Banking & Financial Services White Paper Reimagining KYC Using Blockchain Technology
About the Authors Ganesh Raghavan Padmanabhan Ganesh Raghavan Padmanabhan is a Domain Consultant with the Banking and Financial Services (BFS) business unit at Tata Consultancy Services (TCS). He has about nine years of experience in providing IT solutions and consulting services to TCS' banking clients the world over. Padmanabhan's focus areas include exploration of innovative industry solutions for capital markets. He has a Master's degree in Business Administration from the S P Jain School of Global Management, Singapore and Dubai. Anusha Sivaramakrishnan Anusha Sivaramakrishnan is a Domain Consultant with the Clearing and Settlement group of TCS' BFS business unit. She has over 15 years of industry experience in the capital markets space. Sivaramakrishnan has worked with leading Wall Street firms on their back-office systems and has been instrumental in developing IT solutions for various banking projects. She holds a Master's degree in Finance and IT from the Birla Institute of Technology and Science, Pilani, India.
Abstract An integral part of client onboarding, the Know Your Customer (KYC) process requires banks to validate and verify primary documents as part of due diligence. Today, the market is flooded with KYC utilities that help manage these documents and share them with multiple entities. However, these utilities only act as document agents and provide very little value addition. The task of due diligence and investigation is still handled by the client onboarding teams at financial institutions given the business and reputation risks involved. KYC processes are generally repetitive, which results in inconsistencies in information storage and duplicate processes across the different functions in a bank, thereby leading to high administrative overheads and costs. The blockchain technology, with its concept of distributed and timestamp ledgers can effectively overcome most of these issues that financial institutions face while performing KYC processes. This paper discusses how blockchain technology can help banks improve their KYC process by facilitating near realtime exchange of information among various stakeholders for faster and effective validation.
Contents Introduction 5 Challenges in the Current KYC Process 6 How Blockchain Can Help 7 Document validation 7 Intra- and inter-bank document verification 8 Consolidated KYC as a shared service 10 Conclusion 10
Introduction Document validation and verification play a vital role in the KYC process. There has been an upsurge in the number of KYC registries because of initiatives by private entities such as The Society for Worldwide Interbank Financial Telecommunication (SWIFT) and banking consortiums, as well as government bodies. These registries act as centralized repositories that store all documents and information related to KYC compliance. Every bank and financial institution has to perform the KYC process individually, and upload the validated information and documents to the central registry that stores digitized data tagged to a unique identification number for each customer. By using this reference number, banks can access the stored data to perform due diligence whenever customers request for a new service within the same banking relationship, or from another bank. Figure 1 shows how KYC is currently conducted at banks. Documents are collected and stored internally, using a document management system or internal database, and then shared with multiple external agencies for validation on an individual basis. On successful validation, banks update their internal repository and report to central agencies. Customer POA & POI Bank POA & POI Bank s back - office KYC certified Bank s compliance team Document collection Document checks Digitize documents Central KYC repository External verification agencies Internal due diligence team External agencies Validation checklists Information validation Figure 1 : Current KYC Process 5
Challenges in the Current KYC Process Following are some of the major KYC compliance challenges currently faced by banks and financial institutions. Data management and integration: Currently, several third-party data providers and external validation agencies offer data and interfaces to extract required customer information. For example, DTCC AvoxData provides legal entity data, LexisNexis provides information to help assess risks by way of a list of politically exposed persons and sanctions screening, NORCOM provides criminal data, and agencies like CIBIL, Experian PLC, and Equifax, Inc. provide credit ratings. SWIFT launched the SWIFT KYC Registry in December 2014, and more than 2000 banks have already enrolled with it. Banks are struggling to manage and integrate all the data required for KYC compliance to obtain a consolidated view of the customer, which explains the popularity of central registries like the one managed by SWIFT. Inefficiencies in data management have resulted in increasing instances of banks' failure to comply with regulatory requirements, which translate into huge penalties and reputational damage. Increasing costs: Post due diligence, banks need to convert documents to digitized data such that the information can be fed into the repositories. This is an expensive exercise since it requires banks to invest heavily in advanced technology platforms. Not only this, the need to transform processes for document collection, storage, digital signature verification, and so on implies that financial institutions must deploy systems based on new-age technologies, which is another reason for cost escalation. Evolving regulations: The KYC landscape is constantly changing given the number of regulations being introduced across different jurisdictions. This means KYC utilities also need to undergo changes to incorporate new guidelines, like the ones under the Dodd-Frank