According to a report that was recently released by P.A.ID Strategies, many exchanges -- 25 prominent cryptocurrency exchanges in Europe and North America do not perform customer verification satisfactorily with 68% of those exchanges allowing users to trade cryptocurrency without any form of formal identification, KYC or other checks.
The report said exchanges need to "rise above the sometimes-dubious reputation of cryptocurrency’s past and be seen as model citizens of the economy if they want to gain the same trust as the wider, traditional financial services." One way blockchain-based applications are doing so is through blockchain-based KYC and AML verification.
Currently, if users want to participate in many of the blockchain projects today, they will be required to follow certain KYC and AML requirements. These requirements fall under the category of personal identification where a user may be required to submit documents such as passport, birth certificate, social security card, or driver’s license, information which proves their identity before using the services.
In other cases, some crypto services such as exchange choose to exclude customers where rigorous checks and verification procedures or other regulatory compliance are required. They may favor "crypto-friendly" jurisdictions instead.
Regulatory-wise, in addition to the many countries where AML verification may be required, the Financial Action Task Force (FATF) an inter-governmental body established in 1989 by the Ministers of its Member jurisdictions announced the new Financial Action Task Force (FATF) guidelines that govern AML and CFT activities would come to effect this June.
The regulations advise countries to ensure "VASPs [virtual asset service providers] are subject to adequate regulation and supervision or monitoring for AML/CFT" and that that they are "effectively implementing the relevant FATF Recommendations, to mitigate money laundering and terrorist financing risks emerging from virtual assets. VASPs should be subject to effective systems for monitoring and ensuring compliance with national AML/CFT requirements."
Traditional KYC procedures include ID verification where the paper or digital documents are submitted in the form of scanned copies or photos, which can then be compared with databases (internal, state or general, for example, with databases of credit histories). The second element of the procedure is a client identification program (CIP) where documents are verified against state and corporate blacklists. It may be verification of documents, a scan of fingerprints or scan of faces. The third aspect is video identification where video calling tools are utilized to verify users and these can be Skype, Viber, or Google Hangouts or other video calling tools.
In a traditional setting, data and information used for verification are not only existing in diverse platforms but there is also a possibility for alteration and hence no single version of the truth. It takes time for verifiers to find the information and in many cases, manual work is involved. These systems then turn out as very expensive and can be easily compromised via hacking and because the data is on centralized servers, it is likely to be lost easily in case of an eventuality to the server.
That's why blockchain-based identification and verification systems for KYC and AML are desirable. Blockchain technology allows one to collect information and data from many service providers into a single cryptographically secure and unchanging database where a third party would not be needed to verify and that the distributed nature allows users to share a single version of the truth and store their personal information securely and locally on their devices.
In terms of KYC and AML verifications, each user does not need to undergo verification several times each time for a different service. No. A single verification will be used by anyone else wanting to do verification for that user on the system. Other organizations will not access the data but sort of a digital identification card or tag that certifies that the user has completed the KYC or AML procedures.
For instance, if bank A is doing KYC verification for user A and the bank confirms that the user has passed its KYC requirements, it can then enter data about the user into the blockchain that it uses and other banks and organizations can have access to the result of said verification at the permission of the user. The power of consent comes in to prevent abuse of data and information as happens in many centralized data storage systems. Plus it increases trust that the data is secure.
In short, the blockchain can help institutions save money (for instance with decentralized storage, vast systems do not have to incur high costs for storage on centralized servers), increase the security of personal data, enable distributed data storage and hence remove or reduce the chances of personal data misuse, and finally, it can also enable true immutability of data and the sharing of a single version of the truth in that respect for all participants in a network. Automation will also reduce the costs of the process by reducing manual procedures. The other advantage is standardization of verification procedures.
Reducing friction during customer onboarding can reduce the average drop off in conversion rates, but also focusing solely on conversions often means reducing friction during account creation process but may later lead to problems due to lower levels of assurance and fraud detection because more bad actors get onboard.
Dapps benefit from a simple customer onboarding process and their customers save on on-boarding costs.
Advantages of using blockchain-based verifying platforms to verifiers
The verifiers, in this case, are cryptocurrency exchanges, platforms, and companies that need to verify users before those users can start using the systems. Mostly due to regulatory requirements. Know Your Customer (KYC), Anti-Money Laundering (AML), and Combating the Financing of Terrorism (CFT) are examples of procedures established to verify users. Many require KYC because they are doing Security Tokens or need to work with banks and other institutions that require such verification.
