf. ii Lundy, Lawrence 5 Things We learned From Analyzing The Location of 950+ Blockchain Startups (July 9, 2016) iii Hileman, Garrick State of Blockchain Q1 2016: Blockchain Funding Overtakes Bitcoin (May 11, 2016) iv Hileman, Garrick State of Blockchain Q1 2016: Blockchain Funding Overtakes Bitcoin (May 11, 2016) v McLean, Sue and Deane-Johns, Simon Demystifying Blockchain and Distributed Ledger Technology (April 5, 2016) vi http://www.ofnumbers.com/wp-content/uploads/2015/04/Permissioned-distributed-ledgers.pdf vii Goldman Sachs, The Future of Finance 2015, pg. 51 (March 2015) viii eMarketer, eMarketer.com (June 2016) ix Captain, Sean The Messaging Apps Gunning for Slack, Fast Company (October 21, 2015) x Pon, Bryan (Caribou Digital Research Director). Phone interview. August 2, 2016. xi Pon, Bryan (Caribou Digital Research Director). Phone interview. August 2, 2016. xii Don and Alex Tapscott, Blockchain Revolution (New York: Penguin, 2016). xiii Coindesk, State of Blockchain Q1 2016 (May 11, 2016) xiv Coindesk, State of Blockchain Q1 2016 (May 11, 2016) xv Palmer, Daniel 5 Must Read Excerpts From the UK Governments Blockchain Report (January 24, 2016) xvi http://www.ofnumbers.com/wp-content/uploads/2015/04/Permissioned-distributed-ledgers.pdf.
![Page 19: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/19.jpg)
Identity Research Findings, 08/04/2016
Best Innovation Group
Executive Summary
This document is intended to provide a summary of the research conducted by Best Innovation Group (BIG) into the identity space with regards to Credit Union opportunities, technology, security ,feasibility and monetization. The document will describe the process of review and the documented outcomes as well as a final recommendation. Market Analysis
Research Team An Identity research team was created consisting that consisted of team members from BIG was created:
● John Best (CEO) ● Ed Gonzalez (President/COO) ● Tom Stacy (CTO) ● Elliot Cotto (CCO)
Each interview was open to all members of the Identity research team. Interviewees As part of the identity market analysis, BIG interviewed identity experts in the field to determine the current state of the identity industry. The following industry experts were interviewed. Andrew Tobin
○ Tech Strategy Advisor, Telesign ○ Specialties: digital identity, mobile fintech, NFC, digital ID, retail payments, m-Commerce,
infrastructure virtualisation, app development, real-time transaction processing. Bryan Pon
○ Director of research at Caribou Digital ○ Senior researcher and analyst for mobile and energy sectors, especially in emerging markets.
Tim Swanson
○ Director of Market Research at R3 ○ Distributed ledger technology and design expert
Doc and Joyce Searls
○ Director of ProjectVRM ○ Fostered pioneering development of VRM (Vendor Relationship Management) tools and services
Phil Windley
○ Enterprise Architect, Brigham Young University ○ Board Chair, XDI.ORG
![Page 20: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/20.jpg)
Approach The following questions were asked of each interviewee.
● What is the current state of identity in the industry ? ● What has changed in this space that has moved the identity industry forward ? ● What is the minimum viable network necessary to make a identity (or any blockchain related network)
functional ? ● How will adoption play out? ● Who in your estimation is leading the identity industry?
Summary of Findings All interviewees, with the exception of Tim Swanson (who abstained from giving an opinion), stated that the concept of sovereign identity was the most important feature of a new Identity system. All interviewees stated that Distributed Ledger technology has been the catalyst for the recent advancements in the Identity movement. The minimum viable network question had a range of answers, but the numbers were smaller than expected for a true network. The lowest number given was 5 nodes and the highest number was 150 nodes. BIG believes that the answer is a mixed node selection based on large validator nodes as well as observer nodes or examiner nodes. Adoption was split between two ideologies:
1. A grassroots adoption method whereby adoption slowly gains ground.
2. The U.S. government will get behind a identity platform and as a result adoption will move more quickly.
Many of the respondees mentioned evernym by name, Tim Swanson had a notable response in that he declined to provide a response. He did mention that they had spoken to many of the platforms that are available and that there was a internal opinion at R3. BIG believes that this response denotes the importance of identity based on R3’s clients and position relative to the financial industry.
![Page 21: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/21.jpg)
Competition
As part of the analysis, vendors were invited to demonstrate their products. Each product was reviewed and analyzed as to where it fit in the credit union solutions.
