By Darragh O’Grady and JWG.
This got us thinking about what new identity solutions were out there and we called upon our blockchain guru to offer an opinion. We’re certainly only at the beginning of the identity journey and we don’t have the answer, but there are certainly viable technology innovations which could help in this arena.
While his previous articles explored the basic concepts of crypto-currencies (such as bitcoin) and blockchain technology and how their application could benefit both the regulators and the regulated, this article explores, in more detail, the way in which blockchain technology could be utilised in the ‘Know Your Customer’ (KYC) space.
Increasingly, firms are under pressure from various legislative and regulatory initiatives to provide more robust frameworks to know their counterparty’s identity. Blockchain technology (the technology that underpins digital currencies) may provide an effective, cost-efficient solution to this management challenge.
From a regulatory and compliance perspective, the key consideration is to demonstrate – irrefutably – that an appropriate KYC check was completed or was in place at the time of a given transaction against a particular counterparty, for a specific purpose.
From a process perspective, this can be complex, as KYC information changes and evolves over time due to additional material data being discovered and also as regulatory obligations develop in response to ever-changing political, economic and social circumstances.
The result is multiple complicated processes with many control points – and correspondingly complex systems, resulting in risk of non-compliance, increased operational costs, increased IT costs and lack of business agility.
So, how could blockchain technology alleviate these pain-points?
The basic concept would be to have a token which verifies that certain processes were completed or in effect at a given point in time. The token would be ‘signed’ by one or more trusted authorities – for example, a team or function within an organisation, a regulator or even a KYC utility. The token would state that a given check has been carried out for a given counterparty at a given point in time, and the token would be made available to any systems that are subject to KYC checks.
- This token-based approach is, in essence, a distributed solution which has a number of significant advantages over centralised solutions, specifically:
- Multiple legal entities can efficiently participate in the KYC validation process for a firm
- Checks completed as at a particular point in time are recorded immutably in the blockchain
- Control processes can be reduced to exception-handling only
- Tokens can be readily distributed to multiple systems which have a KYC process dependency, regardless of where they are geographically or legally based
There is no dependency on any one database or service provider.
Some early examples of what is possible can be seen via the types of projects coming out of innovative blockchain-based solutions, such as OneName.io, which aims to provide a globally recognised and trusted digital identity for anyone who signs up to it. OneName uses Namecoin as its underlying blockchain, and is based on an enhanced version of the Bitcoin protocol used for bitcoin.
The OneName setup process is quite straightforward: registering on the platform is easy, but there is no real ‘identity’ guarantee provided by default, as there is no verification of the basic information you provide.
However, OneName does allow you to authenticate against well-known (‘trusted’) identity authorities, such as Facebook or Twitter (initially), and it records this in the OneName blockchain. In doing so, it can prove that your OneName identity is irrefutably associated with those identity authorities.
The process is unique because it does not rely on a single ‘authority server’ to validate names, but can instead rely on the Namecoin blockchain as a trusted source of ‘proof of process’.
Regardless of the underlying infrastructure, such a solution would require the industry and regulators to come together to form a governing body and approve a set of standards, along with the roles of the various participants in the identity management process. See our thinking on the Goldilocks paradox presented by this requirement here.