How Distributed Ledger Technology Can Benefit KYC Protocols

Know Your Customer Regulations: Background

Bank regulators in the United States introduced the first Know Your Customer (KYC) regulation in 1998 but it never got off the ground because of criticism both from within the banking industry and the public. One week after the terrorist attacks of September 11, 2001, however, legislative proposals to thwart terrorism flooded into Washington; ultimately they became the USA PATRIOT Act signed into law by President George W. Bush on October 26, 2001. Title III of the Act added stricter requirements and enforcement policies to the Bank Secrecy Act of 1970, which had been regulating the banking industry. Thus KYC requirements were born, along with their two core procedures: the Customer Identification Program (CIP) and the Customer Due Diligence (CDD) protocol.

The Problem With Traditional Know Your Customer Procedures

KYC procedures can be expensive and cumbersome for companies to implement and maintain, but they are necessary to meet Anti-Money Laundering (AML) and KYC requirements. These costs have increased exponentially and will only continue to rise as AML/KYC systems become more complex and penalties for non-compliance grow steeper.

Many firm’s KYC protocols are notoriously inefficient, outdated, and slow. They are generally paper-based, require huge amounts of manual input, and often end up duplicating employees’ work both within and between firms.

Corporate clients of financial services firms are exasperated by how much time they spend on KYC compliance — between 26 and 32 days per customer. Other pain points include trying to keep up with constantly changing regulations; the lack of global standards; excessive contact from financial institutions; and inconsistent KYC requests from firms within the same country and sometimes even the same city. The tenets of a KYC plan are fairly simple, yet the KYC experiences of customers, financial firms, and industry leaders alike have become insufferably complicated.

Benefits of Distributed Ledger Technology and KYC Compliance

Distributed Ledger Technology (DLT) looks to be the ideal solution for legacy KYC requirements. Blockchain’s enhanced security and immutability — specifically the private, permission-based paradigm of its Distributed Ledger Technology — is well suited for streamlining KYC compliance. As a private blockchain, unlike Bitcoin’s public blockchain, DLT is composed of, and only accessible to, a group of designated parties. Financial institutions and their clients can trust that the data in a distributed ledger — both transactions and customer information — is secure and will be used solely for KYC compliance purposes. Distributed Ledger Technology is decentralized, transparent, and flexible. It enables firms to share KYC data in a cost-effective, fully automated manner both among other financial services firms and with regulators. DLT can also flag and prevent duplicative efforts and bring increased transparency to the client-onboarding process. Moreover, monitoring a shared database of transaction history can help to spot suspicious activity.

Customer Onboarding With DLT Could Save Time and Money

A consistent pain point in the AML/KYC process for firms and customers alike lies in customer verification — the first step in a prospective relationship with a financial services provider — which is essentially a data-collection exercise. The bank needs to know that you are who you say you are. At a minimum, a firm needs to collect your name, date of birth, and address; other possible data could include your social security number, driver license, and passport. The bank then analyzes your documentation and generates an internal document certifying to regulators that you’ve been validated and that the KYC checklist process has been properly conducted. In the current setting, whenever you initiate a relationship with a different financial provider, you must repeat this process, which in turn incurs repeated costs.

With DLT, this verification process needs to happen only once. You would complete the full verification process with your “home bank.” The home bank could create a smart contract — stored on the blockchain — to contain the Proof-of-Validation document and other submitted materials. You would share the result of that initial verification with any other financial firm you intend to work with by granting them permission to view your file on the blockchain. The smart contract could contain a record of financial firms that have checked the KYC status of this customer, and which have paid their corresponding share of the verification costs. Thus, the cost of the KYC compliance process could be shared proportionally among participating firms, which would effectively reduce the aggregate cost of the KYC process. Ideally, the data collected and any verification forms would be standardized, so that any financial institution in the world could share the same data.

Ongoing Monitoring of Customer Transactions

When auditing financial institutions for AML/KYC compliance, regulators often discover weaknesses in companies’ ability to monitor, detect, and report suspicious activity. Their risk-monitoring procedures generally return a very high percentage of false positives for suspicious activity. Many data-monitoring systems used today are designed in verticals that cannot communicate with each other. Therefore, there’s no instantaneous holistic picture of an entire customer account and its activity that’s updated regularly.

