KYC requirements have become a very time consuming and costly process, requiring different banks to conduct similar (if not the same) due diligence on the same customers over and over again. This becomes especially onerous when dealing with entity customers with complex ownership structures. It’s frustrating for both customers and banks. One of the newer plans to solve this problem are government backed, blockchain-based KYC registries. Existing centralized KYC utilities have begun to explore the benefits of using blockchain technology in their offering (IHS Markit’s KYC.com has partnered with Cambridge Blockchain), but the development of a government backed registry based on blockchain technology is a new approach. There has always been discussion of government backed KYC utilities, but as of late those discussions have now included blockchain technology as the underpinning of these utilities. In fact, several jurisdictions are already exploring their development (e.g., Singapore, Hong Kong, Abu Dhabi).  But what are they? How can they help? What are the concerns? What should I do about them?

What are they?

A blockchain-based KYC registry is a single source of customer due diligence information developed on blockchain technology for use by a consortium of participating banking institutions to onboard customers. In the best case scenario, the registry has the support and backing of a governmental body (usually a financial regulator).  Using an agreed upon common set of due diligence standards, the blockchain technology allows each participating bank (and potentially the government) to be responsible for helping to keep the data up to date. Each banking customer would have its own chain of data that contained all the necessary KYC data and documentation for a participating bank to use when onboarding them. Each update to that information would be a new block in the chain, accessible to those banks with access to the registry. Once the blockchain has been updated, an encrypted update could be sent to each participating bank to allow them to keep their KYC up to date in near real time.

How do they help? (The Good)

There are numerous benefits to these registries:

Reduce the overall due diligence burden on banks

• By sharing the overall burden among all participating banks, it dramatically reduces the level of work required by each bank in conducting due diligence

Create consistency amongst banks

• Customers no longer shop around based on the amount of information a bank wants to open an account

Improve customer experience

• By only requiring to provide information once, across multiple financial institutions

Quick, safe, secure

• Blockchain technology allows near real time encrypted updates and the safety and security of having the information decentralized

What are the issues? (The Bad)

Given the huge benefits these could provide, why haven’t they been developed sooner? Well, the devil is in the details. Internally, banks have difficulty in coming to consensus on the due diligence requirements for onboarding customers. When you bring multiple banks into the equation, the complexity of coming to consensus only gets worse. Additionally, there are lots of other considerations that make this venture complicated:

How do you agree to one set of minimum due diligence requirements?

• Every bank has its own policies, procedures, risks, and risk appetites so coming to agreement on a single due diligence standard is not easy. What may be easier is coming to a base minimum standard that everyone can use and build upon. Again, the multiple stakeholders of each participating bank as well as the jurisdictional regulators will need to be satisfied and agree. Not an easy task.  

How do you ensure the accuracy of the data and validate it?

• While accuracy is always important, its importance multiplies when several banking institutions are relying upon it.  

How do you prevent one incorrect piece of information from having far reaching effects on a customer?

• What happens if an incorrect piece of data leads a customer to be rated high risk at all institutions and denied banking services? It’s an extreme example, but one that has severe consequences, including legal ones 

How do you take into account that there may be pieces of information that cannot be shared by banks based on data privacy regulations and concerns?

• This can make creating a minimum standard of due diligence more difficult, especially given regulations like the EU’s General Data Protection Regulation (GDPR) where customer consent of information use is a key tenet 

How will the regulators react to its use?

• Any technology that you rely on as part of a compliance program will be examined by regulators. On a positive note, financial regulators are already showing increased interest in blockchain. Currently, the US Federal Reserve Bank and the European Banking Authority are doing their own research into understanding the technology and the R3 blockchain consortium now includes regulators from the US, Canada, Hong Kong, Singapore, and the UK.  

So What Now? (The Verdict)

Sometimes change is difficult, but often leads to better results down the road. Despite the issues above, the overall benefit to the industry is huge. With the right mix of technology, regulatory acceptance, and banking partners a blockchain-based KYC registry could be transformative for customers and banks. More governments and banks need to step out of their comfort zone to help usher along and participate in these industry changing solutions.