Act, FATCA, and MiFID II (which is due for implementation in January 2018). This also increases the need for banks to improve their data collection mechanisms for effective risk management and timely regulatory compliance. Absence of a single KYC system for multiple lines of business: Currently, banks do not have a single, unified KYC system applicable to all lines of business like wealth management, asset management, and brokerage due to variations in business requirements and associated regulations. This fragmented approach results in multiple utilities and siloed infrastructure. Financial institutions therefore are under immense pressure to seamlessly maintain these multiple systems and integrate different interfaces, which adds to the costs. [1] SWIFT, SWIFT's KYC Registry surpasses 2,000 financial institutions (January 2016), accessed June 29, 2016, https://www.swift.com/insights/pressreleases/swift_s-kyc-registry-surpasses-2_000-financial-institutions 6
How Blockchain Can Help The use of advanced systems based on blockchain technology can help address most of the aforementioned challenges and ensure seamless exchange of documents and information between banks and external agencies (see Figure 2). Bank s compliance officer External validation agency Customer POA & POI Banking channels Bank node KYC certified ü ü Blockchain network Digital identity management ü Bank s internal applications Central KYC repository External verification agency Document validation Figure 2: Proposed Blockchain-based KYC Process (Source: TCS Internal) The KYC process starts with a bank collecting the required documents from the customer. Using a data entry application, the bank enters the customer information, uploads the documents to the blockchain solution platform, and marks the status as 'pending validation'. The platform converts the documents into hash codes, stores them in a distributed ledger, and publishes the encrypted information securely to other nodes maintained by external agencies on the same secure network. External agencies then look up the customer information, download the documents submitted by the bank, and perform requisite validation checks. On successful validation, the customer information on the ledger is updated and the status is changed to 'KYC complaint and validated'. Using the existing bank's applications and time-stamping feature of the ledger, banks verify the status and approve the onboarding process. For dated customer records, a re-kyc cycle is performed to complete the validation process. 7
Intra- and inter-bank document verification Figure 3 shows how blockchain technology can be used to develop two separate models to enable intra- and interbank verification and update processes. Intra-bank KYC blockchain model External verification agency Inter-bank KYC blockchain model External verification agency Deposit division Loan division Bank 1 Bank 2 Blockchain network Blockchain network Card division Brokerage division Asset management Mortgage providers Figure 3: Blockchain-based Models for Intra- and Inter-bank Document Verification (Source: TCS Internal) Intra-bank application: Using the blockchain technology, banks can effortlessly deploy an intra-bank application within the same banking group. For example, if a savings account customer wishes to avail credit card services from the same bank, the card division can look up the ledger using the unique reference number and easily ascertain the customer's KYC status. Using this model, banks can significantly reduce the effort and time spent in performing repetitive due diligence processes, and instead focus on core business activities. If a new service request requires additional customer information not found in the ledger, the model allows the bank to update the information on the ledger, followed by a revalidation by external agencies (which essentially translates into re-kyc). Inter-bank application: This model requires consensus among participating banks on the validation process in order to maintain the trust and integrity of the system. Here, one bank plays the role of the originating bank and performs initial KYC verification for a customer. When the customer approaches another bank to open an account or request some banking services, the approached bank acts as a requesting bank and queries the ledger to check the KYC status of the customer. The requesting bank can request the originating bank to share the documents available, and the blockchain platform ensures secure transfer of documents between the two banks. With this model, banks can enhance process efficiency, standardize KYC processes, and perform customer validations in near real-time. An inter-bank KYC model requires all participating entities to agree on the protocol of the framework and the solution. This model requires sponsors to establish guidelines for effective governance. 8
To determine the efficacy of blockchain technology in easing the KYC process, banks should consider experimenting with the intra-bank KYC model. This model is easier to implement as it only requires an internal mandate from the banking group to all its divisions such as deposits, loans, cards, and brokerage. Depending on the success of the implementation, banks can consider deploying an inter-bank system. Centralized blockchain-based KYC solution: To ensure a seamless exchange of KYC information, banks can also be linked to a centralized KYC repository along the lines of the existing KYC registry system (see Figure 4). In this arrangement, customer data and documents are stored in the distributed ledger and the bank that performs the KYC stores all relevant details and generates a unique KYC number. When another bank wants to perform due diligence on the same customer, it can access the central registry and download details of the customer, using the unique KYC number. The central registry normally charges a fee for the service, which is