INTRODUCTION

The U.S. Securities and Exchange Commission (SEC) seeks information about automated domestic or international identity management services as detailed herein.  In particular, as described more fully herein, SEC is seeking services for any or all of the following:  

(1) Identity proofing for natural persons (persons);

(2) Identity verification for non-person entities (entities); and/or

(3) Verification of association between identity-proofed persons and identity-verified entities.

For any of these services, we would like information regarding domestic and international services, but we will consider information from vendors that are able to provide only domestic or only international services.  In all cases, the potential services must provide robust and secure solutions for personally identifiable information and other sensitive information.

BACKGROUND

The SEC regulates the U.S. securities markets.  An independent federal agency, it is led by a bipartisan five-member Commission and consists of a number of divisions and offices.  The SEC applies identity authentication protocols to persons and entities who seek access to SEC systems.

POTENTIAL FUNCTIONAL CAPABILITIES 

The SEC seeks information regarding services that will assist in effective, efficient, and secure (1) identity proofing for persons; (2) identity verification for entities; and/or (3) verification of association between identity-proofed persons and relevant identity-verified entities.  Optimally, we are interested in services that address all three of the above items, but we will consider information concerning only one or more of the above items.  Further, we are interested in domestic and international services, but we will consider information submitted from vendors who address only domestic or only international services

Ideal services would:

• Provide an open-standard Application Programming Interface (API);
• Automate identity proofing of domestic and/or international persons;
• Automate the identity verification of domestic and/or international entities; 
• Automate the verification of association between identity-proofed persons and identity-verified entities;  
• Have a proven track record of robust protection and storage of sensitive personally identifiable information; and
• Incorporate software compliance functions that are continuously updated to reflect changes in data privacy laws and cybersecurity standards internationally and within the United States.

RFI SUBMISSION INSTRUCTIONS

Responses to this RFI shall be submitted via email to John Bova at [email protected] with a carbon copy (cc) to John Ramsey at [email protected] by the deadline listed below.

Responses shall include a capability statement that leverages the respondent's knowledge of legal developments, current requirements, and industry standards and best practices; describes the services available; and illustrates how it addresses the services identified in this RFI.

Respondents shall also include the following information in their response:

1. Company Name

2. Company Address

3. Company Website

4. Company Telephone Number

5. Point of Contact (POC) for this RFI

TIMEFRAME

Responses to this RFI are due by 5 p.m. ET on January 21, 2020.

RFI DISCLAIMER

This is a Request for Information (RFI), as defined in Federal Acquisition Regulation (FAR) 15.201 (e). The SEC is issuing this RFI in an effort to understand market availability, technical characteristics, look and feel, price information, and functionality of the services described herein.

Please note that this is for INFORMATIONAL and PLANNING purposes only and does not constitute a Request for Proposal (RFP). Responses to this RFI will not be accepted by the Government to form a binding contract. The Government will not pay for the information solicited nor recognize any costs associated with the submission of the RFI. The purpose of this RFI is to provide an opportunity for industry to enhance the success of any future procurement to meet this requirement. Any information obtained as a result of this RFI is intended to be used by the Government for program planning and acquisition strategy development. A determination by the Government not to issue a solicitation based upon responses to this notice is solely within the discretion of the Government.  The SEC reserves the right to use any and all information submitted by, or obtained from, an interested firm in any manner the SEC determines is appropriate, including, but not limited to, the creation of a competitive solicitation. An interested party should avoid including any classified, business confidential, and/or proprietary information in its response.  If an interested firm must submit such information, however, the information must be clearly marked, and the interested firm must provide sufficient justification as to why such information is business confidential and/or proprietary.  The SEC will review the information and safeguard it appropriately.