Blockchain for Enterprise – Focus on KYC, AML, and Regulatory Compliance – Are We Calling it RegTech?

Nitin Gaur | Director at IBM Blockchain Labs

In this long overdue post, I would like to focus on KYC, AML, and regulatory compliance. When discussing the design of the transaction systems of the future, it is necessary to consider the existing systems as a reference point.These extant systems include the SoR (system of record) and CRM (customer relationship management) systems, business intelligence, data analytics, dashboard, and regulatory compliance systems. Such entities have been built over many years, and to replace them or retrofit them to blockchain-based systems would not only be a Herculean task, but also extremely cost-prohibitive. This implies that enterprise transaction systems based on blockchains should integrate or fit in with existing system designs. However, isn’t the whole point of the blockchain exercise to revolutionize the existing systems? Change the way we have done things in the past? Derive efficiencies that were not possible before? And, basically, shake up the landscape to pave the way for new business and engagement models?

In a previous post, I discussed enterprise challenges; quite apart from these, in every regulated industry, including the financial services sector, regulatory compliance technology or RegTech has become central to the conversation when discussing the disruption encountered by challenger banks grouped under Financial Technology or FinTech. Accordingly, in all my work and conversations, FinTech and RegTech essentially share the same context when it comes to disruption to financial services. So why the new focus on RegTech? Well, from a regulator’s point of view, the FinTech industry has become more intertwined with the financial sector as it has grown, and systemic risk has grown along with it, which means that the business models that have emerged due to the promise of new technology should adhere to the existing regulatory framework. Blockchain technology and related business models are no different.

So, let’s address the fundamentals of the complex regulatory framework, starting with KYC (know your customer) and AML (anti-money laundering). These points lead into other regulatory reporting and enforcement requirements when financial services are considered. (NB: AML is now tied with CFT (countering the financing of terrorism), which is basically about analysis and pattern recognition of the flow of assets and money at a transaction level.) The idea behind KYC and AML (and CFT) is for financial services providers to identify and understand the individual (and business) sources of wealth, business interests, and contexts of transactions. So how are KYC and AML (and CFT) relevant to blockchain technology discussions?

In my previous post I posited that shared ledgers have an obvious advantage in that a single source of data and chained transactions/blocks makes analysis and linkage easier for fraudulent and AML-type analysis. The idea of blockchain is that it is an integrated system to perform KYC and AML between shared financial institutions, enabling regulators to gain access to audit the system. All participants have access to audit data/logs, which leads to a model where financial institutions, in order to share data in a trusted ledger, are providing more linkable data for effective analysis. AML is all about analysis, and transactions linked across multiple institutions will make that analysis easier. The KYC process would have to be re-engineered so that a tagged transaction would not be subjected to a duplicated KYC process.

While KYC is about identity and AML is about analysis, in this brave new world we aspire to produce innovations and disrupt the transaction system by paving the way for blockchain-fueled business networks; in other words, a system of mutual incentives between market participants to process transactions. While these KYC and AML (and CFT) processes are mandated by the globally distributed financial system, institutions expend time, money, and energy (estimated to be about 25%) and yet achieve little in terms of addressing this business function. Blockchain-fueled business networks can address these issues by pooling resources and using shared ledger technology to provide not only likability in transactions, but also traceability that is attributable to the provenance of immutable shared ledger technology. This implies that the role of a regulator in a business network is to shift the focus from enforcement to an active participant, where a regulatory entity can see all transactions in a network, perform its own analysis to connect the dots, and detect and prosecute illicit transactions in real time. This shifts the focus to financial services institutions, which have traditionally operated in a passive capacity in terms of regulators; they can now be active in regards to real-time analysis of transactions to investigate fraud and financial crimes. This change from a passive to an active role in enforcement lends a readiness to financial regulators, while the financial services benefit from sharing the cost burden of KYL/AML directives. Are regulators ready for this shift?

The idea is to utilize shared repositories and common processes to offer open or permitted access to the shared ledger, which not only contains information and identity details about individuals and businesses but also provides a platform to link transactions, thereby enabling more efficient monitoring and auditing. The privacy concerns of sharing data for AML can be addressed through obfuscation of data storage and retrieval techniques.

In conclusion, in my work I have come across two streams of conversations around exploiting blockchains for enterprise:

1. Reduction of the stack of processes – this is a move toward business efficiency in syncing ledger entries between business units, which is also important for transparency, prevents double entries, and provides a more accurate position statement for better investment and financial decision-making (e.g. Treasure, pipeline, collateral lending, etc.)
2. Disruptive use cases – such as marketplace lending, P2P, anything which aims to change the longstanding business model around lending, payments, and wealth management, PFM (personal financial management), etc.

In both of these streams, regulatory conversation is central to adoption, and without addressing the fundamentals around identity (KYC) and analytics (AML/CFT), any blockchain experiment will remain just that and will never see the light of day in production. The efforts from the regulatory framework, while encouraging in that they recognize FinTech’s revolutionary approach, are cautious and aim to strike a balance between regulation and stifling innovation. In addition, while we envision that compliance will transform into intelligence and regulations will show signs of reinvention, the blockchain platform design must address the identity of blockchain as a fundamental tenet of enterprise adoption. In a multi-party business network, this is not only a technical design imperative but a challenge for business networks to overcome in order to deliver an internet that has value.