Demystifying Next Gen Financial Crime Technology: Part Three



Disclaimer: I write from the point of view of a tech investor and strategist but I am not an engineer and these are my personal viewpoints only. I welcome learning and growing from any challenging viewpoints!


For context I recommend you read the previous parts in this series. I have written about some of the challenges with today’s KYC and CDD processes in Part Two.

So with all the tail winds in the world to improve the KYC onboarding process, combined with an industry driven to cut costs and the technology to facilitate available to boot, why aren’t KYC utilities popping up everywhere?

First, a brief word on history of these things: the incumbent centralized KYC databases that exist today (eg. Thomson Reuters Worldcheck, DTCC, SWIFT ) actually did try to solve for this some years ago. But with centralized ownership and a competitive market came other problems. Financial institutions could not agree on a common standard, and with fragmented use of these vendor services across different firms and jurisdictions, any ability for these centralized databases to become the golden source of data, and therefore a true industry utility, was severely limited.

The next generation of KYC utilities is already a few years in the making and seems to be well under way. It’s decentralized, owned and operated by industry, often backed by government, sometimes blockchain-driven and will aim to use many of the aforementioned mentioned technologies to solve a large chunk of the operational pain.

A number of countries and continents have tried to launch a utility in recent years: Singapore (attempt number one), France and South America have all attempted, and there are signs of early stage efforts that seem to have limited traction so far in Hong Kong, Switzerland, the UK and Abu Dhabi.

We have a good window into the challenges in Singapore. The KYC utility was shelved in 2018 as the setup cost exceeded the savings the banks would have achieved, and the challenges have been well documented. Many of the challenges encountered revolved around process rather than technology. There were issues with policy harmonization — for example, the same legal entity across 5 different countries will require 5 different sets of procedures. Further issues arose from the simple fact that a standardized process can often be more expensive than one that has been well-optimized for a bank’s specific business needs. Similar issues were no doubt driven by the customization required to deal with policy harmonization across business lines internally within a firm.

Overall it seems transformation costs weren’t sufficiently being taken into account; neither was the expectation by business of achieving a margin on that transformation. While a utility is designed to simplify, it can actually end up making the entire process more complicated. Add to that the need to hire a team (expensive human capital) for intervention for handling manual exceptions, and the costs begin to add up quickly.

Simply put the fall of KYC utilities to date has not been a tech problem but rather a mismatch of business requirements. Participants couldn’t agree on scope and commercials fell over on the lofty transformation costs.

So why are others now beating down the same door? Attempts for the trophy of first successful country level KYC utility in 2020 include: Singapore (attempt number two) and the Nordics. There are some signs to suggest that lessons have been learned and these initiatives are trying a different approach. Rather than try to solve for all shapes and sizes, they will start with standardization of simple processes common across banks. Rather than focusing on a utility to automate the entire end to end KYC process, they will focus on specific common problem sets and industry or country-level wins — for example bringing ownership of credentials back to the individual, such as with the use of digital passports.

As an strategist I look at the painful parts of the KYC process that are common among financial institutions, and try to match these against new technologies that have solved for that specific problem set. If the utility will introduce more complications in the form of transformation, it will fundamentally cost more. Instead, a successful utility might be built from focusing on automating common processes and small but significant, and commercially viable, wins. All this while always taking into account the end customers’ requirements, which in this case includes both the financial institutions and the individuals. Remember, if just 75% or even 50% of the KYC operational pain can be solved with a utility that’s a huge cost saving and therefore a huge opportunity for the market!

There’s a lot of tech out there that solves for other parts of an end to end KYC and CDD process that a utility might adopt: machines learning and artificial intelligence for risk scoring, risk identification, and automating investigations, as well as data aggregation and network analytics tools. Assuming we have a fundamentally useful and commercially viable foundation from which to launch a utility, we can then look at the application of these technologies within the banks themselves to root out financial crime, identify new risks and reduce false positives.

In the next part of this series, I will dive into the wide world of Machine Learning and Artificial Intelligence an it’s looming impact on all areas of financial crime.

Demystifying Next Gen Financial Crime Technology: Part Two

KYC process redundancy

Disclaimer: I write from the point of view of a tech investor and strategist but I am not an engineer and these are my personal viewpoints only. I welcome learning and growing from any challenging viewpoints!


Today’s KYC processes are a little bit like speed dating. You’ve just finished telling someone all about yourself, only to have to move onto the next potential suitor and do it all again from scratch.


It actually gets worse. You need to bring evidence with you to attest to the strength of your character: a box full of historical artifacts, signed statements, photocopies. Each time you move from one suitor to the next, you’re asked to meticulously produce every single credential for examination. This takes time, is error prone, and is generally a drain on your energy and even your desire to be there.

It’s not great for the suitors either: Each potential suitor is paying $5,000 or more for the right to review your background and credentials, irrespective of whether or not you choose to offer them a next date. In fact, all that credential producing is becoming such a drag that you consider giving up on the whole thing and just walking away.

Forgive the crude analogy, but if it holds then the prospect of a centralized utility replacing the redundant KYC process might be akin to Tinder replacing our speed dating experience. One profile is created and made available to potential suitors, with no need to present credentials to explain your history, character or credit score each time a suitor asks. Each suitor just needs to read your profile and decide whether or not to “swipe right”.

OK, this might be a gross generalization (but did lead to a fun fact: I discovered while writing this that the online dating market and the KYC market are roughly around the same size of US$6bn!). But the problem is huge. Onboarding customers is a highly redundant, expensive and error prone business. Each firm, and even sometimes different business lines within the same firm, are reaching out to customers to collect, validate and process the same customer data.

