There are numerous projects, past and present, that have attempted to build centralized KYC (Know Your Customer) solutions. The imminent death of Bloomberg’s Entity Exchange platform due to lack of uptake is the latest confirmation of this fact. Generally these fall into one of several categories:
1. The silo model where a company intends to create a central repository that they own and monetize is the most problematic.
2. The mutualization model where a consortia of companies intend to create a central repository that they share, it seems a better idea at first, but it is not since the data can be used here as well.
The sharing model where a group of companies agree on standards to exchange information on request seems like an even better idea. But it also stinks for all the same reason.
- Is privacy the new customer experience grail?
- Keeping your head in the cloud, but your feet on the ground
- How VR and eye-tracking can help you understand your customers
Serious faults with centralized KYC
Every centralized KYC project has serious faults that are the same in every FATF jurisdiction, which is everywhere and anywhere you want to transact. These critical problems have proven so far to be insurmountable.
First, a centralized KYC repository is a great hacker target. Ironically, the purpose of KYC was to secure the data and minimise any possibility of identity theft. All the while allowing each financial institutions to pull the data on a person anytime they want. However, history says different words, it has proven that if the repository is desirable to hack, it will be hacked.
This simply means that holding a centralized KYC repository is a huge reputational and civil liability risk. Institutions should lose the fallacy that they are trusted and should own and manage everyone’s KYC. Trust in banks and bankers is at an all-time low and declining. And Equifax has proven that companies don’t care about customer data nearly as much as they should. They care about profit.
Second, recent legislation, such as GDPR, has significantly increased the risk of holding such large pools of personal information. Centralized repositories are quite expensive to assemble as each individual must explicitly consent and agree to participate. The economics of the penalties for negligence or failure to comply have increased dramatically and make an unattractive business even less interesting from a risk/reward standpoint.
Third, the political and economic haggling between regulated institutions is impossible to overcome. There is the issue of exposing customer data among competitors. Companies have sold data before to others for profit sake, a few platforms fell prey to cyber attacks. There is the issue of liability for bad data and fraudulent data. There is the issue of who pays how much – some companies have lots of analysed customer data and some don’t. And there is the regulatory requirement that the company retains legal responsibility for their KYC.
Finally, there is the question of who actually owns the personal KYC data and who can profit from it. This is a tricky question that is yet to be answered by the court until then the so called ideal model for KYC continues to rot. In the immediate, to most people it seems unjust to profit off the data created by others and in the long run it only seems obvious that courts will decide that you own the data you create and what better way is there to have make it decentralized.
As a result, KYC is still done by each regulated entity by themselves, with the assistance of technology, tool and labor providers, such as KYC3, that are specialized in helping complete the KYC tasks. So, the financial industry has balkanized KYC. Customers are flatly demanded to expose unnecessarily large amounts of personal data to complete strangers. The whole process is a negative experience as non-standard as the proclivities of the compliance officers inventing the requirements. And the only common features are that it is long, slow, tedious and largely ineffective.
The governing bodies and other monitoring authorities like AML (Anti Money Laundering) have coerced the financial institution to take caution when processing KYC. Now, this may be a good idea but its expensive, too and it is slow causing inconvenience to businesses resulting in sorrowful customer experience.
Blockchain has proved to be more promising due to its automatic, highly secure KYC system that betters not only consumer experience but also streamlines business operations especially financial institution. Since, each transaction on blockchain is Peers based and there is no one central system, it is faster, agile and definitely way more secure and to manage an extremely high level of complexity in keeping millions of personal data, a blockchain based system is the only smart choice here.
The case for a decentralized model
In the end, there will be only one model that will survive – the decentralized model. Give the KYC ownership to consumer. They own their identity.
That is why KYC3 and Peer Mountain partnered and has created Decentralized KYC (DKYC), a self-sovereign standard for KYC that has been deployed in an open ecosystem. With the DKYC ecosystem you will only do your KYC process once and have it in your wallet ready to transparently access whatever exchange, payment or other service you like. No more KYC selfie over and over.
Jed Grant, Chief Executive Officer at KYC3
- We've also highlighted the best interactive kiosk providers