KYC involves the collection and verification of a customer's means of identification including government-issued identity cards, phone numbers, a physical address, an email address, and a utility bill, among others.
Anti-Money Laundering -- These requirements are meant to prevent illegal activities including tax evasion, market manipulation, public fund misappropriation, trade of illicit goods and other activities.
Combating the Financing of Terrorism (CFT) - These procedures are done by organizations and help them or in investigating, dissecting, discouraging and blocking sources of funding illegal activities.
For verifiers, different companies use different procedures. Some have teams dedicated to verification, others use third-party verification technologies or in-house technologies for verification.
Different crypto exchanges, services, etc use different methods of verification. For instance, Coinbase, which requires KYC, uses Jumio’s digital identity solution, Net-verify, and is also building the Coinbase Trade Surveillance Program. Gemini utilizes Nasdaq's Nasdaq's SMARTS Market Surveillance technology. This technology tracks market manipulations and fraudulent trades.
Bitstamp uses Onfido, a digital identity verification provider and has also integrated its services with Cinnober's crypto trading system, which claims to be built for regulatory compliance.
NYSE, the London Stock Exchange, Euronext, and the Johannesburg Stock Exchange also use Cinnober. Bitfinex uses Irisium’s market surveillance technology to detect fraudulent behavior on its exchange. It requires verification of phone numbers, a residential address, two forms of a government-issued ID and a bank statement for a user to deposit and trade fiat currencies. Bittrex requires ID verification for a user to deposit, trade or withdraw cryptocurrencies.
Kraken uses five tiers of verification (tier 0 to 4) requirements depending on how the particular customer intends to use the exchange.
So what blockchain-based KYC and customer verification platforms or tools do we have?
Abu Dhabi Global Market (ADGM) E-KYC
UAE-based Abu Dhabi Global Market (ADGM) last year December announced the completion of the first phase of their electronic-Know-Your-Customer (e-KYC) utility project. The Financial Services Regulatory Authority (FSRA) of ADGM partnered with KPMG as their project advisor. Also involved in the development was a consortium of UAE's influential financial institutions including Abu Dhabi Commercial Bank, Abu Dhabi Islamic Bank, Al Ansari Exchange, Al Fardan Exchange, First Abu Dhabi Bank, and UAE Exchange.
They developed a Proof-of-Concept (PoC) to test operational and technological models of the project's projected utility and a governance framework and business model on which e-KYC utility can operate on an inclusive and sustainable basis.
Like other blockchain KYC platforms, it delivers cost savings on operations and cost efficiencies and financial inclusion driven by unified KYC standards. This is in addition to enhancing KYC checks across the industry.
It can help consortium members to share and validate simulated KYC documentation and data updates about clients, and in a secure environment on the blockchain. It can also be used to assure data quality and compliance standards with respect to applicable KYC requirements. ADGM wrote that the platform could empower individual clients to decide how their personal data is shared in the utility and those clear guidelines would have to be identified for any member qualified as a contributor of KYC records or information to the utility.
According to there, a commercial model of the platform would operate on the basis of incentive fees offered to data contributors; sharing of success fees with the operator of the KYC utility; and charging fees on data consumers. This would render it sustainable. According to ADGM, an ownership structure that assures safe custody of customer information and operates on a non-profit mandate would foster trust across stakeholder group.
BlockID attaches the wallet to personal profile as the user's unique identifier and users do not need usernames and passwords to login into apps. BlockID has anti-money laundering (AML) process already integrated. They also have partnered with Intrum and IDnow for Know Your Customer process.
For this app, user clients will not need to do their own separate on-boarding but instead, BlockID will do it and share the results with all of their supported Dapps or apps. Partner dapps will, therefore, be able to access the whitelists of all verified users. The user will, however, still be able to determine which apps should use their data and which should not.
When a customer wants to use an app that requires verification procedures, he or she will go through KYC and AML with that particular app. When her documents are checked by that client and she is verified and found to comply, the verification is added to the global whitelist and she can use the verification to login in any particular dapp that requires verification. In this latter case, the user will only need to login in and select what information they would like to share with the other dapps. This takes time and fewer procedures and helps to avoid duplication of identity data.
For customers, this would mean their data would be stored locally. With the previously mentioned app, users will also be able to share and revoke that data sharing permission at any time with a particular user.
Cambridge Blockchain lets financial institutions meet data privacy rules, eliminate redundant identity compliance checks and to improve customer experience. With this KYC solution, customers whether service providers who offer services to customers or trusted parties and personal data services can check the user's identity. Service providers can do so by executing an independent validation of user identity data.
A trusted third party will verify user information when a service provider wants to acquire data from a customer. Trusted parties such as tax authorities can verify an individual's annual income based on a tax return. A person's information on this blockchain is stored on the Personal Data Service (PDS) and maintained by IDBridge, all with security, and access to a platform and users of the platform can transact, utilize services, create attestations, conduct validations and more.
It also features smart contracts to manage agreements between buyers and sellers; an SDK through IDBridge through which people can build native, web and hybrid mobile apps for iOS and Android. This includes mobile applications. It also features a trust layer that acts as a link between emerging distributed application technology and the centralized view of regulators and compliance teams.
The platform allows users to control their personal data and generate an identity that can be used across different platforms to access many different services. Some of the company's current partner investors include: PayPal, Partech, the Omidyah Network, HCM, and Future\Perfect ventures.
IBM Shared Corporate Know Your Customer (KYC), LedgerConnect
According to IBM, traditionally, doing KYC compliance is costly and time-consuming. IBM says that the blockchain provides possibilities such as increasing the ability of the customer to share information with whomever they want. They also do not have to get involved in complex processes of sharing information such to remember and save every information they need to share with companies etc.
IBM, Deutsche Bank, HSBC, the Mitsubishi UFJ financial group (MUFG) and the Treasuries of Cargill collaborated on this project in order to provide an efficient, safe and decentralized mechanism for collecting, checking, storing, updating KYC data and sharing them. The information and documents are secured with encryption. The project looked at harmonization standards for collecting and validating documents and information for all participants; eliminate reputation; creating a shared economy environment; digitization of corporate KYC information; and increasing of transparency and trust using technology.
The Proof of Concept blockchain-based shared KYC platform would be used by banks to enhance their customer experiences They would use it to automate processes and digitize them, hence avoiding possibilities of duplication of services. Alongside this, harmonizing and sharing of services would lead to operational cost saving and reduced operational risks. Other benefits would be reduced paperwork since KYC would be done once and shared with relevant financial institutions through user-controlled consent model.
Another benefit would be transparency, as well as assisting governance, risk, and compliance across organizations. Banks and other organizations would also need to be regularly certified. The blockchain platform would help banks to keep up with growth and current technological changes.
IBM's LedgerConnect, whose partnership was announced last year, brings together companies to deploy, share, and use blockchain-based services such as dApps and services hosted on the network, which would reduce the cost of adoption and make easier to access and deploy blockchain. The platform would offer to Know Your Customer (KYC) processes, sanctions screening, collateral management, sanctions screening, derivatives post-trade processing and reconciliation and market data. For instance, there would be third-parties to provide services in one or more of these areas.
The cost would definitely be reduced because companies do not have to develop their own apps and ecosystems and there would be increased interoperability costs and complexity. Some of the participating banks include Barclays and Citi. A number of vendors including Baton Systems, Calypso, Copp Clark, IBM, MPhasis, OpenRisk, SynSwap, and Persistent Systems were selected to provide services on the platform.
From its at its website, LedgerConnect now comprises of a diverse community including banks, non-banks, corporate, funds, non-bank financial institutions, vendors, settlement members, and third parties who provide their services to these institutions.
The platform is based on IBM's private permissioned network based on the IBM blockchain platform and hyperledger fabric technology. It is available across all asset classes. Support for additional ledger would be offered based on market demand and development.
The Jumio app can also be used as an end-to-end identity verification and authentication solution in customer on-boarding processes. This AI-powered, trusted identity as a service will connect to your product, app, or service in order to verify your customer's real-world identities using a simple ID scan and real-time selfie while improving customer experience.
Because of this, you, or your company, will be able to comply with AML, KYC, GDPR and PSD2 regulations and replace the outdated KBA and 2FA methods with a simple one that involves only taking a selfie. Through automated verification processes, clients are able to avoid overhead costs associated with verification. Good experience during on-boarding is achieved after connecting your services through SDK & APIS that work across all devices including desktop, mobile and web.
And after on-boarding, it will help to continue screening and verifying existing accounts. In addition to using AI, it uses biometrics, vision technology, and latest technologies to capture error-proof images, catch fake IDs, and verify new and existing users with their information.
It can help identify if a government-issued ID is authentic or if it has been manipulated ( including the manipulation of ID images, the content of the ID, the replacement of face photos, names, addresses, dates of birth, etc). It also screens customers against comprehensive real-time global coverage of sanctions, watchlists, PEPs and adverse media. Overall, what this does is screen the submitted customer information and image against the information in certain databases to do comparison (including OFAC, HMT, UN and thousands of other watchlists).
In addition to being used for automated customer on-boarding and ongoing monitoring of existing customers, this tool can be used for ad hoc searching, enhanced due diligence and case management and other use cases.
For instance, after verification, it can be utilized in the preventing account takeover and online fraud for instance because login and account information changing procedures are more secured.
It currently has iOS, Android, API, SDK, webcams and SMS implementations.
KYC-Legal also enables customer on-boarding with KYC verification so users with it, users can register to any service requiring such procedures, easily and with quick compliance. Users can do verification much easier through document verification through a mobile application including physical verification and identification of their documents by a KYC.Legal agent.
In the latter the person going to physically verify another person's data doesn't have to be an agent specifically employed by or from the company offices: anyone can become such an agent for some payment in the same manner in which Uber sources drivers for commission for every client who registers. The work of this kind of an agent is to verify that the person exists and that the documents indeed belong to him or her. The agents will be able to receive and process orders from clients who are nearest from them using the Android app and can then proceed to do the verification and receive rewards for that verification.
According to them, the process takes no more than 45 minutes.
KYC-Legal can be used by Exchanges, crypto exchanges, brokerage offices, banks, funds, online loans, etc can use the app to verify user data. Other use cases will include the online ordering of prescription medicines where sellers can use its platform to approve of a user's age and other details.
Apart from these kind of services requiring KYC verification when on-boarding customers, it can also be utilized for self-sovereign identity which is independent. This is great for those use cases in which there is no relevant app or dapp that requires users to do independent verification. GID will check this information against databases for purposes of verification.
Verification is done by the user uploading their documents and photos. It is also done via video verification where the user will receive a random code that he or she must pronounce on the video instead of writing data on the application. The code is used in verifying the use.
The app works on both iOS and Android.
KPMG Blockchain KYC Utility
KPMG in Singapore collaborated with Bluzelle Networks and a consortium of three banks (HSBC, OCBC, and Mitsubishi UFJ Financial Group) as well as the Singaporean regulator, Info-comm Media Development Authority, to develop a proof-of-concept KYC utility on blockchain. The prototype passed Monetary Authority of Singapore's test scenarios. It demonstrated that such a solution could deliver 25-50 percent in cost savings by reducing duplication and providing clear audit trail. This is in addition to achieving increased stability, efficiency and security.
KPMG wrote that blockchain-based utility can help banks to reduce burden of time and cost associated with gathering customer information. When used in combination with other technologies, it can deliver these benefits together with providing greater visibility to regulators and better customer experience.
According to KPMG, a blockchain-based KYC utility can be created at one of the three different levels: within a large financial conglomerate, nationally, and internationally. Other areas such as KYC data quality and requirements, privacy regulations, customer permissions, due diligence, and market competition would need further investigations according to KP
KYC-Chain and Self-Key
KYC-Chain is a B2B end-to-end application for streamlining client on-boarding and which allows managing KYC processes (for both individuals and corporate). With it, companies can rid in-house development for verification and compliance systems and instead focus on core aspects of business.
KYC-Chain allows automating of the screening and verification processes and allows organizations to meet regulatory requirements with no impact on time to market. It features an API through which organizations can integrate KYC-Chain into their existing system. The template-based KYC system allows clients to adapt to changes in business and regulatory climate with just a few clicks. With KYC-Chain, organizations can handle requirements of corporate and individual customers as well with each of the individual and corporate processes set up and managed by the company's compliance officers.