Other reasons for a large number of false positives are incomplete transactional information and poor data quality. So, financial institutions must spend significant human resources to process the numerous alerts for legitimate financial transactions.

The Power of Smart Contracts for KYC Compliance

Smart contracts can drastically reduce the number of false positives by attaching additional relevant data and pre-arranged conditions to both transaction and payment instructions. Because each customer record in DLT presents a chain of all events related to one customer in one dataset, in an immutable format and a sequential manner, it provides a complete and accurate image of that customer’s history to the minute; which ultimately could contribute to an accurate and objective risk model.

Via embedded triggers, smart contracts can automate both the initial transactions and their continuous monitoring. Because smart contracts can inject business logic into each transaction, they can reduce guesswork, subjectivity, and manual involvement during the monitoring process. In turn, this can minimize the number of errors, save time, increase consistency, and strengthen the internal auditing function.

Blockchain technology has the potential to simplify onboarding processes, ensure instant access to customer information, and minimize the amount of inaccurate data. It can also help to create and adjust risk profiles, especially for higher-risk customers, thus improving the effectiveness of ongoing monitoring for suspicious activity. Using blockchain to help comply with KYC requirements could save time, lower administrative costs, increase security, and inject transparency — an auspicious use case of decentralized technology that addresses a real need. Moreover, applying DLT to KYC initiatives would remove one of the thorniest problems for corporations worldwide: duplicative efforts of employees.

The Road to Adopting DLT for KYC Compliance

If by adopting Distributed Ledger Technology, companies could spend more time analyzing the risks of the underlying KYC and transaction data while using DLT to streamline the entire validation process, then why isn’t everyone using it? Even with something as obviously beneficial as employing DLT for KYC, implementing a new technology for an entire industry is not without challenges. Perhaps foremost among these hurdles is that first the financial services industry must standardize all AML/KYC language, tagging, and documentation. And before that can happen, the participating companies must agree upon certain standard forms and procedures. And that’s just the beginning of this massive undertaking.

FinTech Is Poised to Serve. Are Legacy Financial Services Ready to Receive?

A broader challenge, however, is whether legacy finance companies are able to integrate potential DLT solutions into their existing infrastructures. Some traditional firms have been using the same infrastructure for decades. So even if they do agree on the need to replace or augment their systems with newer, more agile tech, it can be either prohibitively expensive to do so, or is not possible because the new and old technologies cannot work together.

Some financial services firms have attempted to outsource KYC compliance to financial technology firms; others have actually acquired financial technology (FinTech) enterprises, merged their operations, and are doing the work internally. Yet other companies have adopted a two-pronged approach: laying the groundwork for a completely new infrastructure by making the necessary incremental changes and at the same time implementing as much blockchain technology as they can.

For those financial institutions that have already moved forward with FinTech initiatives to integrate and scale their operations, it’s not been a frictionless path. In addition to the technical issues of merging old and new systems, simply integrating the two cultures — mainstream corporate and tech startup — is not easy. Further, some legacy financial institutions have not been successful because they’ve tried to manage their FinTech needs out of context, in a fragmented way. The firms that have integrated financial technologies most successfully have built them upon their existing business goals and strategies.

DLT-Based KYC Compliance Solutions Are Close at Hand

The good news is that the process of adopting DLT for KYC has begun. Many financial institutions have already invested considerable amounts of time and money to develop Distributed Ledger Technology for their own KYC requirement purposes, and have completed successful proof-of-concept tests of the technology. Companies are already hard at work creating blockchain KYC use cases and creating first-wave KYC blockchain systems, some of which are available for trial use. Many firms are working on a digital signature that would keep a secure copy of a customer’s KYC-compliant documents stored on a blockchain. Soon, firms across the globe could be serving prospective clients faster, providing constituents with shareable high-quality data, and conducting their KYC checklist requirements with Distributed Ledger Technology.