Open in app

Sign in

Write

Sign in

A Decentralised KYC Verification Process for Banks

Sushma Varadaiah
Consenso Labs
Published in
8 min readJun 5, 2020
Image courtesy — https://unsplash.com/

This article explains the creation of a smart contract to digitalise the KYC process using blockchain.

Origin of KYC

Know Your Customer, aka KYC, originated as a standard to fight against the laundering of illicit money flowing from terrorism, organised crime and drug trafficking. The main process behind KYC is that government and enterprises need to track the customers for illegal and money laundering activities. Moreover, KYC also enables banks to better understand their customers and their financial dealings. This helps them manage their risks and make better decisions.

Need for KYC

Taking in from the origin of KYC, we can state that there are four major sectors in banking where KYC is needed:

  • Customer Admittance: Restricting the entry of anonymous accounts into the banking system. In other words, no anonymous accounts are allowed. Preliminary information such as names, birth dates, addresses and contact numbers is to be collected to provide banking services.
  • Customer Identification: In case of suspicious banking transactions by a customer, the customer’s account can be tracked and flagged. Further, it can be sent to process under the bank head office for review.
  • Monitoring of Bank Activities: The bank can zero in on suspicious activities in any account after understanding its customer base using KYC.
  • Risk Management: Since a bank has all the preliminary information and activity patterns, it can assess the risk and likelihood of a customer being involved in illegal transactions.

These requirements make the KYC process an essential entity in the banking and financial world. A traditional KYC process is already in place in the banks, but there are major challenges in the process. Through this case study, we will assess and tackle these challenges. Let us first list out the challenges related to the traditional KYC process.

Problems/Challenges in KYC

  • Disparity in the Specifications for KYC:

Every bank has its own KYC process setup, and customers need to undergo KYC verification again and again for each bank.

Due to lack of KYC standards, compiling reach request is time consuming.

  • Adverse impact on Customer relationship:

It becomes irksome for the customers to provide the same information to different banking entities and industries.

Banks sometimes even follow up with customers to get more details for KYC.

  • Escalating Costs and Time for Banks:

A recent study concluded that the overheads of KYC for a bank increase the on boarding cost for a customer by 18% and the minimum time required to 26 days.

Solution using Blockchain

Blockchain is an immutable distributed ledger shared with everyone involved in a network. Each participant interacts with the blockchain using a public-private cryptographic key combination. Moreover, immutable record storage is provided, which is very hard to tamper with.

Banks can utilise the feature set of blockchain to reduce the difficulties faced by the traditional KYC process. A distributed ledger can be set up among all the banks, where one bank can upload the KYC of a customer and others can vote on the legitimacy of the customer’s details. The KYC for the customers will be stored immutably on the blockchain and will be accessible to all the banks in the blockchain.

This case study is divided into two phases to achieve the solution.

Phase 1:

  • Whenever a new customer enters the ecosystem, a bank initiates a KYC request for the customer .
  • Once checked for veracity, the bank uploads the customer’s data onto the blockchain using the smart contract.
  • Whenever any new data needs to be appended, the ledger could enable encrypted updates to the ledger. Mining will make sure the data gets confirmed over the blockchain and is distributed to all the other banks.
  • The KYC data can be accessed by the other banks in real-time as and when required.
  • Other banks can vote on the KYC process followed by a bank for a customer in order to state that they acknowledge the process and accept the customer’s details.
  • Admin functionalities are provided for the system, where an admin can track the actions performed by banks, such as uploading or approval of KYC documents.
  • Other banks can vote on the KYC process followed by a bank for a customer. If their ratings/votes are above the standard range, then it is taken as an accepted KYC process and is used by other banks as well.
  • The banks also vote over the other banks to make sure that the banks are secure and not tampered for the KYC process. This identifies whether a bank has become corrupt and is uploading fake customer KYC. This rating will help the bank’s assess each other’s activities, and remove fraudulent banks from the network.
  • The admin can block any bank from performing a KYC. The admin can also add new banks or remove untrusted banks from the smart contract.

Phase 2:

  • In this phase, the smart contract will be deployed over a private network, which is set up between various banks.
  • The banks can use the functionalities of the smart contract over this private Ethereum network.
  • The banks need to have an account on the private network to interact with the smart contract.