It’s an often complex process with touch points to up to a dozen departments within a firm (think beyond compliance: front office, operations, risk, legal, tax). The whole process is estimated to take 2 to 12 weeks. And in addition to being a huge cost center, these long processing times very often cause customers to abandon the whole thing, which has a huge impact on revenues. Add to all of this the looming risk of fines for bad KYC process and money-laundering scandals that have hit the industry: $36 billion in the last decade alone.

In a way, this is great news! As tech investors, the size of the opportunity can be measured by the size of the business problem and amount of pain it causes. In fact fixing the KYC problem set presents a rare an attractive triple whammy in the hunt for disruptive tech: high operational expense that can be collapsed with new technology, a measurable impact on revenues, and a reduction in the risk of expensive fines.

And technology does indeed exist today to solve for these problems. Most importantly, data layers that provide secure access to customer data and other information that is verifiable, well permissioned, has good governance, and is seamlessly available throughout the KYC process both within the bank and between the parties involved. A decentralized, government backed, and industry owned and operated KYC utility that adopts best of breed tech truly sounds like a panacea here.

If looking just at the tech, several solutions have emerged to solve for almost every part of the process. My last article looked at blockchain driven digital passports as one piece of the KYC chain and a key disruptor in the IDV market. Other surrounding technologies help with automating the entire KYC process — NLP for scanning credentials, biometrics for physical recognition, machine learning and artificial intelligence for automating risk decisions, improving detection and reducing false positives, and new models of data privacy that enable data sharing at a scalable level — Secure Multiparty Computation (SMC) and Zero Knowledge Proof (ZKP), all which preserve privacy while controlling access to granular pieces of information.

There’s a lot there. Stress not, we’ll unpack and demystify much of this over upcoming parts of this series.

Technology alone is rarely a silver bullet. Utilities require a huge amount of trust and pose challenges around governance, confidentiality, security, maintenance, reliability, process and data quality.

These are things I’ll explore in the next part of this series, where we’ll dive into KYC utility experiments to date (including failures) with a focus on why and how. As strategic investors, we’ll focus on the components of tech that have the best chance of being adopted in this fascinating area of next generation financial crime technology.

Demystifying Next Gen Financial Crime Technology: Part One

Disclaimer: I write from the point of view of a tech investor and strategist but I am not an engineer and opinions are entirely my own. I definitely welcome learning and growing from any challenging viewpoints!


Investing in the next wave of financial crime technology is never a boring job.


One of the more interesting challenges I routinely deal with is unpacking exactly what business problem is being solved. Sometimes a vendor’s website, pitch deck and marketing material suggest that all of your firm’s financial crime problems can be solved with one solution. While this may be true in some cases (please call me if you find one!) it’s usually the case that just one aspect of financial crime is being solved, and within that perhaps only a very niche problem set.

Over several parts in this series I will try to demystify the landscape of new financial crime tech solutions for you in a no-nonsense way.

I’ll begin with a domain that has had so much fanfare lately — Anti-Money Laundering (AML). I’ll unpack the practical application of new technologies, point out common misconceptions, and tell you what the technology does and does not do.

Starting with an area that is evolving at a blistering speed: Digital Passports.

You can think of a Digital Passport simply as technology that collects and shares an individual (or any entity’s) details, much in the same way as your physical passport: there’s only one copy, it’s yours, it contains a bunch of your personal details, and you share it only with those you want to.

Digital passports are a disruptive use of blockchain. They may accelerate adoption of better quality identity databases at an industry, government or global level. They could even be instrumental in building a world of self-sovereign ownership of data (the idea that an individual should own and control their identity).

And they certainly could threaten the incumbent Know Your Customer (KYC) data providers. New regulations like GDPR are mounting pressure on firms who need to hold personal information, so anything might help solve those problems can be an attractive proposition.

These industry dynamics are all acting as tailwinds for interest in Digital Passport initiatives. This has sometimes led to vendors somewhat over-enthusiastically describing their Digital Passport solutions as a panacea for the KYC problem set.

But in the context of AML, Digital Passports solve only one specific part of the KYC problem set: identity. And at the risk of stating the obvious:

Digital Passports ≠ KYC

They have often been lumped together, and this is due to the problem statement not being accurately defined. The truth is, firms will still need to rely on end to end KYC solutions for solving the full KYC problem set.

Today’s end to end KYC process is a fairly large operational feat: a mix of identity verification, on-boarding, unwrapping ultimate beneficial owners (UBOs), screening, and transaction monitoring, among other things. To solve for Digital Identity alone without carefully considering the rest of the process is just solving a slice of the KYC problem set. Ironically it may even risk introducing more costs in process hand-offs, where process is most vulnerable and operational risk is most exposed.

From a strategy perspective, Digital Passports do pose a threat to traditional tech vendors that sell ID Verification (IDV) solutions or IDV as a component of a broader KYC solution. But in my view, if a Digital Passport solution does not branch out to cover the remaining issues in the end to end KYC process, it will be left to live or die on adoption alone (or at the very least will need to find a home with a good KYC partner).

And adoption of Digital Passports will take time, not to mention rely heavily on government and industry working together. I have a hard time seeing de-centralized user ‘opt in’ solutions getting traction without government and industry collaboration, despite being attractive ideologically.

Strategically, KYC vendors can get an edge by natively integrating with Digital Passport initiatives that show signs of being adopted by the market (there are a handful out there) and vice-versa, improving the attractiveness of an end to end KYC solution.

In the meantime, firms will still be responsible for the end to end KYC process and all the cost and pain that comes with it, and stand-alone Digital Passport initiatives should be viewed as just one input to those processes. This doesn’t downplay the importance of Digital Passports, which if done right will solve many of the problems around identity ownership, sharing and privacy.

I’ll cover Digital Passports in more detail in a future post. Next up for demystification: KYC Data Sharing Utilities!

Close Bitnami banner
Bitnami