Blockchain has the potential to help solve banks' Know Your Customer (KYC) and anti-money laundering (AML) challenges by creating an immutable shared ledger for customer identity information. This could reduce duplication of KYC checks across banks and allow for real-time updates to customer details. However, key questions remain around who would validate updates to the ledger and whether a central party is still needed. A blockchain-based digital identity system may provide even greater benefits by allowing customers to submit documentation once and share identity details across industries, improving security, transparency and reducing costs for banks. Ultimately it is unclear how blockchain may evolve in solving KYC, whether as a single centralized registry, private blockchains, or a
1. Introduction
Know Your Customer (KYC) processes require banks to validate and verify primary documents as part of due
diligence. Currently the market is flooded with KYC utilities that help manage these documents and share them
with multiple entities. In some cases these utilities may even perform due diligence, but regulations are such that
the task of due diligence and investigation is still handled by the client onboarding teams at financial institutions
given the business and reputational risks involved. This KYC process can delay business as it can take 30 to 50 days
to complete to a satisfactory level. Global efforts to prevent money laundering and the financing of terrorism are
incredibly expensive for financial firms. In 2014 it was estimated that global spending on AML compliance alone
amounted to $10 billion. Banks are also coming under pressure from investors and analysts to reduce cost, but
many expect the compliance budgets to increase in the coming years rather than to decrease. Banks are also
penalized through regulatory fines for failing to follow KYC guidelines. In such a VUCA world banks are now
turning to the blockchain as a possible solution to their KYC challenge. Will blockchain solve their KYC problem or is
the blockchain nothing but a proverbial hammer that sees every problem as a nail?
Blockchain- A Blessing for KYC & AML?
Blockchain is "shared global infrastructure that can move value around and represent the ownership of property”.
It basically gives people (/ systems) the ability to hold and make transactions as strangers but in a completely
transparent manner. There is no central mediator between the parties to the transaction, making it economical
and removing a single point of failure/risk. This was the concept used in Bitcoins and digital currencies. Banks and
fintechs are now attempting to apply this in other areas such as digital contracts (movement of information), KYC
2. (movement of information / identity), security settlement (movement of custodial positions) etc. The movement of
assets (read money, securities, commodities, gold etc.) from one institution (custodian) to another requires that
the ledger balances of these assets have to move. For instance in a payment transaction ledger entries need to be
passed by the ordering bank, intermediary banks, central clearing houses , beneficiary bank in a tedious and time
consuming manner. In the “blockchain for payments use-case” there is already talk that SWIFT is under pressure as
it is a messaging platform while distributed ledger based solutions like RIPPLE take care of both messaging and
settlement. While the payments and securities settlement space has seen good progress with
blockchain/distributed-ledger based solutions, the KYC & AML space is still in a nascent stage. It is interesting to
draw an analogy that the KYC Use Case is also about movement of information /identity and it can involve multiple
parties. Now since the blockchain is an immutable shared ledger of transactions that is maintained by a network
of computers, rather than a centralized authority it potentially creates a shared golden source of data and can
reduce errors and the need for reconciliation. Hence the thinking goes that blockchain may be of help in the KYC
space as well. ? )
Blockchain may come to the aid of banks, and help prove the identity of the customer, with details like source of
funds, business interests, history, and also monitor the progress along the way. Every bank and financial institution
has to perform the KYC process individually, and upload the validated information and documents to the central
registry that stores digitized data tagged to a unique identification number for each customer. By using this
reference number, banks can access the stored data to perform due diligence whenever customers request for a
new service within the same banking relationship, or from another bank.
A blockchain-based registry could remove the duplication of effort in carrying out KYC checks. The ledger could
also enable encrypted updates to client details to be distributed to all banks in near real-time. The KYC ledger
could also provide a historical record of all documents shared and compliance activities undertaken for each client.
This will form the evidence to be provided to the regulators. SWIFT launched the SWIFT KYC Registry in December
2014, and more than 2000 banks have already enrolled with it and it is worth noting that the SWIFT KYC Registry
does not use Blockchain and neither does the other large KYC Registry KYC.Com. Maybe in due course these
registries may use the Blockchain in a manner where updates are made to the blockchain by various parties (tax
authorities, company registries, law enforcement bureaus, media houses, judicial bodies, banks and corporates)
and are made available for public consumption as shown in the figure below. But then again there are questions as
to who would validate these updates and if a central party needs to validate these changes, then we would be
diverging from the raison d'être of the blockchain.
