Blockchain & Distributed Ledger Technology?
Digital currencies like Bitcoin and Ethereum are what most people think of when they hear “blockchain”, but alternative uses for blockchain and distributed ledger technology (DLT) have taken mainstage as of late. At this point, you might already be asking:
What exactly is blockchain? What is Distributed Ledger Technology? What is the difference between the two? All good questions. While most use these two terms interchangeably, they actually have distinct meanings. DLT is a system of digital data that is duplicated,
shared, and synchronized over multiple locations (i.e., distributing the same ledger of information across multiple locations). In base terms, think of DLT as instead of having one excel document of data, you have 100 identical excel documents maintained by
100 different parties, which are all kept in sync. A blockchain is a type of DLT that uses unchangeable, encrypted, packages of data stored in a connected chain as the ledger of data in the DLT. In this scenario, each new piece of data is verified by all locations
and then is added/linked to the existing chain of previous data. In base terms, think of blockchains as a specific type of data stored in those 100 identical workbooks described above. Ultimately, this means that blockchains are a type of DLT, but not all
DLTs are blockchains. I know, probably more detail than you wanted but it is worth level-setting. For the remainder of this article, I will use the term blockchain since that is the type of DLT that is most used in the compliance space. Currently, blockchain
is in use in several different areas including: the movement of information and identity, digital execution of contracts, movement of commodities, securities, and of course in payments.
How can it help in financial crime compliance?
So what does this have to have to do with financial crime compliance? One benefit is that the use of blockchain technology for payments and movement of commodities and securities can decrease fraudulent transactions. Fraudulent transactions are an ever-present
concern in the banking industry, with one report indicating that there was $16 billion in identity theft and fraud in 2016. There are several characteristics of blockchain that contribute to an increased ability to detect and prevent fraudulent transactions:
With the same data stored and synchronized in multiple locations, a bad actor would have to trick all the locations, not just one, to defraud the blockchain.
With the same data stored and synchronized in multiple locations, a bad actor would have to change the data in the same way at all locations in order to affect the blockchain.
- Requiring multiple sources to validate each new piece of data before it is approved
One bad actor from within the blockchain network would be prevented from affecting the blockchain because the other members of the blockchain would not validate any fraudulent transactions attempted by that singular bad actor.
- Reducing the steps in a transaction
By reducing the steps in the transaction, there are less opportunities to disrupt and compromise the transaction.
From an Anti-Money Laundering (AML) compliance perspective, blockchain technology is ideal for use in the Know Your Customer (KYC) due diligence space. In fact several companies are already using blockchain technology to support their KYC offerings. KYC
requirements have become a very time consuming and costly process, especially for entity customers, with different banks conducting similar (if not the same) due diligence on the same customers over and over again. The dream scenario to solve this problem
would be a centralized KYC registry built on a blockchain technology. Each customer could have its own chain of data that contained all the necessary KYC data and documentation. This data could be accessed by the participating banks when onboarding those customers.
Each update to that information would be a new block in the chain, accessible to those banks with access to the registry. Once the blockchain has been updated, an encrypted update could be sent to each participating bank to allow them to keep their KYC up
There are three possibilities for who would be responsible for maintaining the KYC data in the blockchain: shared responsibility among participating banks, a central oversight group/provider (similar to a KYC.com or Clarient service), or government registries.
Each has its positives and negatives, and obviously there are some general potential issues with a KYC blockchain:
- How do you ensure the accuracy of the data?
- How do you mitigate one incorrect piece of information from leading to far reaching effects on the customer? (e.g., customer mistakenly rated as high risk by all participating banks)
- How do you take into account that there may be pieces of information that cannot be shared by banks based on data privacy regulations and concern?
- How will the regulators react to its use?
The last issue noted above is a particularly important one. Any technology that you rely on as part of a compliance program will be examined by regulators. On a positive note, financial regulators are already showing increased interest in blockchain. Currently,
the US Federal Reserve Bank and the European Banking Authority are doing their own research into understanding the technology and the R3 blockchain consortium now includes regulators from the US, Canada, Hong Kong, Singapore, and the UK.
So what now?
As with all emerging technologies, thoroughly understanding them before implementing them is key. Compliance professionals need to be educated on the potential uses and risks associated with blockchain and DLT. Like Robotics and Artificial Intelligence,
blockchain and DLT are going to transform compliance programs in the near future. By understanding the potential, you can be better prepared to harness the potential and transform your compliance program to more efficiently meet the increasing demands of today’s