Overall breakdown by feature
Company Feature Integration Competitor Analysis
Evernym Public Permissioned Identity platform based on distributed ledger
Private and certified API integration based on Semantic WEB
Base platform Supports other competitors
Trunomi On boarding and checking credentials via EU GDPR, PDS2 regulatory compliant certificates for all data interactions
Highly mature API. Compliments the evernym sovrin identity platform by providing an on- boarding identity verification process.
Shocard Provides digitized versions of plastic cards
API Could benefit from using the sovrin platform , today it operates on bitcoin.
ShoCard
● Co-Founder and CEO: Armin Abrahimi ● Co-founder: Jeff Weitzman ● Founded: February 2015 ● Location: Palo Alto, CA ● Annual Revenue: $.06M[1] ● Employees: 1-10 [2]
Business Model ● B2B: CEO Ebrahimi says ShoCard is targeting card issuers and will verify the identity of cardholders
during mobile transactions.[3] ● First clients will be credit and debit issuing banks that issue nearly a billion cards.
Brand ● ShoCard is a digital identity that protects consumer privacy and is as easy to understand and use as
showing a driver’s license. It’s optimized for mobile and so secure that a bank can rely on it. ● Easy To Use. Bank-Level Security. ● Identity for a Mobile World ● It's the one identity verification system that works the way consumers and businesses need it to for
security, privacy, and always-on fraud protection
![Page 22: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/22.jpg)
Products
ShoCard is a digital identity card used through a mobile app (ShoCard Mobile App). The company meets the needs:
● Trustless and decentralized. Your Identity is not under the control of any institution (either Government or commercial).
● Immutable. Nobody can change a record; they can only append a new record.[4] ShoCard wants to use the blockchain to authenticate identification. Rather than an individual providing personal–and financial, details every time during the e-commerce checkout process, customers can store their information securely with ShoCard and enter it on request. Additionally, ShoCard could also be used for other financial systems, such as storing your online banking login details. The main benefit of ShoCard is that it can only be modified by the consumer.
Technology ShoCard is explicitly built for mobile, and also utilizes TouchID. ShoCard protects and verifies identity using strong public/private key encryption with multiple keys, data hashing, out-of-band communication, data matching, and two-factor authentication. A ShoCard is basically a tiny file that only the owner can manipulate. When a ShoCard is created by a user, they first scan their identity document (e.g., Drivers License) and sign it. Then, the mobile app will generate a private and public key to seal that record. It is encrypted, hashed and sent to the network of communicating nodes running bitcoin software for later use. After this initial creation process, it is accessed by the user via the ShoCard’s mobile app where they can retrieve their information.[5] Users are able to, in effect, give financial institutions temporary access to the private side of this blockchain record in order to verify identity. Once that is done, the bank creates its own record that can be consulted in the future to determine that Joe Smith is really Joe Smith.
![Page 23: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/23.jpg)
Funding
Figure 1 ShoCard's $1.5M Seed Investors [6]
Traction According to Mattermark, the company has an estimate 198 unique monthly visits (though it is important to note that the company is a Mobile App based product).
Figure 2 ShoCard Web Traffic [7]
![Page 24: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/24.jpg)
Figure 3 ShoCard's Mobile App–Available on iTunes–No users logged NOTE: It is important to note that neither ShoCard nor Trunomi have their own Blockchain–a fact highlighted indirectly by the companies–where users feel assured that no one has control over, or owns his online identification except himself. (i.e., Trustless and decentralized–an identity is not under the control of any institution (either Government or commercial).
