Disclaimer: I write from the point of view of a tech investor and strategist but I am not an engineer and these are my personal viewpoints only. I welcome learning and growing from any challenging viewpoints!
Today’s KYC processes are a little bit like speed dating. You’ve just finished telling someone all about yourself, only to have to move onto the next potential suitor and do it all again from scratch.
It actually gets worse. You need to bring evidence with you to attest to the strength of your character: a box full of historical artifacts, signed statements, photocopies. Each time you move from one suitor to the next, you’re asked to meticulously produce every single credential for examination. This takes time, is error prone, and is generally a drain on your energy and even your desire to be there.
It’s not great for the suitors either: Each potential suitor is paying $5,000 or more for the right to review your background and credentials, irrespective of whether or not you choose to offer them a next date. In fact, all that credential producing is becoming such a drag that you consider giving up on the whole thing and just walking away.
Forgive the crude analogy, but if it holds then the prospect of a centralized utility replacing the redundant KYC process might be akin to Tinder replacing our speed dating experience. One profile is created and made available to potential suitors, with no need to present credentials to explain your history, character or credit score each time a suitor asks. Each suitor just needs to read your profile and decide whether or not to “swipe right”.
OK, this might be a gross generalization (but did lead to a fun fact: I discovered while writing this that the online dating market and the KYC market are roughly around the same size of US$6bn!). But the problem is huge. Onboarding customers is a highly redundant, expensive and error prone business. Each firm, and even sometimes different business lines within the same firm, are reaching out to customers to collect, validate and process the same customer data.
It’s an often complex process with touch points to up to a dozen departments within a firm (think beyond compliance: front office, operations, risk, legal, tax). The whole process is estimated to take 2 to 12 weeks. And in addition to being a huge cost center, these long processing times very often cause customers to abandon the whole thing, which has a huge impact on revenues. Add to all of this the looming risk of fines for bad KYC process and money-laundering scandals that have hit the industry: $36 billion in the last decade alone.
In a way, this is great news! As tech investors, the size of the opportunity can be measured by the size of the business problem and amount of pain it causes. In fact fixing the KYC problem set presents a rare an attractive triple whammy in the hunt for disruptive tech: high operational expense that can be collapsed with new technology, a measurable impact on revenues, and a reduction in the risk of expensive fines.
And technology does indeed exist today to solve for these problems. Most importantly, data layers that provide secure access to customer data and other information that is verifiable, well permissioned, has good governance, and is seamlessly available throughout the KYC process both within the bank and between the parties involved. A decentralized, government backed, and industry owned and operated KYC utility that adopts best of breed tech truly sounds like a panacea here.
If looking just at the tech, several solutions have emerged to solve for almost every part of the process. My last article looked at blockchain driven digital passports as one piece of the KYC chain and a key disruptor in the IDV market. Other surrounding technologies help with automating the entire KYC process — NLP for scanning credentials, biometrics for physical recognition, machine learning and artificial intelligence for automating risk decisions, improving detection and reducing false positives, and new models of data privacy that enable data sharing at a scalable level — Secure Multiparty Computation (SMC) and Zero Knowledge Proof (ZKP), all which preserve privacy while controlling access to granular pieces of information.
There’s a lot there. Stress not, we’ll unpack and demystify much of this over upcoming parts of this series.
Technology alone is rarely a silver bullet. Utilities require a huge amount of trust and pose challenges around governance, confidentiality, security, maintenance, reliability, process and data quality.
These are things I’ll explore in the next part of this series, where we’ll dive into KYC utility experiments to date (including failures) with a focus on why and how. As strategic investors, we’ll focus on the components of tech that have the best chance of being adopted in this fascinating area of next generation financial crime technology.