There are numerous projects, past and present, that have attempted to build centralized KYC (Know Your Customer) solutions. The imminent death of Bloomberg’s Entity Exchange platform due to lack of uptake is the latest confirmation of this fact. Generally, these fall into one of several categories:
1. The silo model where a company intends to create a central repository that they own and monetize is the most problematic.
2. The mutualization model where a consortia of companies intend to create a central repository that they share, it seems a better idea at first, but it is not since the data can be used here as well.
3. The sharing model where a group of companies agrees on standards to exchange information on request seems like an even better idea. But it also stinks for all the same reason and becomes a corporate political quagmire.
- Is privacy the new customer experience grail?
- Keeping your head in the cloud, but your feet on the ground
- How VR and eye-tracking can help you understand your customers
Serious faults with centralized KYC
Every centralized KYC project has serious faults that are the same in every FATF jurisdiction, which is everywhere and anywhere you want to transact. These critical problems have proven so far to be insurmountable.
First, a centralized KYC repository is a great hacker target. Ironically, the purpose of KYC was to secure the data and minimize any possibility of identity theft. All the while allowing each financial institution to pull the data on a person anytime they want. However, history says different words, it has proven that if the repository is desirable to hack, it will be hacked.
This simply means that holding a centralized KYC repository is a huge reputational and civil liability risk. Institutions should lose the fallacy that they are trusted and therefore should own and manage everyone’s KYC. Trust in banks and bankers is at an all-time low and declining. And Equifax has proven that companies don’t care about customer data nearly as much as they should. They care about profit.
Second, recent legislation, such as GDPR, has significantly increased the risk of holding such large pools of personal information. Centralized repositories are quite expensive to assemble as each individual must explicitly consent and agree to participate. The economics of the penalties for negligence or failure to comply has increased dramatically and made an unattractive business even less interesting from a risk/reward standpoint.
Third, the political and economic haggling between regulated institutions is impossible to overcome. There is the issue of exposing customer data among competitors. There is the issue of liability for bad data and fraudulent data. There is the issue of who pays how much - some companies have lots of analyzed customer data and some don’t. And there is the regulatory requirement that the company retains legal responsibility for their KYC.
Finally, there is the question of who actually owns the personal KYC data and who can profit from it. This is a tricky question that is yet to be answered by the court. In the immediate, to most people, it seems unjust to profit off the data created by others and in the long run, I am confident that courts will decide that you own the data you create.
As a result, KYC is still done by each regulated entity by themselves, with the assistance of technology, tool and labor providers, such as KYC3, that are specialized in helping complete the KYC tasks.
So, the financial industry has balkanized KYC. Customers are flatly demanded to expose unnecessarily large amounts of personal data to complete strangers. The whole process is a negative experience as non-standard as the proclivities of the compliance officers inventing the requirements. And the only common features are that it is long, slow, tedious and largely ineffective.
In the end, there might be only one model that will cater to all needs - the decentralized model. Wouldn’t that be fair, handing KYC ownership back to the consumer? Risk managers, business developers and legal professionals need a reliable and efficient way to validate their customers, in an easy to use dashboard.
The case for a decentralized model
In the end, there will be only one model that will survive - the decentralized model. Give the KYC ownership to consumers. They own their identity.
This is why KYC3, in partner with Peer Mountain, has created Decentralized KYC (DKYC), a self-sovereign standard for KYC that will be deployed in an open ecosystem. WIth the DKYC ecosystem, you will only do your KYC process once and have it in your wallet ready to transparently access whatever exchange, payment or other services you like. No more KYC selfie over and over.
Jed Grant, Chief Executive Officer at KYC3 (opens in new tab)
- We've also highlighted the best interactive kiosk providers