Blockchain and Identity: Revolutionising KYC for Financial Institutions
Earlier this year Marino Software attended MoneyConf in Madrid. The conference was a general fintech event, but one thing that was mentioned consistently was Blockchain. I say Blockchain but in actual fact it was mostly Bitcoin. That’s understandable of course, it’s the only implementation of Blockchain technology in the public mind. However, the technology allows for much more than creating and transferring coins or tokens.
Blockchain & Financial Institutions
Chris mentioned how Blockchain was being explored as a means of identity and transaction record for Financial Institutions and Public Sector bodies, and how it could simplify and streamline compliance with KYC or Know Your Customer requirements.
In order to comply with KYC, banks and other Financial Institutions must dedicate a huge amount of resources. This is particularly wasteful since each individual Financial Institution has to satisfy KYC requirements for each new customer, even though that customer has probably completed a KYC process somewhere else before. A Thomson Reuters survey found that Financial Institutions are spending on average $60 million per year on compliance with KYC. These regulations also massively impact the customer experience as onboarding new customers can take an excessive amount of time. The same survey found that some Financial Institutions can take in excess of four months to onboard a new corporate customer.
So hold on, how can blockchain help with KYC?
Well, blockchain is basically a database. Ok, not a database in the sense you might be familiar with but it contains information, called Blocks, and they are stored in a chain. Each block contains the record of a valid transaction and also contains a reference to the previous block. So for example if a customer completes a KYC process with a Financial Institution that information or block could be inserted into a blockchain and shared with other Financial Institutions.
What’s so good about blockchain?
One of the biggest advantages of blockchain is that it’s typically a transparent system, with no one entity having the power to modify or erase a block without it being recorded on the blockchain. Records/blocks are validated by peers, like other Financial Institutions, on the blockchain network. As a peer to peer network (P2P), each financial institution would be able to trust the others. There’s no centralised authority that can be compromised and there’s no way to hack the cryptographically secure data within the general ledger.
Is there much risk?
A decentralised, anonymous, P2P network is potentially vulnerable to certain assaults. Sybil (creating large numbers of fake accounts in order to control consensus) and 51% (gaining control over a majority of existing nodes on the network) are two types of attacks that, though difficult to carry out and quite rare, are feasible. To counter these attacks, the nodes on the network would possibly need to be restricted to Financial Institutions, regulatory bodies, academic institutions etc. Alternatively, validation consensus could be reached by another method. Proposals on how to eliminate the risk of these attacks while trying to maintain the trustless, decentralised nature of the networks are being looked at. These include proof of stake, proof-of-reputation, hybrid approaches and Biometrics.
Biometrics is an area that has quietly infiltrated our lives in the past few years. Passports contain fingerprint and/ or photo information, most higher-end smartphones now have fingerprint scanners while some even have Iris recognition. Biometrics are the only available method to irrefutably identify an individual.
Coupled with blockchain technology, the opportunities for Financial Institutions to streamline KYC processes and enhance the customer onboarding experience are clear.
Biometrics and Blockchain: A proposal for Financial Institutions
An ideal solution for Financial Institutions to identify personal customers could be as follows:
- Each customer is initially onboarded into the blockchain.
- The user’s personal information, relevant KYC documentation and biometric data is strongly encrypted and added as a block in the blockchain.
- The user’s biometric data (and possibly a PIN) would act as a private key, so their data could not be unlocked without their authorisation.
- The new customer’s block is validated by a consensus algorithm among the p2p network.
- When the customer wants to onboard with a Financial Institution for the first time, they authorise that Financial Institution to access their block. This will grant the Financial Institution access to all necessary personal and regulatory information, automating the onboarding process.
- Any further changes to the block would also need to be validated by the network.
For corporate customers, the same principles can apply, but with the blocks being made to store the biometrics of authorised agents within the client organisation.
Interesting… Is this really possible?
The above approach may seem fanciful and a little idealistic, but there are movements already under way that are attempting to achieve this. Companies like Blockstack, Coinfirm, Trunomi, UniquID, uPort, and Tradle all have offerings in this space. However, while their approach will probably gain traction, the data in each of their offerings will (most likely) be contained in proprietary silos. The key question to consider is who will be responsible for carrying out the onboarding of the biometric data? Is it the individual companies or another institution? This will need to be resolved before the technology becomes widespread.
A Global Biometric Blockchain
At the ID2020 summit at the United Nations in May 2016, a number of speakers, including a large number of blockchain technologists, spoke with a common goal of having a digital identity for everyone on Earth by 2030. While the main goal of the summit is largely social and societal, the implications for business are profound. The ID2020 initiative could provide Financial Institutions with access to the world’s “unbanked” population, currently estimated to be around 2 billion people. The potential applications aren’t just limited to Financial Institutions. It could potentially remove the need for passports, be used to store health records, criminal records and even tax information.
Financial Institutions: Customer Experience, Overheads & …
Regardless of whether a global (in the true sense of the word) approach will ever come to pass, the biometric blockchain has massive potential. For Financial Institutions, the opportunity to vastly reduce overheads needed to meet KYC regulations while providing secure and simple systems for customers is only one application. The need for debit/ credit/ atm cards or even smartphone payment systems could also be eliminated. Imagine payments that could be authorised simply with an iris/ fingerprint scan and a PIN entry? The nature of blockchain technology could make this happen. Last week saw the completion of the first international transaction between banks using blockchain technology, so progress is happening. Blockchain will be an interesting area to watch in the coming months and one people should start to factor into their thinking.