Ian Grigg on how the banking system is about to collapse and how to fix it

On April 10th, Mattereum hosted the third Internet of Agreements® (IoA) conference at the Google Campus in London. IoA® is a vision for global supply chains and logistics, integrating national laws and regulation with international commerce through the application of technology such as blockchains and smart contracts.

Ian Grigg is a financial cryptographer known for his work on triple-entry accounting, Ricardian contracts, and digital cash systems. He is currently a partner at Block.One, working on the EOS project by applying his expertise to the development of a governed blockchain; Principal Architect at ChamaPesa, an app for social savings groups that uses a blockchain to add cryptographically-backed transparency, accountability and reliability to the informal networks which constitute 40% of Africa’s GDP; and Chief Scientist at Mattereum.

As the final talk of the conference, his core message was that the current financial system is locked into a race to the bottom in terms of customer service due to the rising cost of compliance (increasing 20% each year since 2002) and how identity and accountability frameworks sorely need revisiting. He presented the Financial Identity Trilemma Syndrome, which posits that out of three desired goods — regulatory compliance, security of assets, and customer service — only two can be achieved simultaneously, with customer service being the usual casualty. He then framed identity as an edge protocol consisting of collected attestations or facts between individuals as a cheaper approach, and the four qualities that will help provide a solid foundation within this distributed framework. Ian concluded his talk by highlighting the lack of liability surrounding identity providers and certificate authorities, and how implementing a dispute resolution system can help hold all parties to account within a certain system.



Hi there! I haven’t got any prepared slides or a prepared talk, but I have got some prepared bad news for you: I’m here to tell you it’s not going to work. I’ve been thinking about how is that I can help this process, and the only way I can do this, that I can help, is to tell you it’s not going to work and why it’s not going to work. Maybe once we’ve got past that we can move on to the juicy part of constructing something new.

We heard a lot about AML and KYC and CCD and all that sort of stuff, and it’s interesting, because when I was at R3, this little startup down the road that works for the banks, McKinsey gave us a report which was a private report — you have to buy it or something like that, I’m not sure — and there was a certain number in there, it said 20%. They’d started doing this report back in about 2002, and the report said that since 2002, the cost of compliance has risen 20% per annum year-on-year, and that was a report that was around 2015. Maybe we need to check up on those numbers, but that was a pretty consistent thing, and we read the report over and over to try and figure out if there was a way to misinterpret it, but we could not. Cost to compliance now is about 30% I’ve heard, but you pick your own number. Who works at a bank? Nobody, okay. That’s probably good news. [laughs] Who’s got a bank account? I’ve got bad news: if you do the compounding, in seven years you won’t have a bank accounts, because all the banks will be out of money. If you compound 30% forward by 20%, in seven years all of the money is consumed on compliance.

Does anybody know when compliance started? 1985 was the first time I ever heard about it. It couldn’t have started a year earlier, 1984. It literally started the year after 1984, and it’s been rolling ever since, and the problem is it hasn’t got a particularly good record. It’s been rolling forward, and the solution to failure has always been to double down. Hence, McKinsey correctly reports that 20% year-on-year increase in compliance is FATF and various other authorities discovering that there are problems, running into banks, fining the hell out of them and doubling down on compliance, but what they’re not actually succeeding in doing is changing the problem.

Why is this? There a reason, and I like to call this the Financial Identity Trilemma Syndrome, or FITS, and maybe the bank is suffering from FITS, if you’ve got this problem. The problem is if you look at a bank, as the costs rise, it must take the money away from some other purpose, and there are approximately two things going on in a bank which are interesting I think: one is customer service, providing a good experience to the customer, and the other is providing safety and security of assets. That’s approximately the only two things that are going on in a bank, customer service — great products, great experience — and security of assets. If compliance is eating away at the cost base, it’s got to give way from the other two. Consequently, we have seen over the last 30 years, since 1985, a reduction in customer service. The security of the assets, certainly in the Western world, has not reduced, but the customer service has reduced. How do we bring back the customer service? That is the challenge.

There’s that trilemma, Financial Identity Trilemma Syndrome. We’ve got a choice of three things there, and you’ve kind of got to pick which one you’re going to work with. You can get two out of three, so who are you going to compromise on? What the banks have done to date is to compromise on customer service. How do we bring that back in? It requires a fairly deep dive. This is actually a rant called An Exploration of Identity written for R3. [ http://www.r3cev.com/blog/2017/4/25/an-exploration-of-identity ] The first thing to understand is how do we make decisions? We make decisions through context. This environment is actually pretty safe, I can leave my bag down the back, and it’s all open and there’s bit and pieces falling out, my passport is floating around and so forth, and I feel entirely safe. But if I was in say Kibera, which a huge slum in Nairobi, I wouldn’t be doing this. If I was in some unsafe place I’d be carrying my bag with me; if I was in a really unsafe place, I’d have my bag in my front. Decisions on security are made on the basis of context.

Now, it turns out that this context is really useful in terms of what we heard before about attributes and the W3C and so forth. Identity is an edge protocol, which means that in an IT context, the thing that we can most use with identity is what Alice says about Bob, what Bob says about Carol, what I say about you and what you say about me. Any of those things can be captured into a single statement, and those single statements can then be collected. That’s really useful, because we can now actually build an IT system which catches that information. But the problem we’ve got is what happens if that edge, that attribute, that piece of data happens to be unreliable? Why would anybody bother to say the right thing? Why would I say, “You’re all good people,” why would you say, “I’m a good person.”, why do you care? It turns out, if we talk about facts, there’s a bunch of things that can go wrong.

