27 June 2022
How will KYC/onboarding change in the age of blockchain?
By Tony Peccatiello; Suzanne Elovic , Parallel Markets
Published: 30 November 2021
Blockchain technology and the promise of a new decentralised Web 3.0 is rapidly gaining attention in the financial services industry. The most famous use case for this new technology is, of course, crypto currency. But blockchain is also being deployed for payments and money movement, trading, clearance and settlement, non-fungible tokens, and even in the management of some hedge funds. Each of these topics could be an article all to itself but for this one we are going to focus on how onboarding and know-your-customer (KYC) could be forever changed through the adoption of processes enabled with this technology.
Trillions of dollars move every day all over the globe and the current framework to prevent bad actors from laundering ill-gotten gains through our markets costs our financial services industry billions of dollars each year. Blockchain can eliminate some of the inefficient redundancies that are endemic to that framework while enhancing the effectiveness of KYC. However, while the blockchain enabled future has a lot to offer, it is critical that we make sure to do so in a way that both highlights and enables the benefits of decentralisation but also supports and ideally improves regulatory compliance.
KYC is a critical element of every asset manager’s anti-money laundering programme and doing it effectively and efficiently is a constant challenge (Parallel Markets’ blog post Customer Due Diligence: The Ultimate Guide provides a helpful primer on regulatory KYC requirements). Traditionally, financial institutions have utilised manual processes to gather and assess information about their customers and more recently, various tools have emerged to automate aspects of those processes. Even with automation, there remain a number of pain points including the opportunity for fraud and the reality that financial institutions dedicate significant resources to perform KYC checks on the same individuals and entities who have already gone through similar checks by numerous other financial institutions. Parallel Markets’ blogpost It’s Time to Fix Onboarding describes these pain points in further detail.
There is a hope that the use of blockchain to create digital identities is potentially a game changer in terms of efficiency, elimination of redundancy and enhanced reliability that can reduce the risk of fraud. At the same time, there are certain challenges that will have to be carefully considered in order to ensure that the regulatory requirements relating to KYC and customer due diligence (CDD) are fully achieved.
Using blockchain to create a single identity profile
Blockchain technology is frequently discussed as a potential solution to reliable portable identity verification. Because the blockchain is an immutable, distributed ledger, a verified identity could be added to the ledger by the identity owner who would then have full control to grant access to third parties. Those third parties could be financial institutions, exchanges, or even other individuals/entities with whom the identity owner chooses to transact directly. The challenge will be to ensure that the information is secure, compliant, current and meets all privacy regulations.
One way to achieve this would be for individuals to load personally identifiable information (PII) such as their driver’s licence, passport, social security number, etc. in an encrypted form to the blockchain and then to be able to grant permission to access that information to whomever they choose. This creation of a single identity profile that could be used repeatedly would relieve individuals who are seeking to onboard with multiple financial institutions from the burden of having to reload and resend documentation each time they establish a new relationship. It would also be a more reliable source of information for financial institutions because each one would be conducting its KYC process based on the same data. Additionally, because the identity profile holder would be the only one who can authorize access, this would facilitate financial institutions’ compliance with privacy regulations.
Even so, the creation of the identity profile on the blockchain alleviates the burden on the individual but does not reduce the redundancy of the KYC checks for financial institutions or meaningfully diminish the opportunity for fraud because the centralised data has not been verified or validated. As a result, each financial institution would still have to perform its own process to verify the PII data that would be duplicative of the verifications performed by other financial institutions on that same data.
Using blockchain for identity verification
But what if that identity profile not only included an individual’s PII but also confirmation data that the identity has been verified and how that verification was performed? Such a construct would enable individuals to have self-sovereignty over who can view their PII while simultaneously providing financial institutions with confidence that the identity data provided is reliable and accurate. To achieve this, an individual’s PII would be provided to a storage platform and then reviewed and validated by an independent third-party. That third-party’s verification data would then be loaded to the blockchain. The individual would then have full control over the release of the verification data and/or the underlying PII. With the inclusion of this third-party validation layer, the distributed ledger could act as a single source of truth confirming that the person is who they claim to be. This would significantly ease the current burden of every financial institution conducting its own separate identity verification process.
In those instances where individuals and/or entities choose to engage in a fully decentralised transaction, without the involvement of regulated financial institutions, they can act in a fully self-sovereign manner - enabling access to the fact of the identity verification on the blockchain without sharing their PII.
Notably, for this process to be effective and compliant, there would also be a need to keep the data current. The same independent third-party that houses the central source of documentation would also engage in periodic refreshes of each profile. While each financial institution will have some process to follow to periodically review their customers for unique profile information such as expected transaction types and size, the periodic refreshes of address, name changes, beneficial ownership, marital status, etc. could all be done centrally thereby, again, eliminating the inefficient redundancy that is endemic to current processes.
Adding other KYC validations to the blockchain identity profile
It is important to note that while the process described above would be a significant step forward in eliminating inefficiencies in the KYC process as well as building critical infrastructure for Web 3.0, identity verification is only one piece of the KYC journey. As noted above, financial institutions are also required to verify a host of information about the individual or corporate entity once they have confirmed identity. For example, is the person subject to sanctions or has there been news that would suggest a heightened level of risk? Is the individual a politically exposed person? For corporate entities, beneficial ownership has to be ascertained and then the same identity checks must be conducted on each of the beneficial owners.
Designed correctly, the output of all these checks could be added to identity profiles on blockchain. This would eliminate the redundancy of these checks and ensuring a consistent level of safety and reliability across all the participants who have the responsibility to protect our financial markets. Additionally, as use cases for sharing a digital identity profile evolve, elements of the profile could be separated so that the dataset released by the profile holder could be customised depending on what is needed by the end user.
Self-sovereign identity (SSI)
The establishment of the protocol described above is a step in the direction of creating a truly self-sovereign identity, i.e., the model for managing digital identities in which an individual or business has sole ownership over the ability to control their personal data. The ultimate objectives of SSI are to ensure confidentiality and privacy while still providing a mechanism for trust between parties to a transaction and full regulatory compliance. Individuals and corporate entities with verified identity profiles on the blockchain could conceivably engage in certain types of transactions with other verified individuals without the involvement of an intermediary financial institution. However, when a financial institution is facilitating the transaction, the current regulatory scheme would not permit the participants to be anonymous. The financial institution is obligated to know the customer’s identity.
So, while there are great opportunities for using blockchain to significantly streamline and enhance effectiveness of the KYC process, for now, the underlying source data that ultimately supports the verification of a customer’s identity and all the other KYC checks still must be part of the identity profile collected by financial institutions.
For more information, please feel free to reach out directly to [email protected].