Phase 1 Details:

Use Case:

If the user accepts to share data, following steps will take place

  • A bank will check Blockchain to fetch the hash of the customer data and use the hash to fetch the actual customer data from a secure storage.
  • A bank will update the KYC data if required.
  • If data is not already present with the Smart Contract then the bank will create a new request to add the KYC of the customer.
  • Banks will additionally provide votes/rating over the user data for KYC
  • Banks will also provide votes/rating over the other banks for security.
Image and Content Courtesy — upGrad

Bank Interface:

Following are the functions that you need to write in your smart contract. These are the functions that a bank can call.

  • Add Request — This function is used to add the KYC request to the requests list. If the bank rating is less than or equal to 0.5 then assign IsAllowed to false. Else assign IsAllowed to true.
  • Add Customer — This function will add a customer to the customer list. If IsAllowed is false then don’t process the request.
  • Remove Request — This function will remove the request from the requests list.
  • Remove Customer — This function will remove the customer from the customer list.
  • View Customer — This function allows a bank to view details of a customer.
  • Upvote to provide ratings on customers — This function allows a bank to cast an upvote for a customer. This vote from a bank means that it accepts the customer details as well acknowledge the KYC process done by some bank on the customer. You also need to update the rating for a customer in this function. The rating is calculated as the number of upvotes for the customer/total number of banks. If rating is more than 0.5, then you can add the customer to the final_customer list. If the bank has already voted for the same customer before, reject the request.
  • Modify Customer — This function allows a bank to modify a customer’s data. Only applicable for the customers whose request have been validated and present in the customer list. If the user is present in the final customer list then remove it from the final list and change the upvotes and rating component of the customer in customer list to “0”. Remove all the previous upvotes for the customer. Hence, banks need to again upvote on the customer to acknowledge the modified data.
  • Get Bank Requests — This function fetches the KYC requests for a specific bank.
  • Upvotes to provide ratings on other Banks — This function is used to add and update votes for the banks. You also need to update the rating for the bank in this function. If the bank has already voted for the same bank before, reject the request.
  • Get Customer Rating — This function is used to fetch customer rating from the smart contract.
  • Get Bank Rating — This function is used to fetch bank rating from the smart contract.
  • Retrieve access history for a resource — This function is used to fetch the bank details which made the last changes to the customer data.
  • Set Password — This function is used to set a password for customer data, which can be later be unlocked by using the password. This required to give access to only certain banks. It could be a possibility that customers do not want to share his/her data with everyone. To make sure the customer data is protected, we add a password to customer data. While retrieving the information for customer, bank also needs to pass the password, if the password is set for the customer. If the password is not set then every bank can view the data.
  • Get Bank Details (Unique Identifier for the Bank) — This function is used to fetch the bank details.

Admin Interface

Below are the functions specific to admin.

  • Add Bank — This function is used by the admin to add a bank to the KYC Contract. You need to verify if the user trying to call this function is admin or not.
  • Remove Bank — This function is used by the admin to remove a bank from the KYC Contract. You need to verify if the user trying to call this function is admin or not.

Smart Contract Flow

  • Bank collects the information for the KYC from Customer.
  • The information collected includes User Name and Customer data which is the hash link for the data present at a secure storage. This username and hash are unique for each customer. Though there could be multiple KYC requests of same username.
  • A bank creates the request for submission which is stored in the smart contract.
  • A bank then verifies the customer KYC data which is then added to the customer list.
  • Other banks can get the customer information from the customer list.
  • Other banks can also provide votes on customer data, to showcase the authenticity of the data. These votes are then used to calculate customer rating and once this rating goes above 0.5 then the customer gets added to the final customer list which means that the customer is a trusted customer and such trusted customers are given additional benefits or offers by the bank.
  • Banks can also provide votes and ratings on other banks to showcase the authenticity of the banks. These ratings are important as KYC requests which are from banks with rating above 0.5 are only considered for validation. And banks with very poor rating might be removed by the admin.

Phase 2 Details:

In this phase, we would go into building a private Ethereum chain and running the smart contract over it.

  • Create KYC Smart Contract with the truffle suite
  • Update the truffle task runner with account and network details
  • Compile the smart contract using truffle
  • Deploy on the private Ethereum blockchain

The source code of the KYC implementation is available on my GitHub.

Please clap for the article if you like it.

Happy Blockchaining!

Blockchain Development
Ethereum
Smart Contract Blockchain
Blockchain Application
Decentralized Apps

--

--

Sushma Varadaiah
Consenso Labs

Written by Sushma Varadaiah

26 Followers
Editor for

Blockchain | Hyperledger Fabric | Cloud | DevOps | IOT | Full Stack

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams