Can blockchain win the fight against money laundering?
When criminals make money – whether from selling guns or drugs, or just from good, old-fashioned robbery – they’re faced with a problem: how can they spend this money in the legitimate economy without people (and especially the police and tax authorities) wondering where they got it from? The general answer to their quandary is that the money they have made needs to be ‘laundered’. This means setting up some apparently legitimate business to which the criminals can attribute what are in fact the proceeds of their illegal activities.
A famous example of money laundering comes from the hit TV show Breaking Bad. As he grows rich from the crystal meth business he has established, the protagonist, Walter White, wonders how he will spend his new wealth without people becoming suspicious as to where it came from – given his modest job as a schoolteacher. His solution is to set up a carwash business – an enterprise with the hypothetical ability to generate substantial profits, and to which he can plausibly put down the proceeds of his drug dealing.
Sometimes, criminals simply use their ill-gotten gains to buy fast cars and luxury villas – but frequently, they also use the money they make to finance terrorism. And for financial firms, the work needed to ensure that new customers are legitimate enterprises – and not fronts for crime, and potential funders of terrorism – is a major and growing expense.
So-called ‘Know Your Customer’ (KYC) procedures mean that in order to be seen to have undertaken due diligence, banks must verify a range of primary documentation from prospective customers. And while many outsourcing options exist to assist with this work, the risks associated with any error means that financial institutions’ own onboarding teams must still make a major outlay of time to ensure that all vetting procedures have been followed to the letter. Typically, the KYC process takes from four to seven weeks to properly complete.
And KYC is not just a challenge for individual financial institutions: it’s a major drag on the industry as a whole. In 2014, financial firms spent some $10bn globally on efforts to comply with standards for the prevention of money laundering and the financing of terrorism.
Since there’s no reason to expect that the scale of this challenge will diminish in years to come, there have been growing calls for technology to provide a step change in the way anti-money
laundering (AML) and anti-terrorism compliance is undertaken. And the name of the technology that is on the lips of many? Blockchain.
A silver bullet, or just another hammer?
We’d best mention at this stage that of late, blockchain has found itself billed as the solution to everything from global financial crises to the common cold. But then again, we do know that this nascent technology has vast power, and that this is only just beginning to be harnessed. So when it comes to KYC and detecting would-be money launderers, is blockchain a silver bullet, or just an over-optimistic hammer that thinks every problem is a nail?
The first challenge we face is that while everyone loves to talk about blockchain, few yet understand quite what it is. Luckily, for the purposes of this discussion, we can content ourselves with a broad understanding of what it does, leaving the nuts and bolts to another day.
Blockchain is a shared system that allows transactions to take place in a totally transparent way between people who do not know each other. The ability of everyone concerned to observe each stage of the process massively reduces the scope for shady dealings of all kinds – while the fact that no central mediator is required to oversee the process reduces its cost, increases its speed, and removes a key point of vulnerability.
The possibilities of blockchain rode to prominence on the back of cryptocurrencies such as Bitcoin, which have lately been attracting investors with promises of breakneck growth. But of late, innovators in finance have been taking the same technology and applying it to other promising realms, including digital contracts and identity management. The transfer of assets – from cash to securities to commodities – from one institution to another is a field of particular interest for blockchain innovators; the ability for multiple institutions to consult a single shared ledger, rather than endlessly shifting data from one ledger to the next, is enormously attractive.
So, while the precise capabilities of blockchain are as yet unproven, there seems to be be reasonable grounds for believing that its ongoing effects will be very substantial indeed.
KYC & blockchain
In some quarters there is talk of a “blockchain for payments” use-case, in which long-serving but sluggish messaging platforms like SWIFT are replaced with the likes of RIPPLE, which is capable of dealing not just with messaging but also with settlement. But though we’ve seen significant forward steps with blockchain-based distributed ledger systems on the payment and securities settlement front, KYC and AML are, for now, only just beginning to break ground.
It’s important to observe that KYC processes involve the passing of identity-related information through a non-linear chain involving several parties. This complexity explains the often glacial progress of change in this realm, but also reminds us that if the innate benefits of blockchain’s immutable shared ledger of transactions could be realised in this space, there could be the possibility of a ‘golden source’ of data, verified by multiple parties, containing far fewer errors than has hitherto been the case, and thus greatly reducing time spent on reconciliation. It won’t be easy, but blockchain could be truly transformational in the KYC space.
Just think: in profound contrast to the days or weeks it currently takes information to filter through, blockchain could let encrypted secure updates to client data be made available to financial institutions virtually as those updates are generated. But much more than that, the KYC ledger would furnish those institutions with a complete chronological record of all information that had been shared in the past, and of compliance procedures followed by each client. All this would form the backbone of the information that banks and other financial institutions must provide to regulatory bodies.
2014 saw the launch of the SWIFT KYC Registry, in which more than 2000 banks have already enrolled, together to date communicating some 1.3 million bilateral correspondent relationships across the industry. But the registry does not use blockchain: nor, for that matter, does its major rival, KYC.com. Of course, this could change in time; it’s possible that we will see these registries come to use blockchain in the form of information-supplying parties – from tax authorities to police forces – directly updating information within their respective fields of knowledge. But questions remain as to how these bodies would validate the informational changes they perform.
This, then, is the point at which we are reminded that no matter the transformational quality of new technologies such as blockchain, they must always be paired with good, old-fashioned best practice. In this case that first of all means ensuring that all parties performing data updates are highly trusted. Second, an international legal entity identifier must be in place to ensure that each contributing body only updates those records to which it is a proper contributor. Potentially, we must also consider the possibility of a two-tier system, with some parties able to update a blockchain ledger, while others can only read it.
Digital Signatures: the key to Digital Identity
Digital Identity and Digital Signatures are key aspects of KYC. Having once had their documentation verified, a corporate can have a Digital Identity assigned to it: this can then act in the manner of a passport, allowing the organization to access financial services with minimal additional paperwork. Moving forward, the Identity could be used to access a rich sweet of information about a given customer: from addresses to director’s details, and PEPs to account data, all of which could be used in the course of AML and transaction monitoring, in so doing increasing their accuracy and lowering the likelihood of tripping up on false positives. Going one step further, when financial institutions do identify fraud, details of this could be quickly shared with all other connected bodies, thus halting criminals in their tracks.
We must acknowledge at this stage that Digital Signature and Digital Identification systems not based on blockchain have already been brought to market for applications including signing contracts, insurance sales, and filing taxes. But these limited Digital Signatures, while of course welcome, only scrape the surface of the scope of the Digital Identity verification that could be achieved via blockchain.
Taking a holistic approach to digital identity, and realising this via blockchain, can deliver a whole package of profound benefits. These include:
Customer experience being dramatically enhanced thanks to the need only to submit documentation once. The benefits of this are compounded by much increased security leading to far lower incidence of theft and a marked drop in false positives. And as time goes on, there is scope of major synergies with other industries.
Costs for financial institutions being dramatically cut, thanks to sharing of resources and the consequent need not to check customers that have already built a digital identity.
Near-real time updates to KYC documentation and information about fraudulent activities, meaning major increases in security.
Transformed regulatory transparency, thanks to the complete and immutably audit trails provided by blockchain.
Some thoughts on Ultimate Beneficial Owners
An Ultimate Beneficial Owner (UBO) is the natural person or persons who possess ultimate control over a customer entity, as well as or in addition to the person who a transaction is conducted on behalf of. From banks’ point of view, anyone with a holding of greater than 25% can typically be considered a UBO. The challenge faced in keeping track of this data is, of course, that as shares in a given entity are bought and sold, who is and isn’t a UBO can change from one day to the next. Direct and indirect ownership present a further challenge: in a bid to avoid reaching the 25% threshold, interested parties will sometimes break up their investments into smaller parts.
While blockchain does not automatically overcome the problem of determining who is a UBO at any given moment, by keeping the most up-to-date data at the fingertips of all institutions at all times, it does make it dramatically easier for them to control and coordinate their efforts to determine what the real interests of a given party are at any moment in time.
Much more than being merely about the sharing of data, blockchain is, in essence, about the pooling and sharing of control. It is in its ability to combine this with anonymity and security that
its power lies. For some, this seems too good to be true – a paradox, even. For others, blockchain is just the latest fad to roll by. And yet, while radical, blockchain is also a logical and considered response to technological and business challenges we have long faced. How can we immutably replicate data across a shared ledger? Well, this is how.
KYC is a field of immense risk for financial institutions, and accordingly an area into which they are prepared to make major investments. Each bank and each fintech is a unique entity with ways of operating that only it itself can fully understand. Will blockchain come to act as a means for multiple parties to add their ‘rubber stamps’ to a central KYC ‘registry of validations’? Or will we see ‘private’ blockchains, where only corporates can update their data? Perhaps we will end up with ‘hybrid’ solutions, where corporates cooperate with other agencies, governmental and otherwise, to share data in real time. Or perhaps the reality will be some combination of all these, and/or other possibilities that are still hard for us to fully understand.
As with all things that relate to extremely dynamic technologies, it is too early for us to say for sure. What we can be confident of is that every party to the transactions we have been discussing here has already gotten a taste for the potential change that could be unleashed by blockchain-based technologies. Whatever the precise details of how we move forward from here, that’s a genie that’s now been released, and can henceforth never be put back in its bottle.