Blockchain and cryptocurrencies have been the catalyst for exciting new developments in technology and finance. However, the rules and laws that underpin these innovations have been struggling to catch up. What is receiving more and more attention recently is the topic of regulation, and the safeguarding of personal information and funds, specifically in the areas of KYC (Know Your Customer) & AML (Anti-Money Laundering). In this sphere, blockchain brings unique challenges, but also opportunities.
Virtual currencies have a controversial reputation due to their use in money laundering, the funding of terrorism, human rights infringements, and other illicit activities.
Due to these pressing matters, redefining the standards for virtual currencies are one of top priorities for international financial institutions.
However, as E. Yago points out, imposing KYC/AML regulations on crypto undermines its core principles: privacy and disintermediation.
An overarching policy could potentially evolve into the biggest global surveillance machine ever known, to the disappointment of blockchain believers.
While opinions differ, there is certainty with regard to business standards set for financial institutions. To be able to operate legally, they must abide by existing international KYC/AML standards.
Running KYC Checks on Blockchain
Before client onboarding takes place, a financial institution has to verify basic information about a person such as their address, occupation, previous banking history, exposure to politics, presence on sanction lists etc. This data lays the foundation for the client’s profile, which is stored internally and may be shared throughout a common system.
Criteria may be set in order to flag any activity deemed suspicious (e.g. if the client transfers more than $100,000 to another account). This procedure can be very time-consuming, and an individual may find themselves waiting months to simply open a bank account.
It isn’t cheap either: on average, financial institutions spend some $60 million per year on KYC compliance.
Blockchain has the potential to optimize the KYC process by providing the basis for a cross-institution private ledger, where all client records would be kept, instantly modifiable and accessible. In this revised situation, the new compliance procedure would include just a couple of steps: the customer enters the ecosystem, the institution concerned validates the documents, and the data about any amendments or controls is automatically recorded on the encrypted ledger. Further blocks can be added according to the client’s actions (e.g. concerning irregular transactions), thus making the client’s profile a chain of verified events.
Safeguarding Private Information
It is important to stress that, however good this system may turn out to be, there are always risks that should be taken into account. In the area of KYC, top priority should be given to the protection of personal information.
This is where cryptography, consensus protocols, and smart contracts — other fundamental features of blockchain — come in handy.
In particular, private and public keys can be combined for better security: private keys authenticate ownership and limit the amount of shared personal information, while public keys allow open access to the entire blockchain, allowing users to be part of digital events (blocks with a digital signature, timestamp, and any other relevant data needed for a transaction).
All this may sound complicated, but there are some early adopters proving that everything is quite simple in practice. One of them is IBM, who is developing the Shared Corporate Know Your Customer project to digitize KYC records, reduce paperwork and harmonize standards between major global financial players. Another similar project is Persona, a digital identity management system, where clients and institutions can join the platform and share private data at their discretion.
What About Anti-Money Laundering?
Simply put, money laundering means that someone is conducting financial transactions in such a way that the source of funds cannot be identified at a later stage, hiding any traces that may link them to an illicit activity.
It is thus a rather tricky job to detect and investigate this type of crime, with the success rate currently standing at less than 1%, even with global efforts exceeding $8 billion annually.
Thinking about how blockchain can improve the situation, F. DCosta suggests that a private permissioned blockchain network be created between authorities and institutions functioning as nodes, each being able to view as well as update blocks. In such an arrangement, the network directory and smart contract would be used to record transactions, flag and stop payments, alert stakeholders and log all details.
These private permissioned blockchain networks can synchronize with trusted third-party apps for advanced analytics, which have the ability to flag suspicious activity with far greater accuracy. For instance, ORS CryptoHound’s Graph widget can be used for spotting certain behavioral patterns between different addresses, and the Statement widget can fill in the gaps with a detailed overview of all the transactions and their historic values within portfolios.
Although blockchain positions itself as a promising solution to optimizing KYC/AML processes, certain risks need to be addressed before opting decisively for a new record-keeping system.
First and foremost, customer data privacy must be central.
This will require the establishment of new standards for authorization and data management.
Secondly, one should not exclude the possibility of hacker attacks, such as the 51% ones that sabotaged a number of crypto exchanges recently. Where possible, cold back-ups or other means of protecting the immutability of data should be used.
At the same time, blockchain not simply brings about new risks but mitigates many old ones.
For instance, it reduces the extent of human impact, thus decreasing the occurrences of mistakes or fraud. Furthermore, customer identification on a blockchain reduces the risk of inaccurate decision making; often a result of a lack of information. Blockchain identities allow financial institutions to see the micro as well as the macro. Finally, decentralized data storage protects against the risk of tech errors or targeted hack attacks.
With billions of dollars worldwide circulating with the help of cryptocurrencies, financial institutions have no other choice but to redesign the existing rules and procedures.
Among top priorities is the KYC/AML sphere, which in addition to sluggish procedures is starting to be challenged further by the anonymous and chaotic parallel reality that is cryptocurrencies.
Nonetheless, as much as it may seem that traditional finance and decentralized virtual countries don’t mix, blockchain can really benefit the compliance industry.
In particular, it can harmonize the global approaches to due diligence by developing a common ledger, keeping the most accurate and up-to-date records in one place. With the application of protocols, APIs and smart contracts, this system can further grow to incorporate AML features such as flagging, reporting, and others. This is idealistic, but doable, as proved by giants such as IBM.