Anti-money laundering (AML) initiatives have been around for several decades, rising to prominence with the establishment of the Financial Action Task Force (FATF) that aimed to create global standards to prevent and fight financial crime, at a time when both the world’s economy, and the risks of financing criminal and terror activity, grew at the turn of the new century.
While there are important benefits to these processes, companies reluctantly put up with increasing costs and complexities to comply, including hiring large compliance teams to manually verify customers’ identities, and ultimately avoid the risk of paying even costlier fines. They are also forced to manage poor user experiences that are negatively impacted by these processes, as customers often have to repeat the same Know-Your-Customer (KYC) exercise in various ways over and over again with each service they onboard.
The extensive compliance requirements to meet these standards are now recognized by companies as barriers to growth as they consume time and resources to onboard the same pool of customers that companies fiercely compete for. Companies also face challenges where customers are reluctant to go through a very personal, complex, and time-consuming onboarding process. After events such as Cambridge Analytica and many others concerning data breaches, people are increasingly skeptical of the commitment of companies to protect their data.
Blockchain – the answer to a streamlined AML process
With blockchain technology, companies can complete KYC/AML processes much quicker, enabling the onboarding of more customers in the same timeframe with less resources. Blockchain allows key regulatory concerns such as the AML risk ratings processes to be automated through the use of smart contracts. As more processes are automated, companies can limit their risk exposure and operate with leaner compliance teams, allowing for significant cost reductions.
A report by Goldman Sachs reveals that the introduction of blockchain technology to KYC procedures in the banking sector alone will enable a considerable reduction in headcount. The level of automation also allows for a reduction in human error — firms with above-average compliance spend on technology solutions are found to be less challenged during their customer acquisition process.
More significantly for customers, blockchain allows for a streamlined and standardized KYC/AML process shared among different organizations. Currently, there is limited standardization of identity proof between financial institutions carrying out KYC checks. Different banks and other companies often require varying pieces of information, such as bills, photos, and other bank statements, to confirm your identity before you can open an account and make a transaction. From there, customers typically need to repeat a somewhat similar but different process with another company.
With blockchain technology brought into the mix, an institution that has completed verification of a new customer can have that information stored on a distributed ledger. That information can be used by other companies to automatically confirm and verify one’s identity through smart contracts, without needing to present more proof and repeating another KYC process again.
Moreover, as the distributed ledger holds a single and immutable source of truth, it ensures that the data entered by the user is what is on the record and avoids duplication of effort in updating customer details with each bank or institution for every personal change of address or mobile number.
The increasingly important trust factor in AML/KYC
Perhaps most significantly, blockchain’s greatest value in AML comes from its ability to address the now prevalent distrust in organisations in handling personal data. Blockchain decentralizes personal data and allows users to prove their identity discretely and securely, while maintaining control of their data.
In information systems today, personal data is collected and stored in centralized locations, such as a repository or database, sitting on servers owned and controlled by institutions entrusted to store and protect the data. This presents considerable privacy risks as centralization creates a single point of failure and a single point of entry. Without permissions, this makes it easy for this data to be exposed by a third party, as in the case of over 500 million Facebook users having their personal details leaked online.