References ● [1] http://www.hoovers.com/company-information/company-search.html?term=shocard ● [2] https://www.linkedin.com/company/shocard-inc- ● [3]
http://bankinnovation.net/2015/05/shocard-will-help-banks-authenticate-users-with-the-blockchain/ ● [4]
http://bankinnovation.net/2015/05/blockchain-based-digital-identity-will-disrupt-commerce-and-government/
● [5] http://techcrunch.com/2015/05/05/shocard-is-a-digital-identity-card-on-the-blockchain/ ● [6] https://www.crunchbase.com/organization/shocard-inc#/entity ● [7] https://mattermark.com/companies/shocard.com
Trunomi
● Founder and CEO: Stuart Lacey ● Founded: October 2013 ● Location: HQ San Jose, CA (Offices in Bermuda and London) ● Annual Revenue: $.37M[1] ● Employees: 11-50[2] (12)[3]
![Page 25: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/25.jpg)
Business Model B2B: Based on the premise that regulatory evolution, political will, customer choice, and data security risks will push financial institutions to adopt “informed consent” for customer data usage: Trunomi delivers end-to-end solutions that integrate with financial institutions’ existing technology, from digital customer interfaces through to our powerful API platform. Institutions are enabled to offer fully digital customer onboarding and customer data management. We streamline business processes and deliver amazing and seamless customer experiences. Solutions include mobile account opening, know your customer (KYC), data personalization and the delivery of new value-added services that all rely on the access to and analysis of Customer Personal Information. The proprietary Trunomi platform accelerates, simplifies and secures the data collection and sharing process, with a powerful combination of enterprise compliance solutions and mobile technology. This approach enables institutions and their customers to easily create auditable, digitized sets of customer identification data and then simply manage and securely share them anytime, anywhere; in full compliance with international privacy and regulatory requirements.[5] A primary selling point according to Trunomi is that once a customers verified data is collected, the bank can create its own record that can be consulted in the future to determine not only that Joe Smith is really Joe Smith, but also to customize offerings to that customer base on their data.
Brand ● Revolutionizing the way that financial institutions create, manage, and interact with customer data. ● Trunomi provides Know Your Customer (KYC) compliance technologies for regulated entities (RE)
through a platform that accelerates, simplifies and secures the customer on-boarding process. The company offers B2Me solutions (i.e., marketing to an individual based on the desires of that individual) that enable REs and their customers to easily create auditable “Golden Source” digitized sets of customer identification data and then simply and securely share them anytime, anywhere; in full compliance with global privacy and regulatory requirements.
● Our customers are financial institutions and our products create new revenue streams and eliminate inefficiencies. Financial institutions are more than happy to pay our user-based fees, which are less than 10% of their current KYC expenses.[4]
Products ● TruMobile is a mobile app that empowers financial institutions’ customers to control and share their
personal identification data. ● TruHub is an enterprise-class KYC on-boarding system. ● TruLink is a data sharing solution that replaces call centers and solves customer-not-present card
and transaction verification.
![Page 26: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/26.jpg)
Technology
Figure 1 The Trunomi Platform[6]
Figure 2 Company Description: Distributed, Consent-based data sharing platform. Open API framework with a single point of integration.
● The company is a decentralized and distributed data solution[7] and does not keep copies of customer data.
● The company supports the open API standard, welcoming third party applications and services to integrate with our platform.
![Page 27: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/27.jpg)
● Working with Trunomi, eID&V providers can benefit from easy access to international financial institutions that rely on the highest levels of customer data checking.[8]
Funding ● Funding: $5.3M ($3M Venture, $2.3M Angel)
Figure 3 Trunomi Investors [9]
![Page 28: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/28.jpg)
Traction
Trunomi does not talk about their numbers which indicates that they are still rather small (Estimated total monthly unique visits to the website–743[10]).
Figure 4 Trunomi Website Traffic and Trends. [11]
References ● [1] http://www.hoovers.com/company-information/company-search.html?term=trunomi ● [2] https://www.linkedin.com/company/trunomi ● [3] https://mattermark.com/companies/trunomi.com ● [4] http://www.verdictfinancial.com/finovate-interview-trunomi/ ● [5]
http://www.businesswire.com/news/home/20150908005955/en/Trunomi-Completes-3-Million-Capital-Raise
● [6] http://www.trunomi.com/our-platform/ ● [7] http://www.trunomi.com/our-platform/ ● [8] http://www.trunomi.com/about-us/#collaborate ● [9] https://www.crunchbase.com/organization/trunomi/investors ● [10] As ohttps://mattermark.com/companies/trunomi.com ● [11] https://mattermark.com/companies/trunomi.com
Evernym, Inc.
● Co-founder and CEO: Timothy Ruff (Also an investor–amount unavailable) ● Co-founder, CTO, Chairman: Jason Law ● Founded: April 12, 2014 ● Location: Herriman, UT, 84096 United States ● Annual Revenue: .16M [1] ● Employees: 15 [2]
![Page 29: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/29.jpg)
Business Model
Gateway platform dedicated to and engineered for universal, private, non-tracked, easy-to-use, self-sovereign identity. Supports the entire continuum of the identity graph, from anonymity to pseudonymity to strongly-proven full legal identity. The company differentiates itself based on a distributed blockchain technology as opposed to a decentralized model based on the work of Tim Swanson of Rev C3.[3] (Specifically see Consensus-as-a-service: a brief report on the emergence of permissioned, distributed ledger systems.)