The platform performs identity verification of documents through algorithmic validity checks of each unique identity card, with coverage for all countries in the world. It also provides sanctions screening for individuals and corporate, sanctions screening for politically-exposed persons and terrorist lists.
Companies can automatically extract data from identity documents to ensure they collect high quality and consistence information. Biometric Scoring helps companies to prevent misuse of documents since they can compare identity document photos to a selfie to provide a likeness correlation score. Companies also get to tap into the 80+ company registry databases which contains business registration number, incorporation date, activity status, director lists, and more.
Self-Key, which works like Civic, is partnering with KYC-Chain and other third parties like crypto exchanges, fintech startups, Dapps, or token sales, who want to on-board clients within a compliance and regulatory environment adhering to KYC/AML/CTF standards.
With SelfKey, those wanting to onboard customers and get more clients can list their products on the SelfKey marketplace and gain direct exposure to SelfKey Wallet users who are interested in their offerings. Remember SelfKey is sought of a self-sovereign tool that helps users do more such as register businesses abroad by taking advantage of the platform's legal procedures and even trade on the marketplace. The will also soon allow bank account opening within the wallet and other services as well.
Papersoft is an ID verification platform that can be used to easily register and identify customers as well as for document capture and KYC and compliance by agent networks who are doing on-boarding. It utilizes biometric capabilities, document capture and validation, and meet increasing needs for KYC and compliance.
It automates the customer identity process of in real-time for seamless on-boarding but also to reduce paperwork. Bimetric processes help to identify customers in real-time using signatures, facial and fingertip recognition. It prevents against fraudulent documents, non-compliant IDs, prevent agent fraud with re-submission alerts for non-conforming transactions and approval workflows. Clients can also be able to keep up with changing regulatory landscape in emerging markets.
Companies are able to configure automatic customer due-diligence or price simulation and service activation. Using in-built automatic validation rules, this tool or app can be used to capture and validate IDs.
Like many other on-boarding tools with support for KYC and other verification procedures, it helps to reduce risks related to customer on-boarding and recruiting, etc. For instance, for on-boarding, Papersoft can be used to open a compliant bank account in 2 minutes in places such as Democratic Republic of Congo.
An example is the use of the solution by a DRC Congo-based financial institution called Pro-credit to promote financial inclusion and educate the population on the need for using a bank account. The app runs on mobile environment and integrates with core banking system. It registers customer data and validates compliance and regulatory rules and eliminates errors associated with back-office tasks.
Sumsub is targeted to Cryptocurrency exchanges, ICO, cryptocurrency funds, cryptocurrency wallets, money transfers, online creditors, marketplaces, and digital banking customers to determine authenticity of their clients including investor documents.
It compares photos in the document with user profiles including selfies and determines user's age and national origin used database document and information.
Uport.me works as a self-sovereign wallet allowing users to register their data information on the blockchain and to store it locally. Such information can be exchanged or utilized to sign into dapps, modern web applications, and transaction signing on Ethereum blockchain. Companies, startups, dapps and apps can also request and verify claims about their users to interact with their digital identity. The identity data can be utilized across web 2.0 and 3.0.
Their protocols can be utilized by decentralized apps on blockchain for purposes of on-boarding new users to dApps. To complete the on-boarding, the user on your dApp will not first need to download a wallet, learn blockchain and crypto concepts, buy Ethereum and then return to the dApp. Thus it encourages simple and frictionless on-boarding. Developers can use uport to ask for consent and request identity datum.
Customers use uPort to build verified data such as names or their verification by third parties, and every interaction, request, response and transaction performed by the user will help improve value of their identity at uPort and connecting apps.
Customers can also be used to sign a verification on behalf of someone they know, asked of their Ethereum account, asked to sign a transaction. The app can help with customer on-boarding risk management, authenticating of user's actions, and to build relationship with the users. It can be used by various kinds of dapps including those with support for smart contracts.
Developers can use uPort Manager to identify their apps to their users. Once a user interacts for the first time with the developer's app, the app is added as a Connection within the user's mobile app uPort and which creates a place for the user to find information that the app is shared with the user.
App Manager allows the issuing of Verifiable Credentials to users of a given app which means they can use email addresses, Github username, or other aspects of interaction with the app such as average account balance and number of transactions to attest to facts about a user. This identity can be shared by the user with other apps and Dapps needing user verification at uPort.