Could blockchain solve the KYC/AML challenge?

With the advent and evolution of new technologies such as distributed ledger technology (DLT) and Artificial Intelligence (AI), many opportunities are arising for banks to reduce their IT and operational costs through mutualisation or automation of their non-differentiating processes. While this will have a beneficial impact on their cost bases, the more proactive banks will recognise the opportunity to either reinvest the savings in value-add, customer–focused services, or reinvent their business processes to make them more customer-friendly – technology will be the great enabler.

As blockchain and DLT reach the peak of the Gartner Hype Cycle, they are being touted as solutions for improving many different processes across financial services. While this may be true in the long run, there will be many fewer applications in the short term where DLT can be more easily incorporated. It’s clear from the discussions at SIBOS this week that the industry is starting to focus on three particular use-cases as the first applications using DLT: trade finance, cross-border payments, and KYC/AML; in this blog we look at KYC and AML.

KYC processes are currently expensive, inefficient, and deliver a poor customer experience. It can take up to 50 days to onboard a large corporate through all the necessary checks, with multiple pieces of documentation needing to be produced and verified. While this is painful for clients, it is also a huge burden for banks for what is a non-revenue generating, non-differentiating process. On top of this, fines for incorrectly discharging KYC responsibilities can be huge. AML checks have a similar problem – large operations teams are needed to handle transactions failing AML checks, but typically these run with a >99% false positive rate, resulting in massive inefficiencies.

The industry tried to resolve some of the duplication in KYC by setting up KYC utilities – third-party companies which took on the burden of KYC checks on behalf of the banks (for a fee), and then disseminated each customer’s verified documentation to multiple banks as required. This presents a better experience for the customer (they only have to provide documentation once) and a more efficient service for the banks. However, due to a lack of collaboration, four or five competing KYC utilities have emerged resulting in a fragmented market which, while providing some improvements, does not deliver the benefits that could be realised for banks and corporates if a single utility was used.

In this environment, blockchain’s attributes of security, distributed data, and decentralisation, appear to provide a potential solution to improving both efficiency and the customer experience by reducing processing costs and enabling the banks to focus on more customer-focussed activity.

The solution would involve a blockchain-based registry, a distributed database of verified customer data, which all banks could access. When a corporate approaches a new bank to open an account the bank will be able to access their pre-verified information from their node on the blockchain. In due course, corporates would be able to upload, amend and delete their information on the blockchain as required. This is not too dissimilar from the model today with KYC utilities but assumes that all banks would use one blockchain network (as opposed to multiple KYC utilities), and would enable near real-time dissemination of updated, verified customer data to all the banks, as well as benefitting from the inherent increased security that blockchain delivers through cryptographic hashing. However, these benefits do not appear to be large enough to justify the significant effort required to implement this change across the industry – as with the majority of blockchain use-cases, benefits are magnified through the network effect, so the more banks that sign up, the greater the efficiencies that can be realised.

The real selling point of using blockchain is the ability to create, and subsequently use, digital identities. Once a corporate has had their documentation verified once, a digital identity could be created for that customer – this is essentially their digital passport for transacting in financial services and would be appended to every transaction they undertake, effectively ‘signing’ the transactions for them. This digital identity would store all relevant information about the customer from addresses, account details, director’s details, PEPs etc which could be used during AML / transaction monitoring, thus increasing the accuracy of the monitoring and reducing the likelihood for false positives. Taking this further, banks that positively identify a fraudulent transaction could distribute details of that transaction globally to all connected banks, thus preventing the opportunity for further fraud.

This potential model of using a digital identity provides significant benefits over the simple usage of blockchain for KYC, namely:

• Enhanced customer experience through only having to submit documentation once, increased security (less opportunity for identity theft), and fewer transactions being flagged as false positives and stalling transaction flows. In due course, a digital identity could be used across many industries, not just for financial transactions
• Reduced operational costs for banks through not having to KYC-check every customer (if they’ve already been checked and given a digital identity), and fewer operational staff needed for handling false positives
• Increased security through near real-time distribution of updated KYC documentation, verified digital identities, and the opportunity to share, in near real-time, fraudulent transaction details
• Increased transparency for regulators as both the immutability of the blockchain, and the opportunity for regulators to have nodes on blockchain networks, support the ability to get a full, transparent audit trail of all transactions

While there is great potential for blockchain to improve efficiency in the KYC/ AML space, there are still a number of challenges that need to be overcome to make this a reality (over and above some of the generic challenges with blockchain):

• Privacy – corporates will not want all banks (or indeed other customers) to see their KYC documentation or digital identity if they don’t have a relationship with them. Similarly, when corporates exit a relationship with a bank they will want the right to be ‘forgotten’ – given the immutable nature of blockchain technology, how will this be managed?
• Standardisation – all banks within one jurisdiction are required to confirm to the same KYC rules and regulations, so standardisation in this domain is relatively simple. However, there are two challenges where increased standardisation would further enhance the benefits of using blockchain for KYC. Firstly, cross-jurisdictional standardisation of KYC requirements across different regional and national regulators. Secondly, the standardisation of the banks’ own onboarding checks relating to their own risk appetite and customer profiling
• Liability – if one bank verifies a customer (through KYC checks) and that digital identity is then used by a different bank, who is liable in the event of a fraudulent transaction by that customer? How frequently should customers be re-verified, and who is responsible for that re-verification?
• Single Point of Failure – does the creation of a single global KYC / identity blockchain create a target for hackers and cyber-terrorists?

Whilst there is immense potential in the application of blockchain technology for KYC, digital identities and AML, there are challenges that need to be addressed to make this a viable proposition that customers, banks and regulators are all willing to adopt. As with all blockchain use-cases, the power of the technology is driven by the network effect so this can only be successful with collaboration amongst market participants to work toward a mutually beneficial solution which enables them all to focus on the customer.