KYC: Blockchain will change how businesses think about identity

Completing KYC with a bank is a poor customer experience including long delays, a lot of document gathering and a lack of customer transparency over usage of their private data

Faisal Husain
Published: 13, Mar 2018

Faisal Husain is an entrepreneur and proven business leader with over 20 years’ financial services and technology expertise. As a CEO of Synechron, Husain is responsible for providing the vision and strategy that brought the company from a self-funded start-up to $500M in revenue. Under Husain’s leadership, Synechron has invested heavily in R&D, launching Synechron’s global FinLabs and six blockchain accelerators. Prior to Synechron, Husain was responsible for developing enterprise-level applications for Merrill Lynch and Dun & Bradstreet. He holds a Bachelor’s in Aeronautical Engineering and a Master’s in Computer Science.

Image: Shutterstock
Image: Shutterstock

Identity in the developed financial services world is defined by government-issued identity (drivers’ license, passport, social security card, etc.) and the controlled acceptance of those individuals / entities (by CRM, KYC utilities, etc.) at an organisational level. However, major challenges in the collection and validation of that data against anti-money laundering requirements at scale has increased an individual’s barrier to entry into the financial system. This makes it unprofitable and a higher regulatory risk for banks to reach the undeveloped economies of the world that may not have even the most basic forms of identity.

In addition, regardless of where you live and whether you are an individual or a corporate entity, establishing identity with a bank is a poor customer experience including long delays, a lot of document gathering and a lack of customer transparency over usage of their private data.

The financial services sector has been trying to rethink the concept of identity for many years. Blockchain is a new computing architecture which has the potential to bring together fragmented data sets from the authoritative source providers into a single digital view of validated, immutable and cryptographically secured data. Further, it has the potential to deliver ‘self-sovereign identity’ – where the relevant individual or corporate controls the distribution of their own identity. What would this mean for the industry?

How banks think about identity today Managing identities is a nightmare for banks that are increasingly conscious of their operational burden on margins and the risk of falling afoul of regulators. KYC is non-competitive, manual document intensive and highly duplicative particularly for multi-national corporations with multiple banking relations per country. The current system does not scale. Attempts to deliver cross-industry KYC Utilities have failed as compliance cannot accept the validity of data sourced from outside the bank, and every bank has different KYC policies. 4-eyes checks over paper-based copies of identification form are very much the norm.

An easy way out will be to digitise “identity”, but this is an expensive proposition. According to an industry report, banks and financial institutions are spending over $1 billion on identity management solutions – without really solving the problem as these are disparate systems and technologies which sometimes refuse to and most times are unable to “talk” to each other.

Therefore, at a time when convergence and disruption are driving banks and financial institutions to revolutionise how they interact with their customers, it is also making them re-think how to cost-effectively manage and analyse “identities” to better understand and service their customers.

The idea of self-sovereign identity
Today, we keep passports, birth certificates, and utility bills at home under our own control, maybe in an “important drawer,” and we share them when needed. When we want to prove our address, we must over-share many other identity details in that one form of identity evidence. We don’t store these bits of paper with a third party. Self-sovereign identity is the digital equivalent of what we do with bits of paper now.

The idea of “self-sovereign” identity, where people and businesses can store and manage their own identities and provide it as and when required, without relying on a central repository, is fast gaining ground with banks and financial institutions. It provides transparency to the individual that wants to know what data is held about them and who can see it. This is widely viewed as the future norm of customer demands.

Self-sovereign identities also make financial inclusion easier, especially in regions where governments embrace digital identity to provide these requisite credentials to the underbanked. In some geographies, the traditional banking infrastructure was never built and these countries are trying to leap-frog to cloud, mobile and other digital solutions. By lowering the cost of managing identities, financing by banks and financial institutions becomes profitable and therefore more accessible to the underbanked and small businesses.

What’s the answer? Blockchain.
Blockchain is a type of distributed ledger where all data is replicated for all participants in real-time. To use blockchain as a foundational architecture for identity applications would allow governments or banks to provide people with digitally-stored identity via an app. Rather than centrally storing that information on the device, at the bank/government location or even centrally in the cloud, blockchain allows that information to be replicated across the chain and therefore backed up, immutably across the network– and more importantly, not in a central repository.

A bank will request the blockchain platform for your identity data, and if you consent you will login perhaps via one-time password (OTP) and allocate out the private key to your data. The identity data was sourced and managed by another party, but you have transparency of it and you alone control its distribution to others. It is self-sovereign and it is safe from fraudsters and hackers.

How that impacts financial services – KYC
Banks and financial institutions are required, by law, to clearly identify and create a risk profile for each customer. The KYC utilities blockchain model of the future will focus on multiplying cost savings across the industry, which will in turn present the leading KYC utility with self-perpetuating market leadership or potentially disintermediate them in the process. Once again, this model will give banks more control over their customer data.

Blockchain for KYC
How does Blockchain technology work to make these key operating model enhancements possible?

Distributed client data collection  
•    With a blockchain-based KYC utility model, banks will regain ownership of the end-to-end client interaction. Instead of the KYC utilities asking new corporates to consent to sharing their client data, member banks would ask their existing corporate clients for consent to share onto the utility. When another bank requests access to the profile, the corporate confirms its acceptance to share the originating bank’s KYC profile. This provides greater control and more reliable access to non-competitive data.

Standardisation and automation of policy and operations
•    Building on recent progress on KYC policy standardisation and with increasingly digital data collection, blockchain can use smart contracts to execute operational and control processes. For example, daily updates of client data from authoritative sources could gradually reduce the requirement for periodic reviews. Where it can be standardised across the industry, KYC controls and workflow routing would be codified into smart contracts and executed automatically. Greater digitisation could also enable multilingual solutions via smart contracts and translation tools.

Centralisation of risk and controls
•    Banks and regulators can achieve tighter control and reduced regulatory risk by limiting human input and driving standardisation across the industry. Direct feeds from authoritative sources into the corporate profiles will better reduce fraud risk and the scope for human errors, compared to physical documents or customer-entered data fields. Blockchain can enable the constant auto-capture of client data and centralisation of sanctions and politically-exposed person (PEP) screening. Key regulatory concerns, such as banks’ processes to allocate anti-money laundering risk ratings, could be automated through more objective criteria, avoiding the race-to-the-bottom approach that has drawn regulatory fines in the past.

Blockchain has the potential to completely change how banks think about identity in areas like KYC as well as in its ability to bring self-sovereign identity to the underbanked. And, as businesses work on pilot projects to take this idea forward, the KYC use case will be a prerequisite for many of the other industry initiatives that rely on customer identity information to complete more complex transactions and work streams on chain. For this reason, it’s one of the most exciting areas where we’re seeing different technology approaches (including blockchain) but also expanding to AI and RegTech solutions. Identity and KYC is an area where we can expect to see continued innovation.

Prev
Should CMOs incorporate artificial intelligence in digital marketing budgets?
Next
Why automation will not take away jobs