Knowing your customer: blockchain’s ultimate killer app?
By: Abbas Ali, Associate Director at R3
The concept of identification has always been at the very heart of financial services. For banks to manage customers’ money safely, they must be certain they know who they are dealing with – a simple premise on the surface, but a hugely complex and costly task in reality.
Physical, paper-based identity documents were traditionally relied upon to verify an individual or institution, but relentless digitalisation of almost all banking services from payments to lending, along with the growing threat of cyber-fraud, has driven the need for increasingly faster, safer and more efficient identity solutions.
KYC, short for know your customer, is an intrinsic element of identity management in modern day banking to prevent against fraud, terrorist financing and money laundering. International organisations such as the Financial Action Task Force (FATF) and Financial Stability Board (FSB), as well as banking regulators and law enforcement agencies, continue to implement increasingly strict and complex requirements related to KYC.
These regulatory requirements are particularly focused on correspondent banking, which fosters economic prosperity throughout the world by enabling business and remittance flows between countries. However, when coupled with inconsistent standards, long turnaround times and duplicative processes, the burden of regulation has created major inefficiencies in the existing correspondent banking model.
While numerous technology solutions exist to help streamline KYC processes for banks, a recent study conducted by Thomson Reuters shows that some financial institutions are still spending up to USD 500 million annually on ensuring compliance with KYC and customer due diligence. This has driven many banks to de-risk, terminating their relationships with particular institutions, countries and regions.
Against this backdrop, the stage is clearly set for a fresh approach to KYC. Financial exclusion, driven by de-risking, is a global problem that technology can solve, if implemented properly.
The emergence of blockchain technology in recent years has provided an opportunity for banks to re-engage with customers and correspondent banks excluded as result of de-risking. But design matters. Technology must be coupled with regional KYC and anti-money laundering (AML) standards in order to improve transaction traceability and identify potential suspicious activity, and highly sensitive data must be handled appropriately.
This is a complex and nuanced challenge, but if approached correctly blockchain can reintegrate excluded entities into the financial system, improve government oversight and reduce the cost and inefficiency burdens banks face today.
Risk fines or de-risk?
To understand how blockchain can improve KYC, it is important to first understand the scale and scope of the challenge.
Since 2010, 28 major banks have been fined for breaching U.S. sanctions, with seven banks receiving fines exceeding USD 500 million, of which the highest was USD 8.9 billion. In one particularly pertinent example, the Financial Conduct Authority and the New York Department of Financial Services issued KYC/AML fines for an institution that formed a cumulative USD 628 million penalisation.
In response, banks have moved to reduce their risk by shedding correspondent banking relationships in developing countries. The high and rising risk of fines and the costs of increased scrutiny have destroyed the tradition of banks extending services throughout the world, particularly to the poorest and most difficult-to-analyse regions.
Despite concerns around global de-risking, regulatory requirements are getting stricter and regulators continue to remind financial institutions of the importance of understanding customers and their transactions. Issues with the current cross-border payment system include inaccurate client information, lack of complete visibility over customer activity, jurisdictional differences with common identity standards, and data and privacy concerns.
To lower the risk of fraudulent or illicit transactions, banks must know where money is coming from and where it is going. Financial institutions are required to validate their customers’ identity, monitor all transactions and report any suspicious activity to a designated government body. To effectively comply with this requirement, financial institutions need to have a clear picture of their customer’s profile, identity, spending habits and the kinds of transactions he or she is likely to engage in.
No matter the size of the bank, KYC is not an easy task – if handled internally it requires a dedicated team of specialist data experts and a transformation of processes. This can be a very costly exercise. Inefficient KYC data collection processes divert time from business activities and relationship management, and require the verification of massive amounts of non-standard data and documentation.
KYC registry on the blockchain
Recent technological innovation in blockchain-based systems promises improvement in KYC compliance without the need for extensive networks with central administrators. Data on a blockchain platform’s distributed ledger is verifiable and immutable, providing increased transparency to relevant participants.
Regulators impose fines and penalties on banks that do not conduct appropriate due diligence on the entities and individuals they directly deal with; therefore, banks use intermediaries and shift some of the risk to the middle men or reject processing the transaction altogether. The more readily a bank in a well-developed country can access information on the end user and the end user’s bank in an unbanked region, the more comfortable it will be with facilitating the transaction.
The shared nature of blockchain technology lends itself naturally to providing a single, unified registry of KYC information for banks. A KYC application built on R3’s Corda blockchain platform recently facilitated over 300 transactions during a collaborative four-day trial with 39 financial services firms, as well as various central banks and regulators.
In stark contrast to the typically complex and duplicative KYC processes banks are forced to endure today, Corda’s self-sovereign model allows customers to create and manage their own identities including relevant documentation and then grant permission to multiple participants to access this data. This reduces duplication and costs by eliminating the need for each institution to individually attest and update KYC records.
The transactions in the trial were conducted in 19 countries across eight timezones. Banks were able to request access to customer KYC test data, whilst customers could approve requests and revoke access. Customers were also able to update their test data which was then automatically updated for all banks with permission to access it.
Corda’s unique technology addresses any concerns around data privacy and security that may arise when sharing identity data. In direct contrast to traditional permission-less blockchain platforms, Corda only shares data with those with a need to see it. This is critical for its application in the KYC space, where sensitive data must be kept confidential.
Having KYC information readily available allows banks to spend more time analysing information rather than collecting and verifying the data received – a key issue in onboarding delays. In addition, all data is fully standardised, significantly reducing the time, cost and resources required to manage it.
By providing a single unified view of a foreign correspondent bank’s onboarding documentation, banks can ultimately gain the confidence to re-engage with customers excluded from higher risk jurisdictions.
A united step forward
With the support of regulators and the intelligence community, blockchain technology’s unique approach to digital identity could hold the key to reducing the KYC burden faced by banks, improving regulatory oversight and, ultimately, increasing financial inclusion across the globe.
More broadly, moving payment transfers onto a blockchain platform like Corda could provide a holistic view of the payment system, delivering clear benefits to banks, regulators and intelligence units tasked with identifying money launderers and terrorist financing.
The current de-risking problem has pushed millions of individuals and entities out of the traditional banking system and caused them to explore non-traditional payment methods that have little or no government oversight. The right blockchain technology design coupled with KYC and AML standards consistent across regions will significantly increase traceability to support financial inclusion for the countries and regions whose development hinges upon access to the global banking network.
Following the success of our recent 39-member global trial, R3 is focused on developing the solution, scheduled to go live in 2019. If you’d like to learn more or are interested in, please contact firstname.lastname@example.org.