Singapore is on the way to blockchain-based digital KYC

Igor Pesin, Life.SREDA VC

In “Identity is the New Money”, Dave Birch, a founding director of the specialist consultancy Consult Hyperion, lays out the extraordinary change in how we think about both identity and money that new technologies — especially mobile phones — are making possible. “We need intermediaries to manage, and money is one of them. If, however, technology gives us back that shared memory, then we don’t need intermediaries to enable transactions. It becomes what some people call a “reputation economy”.” And this reputation can be broken if we can’t create new tech advanced solutions to keep our personal data really safe.

Regarding “identities” and “reputation” – the initial drama over Equifax’s September data breach has mostly subsided, but the actual damage will play out for years. The company announced Monday that the total number of people impacted by its breach is not 143 million—the amount it first disclosed—but in fact 145.5 million. Do we really need Equifax (Experian, Transunion, etc) if they are not protecting our data? They are doing poor job of keeping our personal data safe.

Putting consumers back in control of their financial data

Recently in Singapore OCBC, HSBC and MUFG teamed up with the IMDA to complete a proof-of-concept (POC) on ASEAN’s first Know Your Customer (KYC) blockchain. This development raises the possibility of using blockchain technology to make one of the most complex and highly-regulated of financial processes more efficient and secured, thereby combating anti-money laundering (AML) and the financing of terrorism (CFT).

The existing KYC process consists of submitting a set of identification documents each time an individual or corporate customer starts a new relationship with a bank. New relationships include opening an account, applying for a credit facility or buying an insurance policy.

Currently, KYC is conducted individually by banks, requiring customers to provide the same information to different institutions. It is a manual and paper-based process that can take weeks, as resources are spent validating multiple physical documents to ascertain the identity of the customer. This is laborious and inefficient for both the bank and the customer. The manual process also gives rise to inconsistent information being collected by banks, and customer information not being promptly updated.

The KYC blockchain – running on a Distributed Ledger Technology (DLT) platform which enables structured information to be recorded, accessed and shared across a distributed network using advanced cryptography – allows banks to collect, validate and share customer information – with the customer’s consent – accurately, efficiently and in a secured manner. This vastly reduces the duplication of information and manual checks for both banks and customers, while enhancing the quality of the customer information that is stored.

Customers’ information encrypted on the shared ledger can be easily validated by referring to government registries, tax authorities and credit bureaus. Banks can also store secured digital records of the validation process on the shared KYC platform to streamline auditing and regulatory reporting.

The prototype’s performance was tested between February and May 2017 for its functionality, scalability and security. It remained stable even with a high volume of information flow, was resistant to tampering by third parties and maintained confidentiality by permitting access to the ledger’s information only with legitimate authentication.

Mr Tan Kiat How, Chief Executive, Infocomm Media Development Authority commented this news: “IMDA supports the ambitious use of technologies to transform businesses and create value to citizens. This willingness to experiment is crucial in achieving our vision of a dynamic Digital Economy for a Smart Nation. Revamping the KYC process using blockchain technology is one such example. We are heartened that financial institutions are developing innovative Fintech solutions to improve productivity and deliver a better experience to their customers.”

Digital KYC\AML is very important problem not only for fintech in general, but for crypto-community and ICOs specifically. Bitcoin and ICOs had been in trouble since the beginning of the year, when several central banks banned ICOs or ordered exchanges to halt virtual-currency withdrawals until they could identify their customers (KYC, AML, “source of funds”). Anson Zeall, the head of Singapore’s Cryptocurrency and Blockchain Industry Association, or Access, said his organization had heard from 10 companies which had encountered problems with their banking relationships in Singapore. The banks didn’t give a reason for their action, Zeall added. Chia Hock Lai, president of the Singapore Fintech Association, said some of his organization’s members also experienced account closures.

Last week BAASIS ID, blockchain-based digital KYC solution from Singapore, has become the winner of startup-battle Slush Singapore. This is an online only solution, which verifies the first and last name, passport, checks against international blacklists of people involved in money-laundering, criminal or terrorist activity, verifies the mobile number, bank card, residence address, profiles in social networks, and also makes and stores a video record to confirm personal filing, as well to compare the image with a photograph in the passport and social networks. The contract for the transfer, processing, storage, and exchange of this information with your service is signed by an individual with an electronic signature, and this contract is also always available to all participants of this process. The product has already been tested by the first international customers, has been approved by Monetary Authority of Singapore and Data Protection Authority of Singapore, and is currently before regulators in other countries.

