The importance of a common, well-functioning digital identity and effective electronic document exchange is becoming increasingly clear in countries with developed digital environments.
Today, both state registries and many private companies possess various data that can be used to identify an individual. For example, a huge amount of data is stored in the tax and customs department (take, for example, tax clearance, which needs to be repeatedly requested from time to time to confirm that you are not in arrears), the punishment register, the population register, the commercial register, financial institutions (PEP, KYC information) or even energy companies that have accurate data about our addresses. The list is endless.
However, despite the abundance of information, the entirety of which could allow to create a perfect electronic profile, we often have to request the same records over and over again, provide the same documents and so on and so forth. Examples of inefficient functioning of the personal data transfer system can be seen in different areas today – customs issues, taxation or, for example, KYC procedures in financial institutions.
Nowadays, electronic identity is becoming vital for almost any business. Today, even products from the store are often purchased using a smartphone, not to mention the financial services. In recent years, we can see that banks close their branches and move to the digital environment. According to The Economist, payment applications are used by more than a billion users in Asia and already 49% of Americans make payments online. Customer identification is a prerequisite for all digital services. Whether you want to take a course at Coursera or book an apartment at Airbnb or Booking.com – be prepared to provide an identity document. If you want to open an account in a financial institution, be prepared to provide a proof of your address or a bank statement – go through the KYC (know-your-customer) procedure.
Bearing in mind that the requirements of anti-money laundering and anti-terrorist financing standards (today it is AMLD IV in Europe) are getting more and more stringent, the KYC procedures are mandatory for many areas and are controlled by regulators. Non-compliance or lack of effectiveness may deprive you of the license and further capability to provide services.
What is happening in the financial sector due to the large cost of effective checks and their complexity? Often, the high costs of conducting client identity verification procedures cause the financial institutions to choose risk avoidance models – exceptions to customer segments which can be difficult and expensive to understand as well as to identify. For example, in Estonia we can see this with the non-resident segment. It also happens because of the fear of losing correspondent relations, because not only regulators but also other banks (which, in turn, do not share information with them today) monitor the effectiveness of identification processes in banks. We can understand the banks – regulations are becoming more stringent and taking additional risks is expensive, so they want to keep at least what they have. Where is the problem?
First of all, there is a risk that we, as clients, will soon not be able to receive the service outside our country. Secondly, as I said above, the identification of users becomes mandatory for an increasing number of businesses. As required by AMLD IV, today the circle of persons for whom customer identification is mandatory is quite wide (in addition to the banks and gambling service providers, this involves any entrepreneur making transactions with amounts exceeding 10,000 EUR). AMLD V will include the entire crypto industry. And, who knows, maybe AMLD VI will include any other online businesses, since the risks associated with the laundering of illegal funds and the financing of terrorism are, unfortunately, only increasing. Does it mean that derisking will become inherent to any business? If the KYC procedures and the exchange of numerous data stored in different sources remain difficult (both technologically and regulatory) and expensive, then there is certainly a risk.
Let’s imagine that all the information about us, possessed by the banks, the state and all those with whom we once shared it, could be, with your consent, shared via electronic channels, at least between each other. Would that really simplify many processes? What do we need for this purpose, considering the sensitivity of personal data protection issue today?
Research and discussions regarding data exchange between different sources have been conducted everywhere in recent times. For example, the study KYC Optimization Using Distributed Ledger Technology, whose authors come to a conclusion that it is possible to optimise the costs of KYC processes using DLT (distributed ledger technology), or take for example the Diginno project, one of the aspects of which involves more efficient KYC processes. Digital identity projects are also carried out at the national level, for example, KYC Utilities in Latvia or SisuID in Finland. So far, all these initiatives are trying to solve the problem within a particular country or region. And solutions vary as you can see.
What is the ideal solution? Centralised “super database” controlled by the state (but which one?) with an authorised body responsible for compliance or a decentralised system for example based on DLT? Both options involve risks. The first option involves a risk of concentrating a huge amount of data in one source and a lot of bureaucratic nuances. Moreover, the “super database” is unlikely to be easily accepted by society. It is unlikely that we want to create prerequisites for such ideas as Social Scoring, as happens in the People’s Republic of China. The second option has no common technical standard.
One of the possible steps, as it was discussed, for example, at the last Computational Law & Blockchain Festival organised by the law firm Njord in March, was the creation of a common data exchange format based on the state technical standard. Several regulatory initiatives, such as PSD2 or eIDAS, have already shown regulators moving towards a standardised data exchange between system participants. But are they sufficient enough? Can DLT as a standard for data sharing be considered as an option and what can states do to streamline the system?
Changes at the national level take time, but it is already today that many projects designed to simplify identification processes are developing in the private sector. In the framework of the IDCredit.info project, which I was lucky to be a part of, we are also trying to solve the verification problem for clients under various jurisdictions whose verification under one source is impossible today. We combine different identity verification service providers and, at the same time, develop an applicationfor users, allowing them to have control over their documents using DLT as the basis. While we are in the beginning of our journey, we can already see that DLT can work as a technology to simplify KYC processes. We will be glad to share our experience in the framework of IFXexpo on May 23, 2019. If you cannot participate in the discussion, I would be glad to read your opinion regarding the above in this article’s comments. Maybe together we can make the identification of the future easier and more convenient. We should try, shouldn’t we? 🙂