Identity in the developed financial services world is defined by government-issued identity (drivers’ license, passport, social security card, etc.) and the controlled acceptance of those individuals / entities (by CRM, KYC utilities, etc.) at an organizational level. However, major challenges in the collection and validation of that data against anti-money laundering requirements at scale has increased an individual’s barrier to entry into the financial system. This makes it unprofitable and a higher regulatory risk for banks to reach the undeveloped economies of the world that may not have even the most basic forms of identity.
Today, managing identities is a nightmare for banks that are increasingly conscious of their operational burden on margins and the risk of falling afoul of regulators. KYC is non-competitive, manual document intensive and highly duplicative particularly for multi-national corporations with multiple banking relations per country. Attempts to deliver cross-industry KYC Utilities have failed as compliance cannot accept the validity of data sourced from outside the bank, and every bank has different KYC policies.
The idea of self-sovereign identity
The idea of “self-sovereign” identity, where people and businesses can store and manage their own identities and provide it as and when required, without relying on a central repository, is fast gaining ground with banks and financial institutions. It provides transparency to the individual that wants to know what data is held about them and who can see it.
Self-sovereign identities also make financial inclusion easier, especially in regions where governments embrace digital identity to provide these requisite credentials to the underbanked.
What’s the answer? Blockchain.
Blockchain is a type of distributed ledger where all data is replicated for all participants in real-time. To use blockchain as a foundational architecture for identity applications would allow governments or banks to provide people with digitally-stored identity via an app. Rather than centrally storing that information on the device, at the bank/government location or even centrally in the cloud, blockchain allows that information to be replicated across the chain and therefore backed up, immutably across the network– and more importantly, not in a central repository.
A bank will request the blockchain platform for your identity data, and if you consent you will login perhaps via one-time password (OTP) and allocate out the private key to your data. The identity data was sourced and managed by another party, but you have transparency of it and you alone control its distribution to others. It is self-sovereign and it is safe from fraudsters and hackers.
How that impacts financial services – KYC
Banks and financial institutions are required, by law, to clearly identify and create a risk profile for each customer. The KYC utilities blockchain model of the future will focus on multiplying cost savings across the industry, which will in turn present the leading KYC utility with self-perpetuating market leadership or potentially disintermediate them in the process. Once again, this model will give banks more control over their customer data.
Blockchain for KYC
How does Blockchain technology work to make these key operating model enhancements possible?
- Distributed client data collection
With a blockchain-based KYC utility model, banks will regain ownership of the end-to-end client interaction. Instead of the KYC utilities asking new corporates to consent to sharing their client data, member banks would ask their existing corporate clients for consent to share onto the utility. When another bank requests access to the profile, the corporate confirms its acceptance to share the originating bank’s KYC profile. This provides greater control and more reliable access to non-competitive data.
- Standardization and automation of policy and operations
Building on recent progress on KYC policy standardization and with increasingly digital data collection, blockchain can use smart contracts to execute operational and control processes. For example, daily updates of client data from authoritative sources could gradually reduce the requirement for periodic reviews. Where it can be standardized across the industry, KYC controls and workflow routing would be codified into smart contracts and executed automatically. Greater digitization could also enable multilingual solutions via smart contracts and translation tools.
- Centralization of risk and controls
Banks and regulators can achieve tighter control and reduced regulatory risk by limiting human input and driving standardization across the industry. Direct feeds from authoritative sources into the corporate profiles will better reduce fraud risk and the scope for human errors, compared to physical documents or customer-entered data fields. Blockchain can enable the constant auto-capture of client data and centralization of sanctions and politically-exposed person (PEP) screening. Key regulatory concerns, such as banks’ processes to allocate anti-money laundering risk ratings, could be automated through more objective criteria, avoiding the race-to-the-bottom approach that has drawn regulatory fines in the past.