Brand ● We’re building an open-source sovereign identity platform on a permissioned blockchain, and ● we’re giving it away. ● This ain’t your daddy’s blockchain. It’s a high-speed permissioned distributed ledger that’s engineered
and dedicated solely for identity. ● Identity is a mess. Help us clean it up. ● We all have too many accounts, usernames, and passwords, too much identity theft and fraud, too
many data breaches, too little control, too little privacy, and an unacceptable 3 billion people “unbanked.”
Products ● Distributed-ledger-based Evernym Identity Platform, a highly advanced, “sovereign” solution to the
global identity problem that restores privacy and control where it belongs: you. ● A high-speed permissioned distributed ledger that’s engineered and dedicated solely for identity. ● Sovrin: a universal, private, non-tracked, easy-to-use, self-sovereign identity that supports the entire
continuum of the identity graph, from anonymity to pseudonymity to strongly proven full legal identity.
Technology
● Apache2/Open Source ● Online platform ● Permissioned distributed ledger ● OASIS XDI (Extensible Data Interchange) protocol
Funding ● Ron Hammond–Advisor, Investor, Board member (Also an investor–“significant funding”– amount
unavailable)[4]
![Page 30: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/30.jpg)
Traction
● Unavailable, but see website traction ● Estimate monthly unique: 20 [5]
Figure 1: Evernym Website Traffic and Trends from Mattermark [6]
Figure 2 Evernym Patent Applications [7]
References ● [1] http://www.hoovers.com/company-information/company-search.html?term=evernym%20inc ● [2] https://gust.com/companies/evernym_inc ● [3] http://evernym.com/technology/#permissioned-section ● [4] https://angel.co/evernym/jobs ● [5] https://mattermark.com/companies/evernym.com ● [6] https://mattermark.com/companies/evernym.com ● [7] http://www.faqs.org/patents/assignee/evernym-inc/
![Page 31: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/31.jpg)
FInal Recommendation
Overview After many interviews and technology research that included prototyping a blockchain platform on several different operating systems. BIG recommends that if a investment were to be made in the identity industry, Evernym should be considered for the following reasons.
1. All the other identity platforms relied on either BITCOIN or Ethereum, both of which are public permissioned networks. Evernym’s Sovrin platform is the only purpose-built distributed ledger technology that BIG can find on the market.
2. The marriage of respect.network and Evernym is particularly important because of the XDI layer, a
standard that will allow multiple entities to connect directly on a decentralized network . Drummond Reed is one of the foremost authorities in the world on the semantic web - this will be the secret of Sovrin’s success. The other solutions don’t have this and didn’t exhibit the ability to adopt this technology. It is our belief that XDI is as important as Sovrin, if not more so.
3. None of the three companies reviewed (Trunomi, ShoCard, and Evernym) are able to function as a
standalone unit at this time; each brings a different piece of the puzzle to the table. However, the base for everything is clearly the Sovrin platform. In that regard, Sovrin is the most significant of the solutions we have seen as it will likely serve as the foundation for the integration of many platforms/products. This is because Sovrin is the only true public permissioned distributed ledger that is purpose-built for identity.
4. Security and encryption is strong in the Sovrin platform because of Jason Law’s work with Dimitri
Khovratovich (https://www.cryptolux.org/index.php/Dmitry_Khovratovich). Both are well-respected and bring a high level of world-class expertise in cryptology.
5. The overall business case on fraud alone is compelling. If this was a product related only to
reducing fraud, it would be best in class - the monetary losses in fraud alone would pay for any Credit Union to implement the platform. Another important consideration is the the loss of trust in the Credit Union experienced by the member when their account is compromised. That loss cannot always quantified or restored.
6. The Department of HomeLand service SBIR for research is an important aspect of the identity
implementation as it brings a reason for people to use the identity platform. A government relationship or mandate for sovereign identities would bring instant credibility to the platform as well as expedite adoption.
7. While this document has focused on fraud and security as the overarching reason to invest in
identity solution. There are many other use cases that will bring value to the credit union community. Expediting filling out forms, creating smart contracts around identity solutions, and new payment paradigms are among the most compelling use cases. However for purposes of this research BIG chose to focus on the fraud and technology aspects as the use cases are not completely worked out and it would be difficult to quantify the value without speculating.
