Ofwat’s ‘DPC by Default’ for PR24: How water…
What is the art of the possible as it relates to a shared e-KYC platform?
In the not-too-distant past, nascent, decentralized ledger technology left question marks in terms of data privacy, ease of implementation and scalability. The technology has since made significant strides in these verticals, but the industry has yet to see profitable solutions implemented at scale in a regulated industry. What is the art of the possible as it relates to a shared e-KYC platform?
In the not-too-distant past, nascent, decentralized ledger technology left question marks in terms of data privacy, ease of implementation and scalability. The technology has since made significant strides in these verticals, but there remain challenges to be solved prior to wide adoption of a blockchain solutioned, shared e-KYC platform, including regulatory requirements and incentives for participation. Still, it is hard to ignore the innovation and momentum around solutioning the use case. The financial services industry is witnessing fintech firms marketing and specializing in identity verification and solutions for various stages of the KYC process. The current KYC position, manual, repetitively and costly, is directly at odds with the industry’s trajectory for digital transformation and operational efficiency. Blockchain solutions are prime to disrupt.
Enterprise software and data sharing technology firms are beginning to offer permissioned blockchain solutions for firms to mutualize KYC efforts. One firm currently supports 11 banks and governmental bodies, including the UAE’s KYC Blockchain Platform, a consortium established by the Dubai Department of Economic Development (Dubai Economy) and Dubai International Financial Centre (DIFC) to promote a national KYC ecosystem, the first of its kind.
(1) 2018. R3, an enterprise software company, completes a four-day platform test of 300 KYC transactions across 39 banks and 19 geographies using test data on their permissioned blockchain, Corda.
(2) 2018. IBM, in partnership with Deutsche Bank, HSBC, the Treasuries of Cargill and MUFG successfully completes KYC POC
(3) 2020. Isabel Group, fintech banking service provider, develops Kube for Belgian banks Belfius, BNP Paribas Fortis, ING Belgium and KBC to share verification data as part of the KYC process
(4) 2020-2021. Dubai’s Department of Economic Development (Dubai Economy), in conjunction with Dubai International Financial Centre (DIFC) establishes a national KYC ecosystem, by launching the Norbloc powered UAE KYC Blockchain Platform, a consortium including HSBC, Commercial Bank of Dubai, Abu Dhabi Commercial Bank, RAKBANK, Mashreq Bank, Emirates Islamic and Emirates NBD.
The viability of recent blockchain-enabled KYC Proof of Concepts could most noticeably be attributed to a more mature technology that supports data privacy regulations. However, none have moved past the Proof-of-Concept stage. The industry has yet to see profitable solutions implemented at scale in a regulated industry. Rather than dismissing the technology, consideration should be spent on more traditional causations: lack of a regulatory approved governance structure, a properly incentivized operating model that supports a sustainable business case and the competitive concerns of participating banks.
Collaboration with regulatory authorities could provide the trust needed to help move blockchain for KYC from a proof-of-concept to a widely adopted practice. By defining standards and removing legal questions such as ownership of process compliance and liability for inaccurate validations, regulations could help remove uncertainty and hesitation that is arresting industry-wide adoption necessary to recognize the full impact of data sharing.
A blockchain may reduce operational costs and streamline the KYC process, but if the savings are offset by high implementation costs (small firms may not have capital and large firms may be burdened with unwinding complex legacy systems) or the benefits of participating in a shared validation do not outweigh risks associated with a potential miss, the blockchain solution is not sustainable. Proper incentives for participation would also be necessary to avoid participants freeloading benefits of a shared network, as well as remaining engaged and interested in the longevity of the ecosystem.
Successful KYC ecosystems depend on stakeholder buy-in on an agreed upon governance model to address challenges from competition and realize the benefits of participation. Firms may be hesitant to share competitive data supporting a KYC validation if it threatened the stickiness of clients. As firms architect a shared e-KYC platform, cryptographic techniques to enhance blockchain privacy among network participants should be considered. This could look like permissioning different levels of data visibility (for read/write access, or validation), fragmenting the knowledge of the content shared, or deciding what data is stored on or off-chain (validated check attestation only anchor on-chain, while supporting data is stored off-chain). Cryptographic signatures, such as two-way, public, private keys could be established to send encrypted communications (or underlying data) on chain that can only be decoded by the owner of the private key (the intended audience), while implementing Zero Knowledge Proofs (ZKP), or cryptographic proofs that allow one to “prove” the accuracy of data without sharing the data itself, could eliminate the need to share the underlying PII at all. Applying cryptographic methods on inherently transparent blockchains could facilitate confidence in both sharing and accepting a KYC check without necessitating competitive data and storage costs.
