Blog article
See all stories »

How can Blockchain Help with AML KYC

BlockChain For AML/KYC

How Blockchain Enhances Regulatory Reporting

Financial institutions are racing to invest in technology that allows real-time reporting to adhere to regulatory rules set out by various agencies and The Federal Reserve Bank. This process includes compiling, tracking, and storing massive amounts of data to be parsed out and reported to regulators in a timely manner or face fines.

The process in which financial institutions utilize technology to help meet regulatory requirements is called RegTech. In our earlier post, Meet The Techs Fintech, RegTech, And SupTech, we analyzed how RegTech utilizes various technologies such as machine learning and artificial intelligence to establish enterprise-wide data governance and reporting. These new technologies replace the current manual processes for modeling and reporting.

In this article, we’ll analyze how Blockchain technology enhances regulatory reporting for a number of directives including AML/BSA.

What Is Blockchain Technology And How It Works:

The technology platform called blockchain is a distributed-ledger based system. Essentially, blockchain is a distributed database and verification system for financial transactions. The technology uses a publicly-viewed ledger to record and keep track of transactions.

Each party in a transaction is assigned a cryptographic key. Each transaction has to be approved and validated by the participants in the network. Once credentials are verified by the network, the transaction can be completed, and an encrypted block is created. 

The block is added to the public ledger. However, the transaction details within the block remain private due to the cryptographic keys assigned to each party. The blockchain network allows parties to transact directly with each other with no financial oversight or government agency involvement, currently.

Since the ledger is distributed to the parties involved, peer-to-peer transactions can often be completed within minutes, versus current settlement times that often take days to complete as in the case of financial payments.

The ledger-based technology can be utilized as a public blockchain as in the case of the cryptocurrency, Bitcoin. A blockchain can also be created for private use with a predetermined set of users as in the case of financial institutions. Within a private blockchain, participants could initiate transactions or access data within the network.

For financial institutions, blockchain technology has enormous potential for internal controls, but also for improving regulatory compliance.  

How Blockchain Technology Can Improve Regulatory Reporting Regulatory Needs That Blockchain Addresses


Transparency And Communication

All data recorded on the ledger could be readily available to risk teams and regulators. Transactions, financial activity, account openings, lending activity and more could all be monitored and reported in real time.


The transparent nature of blockchain allows financial institutions and regulatory agencies to communicate in real time with each other on the same network. Risk officers could be notified of compliance violations by regulators in real time allowing action to be taken quickly.

As a result, the distributed ledger makes the communication and reporting process far more efficient and saves time versus the current model where violations can often take a long time to be detected, reported, and mitigated. And many times, under the current model, violations go undiscovered.

Data Quality And Governance

Data on the blockchain ledger cannot be altered easily, and any data that is altered within a block can be tracked and monitored, preventing fraud and misuse. Currently, for most financial institutions, data is stored in silo-based systems. A shared ledger combines all data onto one platform. From there, a software program can be developed to extract specific pieces of data and generate reports with greater efficiency. With improved data governance, institutions can identify fraud at an earlier stage, prevent financial crimes and avoid costly fines resulting from compliance failures.


KYC And Suspicious Activity Reporting

The current KYC process can take days and even weeks to satisfy the requirements from regulators. As a result, the costs of being compliant for financial institutions is escalating rapidly as they race to stay ahead of terrorists and financial fraudsters. All this in addition to the higher cost of fines for noncompliance. 

With a shared ledger, the KYC process can be monitored and adjusted more efficiently from an enterprise-wide level. Due to the shared nature of the ledger, a database of all client activity and background information would be available to employees on the network. Any updates and changes in a client’s status or a potential scam or fraudulent transaction could be communicated and updated in near real-time.

Direct access to a shared ledger would save institutions the time-intensive process of identifying fraud and reporting it. With blockchain, end-to-end tracing and tracking of transaction and client activity is possible. And since every department would have access to all client background information and all of their account activity, the KYC process would  be more efficient. 

Also, automated reports could be generated from the ledger reducing errors as a result of the current manual processes. Ultimately, the risk of noncompliance due to delayed or inaccurate reporting would be greatly diminished. 

Identity Management 

Digital identity is one of many challenges with online and mobile banking applications. Online identity management in financial services requires an increased level of security protocols to prevent fraud and remain compliant with the Bank Secrecy Act.   


Comprehensive Authentication Process

The popularity of mobile devices will only increase in the years to come and so too will the need for increased security measures. Currently, a client background information is stored separately in various institutions including on a bank’s servers, the Registry of Motor Vehicles, and the IRS to name a few. With the distributed ledger, all background information and identification could be stored on one blockchain network for the institution to tap into during the CDD process.