relatively insignificant compared to the cost of duplicate effort that is eliminated with this arrangement. The onus of updating and periodically reviewing the documents lies with individual banks. A blockchain-based solution, with its immutable ledger, ease of integration, and considerably lower operational and infrastructure costs, is undeniably a better option as compared to existing registries. Customer service requests Bank s internal application KYC blockchain solution Customer Upload documents Service requests KYC App (Mobile / Online channel of bank) Information update Digitally signed documents Account management module Customer management module Bank s processing node Document management Customer information KYC status Entry & validation API Verification Updates Hash code Consensus-based distributed ledger Cryptography P2P network Banking in-premise Central KYC registry node Bank node Other bank s nodes External validation agencies Figure 4 : Centralized Blockchain-based KYC model (Source: TCS Internal) 9
Consolidated KYC as a shared service Offering KYC compliance as a shared service is complicated when we talk about global institutional customers, as different jurisdictions are governed by different regulations. Nonetheless, this option is worth exploring. Here, following the completion of the KYC process, customer details such as legal entity, tax compliance, criminal records, AML compliance, and counterparty information can be consolidated and stored in a distributed ledger. This information can then be offered to other banks through a shared services model in return for a fee. This means that banks will need to do minimal due diligence, like customer identity verification, as most of the data can be obtained by accessing the distributed ledger. KYC utilities currently available in the market could form an alliance with banks to offer this information as a service. Conclusion A blockchain-based solution offers a unique set of advantages over the current crop of technology solutions, given its immutable ledger that can be replicated across different nodes and use of cryptography to convert information to hash codes for secure distribution over peer-to-peer network. These features enable seamless and secure exchange of information between different trusted entities. KYC is an apt candidate for the use of blockchain technology, as it results in significant reduction in of the time, cost, and effort involved in KYC validation. Our engagements with leading global financial institutions lead us to believe that blockchain-based solutions can drive substantial reductions in processing costs, as the infrastructure cost for building the new solution will be a mere 20% of the current KYC processing costs. We recommend banks to start with blockchain-based systems for intrabank KYC processes, and then move on to the inter-bank model. Centralizing the KYC process will create a common customer onboarding framework, making the entire process a lot more efficient and cost-effective. 10
About TCS' Banking and Financial Services Business Unit With over four decades of experience in partnering with the world's leading banks and financial institutions, TCS offers a comprehensive portfolio of domain-focused processes, frameworks, and solutions that empower organizations to respond to market changes quickly, manage customer relationships profitably, and stay ahead of competition. Our offerings combine customizable solution accelerators with expertise gained from engaging with global banks, regulatory and development institutions, and diversified and specialty financial institutions. TCS helps leading organizations achieve key operational and strategic objectives across retail and corporate banking, capital markets, market infrastructure, cards, risk management, and treasury. TCS has been ranked #1 in the 2015 FinTech Rankings Top 100 of global technology providers to the financial services industry, by both, FinTech Forward (a collaboration of American Banker and BAI) and IDC Financial Insights. TCS has also been recognized as a 'Leader' and a 'Star Performer' in Everest Group's 2015 PEAK Matrix report for Capital Markets Application Outsourcing (AO), as well as a 'Leader' in the 2015 PEAK Matrix report for Banking Application Outsourcing (AO). Contact Visit TCS Banking and Financial Services unit page for more information Email: bfs.marketing@tcs.com Blog: Drive Governance Subscribe to TCS White Papers TCS.com RSS: http://www.tcs.com/rss_feeds/pages/feed.aspx?f=w Feedburner: http://feeds2.feedburner.com/tcswhitepapers About Tata Consultancy Services (TCS) Tata Consultancy Services is an IT services, consulting and business solutions organization that delivers real results to global business, ensuring a level of certainty no other firm can match. TCS offers a consulting-led, integrated portfolio of IT and IT-enabled infrastructure, engineering and TM assurance services. This is delivered through its unique Global Network Delivery Model, recognized as the benchmark of excellence in software development. A part of the Tata Group, India s largest industrial conglomerate, TCS has a global footprint and is listed on the National Stock Exchange and Bombay Stock Exchange in India. For more information, visit us at www.tcs.com IT Services Business Solutions Consulting All content / information present here is the exclusive property of Tata Consultancy Services Limited (TCS). The content / information contained here is correct at the time of publishing. No material from here may be copied, modified, reproduced, republished, uploaded, transmitted, posted or distributed in any form without prior written permission from TCS. Unauthorized use of the content / information appearing here may violate copyright, trademark and other applicable laws, and could result in criminal or civil penalties. Copyright 2016 Tata Consultancy Services Limited TCS Design Services I M I 07 I 16