Blockchain technology is maturing beyond a “plug and play” solution to resolve current operational pain points. In many cases, to unlock the full potential benefits, current operational processes should be reimagined, no longer constrained by legacy technology and processes.
The industry is now investigating digital identities, self-sovereign, decentralized identifiers (DIDs) and more conceptually, Soulbound Tokens (SBTs). With decentralized identities, the data may be owned by the individual or the issuer of the KYC, rather than stored by a central institution or authority, such as a bank. DIDs, coupled with ZKPs, could allow individuals to verify their digital identities without disclosing confidential information and support European GDPR by allowing the owner to maintain ownership and portability of their data. Using DIDs would require the industry to reassess the pipes and regulatory concerns associated with KYC/AML checks.
SBTs, introduced mid-2022, propose non-financial, non-transferable tokens store an individual’s credentials in that individual’s wallet. A large cryptocurrency exchange recently offered the first SBT to users who completed KYC requirement. In a similar vein, other blockchain based firms offer tradable tokens that can only be used as currency in transactions post the holder completing KYC onboarding, deeming the subsequent transactions KYC compliant.
If General Data Protection Regulation (GDPR), Washington Privacy Act (WPA) and California Consumer Privacy Act (CCPA) are hints of the future, decentralized identities and soulbound identity wallets could be foreseeable (assuming attention is paid to the front-end user-experience design which is currently not intuitive, and therefore, not accessible to the average user). With such functionality in place, data sharing may become mainstream on decentralized platforms, as institutions will benefit from efficiencies and reduced costs, while remaining confident in the safety of the data. Regulation will need to investigate the vulnerability of users as they become comfortable with the new technology (today, for example, Americans know when and when not to share SSNs).
The industry may not be ready to adopt a fully reimagined, end-to-end KYC process tomorrow, but firms may be ready to leverage blockchain to redesign pieces of the value chain. Firms may choose to share initial identity and onboarding details amongst trusted network participants, while maintaining a separate KYC process off-chain to manage to their personal level of risk and regulatory interpretation. Though not a KYC-specific solution, a noteworthy example of data sharing is a large global investment bank’s successful commercialization of an international network of +400 financial institutions that jointly verify account information through its offering, advertised as a “production-grade, scalable peer-to-peer blockchain network.”
Though POCs in the financial services sector historically tend towards private, permissioned blockchains to provide comfort through maintaining a level of control, the cryptographic methods that exist today can achieve the same level of privacy on public chains. Returning to the business model, private blockchain solutions risk lagging technologies (blockchain technology is quickly iterating), lack of interoperability of public networks, higher maintenance costs and more challenging implementation. As real benefits of a shared-data network are ultimately achieved through industry adoption, the industry may find the most shareable solution, such as a public chain, come to favor.
For companies not yet ready to enter a shared data ecosystem, but interested in exposure to blockchain technology, intercompany solutions can be a first step. Rather than introducing competitive third parties and concerns of trustworthiness, banks can design decentralized structures between internal, trusted departments or regions, while maintaining control of the content, business case, governance and regulatory risk appetite. This could act as a viable steppingstone to adoption of the technology.
Sia Partners is a next generation consulting firm focused on delivering superior value and tangible results to its clients as they navigate the digital revolution. With over dozens of blockchain and crypto assignments spanning 40 clients worldwide, including large financial institutions, our hybrid model brings together Blockchain and Business experts to bring solutions to life as quickly as possible. Our team covers a broad spectrum of blockchain technology including Ethereum and its rollups, EVM networks (i.e., Polygon, etc.), Bitcoin and the Lightning Network, Hyperledger, R3-Corda, Quorum and more.