With cryptographic verification, sensitive client data could be accessed by the financial institution to identify the individual applying for a loan, opening an account, or accessing their mortgage information. Only when the smart contract terms and encryption requirements are met, can access be granted to the network.


As mobile technology decentralizes banking, a secure decentralized solution will be needed to address security concerns when users access their financial information remotely. Blockchain technology has the ability to provide that decentralized solution while ensuring security protocols and regulatory requirements are satisfied.  


Sensitive Data and Cryptography

Data privacy and control have been front page news in recent months, particularly with the Equifax breach last year. As stated earlier, the distributed ledger of blockchain could help financial institutions with KYC reporting by identifying and acting on suspicious behavior. However, the encryption capabilities of blockchain could also protect sensitive data and prevent compliance violations.

Blockchain technology is a trust network whereby consumer data would only be accessed by trusted sources. This is much different than the current model where consumer data is given to corporations with little control over how it used and its security.

Once a client is established on the blockchain network, and cryptographic keys are created, it would be extremely challenging for would-be fraudsters to access a client’s financial data, commit identity theft, or engage in an illicit financial activity. As a result, data would be more secure than the current model.


Blockchain technology and its distributed ledger allows for more transparency with regulators improving the reporting process. The shared and immutable ledger allows for unaltered transaction history whereby the ledger can act as a central hub for data storage where transactions are processed, and activity shared with risk officers within the financial services companies and regulators.

Improved identity management using encryption-based technology on a decentralized network could be established. Digital identity improvements can help financial institutions meet the ever-changing KYC and CDD requirements while simultaneously reducing the costs associated with implementing a robust KYC program. Ultimately, financial crimes and compliance violations could be reduced in the long term.

Blockchain technology will continue to play a major role in regulatory reporting and identity management for financial institutions in the years to come.                          



Comments: (5)

A Finextra member
A Finextra member 13 February, 2018, 21:341 like 1 like

Hi Breana, What is the purpose of each party being assigned a crytographic key, is that to enable them be part of the network? or is it used whn creating a block.

Breana Patel
Breana Patel - Bonova Advisory | Risk &Regulatory Advisory - New York 13 February, 2018, 22:13Be the first to give this comment the thumbs up 0 likes

Hi Ramdas,

Thanks for your question. Each party in a transaction is assigned a cryptographic key. Each transaction has to be approved and validated by the participants in the network. Once credentials are verified by the network, the transaction can be completed, and an encrypted block is created. 

Behzod Sabirov
Behzod Sabirov - Sanscrit LLP - Almaty 15 February, 2018, 11:03Be the first to give this comment the thumbs up 0 likes

A good effort to summarize blockchain applicability, but there are a few arguable points:

  1. By its design blocks are not encrypted. They contain individual transaction hashes and other data, which are unencrypted.
  2. Transaction details aren't encrypted either in public blockchains. You can only guess the sender and receiver by their signatures/adresses but the remaining data is open, that's the design of public blockchains. Private networks may use data encryption to a certain extent but in the case of AML/KYC systems you have to make the data available to regulatory bodies, which is a technical challenge. It's quite easy to encrypt and decrypt data between 2 parties, but it needs non-trivial workarounds to make the data available to 3rd parties.
  3. Usually regulatory authorities instruct financial organisations how to act upon detection of suspicious operations, on which they then report back. Regulators need not to track all suspicious activities in real time, it's banks' duty. So my conclusion is that the blockchain isn't needed in AML/KYC that badly.
  4. Blockchain or, more precisely, DLT does not offer better safety than centralised systems, because DLT uses the same encryption technology and approach. In fact, due to its nature DLT is more prone to compromising/leaking data than the centralised database. So DLT is to be used in extreme cases when it's truly justified.
A Finextra member
A Finextra member 19 February, 2018, 14:13Be the first to give this comment the thumbs up 0 likes

have a look at these folks - next step

A Finextra member
A Finextra member 28 March, 2018, 06:00Be the first to give this comment the thumbs up 0 likes

@Behzod, agree. Therefore Zcash, Monero and similar privacy-sensitive protocols are worth exploring further.

Breana Patel

Breana Patel

CEO | Thought leader in Bank Risk & Regulations

Bonova Advisory | Risk &Regulatory Advisory

Member since

06 Sep 2017


New York

Blog posts




This post is from a series of posts in the group:

Business Knowledge for IT

This community aims to provide links, resources, book suggestions, tips and insights to facilitate learning and development of IT professionals in financial services, and to develop a forum for IT professionals to exchange views on various related items.

See all

Now hiring