I particularly like this diagram about the fact of a brick wall. If you think about passports, Amy Bell brought up the notion that passports can be fake, and that’s a bit of a killer, 50 quid down at the right pub. I’ve been following identity fraud for the last probably last eight years or so, since this question came up in CAcert, how much does it cost to have a good fraudulent set? It’s about a thousand: a thousand bucks, a thousand pounds, a thousand euros, whatever, that will get you a good set of fraudulent identity. It might change a little bit with the e-passports coming it, but it still seems to be the case that that’s what it costs, which means in a risk analysis point of view, how much weight can you put on a document? Think about the transaction. You probably can rely on the document for buying a beer, you could rely on the document for buying a computer perhaps, it’s like in the same ballpark, but you wouldn’t buy a house on a document. A hundred thousand, a million, you’re going to put that on a false set of identity? Very dodgy. All sorts of things can go wrong with documents — there’s a list of them, but I’m sure you can imagine.

Where is all this unreliability coming from, all these problems? It turns out that there are approximately four ways we need to improve the game to get back on the identity track. There needs to be skin in the game. Everybody in the business — that’s you, me and everybody — needs to be at risk, which is to say if you’re a relying party on a piece of identity documentation or identity statement, an edge, you need to be at risk for what you’re about to do, and that is actually the case anyway with all identity systems. But also, if I make a statement to you, like I’m a CA and I make a statement that you are who you are, I need to be at risk. Quality control needs to be set, which means we need a standard, because you can’t actually make a statement to a standard and then rely on it without that standard, so that needs to be there. We need redundancy in sources, and this is the notion that web of trust, and that’s because… it kind of becomes obvious later on perhaps. And some facts are owned by certain people, so therefore they are authorities, but these facts are quite limited; the driver’s licence people own the driver’s license, the passport people own the passport, but that doesn’t say enough to be very useful — you just have to have that there in the list.

So we need those things there, but the key thing we’re getting to is that liability, skin in the game. We need to be able to have the liability that says, “If I have checked your passport and I say your passport is who you are,” and somebody comes and relies on that and they lose their house, I am liable for that statement. Now, to perhaps digress here, the problem that has occurred with all identity systems to date is that the liability for the statement that has been made has been dumped typically on the consumer. If you think about CAs, PKI providers, various identity authorities, the passport office, none of them can be sued. The way that the CAs avoid the liability for the statement that they make is through legal clauses buried in their legal contracts, not their CPSs but in their legal contracts, that state that you are on your own, there is no liability, there is no liability to them — if something goes wrong, you’re screwed. This is actually completely deliberate, and was an organised, intended approach, and the reason is because if a CA issues a million statements,, and there’s an expected liability of say 10 bucks on each statement, they’re out of business. The only mathematics that works for a CA or a PKI provider is if there is no liability. But unfortunately, here’s what happens: if there is no liability, the CA, or any provider of statements, enters into a race to the bottom, the quality sinks as they race to charge for certificates, sometimes we call this certificate manufacturing. What has happened with all these systems is the quality goes down — I’m talking about the private sector, maybe not the passport sector for example — the quality goes down to the point where it’s no longer reliable, and the reason it’s no longer reliable is because there’s no skin in the game.

So you need a situation where any provider is liable for the provision of the statement. If you think about banks, let’s say we’ve got Barclays or HSBC or some of these other banks, they issue a statement saying who you are and you’re going to take that statement across to some other provider, maybe it’s the health service or maybe it’s another country. Can you sue Barclays, can they sue Barclays if it goes wrong? No, and this is part of the problem. Whatever statement that these people make cannot be exported out of their business, because they won’t accept the liability. That’s reason A. Reason B as to why they can’t possibly export it is because, and I think Amy Bell hinted on this, risk analysis is done by the relying party, and the risk analysis is a different for every relying party, therefore there is no such thing as standardised KYC, standardised due diligence. In fact, due diligence, the meaning of the term is the diligence due for the business. So you can’t do a standard crosswise system, unless you bring all the players together and accept common liability for everything. This is what some of the Nordic countries have done, basically the central bank has got the banks into a room, and beating their heads together, until they’ve come up with a common system, but it’s also done the trick of saying, “You’re now absolved of the legal liability, if you rely on somebody else’s,” which is something that Amy Bell brought up.

So, how do we make it liable, such that anybody can issue these statements, but somehow we can come to grips with the fact that this person has an incentive, has skin in the game, and therefore does a good job? There’s approximately, as far as I can see, two ways: one is the central bank brings in the banks and forces them to do this, in some fashion or other, and the other is to create a community. This is what we did in CAcert back in the day, and this is what we’re going to do with EOS in the future, we’re going to create this thing called the governed blockchain. Basically, when you join the community, you accept the liabilities of being part of the community. Once you’re inside the community, you can make any statements you like, but you’re liable to arbitration. A formal method of dispute resolution exists, whereby if somebody does rely on your statement, they can come back to the arbitrator and demand that the arbitrator hold you to account. This is a really difficult ask. It can be done with a vertical, it can be done across borders. The question is can you bring all these people into a community? Now, I can say that if you’re trying to bring banks into a community, you can do it within one country; if you’re trying to do it internationally, it becomes a lot more difficult.

But that’s the conundrum: how do you bring people under common dispute resolution, such that they will accept the statements that are made by somebody else in the same community? That’s the bad news. Until you solve that, identity won’t work, in an international, smart contracts, blockchain environment — I’m sorry. And now I have to run [laughter], having given you the bad news I have to run, because I have a flight. There is good news, but that will take another day. [laughter]

All materials from the conference: http://internetofagreements.com/identity/

Learn more:


Join the telegram https://t.me/mattereum