![Page 32: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/32.jpg)
Areas of Focus
1. Sovrin has yet to crack the issue of Key management , in fact none of the solutions really showed any of their key management tools , In this regard all solutions are really behind. The key management issue will be the most difficult to tackle and has the most potential to slow down adoption. Sovrin needs to make a substantial investment in Key management for the nodes as well as for the users.
2. Execution and adoption will continue to be a issue without a world class project plan as well as a killer application as its first product. Identity alone is difficult to sell. Improved security is a much easier sell , and a new product that takes advantage of the selling points of the Sovrin Platform is even better.
Strategy and Implementation Evernym spent much of 2016 introducing Sovrin at various identity conferences around the world and credit union events in the U.S. It is critical for Evernym to focus very carefully on the most strategic opportunities to gain traction in the market and establish its platform as the defacto industry standard. The Public permissioned ledger space is likely to be very exclusive and as a result players will need to stake out their place early. Evernym has stated they have selected the following market focus areas, in order of priority:
1. Member-driven financial institutions in the U.S. This category encompasses USAA, with over 14M members, and the U.S. credit union (CU) industry, which has over 100M members.
a. BIG believes this should be top priority as it makes the most sense to use Financial institutions as the initial claims providers for identity.
2. Government-sponsored healthcare ID projects in Indonesia and Myanmar. The Indonesian project
encompasses 230M citizens; the Myanmar project 68M citizens. a. BIG has some concern that this approach while important because it establishes sovrin as
world wide could distract Evernym from the financial institutions. BIG recommends a tiered approach or perhaps a separation of the international investments.
3. The Doctor's Link physician credentialing project in the U.K. Although this project does not involve a
large population of users (<100K doctors in the U.K.), it is a highly strategic illustration of how Sovrin identity and credential verification can solve a high-value trust problem in healthcare spanning the UK General Medical Council and leading UK hospitals.
a. This seems like a better use case to achieve international acceptance. In BIG’s investigations BIG uncovered the fact that the U.K is clearly ahead in the identity market. BIG would recommend this be prioritized ahead of indonesia and Myanmar
For the first opportunity, Evernym and its implementation partners have stated they will be focused on four initial products:
1. Passwordless biometric authentication. For USAA, this already a market-leading feature—what Sovrin and the Evernym Sovrin SaaS platform will do is enable USAA to offer this feature to sites outside of USAA. For U.S. credit unions, it will allow them to establish Sovrin login as an industry standard not only among their own sites, but at the sites their members frequent.
a. This of course depends on scale , the potential is clearly here based on the 114 million consumers , however this assumes that the entire CU market will use the product. This is not likely, so it is important to understand that even a smaller scale could move the needle for identity. The key value for this will be the quality of the Credit Unions that are early adopters.
![Page 33: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/33.jpg)
2. Credit card anti-fraud protection. Sovrin-secured push notifications and one-touch biometric authentication will provide a simple, strong, standard mechanism for CU members to prevent account takeover and authorize significant purchases, stopping fraud before it can happen.
a. Evernym has been exploring a relationship with PSCU who owns a patent on the credit card lock process that Discover and others use. This process combined with a sovereign identity platform could re-invigorate the card control market and create a new paradigm at the register.
3. KYC/AML. Sovrin identity authentication and credential verification can dramatically lower the cost for CUs to comply with KYC/AML regulation while at the same time reducing friction for consumers.
a. There are key products such as switch kits and member on boarding that a product like sovrin can enable. These are however going to take time and adoption to achieve scale. While this is a compelling product , fraud reduction is the most profitable and easy business case to make.
4. Portable reputation. Sovrin credential verification can include reputation statements from USAA or
CUs that will enable their members to assert their financial reputation at other sites, providing a significant new source of value.
a. Claims or attestations will likely become a marketplace. With providers selling their attestations. Which means that Credit Unions could lead in this market. An attestation or claim from a Credit Union would be worth more than a attestation from a social provider.
Because these relationships and projects are already substantially in place, implementing the products in these focus areas will require only a small increase in Evernym's current business development and sales resources (3 additional headcount). So the balance of resources required are all in product development, design, and engineering. In these areas Evernym plans to grow headcount from 12 to approximately 40 employees and contractors by the end of 2017. Evernym will also focus on building key integrator relationships in its target markets: Best Innovation Group in the member-driven financial institution industry; iRespond and Microsoft Asia in the Indonesia and Myanmar projects; and Ctrl-Shift and Capgemini for Doctor's Link. Execution in this area is critical and needs to be continuously monitored if a investment is made. It is important to embrace an agile project management approach and include the Credit Union’s in the use cases. This will allow the investors to monitor the growth and gain.
