The unfulfilled promise of blockchain
Blockchain has already been a buzzword for a long time but its potential to revolutionise the compliance industry is yet to be seen.
There is a lot of hype about blockchain but so far it has not delivered the promised goods.
Finding the right solutions for the labour-intensive know your customer (KYC) processes is not easy and to date there have been few use-cases on the market. However, progress is being made and the Clipeum initiative could prove to be one
The Clipeum project is a KYC (Know Your Customer) platform based on a distributed registry technology. It is a consortium led by Societe Generale and 12 European financial institutions including BPCE/Natixis, Credit Agricole, Commerzbank, Allianz, Banque Postale, BpiFrance, Euler Hermes, Tikehau and UniCredit. The aim is to build a European network linked to other initiatives such as the SWIFT KYC registry but with the clients at the centre having full control over data sharing and access permissions.
A decentralised network that leverages the flexibility of DLT provides a data storage or hosting separated by party or jurisdiction in a sovereign and General Data Protection Regulation (GDPR)-compliant by design service. It is also the perfect use-case for the passporting of KYC within a group composed of many different banks. Moreover, it creates a permanent record and audit trail of when and who provided information, therefore enabling traceability by design again. The “hash function” which is a code consisting of letters and numbers used to identify and represent pieces of KYC data, is stored “off-chain” and shared by the client and the financial institutions concerned.
Since it allows both globality and specificity it eliminates the need to design a KYC standard set of documents that should fit the needs of all participants and allows
the flexibility of a set of documents specific to each relationship to be exchanged between the stakeholders on an ad hoc or permanent basis.
The main hurdles in KYC/AML have been well documented. Despite advances in technology, compliance processes remain burdensome, manual and fragmented and can cost individual large financial institutions around US$400m annually, according to a recent Thomson Reuters study. One problem is the lack of standards and legal frameworks due to the steady stream of regulation that has come onto the market over the past decade, including GDPR (General Data Protection Regulation), which has inserted yet another layer of complexity in terms of the collection and managing of customer data.
There have been many challenges in automating B2B (business-to-business) processes on KYC use-cases because they involve a centralised data repository. This may be technically easy to implement but pose other issues, in particular the maintenance costs related to the requisite level of service and security. Other obstacles to overcome include the exposure of network participants to the single
point of failure principle, censorship, cybercrime and data leakage. Also, the pricing power lies with the centralised solution provider.
Distributed ledger technology (DLT) answers some of these technical challenges and offers a built-in security and resilience that central repository and data storage solutions don’t allow. However, not all blockchain platforms are suitable for financial services. To date, the most appropriate are the private, permission-based models offered by DLT for handling KYC compliance. These include Corda’s R3, JP Morgan’s Quorum and Hyperledger/Linux Foundation. Although there are several operational and cost benefits to blockchain, expectations should be realistic.
The reductions that can be achieved are often overvalued. Therefore, one must be realistic about blockchain. Though it is indeed answering some challenges about sharing KYC documents, as well as answering some the most acute challenges such as GDPR, security or traceability, thinking it will divide costs by 10 compared to classical centralised repository solutions is fantasy.
A more likely scenario is the 25% to 50% cuts shown by Singapore’s recent proof-of-concept prototype of a blockchain KYC utility. KPMG joined forces with three Singapore banks – HSBC, OCBC, Mitsubishi UFJ Financial Group, and the Singaporean regulator Singaporean regulator Infocomm Media Development Authority – to conduct tests between February and May 2017. They passed the Monetary Authority of Singapore’s test scenarios by lowering duplication and providing a clear audit trail. Clipeum consortium results based on the proof of concept conducted in October and November 2018 are in line with this estimate.
Initiatives such as Clipeum, though not a panacea, might prove effective solutions at tackling some of the major KYC documents sharing challenges.