Blockchain in KYC verification (Part 14- Blockchain Series)
Welcome to the 14th part of the 100 part series on Blockchain.
Knowing with whom they are trading is one of the most important jobs of banks and other financial institutions like an insurance company, stock exchange, etc. Because of this very reason, these financial institutions conduct KYC or Know your customer process as this process provides them with a sense of security. KYC verification ensures the authenticity of the other party involved.
The KYC process is initiated when a customer intends to work with a financial institution, for example, a bank. Initially, the financial institution and the customer agree on certain terms of a relationship. Then, the customer sends the required documents like ID proofs, credit card information, utility bills, etc to that institution to conduct the KYC verification process.
After receiving these documents, the institution analyses them and generates certification, where the customer is either validated or rejected to avail the services. The process is repeated every time a customer initiates a relationship with any financial institution.
For example, if a customer wants to open an account in bank A, he has to exchange his documents with Bank A and has to go through their KYC process. After receiving his documents, Bank A will verify them and after that, he is allowed to open an account in bank A.
But when he intends to work with other banks, let’s say bank B and bank C, he has to exchange his documents again and go through the KYC verification process with the respective banks B and C. These multiple validations are time-consuming and, at the same time, lead to an unnecessary increase in the cost of KYC validation.
So quite naturally, there is a need for a solution to make the KYC process easier. Blockchain technology can provide the required solution and can act as a single point of truth in this case.
After implementing Blockchain, a customer will be required to undergo the KYC process only once. This KYC information and validation will then be stored on the Blockchain, and later on, he can share this KYC verification result with other financial institutions with which he intends to work.
Type of Blockchain used for KYC verification process
Permissioned consortium Blockchain.
Public Blockchain can not be used for the KYC process because, as the name suggests, the data can be accessed by anyone with an internet connection. On the other hand, on a permissioned Blockchain, one cannot just join the network unless the network administrator allocates permission. Therefore, this type of Blockchain ensures a safer network to deal with sensitive and confidential data of the customer. For KYC verification, permissioned consortium/federated Blockchain is used. In the consortium Blockchain, a group of companies or representative individuals make decisions in the best interest of the whole network. For KYC verification, there is a consortium of financial institutes on the Blockchain network. The nodes will be pre-selected from these financial institutes to make changes on the network. These nodes have the authority to read or write transactions, and they can also allow or restrict participants on the network.
How can KYC verification be done on Blockchain?
Let’s discuss in detail how KYC verification can happen on the Blockchain.
Step 1: Customer creates a profile
When a customer approaches bank A for the first time, he will be required to complete a one-time set-up of their digital profile, also called a Client Profile. The Client Profile will contain documents and information like proof of the customer’s identity (i.e., driver’s license/passport information), address proof, and other documents required by the bank. Once the documents are uploaded, they will be accessible by the applicable bank for verification.
(a) The bank will verify the documents and perform due diligence according to the bank regulations.
(b) Once the documents are verified, the bank official will hash the documents using the Hash Function. Hash functions generate a fixed-length output for any input data irrespective of its size and length. Additionally, they work as one-way functions; in simple words, if you have a hash, you can not decrypt it to find the corresponding input, i.e., information in the documents.
(c) The hashes of each verified document will then be stored on the unique ID of the customer created on the Blockchain by the bank official. The bank will be responsible for entering the data about the customer on the Blockchain platform, to which other banks and financial institutions have access. The copy of the KYC documents will be stored on the bank’s centralized database (not on the Blockchain platform — which means the KYC data is deemed to be stored “off-chain”). Only the hashed documents will be stored on Blockchain. It is important to note that the hash will not contain the contents of the KYC data; it only represents the code name of a specific file. This will be done to prevent the customer’s sensitive information from being accessed by other members on the Blockchain network.
(d) The bank official will then generate a QR code for the customer that contains the address to the unique ID and hashed documents of the customer stored on the Blockchain.
(e) Finally, bank A will upload the QR code on the Client Profile.
If KYC data stored on the Client’s Profile is altered or modified, the corresponding hash would immediately change. Therefore, the hash will not match to hash function posted on the Blockchain platform, causing the system to automatically alert bank A about such change.
Step 2: Customer intends to work with bank B
Now, if the customer intends to work with another bank, say bank B. Bank B also requires the client to complete the same KYC documentation required by Bank A.
(a) Bank B will send a request to the customer to access his Client Profile. To grant access, the customer will log in to his Client Profile through a one-time password (OTP). The OTP will be sent to the customer on email or SMS registered with the bank. Sending OTP proves that the user is who he claims to be. It also prevents data theft on loss or unauthorized scan of the QR code present on the client profile. Although the data can now be accessed by a third party (bank B), ownership of the data remains with the customer. It means the bank B official can not modify or alter the customer’s data.