Acquisitions Evernym's acquisition of Respect Network includes Respect Network's Small Business Innovation Research grant from the U.S. Department of Homeland Security to research and design a privacy-respecting identity management system based on blockchain technology. Respect Network received this contract shortly before Evernym came out of stealth last March with its announcement of Sovrin. Sovrin's public permissioned architecture for a distributed ledger for self-sovereign identity met all the requirements Respect Network had identified in its DHS SBIR application. Respect Network is currently at the mid-point of its R&D work under the SBIR grant, nearing completion of the second phase (design and architecture). In the third phase, it will implement a POC of the design using Sovrin and DID (decentralized identifier) objects. This will prove DHS thesis that blockchain identity can provide both the strongest (from a security standpoint) and most private (from a decentralization and user-control standpoint) solution for Internet-scale identity management. DHS has already confirmed that this will satisfy immediate and strong demands from it's customers, including TSA, and will enable the U.S. government to address persistent data security and privacy problems such as the OPM data breach.
![Page 34: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/34.jpg)
Based on the DHS relationship, Respect Network has also submitted a DARPA SBIR grant application for blockchain-based secure messaging based on Sovrin. Regulatory drivers
Privacy is gaining ground in europe, specifically to personal identity information (PII). An example of this in the united states would be the Credit Card FACT act. (Fair and Accurate Transactions) which in part was designed to reduce identity theft. The ACLU has been actively pursuing similar legislation in the U.S. Bills that are being introduced revolve around personal privacy , location tracking and student data privacy. 16 states have adopted some form of these bills (https://www.aclu.org/map/takectrl-nationwide-privacy-push). The Evernym Sovrin platform represents an elegant solution to the privacy problem and it would be wise to consider the effect and value of these privacy laws to the membership. Credit Unions have traditionally been hesitant to share private data for profit , this position could allow them to push past the banks by providing an advanced privacy solution. Also it appears that privacy can be monetized and would be a possible new source of income. The information and policies below represents the latest global thinking in privacy.
GDPR The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a Regulation by which the European Commission intends to strengthen and unify data protection for individuals within the European Union (EU). It also addresses export of personal data outside the EU. The Commission's primary objectives of the GDPR are to give citizens back the control of their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.[1] When the GDPR takes effect it will replace the data protection directive (officially Directive 95/46/EC) [2] from 1995. Perhaps confusingly for some, there is a new directive as well as a new regulation; it will apply to police procedures, which will continue to vary from one Member State to the other.[3]
The regulation was adopted on 27 April 2016. It enters into application 25 May 2018 after a two-year transition period and, unlike a Directive it does not require any enabling legislation to be passed by governments.[4]
![Page 35: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/35.jpg)
PDS2
The revised Payment Services Directive (PSD2) was proposed by the European Commission in 2013, and the objective was to create a level playing field by:
● Standardising, integrating and improving payment efficiency in the European Union ● Offering better consumer protection ● Promoting innovation in the payments space and reducing costs ● Incorporating and providing clarity on the use of emerging payment methods such as mobile
payments and online payments ● Create a equal playing field for payment service providers - enabling new companies to get into the
payments space ● Harmonise pricing and improve security of payment processing across the European Union ● Incorporate new and emerging payment services into the regulation
Source : http://www.sepaforcorporates.com/single-euro-payments-area/5-things-need-know-psd2-payment-services-directive/
StateECPA
● Student Information Systems Privacy: Requires express and specific parental or student permission before student data is used for a non-educational purpose by a third party
● “1-to-1 Device” Privacy: On computing devices that are loaned to students, limits the ability of schools and third parties to access, track, and utilize information about student behavior and communications made.
● Student Personal Technology on Campus: Ensures that the same warrant protections that apply to students’ personal electronic devices away from school apply when students are on campus.
● Student Social Media Privacy: Prohibits educational institutions from demanding access to students’ social media accounts, except under specific, limited circumstances.
● Employee Social Media Privacy: Prohibits companies from demanding access to current or prospective employees’ social media accounts, except under specific, limited circumstances.
● State Electronic Communications Privacy (StateECPA): Prohibits the government from reading the contents of electronic communications without a warrant, and, in some cases, applies the same standard to location tracking. Builds on the recent bipartisan passage of the nation’s strongest digital privacy law enacted to date, the California Electronic Communications Privacy Act (CalECPA)
● Cell Site Simulators (a.k.a. Stingrays): Requires a warrant for the government to use cell site simulators to track a person’s location as well as rapid deletion of data inadvertently collected about people who are not suspected of any wrongdoing.