With the SEC and MAS issuing new resolutions regulating the ICO market and while other countries are considering legalization of cryptocurrencies, it’s the first online only solution, which can be easily integrated into any website or mobile application, and the customer does not leave your service while passing the entire procedure. All the data is always available online for you and your client. The data is securely protected, stored on blockchain and can only be disclosed to third parties with the permission of your service and the customer. The cost of one verification is several times cheaper compared to the case when you do all the same manually or through partner networks. The online integration compatible with all platforms allows the client to go through all the steps without leaving your service interface, quickly and without wasting time on meetings and commuting. There are no fees for the beginning of the use of the product, monthly subscriptions or advance deposits – you are paying a transparent price for each verification.

From Singapore to China as well
“China has been a very cash-based, non-debt-focused consumer base. This is changing,” says to TechInAsia Zennon Kapron, director of Kapronasia, an Asia-focused financial industry research and consulting firm. “The uptick in consumer credit in terms of borrowing, peer-to-peer platforms, consumer lending, credit cards, and mortgages has increased significantly.”

Still, the PBOC’s credit database is not very robust, he says. Not all lending companies have access to it either. “They have to create their own credit rating system or use third-party scoring companies.”

“It’s all about the data. The more data we get, the richer the data, the more diverse the data, the better the model,” says Ren Ran, vice president of Dumiao, a credit lending unit under Beijing-based fintech services company PINTEC.

To compensate for the dearth and inaccessibility of official lending data, Chinese fintech companies often have to use reams of consumer data from a variety of sources: search results, social media, ecommerce purchases, online travel data, location, phone records – even social connections.

“One of the biggest problems we had in banks was all the transactions had at least one face-to-face interaction,” says Simon Loong, who worked at financial institutions like Citibank and Standard Chartered before founding WeLab, a Hong Kong-based fintech startup.
That means hiring staff and maintaining physical branches to vet potential borrowers. Wolaidai, a credit lending startup under WeLab, on the other hand, has a completely mobile onboarding process. Through technology like facial recognition, text and image analysis, and monitoring users’ online behavior, the fintech startup is able to make credit decisions in one to two seconds.

Fintech startups also have to automate fraud detection, like catching people who steal personal IDs to apply for loans. That’s usually done by tracking user behavior, like the way someone types out their ID number, or their physical location, if users agree to share that information.
At scale, the cost of data can quickly escalate, especially for startups without multiple consumer-facing platforms like Ant Financial, which can easily access ecommerce data from Alibaba. Relying on third parties to supply data – or in some cases, process it – also requires a fair bit of due diligence.

This summer, a Chinese data broker was reportedly shut down by the police for investigation after failing to protect consumer privacy. The onus is also on fintech startups to attain permission for data collection – usually through lengthy terms and conditions statements. “Although the data has been transferred to third-party data brokers for data processing, the main responsibility of protecting the data is still the financial services institute,” says Samuel Sinn, cybersecurity and privacy services partner at PricewaterhouseCoopers, who advises companies on technology risk management. It doesn’t mean that they can release their liability after transferring the data, he emphasizes.

China doesn’t have a data privacy act as of today. In China, laws of data privacy and personal data collection are only just starting to emerge. In June, China enacted its latest cybersecurity law, which details different principles and guidelines on cross-border data transfers, data collection, information infrastructure, and more. “China doesn’t have a data privacy act as of today,” Sinn tells Tech in Asia. “It’s covered in the cybersecurity law under personal information collection.”

Traditional banks (and other old traditional organizations) too big to fail. And seems like Deloitte, Yahoo (3 billion identities!), Equifax (Experian, Transunion, etc) too big to trust, to care. Do they really care if your data exposed? Who is next after Yahoo, Deloitte and Equifax to leak your personal data? Some experts like Vladislav Solodkiy, author of The First Fintech Bank’s Arrival book, will tell you we should put it all on a blockchain, decentralizing the system and querying discrete pieces of information as needed. But all these breach should wake us up to how fundamentally broken this system is, and how urgently we need to replace it. Breaches aren’t simply security failures; they’re the inevitable result of a broken identity system.