(b) After getting access to the client profile, the bank B official can scan the QR code to extract the unique ID of the customer present on the Blockchain platform. He would then hash the uploaded KYC documents and compare them with the hashes uploaded on the Blockchain platform by bank A. If the two Hashes match, then bank B will know that it has received the same unaltered KYC Data already validated by Bank A.
(c) On the other hand, if the two Hashes do not match, then bank B would need to manually validate the KYC documents according to its standard KYC processes. This could occur if the client has modified the KYC data initially uploaded to the Client Profile or has uploaded additional KYC Data to the Client Profile.
(d) After verification, bank B will then store the copy of the client’s documents on the bank’s centralized database.
Smart contracts and KYC
Smart contracts also play a crucial role in the KYC verification process. For example, suppose the customer obtains a new driver’s license or passport; these documents must be updated and uploaded on the Blockchain. In this case, it is not possible for each financial institution to individually validate the new documents and update their systems accordingly. To avoid this, smart contracts can be used to automatically update the systems of financial institutions when the client provides new/updated documents. Specifically, the client submits the updated documents to only one financial institution who then validates and attests to its authenticity. The financial institution then broadcasts this change in the form of a new hash on the Blockchain to the other participating financial institutions.
Additionally, the smart contract will also include the result of the core KYC verification done by the bank for that customer (can be either accepted or rejected). Thus, the customer’s smart contract will contain complete information about the financial institutions he has worked with.
Blockchain in preventing money laundering
Curbing money laundering is a big challenge for banks. The criminals earn large amounts of money from illegal activities, such as drug trafficking, terrorist activity, tax evasion, bribes, kidnapping, etc.
To avoid detection from legal authorities, these criminals perform money laundering to create an illusion that the money they obtained from illegal activities originated from a legitimate source. A Bank or a financial institution is used at some point of these money laundering procedures for converting the Black money into White. One of the ways that they perform money laundering is by first dividing the accumulated sum of illegal money into smaller chunks and then depositing these smaller chunks into the accounts of unconnected depositors.
Therefore, any government or financial institution must create a regulatory framework that makes it difficult for individuals to convert money obtained from illegal activities into legitimate assets.
The mainstream financial ecosystem has been developed in such a way that there are numerous checks and balances that can prevent money laundering. And Know your customer or KYC verification process is one of the most essential checks implemented by these institutions in this direction.
But the biggest challenge with the KYC verification process is the increased regulatory cost that these financial institutions bear.
· In fact, it is estimated that the yearly cost that financial institutions spend on KYC verification is around 60 million USD.
· Moreover, these costs are augmented by the fines levied on financial institutions due to their misconduct with regard to anti-money laundering (AML) and KYC regulations.
· These costs are approximated to be about 10 billion USD.
· Additionally, KYC verification is a time-consuming and painful experience for the customers too.
Thankfully blockchain technology has the potential to solve this issue related to KYC verification.
If all financial institutions adopt Blockchain, KYC data of the customers can be shared across financial institutions in a secure, transparent, and seamless manner.
Benefits of Blockchain in KYC verification
The benefits of blockchain technology for financial institutions are enormous:
(i) Specifically, the technology enables the creation of a chronological, decentralized interbank ledger using which financial institutions can verify the result of the KYC verification process that has already been conducted for a customer, thus avoiding the need for conducting redundant KYC verifications.
(ii) Moreover, the cost of the KYC process can be minimized and can be shared proportionally among the financial institutions that work with a specific customer.
(iii) This technology will be very helpful for the regulatory bodies since the distributed ledger provides a transparent record of the KYC process that financial institutions had undergone prior to working with their customers.
Challenges faced while implementing Blockchain
Before implementing blockchain-based KYC systems, financial institutions must identify and address the following challenges:
(i) Currently, the KYC verification processes vary for different financial institutions, and they have their own internal risk profile and procedures that they are comfortable with.
(ii) To develop a KYC verification system on Blockchain that can be used and shared by multiple financial institutions, the participating institutions must agree upon certain standard KYC regulations and processes.
Kapsoulis, N., Psychas, A., Palaiokrassas, G., Marinakis, A., Litke, A., & Varvarigou, T. (2020). Know your customer (KYC) implementation with smart contracts on a privacy-oriented decentralized architecture. Future Internet, 12(2), 41.
Kumar, M., & Nikhil, P. A. (2020). A blockchain based approach for an efficient secure KYC process with data sovereignty. Int J Sci Technol Res, 9, 3403–3407.
Rankhambe, B. P., & Khanuja, H. K. (2021). Hassle-Free and Secure e-KYC System Using Distributed Ledger Technology. International Journal of Next-Generation Computing, 12(2).
Yadav, A. K., & Bajpai, R. K. (2020). KYC optimization using blockchain smart contract technology. Int J Innov Res Appl Sci Eng (IJIRASE), 4(3), 669–674.
Kulkarni, V., & Singh, A. P. (2017). Sustainable KYC through Blockchain Technology in Global Banks. technology, 6, 18.
Thanks for reading!