● Automatic License Plate Readers (ALPRs): Requires rapid deletion of ALPR-collected data about persons who are not suspected of any wrongdoing.
Source : https://www.aclu.org/news/16-states-dc-introduce-legislation-limit-surveillance-and-protect-student-and-employee-privacy
![Page 36: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/36.jpg)
Security Traditional infrastructure security relies on firewalls, secure key management, and other best practices. If a database server is hacked, data could be exposed. The Evernym blockchain is protected by a "distributed consensus" pool of servers leveraging "Byzantine Agreement." to ensure security. If one or more servers were to be compromised for any reason, and malicious code installed, other servers in the pool would detect the unpredictable behavior and logically sequester that particular server. Servers participating in the consensus pool are called "nodes," and are physically and logically separate servers owned and operated by vetted entities such as financial institutions. There will eventually be hundreds or even thousands of nodes in the pool. Byzantine Fault Tolerance is built on a premise that we don't take for granted that every server is benevolent. In fact, there is distrust of any information not verified through consensus. Constant, mutual monitoring and redundant replicas ensure detection of non‐performant or suspicious behavior. To compromise the system, a hacker must hack into one‐third of all of the nodes, and even then the data is fully encrypted. All data on the blockchain is protected with digital signatures and encryption using Elliptic Curve Cryptography, symmetric encryption using the AES‐256 algorithm, and cryptographically secure hashing using the likes of the SHA 2 algorithm. This ensures that sensitive information cannot be accessed even if every single server in the consensus pool were to be compromised. This in no way alleviates the requirement that we, and other participating entities who host nodes, employ the very best traditional security practices. To maximize availability and minimize the chance of an exposure due to a common security misconfiguration, we will host our own nodes at multiple physical locations in at least three cloud computing providers, Amazon's AWS, Google's Cloud Engine, and Microsoft's Azure. If Credit Union adoption is achieved it will also bring more diversity to the network and allow the Credit Unions to further leverage their security services. User experience
Evernym plans on monetizing its platform by building applications on top of the Sovrin Global Public utility. The stack that they will build upon consists a public, private and product layer. Because everything revolves around the Sovrin global public layer, it is of critical importance that the process to onboard new members be seamless and intuitive. Evernym has discussed investing in a firm that specializes in user experience. BIG recommends that this be a contractual obligation as part of the investment. To date the registration process has not been disclosed. Other features of the product such as passwordless login and the identity dashboard are well-designed despite the absence of a designer. One can conclude they have the capability of delivering top-notch user experiences in house. However, the Sovrin member registration process is so vital to the product that BIG suggests outsourcing the work in addition to leveraging the in-house resources.
![Page 37: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/37.jpg)
Evernym technology stack
Fraud Reduction Identity-related losses have cost the industry $10,900,000 in phishing, vishing, smishing financial loss and mitigation costs as it relates to card , prepaid and debit fraud alone. [1] The annual cost to the average credit union can be as much as $2,348,432.
● $1,897,087 in contact center costs ● $451,345 in direct account takeover costs.
Contact Center Costs ● A contact center person handles about 50 calls per day
● The average cost of an inbound call is about $4.50
● Between 10 - 30% (5 to 15) of these calls are about account access problems. The range depends
on the strength of the security processes: more complex processes result in more difficulty for the member and therefore more calls.
Therefore:
● Cost of account access in the contact center is somewhere in the $22.50 to $67.50 per day per contact center employee.
● With 77 agents in the average contact center, the costs are between $634,602 and $1,897,087
annually. According to Javelin’s 2016 identity fraud survey, customer service-oriented call centers are serious contributors to the problem of account takeovers: To accomplish account takeover, fraudsters will frequently target customer service representatives as the weakest link in the account access process.
