This post is the first in our special series “Use cases” in which we will try and do our best to describe the potential application of Blinking platform to various problems we’ve researched. There are several clear use cases of which some are now either in Proof of Concept phase, Pilot preparation phase or we’ve identified as highly desirable and possible at the same time. The cases and application are very different among each other adding to the already established narrative of blockchain technology versatility.
In one of our previous blog posts — Adapting KYC procedure to GDPR we’ve tackled the issues of performing the Know Your Customer procedure once the GDPR regulation came into force. We’ve provided enough details about this matter as well as why Blinking is the GDPR-friendly KYC tool.
In this blog post, we will cover this only briefly, and focus primarily on the first identified use case for Blinking KYC module. Namely, the creation of a consortium of banks, or any other industries or institutional entities for that matter, that establishes and provides the utilization of a shared KYC platform.
KYC or Know Your Customer procedure is, on the one hand, a business process of identifying and verifying the identity of its clients and performing the assessment of potential illegal intentions. On the other hand, when using the term KYC we assume those same procedures but as the essential part of the AML or Anti-Money Laundering set of laws and procedures. In any case, KYC is a critical part of the onboarding process of new customers.
KYC has become more or less a standard and required the procedure, especially in the financial industry. The process helps to ensure that the financial services, usually those provided by banks are not misused. It helps financial subjects understand their customers better, and as an increasingly common requirement in order to ensure that those customers are not involved in any illegal activities like terrorism, corruption, bribery or money laundering.
Typically, KYC includes:
- Collection and analysis of basic identity information
- Risk assessment in regards to illegal activities
- Matching against lists of politically exposed persons or PEP
- Profiling of customers transactional behavior
Naturally, a question arises that if all these entities collect lots of data about their customers and keep it, isn’t the individual privacy jeopardized? Up until recently, this was no doubt the case. GDPR regulation brought lots of turmoil as many of its effective requirements are in collision with the established practice of KYC. You can read more about it the aforementioned text, but essentially the business performing the KYC must automate and digitalize their data collection and improve the overall security. GDPR also requires that the customer or client has a lot more power and knowledge of how his data is used.
Of course, it’s not just the GDPR issue. Data privacy has become one of the primary issues in our day and age of data breaches and scandals. Aside from the concerned users and regulators trying to enforce new rules, companies collecting and using private data are trying to stay ahead of the game and not risk their reputation for falling a victim to breaches and scandals.
Blinking was built and developed as a regtech software addressing those exact needs and requirements:
- Greater privacy, data ownership, and control by the user
- A required and automated procedure of customer identification
- More secure private data collection and storing
- Secure private data exchange with users’ consent
Currently in development
One of the first potential use-cases for our platform came up during the development. As in any product building, some of your assumptions will turn out to be true, some require domain experts who help you shape it, while some you probably cannot even think of.
In our discussions with domain experts from the banking industry (of which some are now our partners in developing Blinking) and financial industry leaders from Serbia, it became obvious that the first clear use case for Blinking KYC is as a digital identity management platform for a consortium of banks.
Currently, in Proof of Concept phase with banks in Serbia, this use case allows all the members of the consortium to achieve greater market penetration while decreasing the cost and time of onboarding process and reducing the time required for a person to acquire financial products. The first phase was successfully completed and the platform testing is moving to the second phase with stated desire of reaching the production phase.
Although our desire is to reach a model an of a unique globally standardized digital identity, it’s difficult to push that kind of a model globally and expect businesses around the world to suddenly accept and adopt such a radical change. Especially when one takes into the account how private data processing and storing is differently and vigorously regulated in countries around the world.
Blinking was developed from the start as a highly versatile solution. Using IBM Cloud services in combination with Hyperledger Fabric enabled us to essentially provide to potential customers either a Public or Private Cloud solution or an on-premise infrastructure. In our home country, Serbia, where we agreed to create a consortium of banks, there was a demand from the banks to use a hybrid approach of on-premise and private cloud. In the following phases, we will move from fictive identities to real identities of users in a closed environment.
Let us imagine a scenario in which banks require a digital identity solution that will at the same time:
Digitize their clients' banking experience and make it more accessible
Satisfy the regulators or auditors by providing the necessary information when requested
Never jeopardize the security or privacy of their clients’ private data
All the while establishing the groundwork for new potential business or revenue models
How would that work out? What would the process of creating such a network look like? What would be the potential benefits for the banks involved? What would customers get from this change in paradigm?
Establishing a consortium of banks for utilizing Blinking as its identity management platform and KYC tool would presume:
Banks agree on rules for collecting the clients' private data.
Banks agree on performing the KYC procedure formally only once and only updating when the customer requires a change to his or her data.
Each bank can perform the KYC procedure and acts as a formal verifier.
Banks can share the KYC collected data among other consortium members only with the client’s consent which he provides from his Digital ID.
Banks create Digital ID for their clients, who then use them to verify their identities, track whom they’ve already given access, revoke access and of course apply for new services.
Consensuality is given with a click and is the new equivalent of a signature since only the owner of a Blinking ID can himself provide it.
Since Blinking relies on multi-factor authentication utilizing biometric data for verifying user identity, banks can rest easy knowing that a verified Blinking ID is a true representation of someone’s identity. At the same time:
- It obsoletes the need to check physical ID every time to confirm someone’s identity
- Enables trustworthy non-physical identity confirmation leading to online verification
- Obsoletes usage of signatures and enables a more convenient solution of providing consent with just a few clicks
With the network in place, banks can now offer their financial services and compete for clients’ attention in both the online and offline sphere in a various and new way. Assuming an established shared KYC platform, let’s imagine a scenario in which you are walking down the street, and you see a digital billboard offering great terms for a mini-loan. All it takes now is to scan the QR code under which it says “Apply with Blinking” for you to:
- Apply for the service being offered
- Provide necessary documents to prove eligibility
- Receive the confirmation from the bank
- Give consent to the terms and start using the service
The bank which performed the initial onboarding has also performed the initial verification in the KYC process. For the formal verification of a customer, the bank will receive a percentage each time another service has asked for the KYC data.
There are many benefits for banks from being a part of the Blinking platform. They become GDPR compliant, do not store clients private data on their servers thus eliminating the point of breach and at the same time transfer the responsibility for the protection and security of private data. Meanwhile, digital services they provide to their clients are more secure.
Shared KYC provides several overall benefits when compared to the current state of how the process is performed:
Data quality is increased with a lot less room for manual, human error.
Data is more secure and more difficult to arbitrarily change.
Standardization of KYC and private data acquisition is achieved with the same requirements for all banks.
An audit is more efficient, easier and can be done in real-time.
It is less costly and time-consuming as both are improved by automating the process.
Data duplication is avoided and everything is kept at one place although with decentralized access and a higher degree of security.
Risk of any illicit or illegal activity is diminished.
AML — Anti-Money Laundering compliance is fully achieved.
It is impossible to oversee how a banking consortium and a single, unified shared KYC infrastructure is a big improvement of business processes and a more cost-effective way of confirming clients identity. The banks have already recognized the potential of Blinking KYC module in providing functionalities and benefits over the current model. With more financial institutions and companies from other industries realizing the potential of this model, we hold that it will bring about a positive change in regard to private data acquisition and enable new financial and digital services that are not possible in the traditional model.