Know Your Customer (KYC)
"KYC is the process of a business, identifying and verifying the identity of its clients. The term is also used to refer to the bank regulation which governs these activities. Know your customer processes are also employed by companies of all sizes for the purpose of ensuring their proposed agents, consultants, or distributors are anti-bribery compliant. Banks, insurers and export creditors are increasingly demanding that customers provide detailed anti-corruption due diligence information." - Wikipedia
KYC is a non-negotiable regulatory process that a bank or any other financial institution has to perform before transacting with or on behalf of an institutional or a retail client in order to accurately assess counterparty risks, as well as to protect each party from criminal activities, such as identity fraud or money laundering (AML).
In a time in which people quickly change their jobs, locations, and business services, KYC processes have become a mandatory duty of many banks, insurers, and other businesses operations. The current standard process satisfies functional requirements for the business and regulatory authorities but becomes increasingly expensive and complex as technology and regulations mature.
The cost of KYC process, especially client onboarding and account maintenance part, is very high. Reducing this cost and eliminating the number of KYC checks is what companies across the world are looking for. Recent research has shown that onboarding can take up to 40 days and cost up to thousands of dollars per client. For businesses relying on low transaction costs and high volumes, traditional KYC checks on customers may render these services unprofitable.
The standard KYC process is highly redundant and inefficient, resulting in significant friction points.
- Poor customer experience: customers, with each new registration process, must submit the same documentation multiple times, often with slightly different requirements.
- High operational cost: institutions must invest in significant man-hours to gather required documents and auditing for compliance.
- Inflexible technology: actual systems often cannot efficiently adapt to the demands of changing regulatory requirements.
The standard KYC process is composed of several parts:
- Acquire personal information: a customer must provide a name, phone number, address, source of wealth, etc.
- Acquire & manually validate personal information: the institution must review and manually check the authenticity documents provided by the customer.
- Store personal information: the institution stores the documents in a system that is potentially vulnerable.
- Background checks (Client Due Diligence): the institution tries to find out a little more information about the customer and his background from other sources, for example from public registers or social networks.
- Monitor changes: the institution manually updates the documents when changes are reported by the customer.
For the KYC process to be effective, it is essential to address the following problems:
- face-to-face onboarding,
- submission of physical documents,
- clients undergoing the entire KYC process from scratch for every onboarded institution.
A blockchain system that stores and facilitates KYC data is something that can be implemented to reduce cost and eliminate the number of KYC checks.
“The use of a distributed ledger system, such as a blockchain, however, could unlock advantages by automating processes and thus reducing compliance errors. A blockchain-based registry would not only remove the duplication of effort in carrying out KYC checks, but the ledger would also enable encrypted updates to client details to be distributed to all banks in near real-time. In addition, the ledger would provide a historical record of all documents shared and compliance activities undertaken for each client. This record could be used to provide evidence that a bank has acted in accordance with the requirements placed upon it should regulators ask for clarification.” Deloitte’s report “Blockchain applications in banking”
There is no real reason that the objectives of KYC compliance and technologically enabled services need to compete. Today’s technology offers enhanced capabilities for meeting both objectives. Better understanding of digital identity means both improvement in the delivery of services and the proof of essential KYC compliance.
Some try to do this based on trusted institutions providing KYC services that are recognized as such by regulators. To avoid real-time approvals from 3rd party service (which may be feasible in some, but not all cases, e.g., when offline), blockchain technology can provide this proof that, for example, all relevant KYC checks had been performed by a trusted (regulated) body at the time of the transaction – the digital equivalent of a notarized proof of identity.
The current blockchain solutions provide:
- cryptographic technique to tie freely created blocks of data sequentially,
- immutable and tamper-proof transactions,
- a consensus protocol in a decentralized transaction network,
- replicated data and full audit trail of past transactions,
- digital identities and digital signatures,
- smart contracts - intelligent transactions.
It is important to remember that KYC process is about identity and AML is about analysis. The idea of blockchain is that it is an integrated system to perform KYC and AML, shared between financial institutions, and at the same time enabling unrestricted access for regulators to audit the system. All participants have access to audit data/logs, which leads to a model where financial institutions, in order to share data in a trusted ledger, are providing more linkable data for effective analysis. AML is all about analysis, and transactions linked across multiple institutions will make that analysis easier. The blockchain solution should reduce operational costs and allow for a smoother and less laborious customer experience.
In the era of digitization, the data we use to prove identity are already (or will be in a moment) digital, so the blockchain could enable instant identity verification. Blockchain solution removes the need to trust any third party by trusting the network-agreed data set.
Blockchain-based KYC solution provides stronger security and faster compliance with reduced operational costs. It can offer several unique features that benefit businesses, regulators, and customers:
- Digital notarization (Immutability): digital data can be signed through a process of cryptographic hashing and time stamping, creating an immutable blockchain record with a unique digital signature.
- Universal traceability (Auditability): the origin of any document, contract, or piece of data can be traced independently of any single actor or system, by using publicly available tools.
- Proof of process reporting: at any point a detailed report can be generated that visualizes and describes dates, times, metadata, and signed cryptographic proofs of any part of a KYC process.
- Privacy requirements and selective visibility: all customer data are private and can be made available to an institution for KYC process. Visibility of data depends on permissions granted.
- Customer experience improvement: when a customer starts registration process with a service company, he can share an identity token (with proofs) instead of the original documents.
- Cost reduction: by reducing the redundancy in the verification process and automating reporting, blockchain KYC can reduce costs for all participating parties.
- Compliance improvement: the proofs of all steps of blockchain KYC can easily (and automatically) be shared with regulators.
KYC solutions based on blockchain technology increase the level of security, reliability, trust and transparency. Additionally the new concept of Digital IDs on the blockchain can be applied into the KYC as follows:
- Digital IDs can be created upon validation of the required information submitted by the client.
- A blockchain-based KYC utility maintains and provides safekeeping for all the Digital IDs.
- Clients can control their Digital ID by granting permissions to institutions they communicate with.
This Digital ID system may also be integrated to any additional processes post-KYC, e.g. through smart contracts, to further enhance AML and compliance. It can create an ecosystem where accounts are conveniently portable from one provider to another.