![Page 38: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/38.jpg)
Recognizing this problem, 41% of issuers indicate that successful social engineering of customer service staff is either the most or second most difficult challenge in mitigating account takeover
Losses Related to Account Take Over for Banks and Credit Unions ATO fraud is about a $5 billion annual cost to financial institutions. Most of the consumer costs are borne by financial institutions due to Regulation E. Liability for business accounts is less clear and subject to litigation. ATO fraud represents about 40% of all fraud claims; and biggest source of ATO is data breach. Cyber criminals load stolen credentials into bots that ping thousands of commercial websites looking to get in. Since 58% of consumers reuse the same credentials, this is low hanging fruit. In fact, 1 in 3 of the folks that receive a breach notice become victims of cybercrime. The criminals buy prepaid cards and other services for small amounts to remain undetected and fly under the radar of “shifting risk of loss” action by financial institutions, who just eat the costs under a certain level. Average costs per financial institution calculated as follows:
$5B in annual costs divided by 11,078 financial institutions in the US = $451,345 . The deployment of EMV chips has doubled new account fraud – In 2015 the U.S. switched to EMV, which is designed to reduce in-person fraud and the profitability of counterfeit card operations. Fraudsters have reacted by moving away from existing card fraud to focus on new account fraud. This drove a 113 percent increase in incidence of new account fraud, which now accounts for 20 percent of all fraud losses.
Figure 1: Javelin Strategy & Research, Identity Fraud Study [2]
![Page 39: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/39.jpg)
Losses Related to Phishing, Smishing, and Vishing
According to the latest Ponemon research report [3], the average business can expect 66.78 successful attacks a year due to phishing (and other forms of social engineering). Those attacks result in about an average of $5.7M costs annually.
● Phishing is the gateway to other cybercrime, including ATO mentioned above and data breach. Recent tests as outlined in the 2016 Verizon Data Breach Investigations Report showed that 25% of all people opened a phishing email in 1 minute and 40 seconds. 13% clicked on the infected link in under 4 minutes.
Every day - 156 million phishing emails are sent, 16 million make it through spam filters, 8 million are opened, 800,000 links are clicked, and 80,000 give their credentials to the bad guys.
● Vishing is an attack used to gain access to a user’s system to install malware that allows free access to valuable assets within the business.
4.6 million vishing calls are launched every year, many launched at small to medium sized businesses like community banks and CUs.
● Smishing is spam texting. This is less prevalent as the costs associated with messaging do not lend itself to the mass attack methods used in email. However, it is effective in spear phishing type attacks, where the texter is known to the receiver.
Figure 2: Javelin Strategy & Research, Identity Fraud Study [4]
![Page 40: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/40.jpg)
Sources
● [1] https://www.lexisnexis.com/risk/downloads/whitepaper/card-issuer-fraud-study-2016.pdf ● [2]
https://www.javelinstrategy.com/press-release/javelin-reveals-2016-consumer-identity-safety-leaders-credit-cards-issuers
● [3] http://www.ponemon.org/local/upload/file/NokNokWP_FINAL_3.pdf ● [4] https://www.javelinstrategy.com/coverage-area/2016-identity-fraud-fraud-hits-inflection-point
![Page 41: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/41.jpg)
Sovrin Glossary
Trustee A member of the Sovrin Foundation Board of Trustees
Steward An organization permissioned by the Sovrin Foundation to operate Sovrin ledger node (e.g., a credit union, university, a hospital, etc.)
Sponsor An organization that has permission to register new identities on the Sovrin ledger
Agent A legal entity that hosts and provides services for Sovrin member nodes (e.g., Evernym and its competitors)
Member A person or organization (of any kind) that has a Sovrin identity
Validator Node A Sovrin ledger node that validates and writes new transactions
Observer Node A read-only version of a Sovrin ledger node (to support scale)
Member Node A P2P network endpoint representing a Sovrin member
![Page 42: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/42.jpg)
Sovrin
Validator Pool
Sovrin
Observer Pool
Edge Devices and Client Apps
Sovrin
Member Nodes
App App
AppApp
![Page 43: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/43.jpg)
CU
CULedger
Network
The Relationship of CULedger and Sovrin
Sovrin
Network
• Private permissioned ledger• CUs and CUSOs only• Financial services only• Governed by CULedger Body
• Public permissioned ledger• Trusted institutions only• Self-sovereign identity only• Governed by Sovrin Foundation
CU
CUSO
CU
CU
Univ
Bank
Gov
Hospital
Hospital Bank
Gov
Univ
NGO
CU
CU
CUSO
CUSOCU
CU
CU
CUSO
CU
CU
![Page 44: Investment in Evernym - MWCUA](https://reader034.fdocuments.us/reader034/viewer/2022042101/62560667e98a12189a284a8b/html5/thumbnails/44.jpg)
The Relationship of CULedger and Sovrin
CULedger
Sovrin
Plenum Distributed Ledger Technology
App #1 App #2 App #3 App #4