3. Fig1: KYC Registry model with multiple parties.
If this has to successfully move onto the blockchain two criteria must be met. First the parties making the updates
to the ledger must all be “trusted parties” such as company registries, law enforcement bureaus etc. and second
there must already be an international legal entity identifier to ensure that all trusted parties are updating the
right record. Finally using some kind of private / hybrid blockchain where a set of parties can update and the rest
can “read” off the blockchain, there could be a solution to KYC using the blockchain.
Digital Identity and Digital Signatures
Another aspect related to KYC is Digital Identity and Digital Signatures. Once a corporate has had their
documentation verified once, a digital identity could be created for that customer – this is essentially their digital
passport for transacting in financial services and would be appended to every transaction they undertake,
effectively ‘signing’ the transactions for them. This digital identity could potentially be used to access relevant
information about the customer such as addresses, account details, director’s details, PEPs etc. which could be
used during AML / transaction monitoring, thus increasing the accuracy of the monitoring and reducing the
likelihood for false positives. Taking this further, banks that positively identify a fraudulent transaction could
distribute details of that transaction globally to all connected banks, thus preventing the opportunity for further
fraud. However, once again, it must be noted that there are Digital signature and Digital identification solutions
(not based on blockchain) in the market today and used for signing Contracts , for Tax fillings and for insurance
sales. These are “digital signature” solutions and not a holistic digital identity which may contain a lot more
information.
This potential model of using a holistic digital identity provides significant benefits over the simple usage of
blockchain for KYC, namely:
Enhanced customer experience through only having to submit documentation once, increased security
(less opportunity for identity theft), and fewer transactions being flagged as false positives and stalling
4. transaction flows. In due course, a digital identity could be used across many industries, not just for
financial transactions
Reduced operational costs for banks through not having to KYC-check every customer (if they’ve already
been checked and given a digital identity), and fewer operational staff needed for handling false positives
Increased security through near real-time distribution of updated KYC documentation, verified digital
identities, and the opportunity to share, in near real-time, fraudulent transaction details
Increased transparency for regulators as both the immutability of the blockchain, and the opportunity for
regulators to have nodes on Blockchain networks, support the ability to get a full, transparent audit trail
of all transactions
Ultimate Beneficial Owner (UBO which is like a UFO today)
UBO refers to the natural person(s) who ultimately owns or controls a customer and/or the person on whose
behalf a transaction is being conducted. Banks generally define anyone with a >=25% holding as a UBO. The
challenge with tracking UBO data is that it is constantly changing as people / firms buy and sell shares in an entity.
Again tracking direct and indirect ownership can also be a challenge, when to escape the 25% rule, investments are
broken up. For instance as shown in the figure below it is not immediately clear that Cyprus investments owns
more than 25% of CRB Caps ( 0.7 * 24% + 0.90*24% )
Tracking UBO data is a conundrum that can be thrown at the Blockchain as this seems closer to the concept of the
digital currency with multiple parties making updates ( investments) and the resultant value (%age holding)
constantly changing. (Of course just like cash transactions are difficult to track, it can become difficult to track an
off-market investment transaction)
5. Conclusion
Blockchain is all about shared control and not just shared data. Blockchain offers anonymity and security despite
the shared control. Is it an Oxymoron that will fail the test of time? Is it a passing fad? Or will a Blockchain-based
solution offers a unique set of advantages over the current crop of technology solutions, given its immutable
ledger that can be replicated across different nodes and its use of cryptography to convert information to hash
codes for secure distribution? . The KYC Space is an area of enormous risk and hence investment. Blockchains are
being investigated as solutions for this challenge by many a bank and many a fintech and it is not entirely clear
how the use case will evolve. Will the Blockchain be used for multiple participants to approve / stamp / update the
"central kyc registry" with their validations or will it be a "private blockchain where only the corporate updates its
data" or will it be a "hybrid blockchain where the corporate and other market participants like Income tax agency,
company registry, exchanges etc." jointly update the "ledger "in real time? Or will the blockchain act as a network
to unify / "give a stamp of authority" to the various registries that are already out there (KYC Registries, Skills
Registries, National ID Registries , Legal Entity databases etc. ) ?
Only time will tell…but meanwhile, as Lewis Caroll says in “Alice Through the Looking Glass” – “Now, here, you see,
it takes all the running you can do, to keep in the same place. If you want to get somewhere else, you must run at
least twice as fast as that”. Ergo, many fintechs and Banks are exploring in the Wonderland of the Blockchain to
find answers to many an issue and to help them better manage the VUCA future.
AUTHOR
Binu Yohannan
Senior business analyst with the Global
Transaction Banking division of Intellect
Design Arena Ltd
Area of expertise includes FATCA, AML,
Fraud, and Customer On boarding, KYC,
CDD, Sanctions, Digital banking and Life
Insurance.
Views are based on internet research and
my own thoughts / experience and not that
of my current or previous employers.