Recently the Central Bank of Sri Lanka (CBSL) published a call for applicants to run a Proof of Concept for a shared Know Your Customer (KYC) platform that will use blockchain.
The Bank says the solution would enable several uses cases, improve efficiency and increase financial inclusion. The announcement emphasized this is a voluntary effort by the financial sector and IT industry. In other words, this is not something being enforced by the central bank. But the IT companies that pitch for the project are being asked to do the PoC without payment. The intellectual property in the Shared KYC design will belong to the bank.
The most obvious benefit of shared KYC is the ability for customers to be quickly on-boarded at their newly chosen banks. During the sign-up process, the drop out rate is often high because of the friction of having to put together all the paperwork. That compares to the potential of a shared KYC where it would just require pressing a button to agree to forward existing information on file. On top of that, there’s the cost to banks of verifying all the documents.
Shared KYC is a concept that is being explored elsewhere. While the benefits are significant, it’s not without some challenges. For example, generally, a bank is legally responsible for its own KYC and breaching Anti Money Laundering (AML) rules. KYC is one of the pillars underpinning AML. One bank performs the KYC, which is then shared. But what if the second bank relies on it, and it turns out to be fraudulent. Who is to blame? And it gets worse if the faulty KYC results in a breach of AML protocols.
Because of this reliance issue, in some countries, a shared KYC is not legally viable. And another challenge is the potential for privacy breaches if insufficient controls are in place.
Four months ago, the Dubai International Financial Centre announced a KYC consortium with Mashreq Bank and technology developer norbloc. The Swedish company estimates that a shared utility could reduce costs by 50-60%. But in a report, Deloitte noted that multiple shared KYC utilities are likely and that has some disadvantages because the data is in a different set of silos.
Centralized versus Decentralized
There are a variety of technical approaches. Some of the solutions involve storing a significant amount of personal information on the blockchain or having one or more off-chain data silos verified via blockchain. Another approach is to use decentralized identities. With this model ideally the customer keeps control of their data but can be issued with a credential that they’ve passed KYC from a particular bank. They can then choose to share that credential. Global identity verification provider Onfido is working with blockchain identity firm uPort and PwC exploring such a solution in the UK.