Solving the KYC dilemma with Web 3

The Metaverse. NFTs. Digital assets.

These are examples of products enabled by Web 3 technology. Adoption of Web 3 has been underpinned by a wave of digital finance, opening doors to a world of intelligent, data-driven, and efficient products and services. This, however, is a double-edged sword, as digital and Web 3 have increased the amount of data that financial institutions deal with and the cost of doing so.

Data can be key to a firm’s success, but it can also be its downfall. Firms must comply with several regulations on data management and reporting. Know Your Customer, or KYC, is mandatory regulation to prevent financial crime and money laundering. In 2021, the FCA handed down penalties against NatWest Group, Credit Suisse AG, and HSBC, to name a few contributing £672m in fines, a three-fold increase from 2020¹. KYC compliance has only increased in importance as fines continue to skyrocket. Yet, current KYC processes are inefficient, costly, and prone to error.

Distributed ledger technology (DLT) is a Web 3 technology that has great potential to optimise KYC. In this article, we will unpack issues in KYC today for retail and corporate banks, evaluate the application of DLT, and explore the future of KYC.

Why is Know Your Customer (KYC) important?

KYC is a set of standards that financial institutions follow to verify the identity and evaluate the risk profile of their customers. Effective KYC processes are essential with increasingly stringent requirements being introduced.

While digital KYC solutions have helped to improve the process for retail customers, typical KYC processes for corporates have remained costly, inefficient, and often deliver a poor experience. Several challenges around data management, quality, and security exist today:

• Onboarding & Customer Verification
  • Repetitive and manual process - every new bank must request the same documentation from a customer who wishes to bank with them, eroding the experience
• Data Collation
  • Time consuming and costly especially for corporates with additional documentation and checks required - it could take up to 6 weeks for a corporate customer to be onbarded
• Ongoing Due Diligence
  • Cumbersome and inefficient processes to re-verify customer, in particular for corporate customers as data is manually updated/refreshed and therefore prone to errors

DLT has the potential to mitigate challenges in KYC compliance and unlock new value across the lifecycle.

How can distributed ledger technology (DLT) unlock value and simplify KYC?

DLT in KYC can simplify onboarding and due diligence processes, providing greater transparency and data security, reduce onboarding times, and improve the experience for end customers.

DLT can unlock value across the end-to-end KYC process in several ways:

1) Onboarding and customer verification

Customer onboarding is manual, costly, and time consuming. Banks need to collect personally identifiable information (PII) from customers through documentation such as a driving license, passport, or national ID. For corporates, who are often multi-banked, this process is repeated with every new bank, costing time for the customer, and money for the bank.

With DLT, the verification process would only happen once. A corporate customer who is multi-banked could complete the verification process with a nominated utility bank. This utility bank would obtain the necessary documents, conduct the required KYC checks and generate a smart contract — a verified digital identity – onto a shared DLT platform. The customer may grant access to any new bank they transact with when they are requested for KYC data. This eliminates the need for repetitive requests for documentation, enabling a more seamless experience with faster time-to-onboard. The aggregate cost of KYC compliance would significantly reduce as the burden can be shared proportionally among participating institutions, whereby each digital identity query would cost a certain amount.

The concept of an independent utility bank was introduced in 2014 by SWIFT in several markets globally in an effort to resolve issues faced in customer onboarding. While DLT makes the case for this more viable, challenges remain around liability – in cases of identity fraud, should the utility bank be liable in instances where KYC checks were incorrectly assessed, or should it be the responsibility of participating banks using that verification? Questions remain, even in a world with DLT in the picture.

2) Data collation

Identity data required for KYC checks is sensitive, and requires stringent protocols to mitigate the risk of data breaches and cyber attacks. In addition, the sheer volume of data required, in particular for corporates, adds a layer of complexity. Corporate clients need to provide additional data depending on the business – such as limited partnership agreement documentation, notarised articles of association, etc. – which can be tedious and challenging to source at pace.

With a centralised DLT platform, banks can query relevant data on demand from a single source, so long as the customer has given them access. In addition, regulators and customers are reassured that data is safe on a shared ledger that is cryptographically encrypted. If a customer needs to update any particulars, they can update their digital identity and request the utility bank re-issue a verified smart contract. Even in this instance, there is no need for every single bank to redo KYC checks – once re-verified by the utility bank, participating banks can query the digital identity of the customer.

3) Ongoing due diligence

KYC is not one and done – a customer’s risk profile and personal particulars should be evaluated routinely. However, existing capabilities are unable to support ongoing monitoring of this nature effectively. The panacea for ongoing KYC is to move away from periodic reviews and towards a data-led process based on changes to customer data.

A centralised DLT platform, paired with a digitally verified identity token, enables any updates to personal data to be centralised. If a customer needs to update their data, they can do so through the platform directly, with the utility bank re-verifying the customer’s identity thereafter. The benefit to participating banks is the ability to refer to up-to-date customer data verified by the utility bank to refresh customer risk ratings routinely without the need to complete the end-to-end KYC process, as done today.

Beyond DLT

Looking beyond DLT, there are various other innovations that have gained interest in the industry. One example is zero-knowledge proofs (ZKP). ZKP allows one party to prove the veracity of a piece of information to another party without disclosing the underlying PII. ZKP is nascent in theory and application and would require a huge shift in the way the industry operates today. Nevertheless, its future potential in further optimising KYC compliance should not be underestimated as a fast follower to DLT.

To find out more about how Web 3 can transform KYC compliance, please get in touch with Sanjana Sankaran.

¹UK anti-money laundering fines hit record as watchdog seeks criminal convictions | S&P Global Market Intelligence (spglobal.com)